Adapting CTF Challenges into Virtual Cybersecurity Learning Environments

Abstract.

This paper aims to highlight the potential of using CTF (Capture the Flag) challenges, as part of an engaging cybersecurity learning experience for enhancing skills and knowledge acquirement of undergraduate students in academic programs.
Design/methodology/approach: Our approach involves integrating interactivity, gamification, self-directed and collaborative learning attributes using a CTF hosting platform for cybersecurity education. Specifically, the proposed methodology includes the deployment of a pre-engagement survey for selecting the appropriate CTF challenges in accordance with the skills and preferences of the participants. During the learning phase, storytelling elements were presented, and participants were encouraged to work in teams and help each other, while a behavior rubric was constructed in order to observe the participants’ behavior and responses during a 5-weeks lab. Finally, a survey was created for getting feedback from the students and for extracting quantitative results based on the ARCS model of motivational design. Findings - Students felt more confident about their skills and were highly engaged to the learning process. The outcomes in terms of technical skills and knowledge acquisition were shown to be positive.
Research limitations: Since the number of participants was small, the results and information retrieved from applying the ARCS model only have an indicative value; however, specific challenges to overcome are highlighted which are important for our future deployments.
Practical implications: Educators could use the proposed approach for deploying an engaging cybersecurity learning experience in an academic program, emphasizing on providing hands-on practice labs and featuring topics from real-world cybersecurity cases. Using the proposed approach, an educator could also monitor the progress of the participants and get qualitative and quantitative statistics regarding the learning impact for each exercise.
Social implications: Students from academia will benefit from the proposed approach by acquiring technical skills, knowledge and experience through hands-on practice in real-world cases. As a result, educators could demonstrate modern cybersecurity topics in the classroom, closing further the gap between theory and practice.
Originality/value: This work intends to bridge the existing gap between theory and practice in the topics of cybersecurity by using CTF challenges for learning purposes and not only for testing the participants’ skills. This paper offers important knowledge for enhancing cybersecurity education programs and for educators to use CTF challenges for conducting cybersecurity exercises in academia, extracting meaningful statistics regarding the learning impact.

Keywords: Cybersecurity; Education; CTF; Challenge-Based Learning; Gamification

Download: (pdf)