Browsing by Author "Justice, Connie"

Now showing 1 - 10 of 13
  • Thumbnail Image
    Item
    Applying Rating Systems to Challenge Based Cybersecurity Education
    (IEEE, 2017-01) Samuels, Andrew; Li, Feng; Justice, Connie; Computer Information and Graphics Technology, School of Engineering and Technology
    As technology becomes a larger part of everyday life, it becomes increasingly more important for CS and CIT students to learn about cyber security during their education. While many cyber security oriented courses exist, it is also necessary that students must be able to work and learn in an environment that resembles a real world context. To address this problem it has become common to adapt cyber security challenges into the classroom as a method for students to put their knowledge into practice. One problem is that these challenges can vary considerably in levels of difficulty, which makes it problematic for students to be able to select a challenge that is an appropriate difficulty for their skill level. A potential solution to this problem could be to adapt a rating system to rank both the students and the challenges. This would then allow the students to easily select challenges that are appropriate for them to engage with by comparing their own rating with the rating of available challenges. In this project we propose methods that could be used to adapt a rating system to an existing cyber security education program. Finally we propose a method to survey students that interact with the program so that the effect of the rating system can be measured.
  • Thumbnail Image
    Item
    Cyber-Informed: Bridging Cybersecurity and Other Disciplines
    (2020) Sample, Char; Loo, Sin Ming; Justice, Connie; Taylor, Eleanor; Hampton, Clay; Computer Information and Graphics Technology, School of Engineering and Technology
    A recent study by Cybersecurity Ventures (Morgan 2018), predicts that 3.5 million cybersecurity jobs around the world will be unfilled by 2021. In the United States, the demand for professionals with cybersecurity expertise is outpacing all other occupations (NIST 2018). These reports, along with many others, underpin the need for increasing workforce development initiatives founded in cybersecurity principles. The workforce shortage is across all cybersecurity domains, yet problems continue to persist, as the lines between combatants and non-combatants are blurred. Combating this persistent threat, which is a 24/7 operation, requires a more aggressive and inclusive approach. Higher education institutions are positioned to fully support cybersecurity workforce development; cybersecurity needs people with different perspectives, approaches, ways of thinking, and methods to solve current and emerging cyber challenges. This need is especially pressing when assessing the digital landscape - a tireless and ever-expanding connectivity supported by societal needs, and economic development yet compromised by the common criminal to nation-state sponsored felonious activity. Educators need to consider augmenting their approaches to educating students to include cybersecurity content. In this technology forward world, one that is expanding more rapidly than society and policy can react, increases the imperative for fundamental cyber defence skills. Accordingly, all students, no matter the major, should, minimally, understand the implications of good versus bad cyber hygiene. STEM graduates will require awareness of cyber issues that impact the security of programs, systems, codes or algorithms that they design. Operationally focused cyber-security graduates require a curriculum for careers dedicated to protecting and defending cyber systems in domain specific environments. In a world of Internet of Things (IoT), the ability for individual disciplines to understand the impact of cyber events in environments outside of traditional cybersecurity networks is critically important. This will provide the next generation defenders with domain specific cybersecurity knowledge that is applicable to specific operating environments.
  • Thumbnail Image
    Item
    Cybersecurity education: RunLabs rapidly create virtualized labs based on a simple configuration file
    (2017) Justice, Connie; Vyas, Rushabh; Computer Information and Graphics Technology, School of Engineering and Technology
    The cornerstone in educating the future workforce in cybersecurity in higher education is experiential learning. Cybersecurity competitions are shown to have the potential to increase the workforce and encourage students to pursue the field of cybersecurity. Virtual laboratories allow emulating real life cyber threats and rapid generation of multiple scenarios and infrastructures. The purpose of RunLabs project was to create a lab infrastructure to allow instructors to generate virtualized environments rapidly. Instructors can create virtual lab for students easily, with a simple configuration file. The methods used for RunLabs creation consist of a javascript object notation (JSON) configuration file that creates virtual machines with specified network configuration. In addition, it creates virtual network computing (VNC) service for each virtual machine with a random password, which allows students to be able to access the virtual machines and work on their exercises. RunLabs has a web-based user interface for administration and an application programming interface (API). The API allows additional tools to be written around RunLabs. The administrator can reboot virtual machines, change VNC passwords. If defined in the configuration file, the administrator can create generic routing encapsulation (GRE) tunnel for the virtual machines across multiple hosts. RunLabs project used Python, Flask, SQLite, Minimega, KVM/QEMU, and OpenVSwitch as its backbone software. The analysis showed that the virtual machine host can capture virtual machines network traffic; and by default, any changes made to the virtual machines are not saved to the virtual disk. Due to the way KVM/QEMU work, one virtual disk can be used to spin up multiple virtual machines. Use case scenarios for this project included malware analysis, virtualized penetration testing network, and capture the flag competitions. Future development includes creating a virtual machine repository, bug fixes, and an option to save changes to the virtual disk. © American Society for Engineering Education, 2017.
  • Thumbnail Image
    Item
    Future Needs of the Cybersecurity Workforce
    (ACI, 2022-03-02) Justice, Connie; Sample, Char; Engineering Technology, School of Engineering and Technology
    Expected growth of the job market for cyber security professionals in both the US and the UK remains strong for the foreseeable future. While there are many roles to be found in cyber security, that vary from penetration tester to chief information security officer (CISO). One job of particular interest is security architect. The rise in Zero Trust Architecture (ZTA) implementations, especially in the cloud environment, promises an increase in the demand for these security professionals. A security architect requires a set of knowledge, skills, and abilities covering the responsibility for integrating the various security components to successfully support an organization’s goals. In order to achieve the goal of seamless integrated security, the architect must combine technical skills with business, and interpersonal skills. Many of these same skills are required of the CISO, suggesting that the role of security architect may be a professional stepping-stone to the role of CISO. We expected degreed programs to offer courses in security architecture. Accredited university cyber security programs in the United Kingdom (UK) and the United States of America (USA) were examined for course offerings in security architecture. Results found the majority of programs did not offer a course in security architecture. Considering the role of the universities in preparing C-suite executives, the absence of cyber security architecture offerings is both troubling and surprising.
  • Thumbnail Image
    Item
    Integrated Education of Data Analytics and Information Security through Cross-Curricular Activities
    (IEEE, 2019) Luo, Xiao; Justice, Connie; Sorge, Brandon Herald; Computer Information and Graphics Technology, School of Engineering and Technology
    The National Research Council's report states that cross-sectional studies of multiple courses within a discipline, or all courses in a major, would enhance the understanding of how people learn the concepts, practices, and ways of thinking of science and engineering and the nature and development of expertise in a discipline. In science and engineering, ever-evolving technology and information make integrative abilities necessary and especially valuable. In this study, we investigated cross-curricular pedagogy, by engaging undergraduate students of two disciplines in collaboration on a common, context-connected project, so that students are better prepared for solving interdisciplinary problems in career settings. We implemented cross-curricular pedagogy in a network security course and a big data analytics course. The era of big data enables data-driven malicious detection, and big data analytics techniques have been applied to analyzing network logs to reinforce information security and predict abnormal behaviors, so these domains overlap. We investigated two forms of cross-curricular activities: one was integrated instructional units, and the other was cross-curricular knowledge integration projects. The results show significant improvements in students confidence in solving cross-disciplinary problems and a much better understanding of data analytics and information security, as well as the connections between them. This project is the first to study the loose integration of two context-connected courses that are taught in parallel.
  • Thumbnail Image
    Item
    Investigation of Malicious Portable Executable File Detection on the Network using Supervised Learning Techniques
    (IEEE, 2017-05) Vyas, Rushabh; Luo, Xiao; McFarland, Nichole; Justice, Connie; Computer Information and Graphics Technology, School of Engineering and Technology
    Malware continues to be a critical concern for everyone from home users to enterprises. Today, most devices are connected through networks to the Internet. Therefore, malicious code can easily and rapidly spread. The objective of this paper is to examine how malicious portable executable (PE) files can be detected on the network by utilizing machine learning algorithms. The efficiency and effectiveness of the network detection rely on the number of features and the learning algorithms. In this work, we examined 28 features extracted from metadata, packing, imported DLLs and functions of four different types of PE files for malware detection. The returned results showed that the proposed system can achieve 98.7% detection rates, 1.8% false positive rate, and with an average scanning speed of 0.5 seconds per file in our testing environment.
  • Thumbnail Image
    Item
    JagWaRz Junior: Cyber Security Education for Young Adolescents
    (Office of the Vice Chancellor for Research, 2015-04-17) Herbert, Jasmine; Vyas, Rushabh; Justice, Connie; Smith, Vicky
    Currently there are few methodologies for introducing cyber security to young adolescents. This area of research will examine the importance of teaching cyber security at an early age as well as the significance of introducing cyber security through the use of digital game based learning. Within this study, cyber security will be taught to a sample of young adolescents through the use of a capture the flag style game, JagWaRz Junior. The effectiveness of JagWaRz Junior will be quantitatively measured through a pretest and posttest presented to the participants. Overall, this game will encompass ways to handle many of the risks that come with Internet usage at an early age. These risks include but are not limited to cyber bullying, pornography, online predators, personal privacy, and password protection. The results of this study will contribute to our understanding of the effectiveness of digital game based pedagogic learning.
  • Thumbnail Image
    Item
    Living Lab in Computer Information Technology
    (Office of the Vice Chancellor for Research, 2011-04-08) Justice, Connie
    Research Subject is the Living Lab in CIT, an experiential learning environment where students gain real IT experience.The Living Lab allows students to apply networking, security, database, website, and application development concepts and techniques learned from prior CIT courses to internal and/or external projects. The Living Lab emulates an industry IT department in which students work on one or more projects as part of an IT team.
  • Thumbnail Image
    Item
    Methods of Current Knowledge Teaching on the Cybersecurity Example
    (MDPI, 2022-10-22) Nyemkova, Elena; Justice, Connie; Liaskovska, Solomiia; Lakh, Yuriy; Computer Information and Graphics Technology, Purdue School of Engineering and Technology
    Teaching of modern cybersecurity specialists should be up to date and use the newest methods and methodologies in universities as the IT industry is rapidly growing and constantly changing. A good idea is to use methods of management in IT companies as methods for current knowledge teaching of university students. It is also worth engaging students not only in educational international projects but the research projects as well. This work analyzes the method for teaching students, and the Scrum methodology was selected and implemented for educational and research projects. Students participated in both projects, however, Scrum models should be different for them and this is illustrated in the paper. The visualization of collected statistical data of the performed educational project illustrated distributions of students by specialization and by marks. The distributions by marks showed that using the Scrum model for the teaching course significantly increases the marks compared with the average level marks of the students in their specializations.
  • Thumbnail Image
    Item
    A Model for Evaluating Fake News
    (Army Cyber Institute, 2019) Sample, Char; Justice, Connie; Darraj, Emily; Computer Information and Graphics Technology, School of Engineering and Technology
    "Fake news” (FN) is slowly being recognized as a security problem that involves multiple academic disciplines; therefore, solving the problem of FN will rely on a cross-discipline approach where behavioral science, linguistics, computer science, mathematics, statistics, and cybersecurity work in concert to rapidly measure and evaluate the level of truth in any article. The proposed model relies on computational linguistics (CL) to identify characteristics between “true news” and FN so that true news content can be quantitatively characterized. Additionally, the pattern spread (PS) of true news differs from FN since FN relies, in part, on bots and trolls to saturate the news space. Finally, provenance will be addressed, not in the traditional way that examines the various sources, but in terms of the historical evaluations of author and publication CL and PS.