Cybersecurity students need to develop practical skills such as using command-line tools. Hands-on exercises are the most direct way to assess these skills, but assessing students' mastery is a challenging task for instructors. We aim to alleviate this issue by modeling and visualizing student progress automatically throughout the exercise. The progress is summarized by graph models based on the shell commands students typed to achieve discrete tasks within the exercise. We implemented two types of models and compared them using data from 46 students at two universities. To evaluate our models, we surveyed 22 experienced computing instructors and qualitatively analyzed their responses. The majority of instructors interpreted the graph models effectively and identified strengths, weaknesses, and assessment use cases for each model. Based on the evaluation, we provide recommendations to instructors and explain how our graph models innovate teaching and promote further research. The impact of this paper is threefold. First, it demonstrates how multiple institutions can collaborate to share approaches to modeling student progress in hands-on exercises. Second, our modeling techniques generalize to data from different environments to support student assessment, even outside the cybersecurity domain. Third, we share the acquired data and open-source software so that others can use the models in their classes or research.
翻译:网络安全学生需要开发实用技能,例如使用指挥线工具。 实践练习是评估这些技能的最直接方法, 但评估学生掌握能力是教官的一项艰巨任务。 我们的目标是通过在整个练习中自动建模和直观学生进步来缓解这一问题。 以弹壳指令为基础、学生打字以完成练习中不同的任务的图形模型对进展情况进行总结。 我们实施了两种模型,并使用两所大学46名学生的数据对模型进行比较。 为了评估模型,我们调查了22个有经验的计算教员,并定性地分析了他们的反应。 大多数教官对图表模型进行了有效解释,并确定了每个模型的优点、弱点和评估使用案例。 根据评估,我们向教官提出建议,并解释我们的图表模型是如何创新教学和推动进一步研究的。 本文有三重效果。 首先,它展示了多个机构如何合作分享在实践练习中模拟学生进展的方法。 其次,我们的模型技术概括了不同环境的数据以支持学生评估,甚至网络安全域外的学生评估。 第三,我们分享了获得的数据和开源软件,以便其他人在课堂或研究中使用模型。