Teaching Cybersecurity in an Undergraduate Engineering Course

Organizations create a huge amount of sensitive and confidential data, which must be protected from unauthorized access or disclosure. Nowadays, most organizations store their business data in digital formats. With the increasing use of digital data, data breaches are more often and serious in recent years. Therefore, it is very important for next-generation engineers to be aware of the importance of information security, and be able to recognize vulnerabilities and threats to an information system and design user-friendly and effective security measures. To achieve it, two modules of information systems security, including lectures and in-class labs, were developed and taught in an undergraduate engineering course at North Carolina A&T State University. The learning objectives, teaching materials, and assessment outcomes of the two course modules are presented in this paper. Our survey results show that the course modules achieve the learning objectives and improve students’ interest in pursuing cybersecurity-related careers. Keywords: Engineering Education, Database Security, Usable and Effective Securit

A Kind of Non-associative Groupoids and Quasi Neutrosophic Extended Triplet Groupoids (QNET-Groupoids)

The various generalized associative laws can be considered as generalizations of traditional symmetry. Based on the theories of CA-groupoid, TA-groupoid and neutrosophic extended triplet (NET), this paper first proposes a new concept, which is type-2 cyclic associative groupoid (shortly by T2CA-groupoid), and gives some examples and basic properties. Furthermore, as a combination of neutrosophic extended triplet group (NETG) and T2CA groupoid, the notion of type-2 cyclic associative neutrosophic extended triplet groupoid (T2CA NET-groupoid) is introduced, and a decomposition theorem of T2CA-NET-groupoid is proved. Finally, as a generalization of neutrosophic extended triplet group (NETG), the concept of quasi neutrosophic extended triplet groupoid (QNET-groupoid) is introduced, and the relationships among T2CA-QNET-groupoid, T2CA-NET-groupoid and CA-NET-groupoid are discussed

Evaluating Two Hands-On Tools for Teaching Local Area Network Vulnerabilities

According to the Verizon’s Data Breach Investigations Report, Local Area Network (LAN) access is the top vector for insider threats and misuses. It is critical for students to learn these vulnerabilities, understand the mechanisms of exploits, and know the countermeasures. The department of Computer Science at North Carolina A&T State University designed two different educational tools that help students learn ARP Spoofing Attacks, which is the most popular attack on LAN. The first tool, called Hacker’s Graphical User Interface (HGUI), is a visualization tool that demonstrates ARP Spoofing Attack with real time animation. The second tool is a hands-on (HandsOn) tool that asks students to perform an ARP Spoofing Attack by manually creating ARP reply packets. It was demonstrated in previous research that both tools enhanced students’ learning. In this paper, we are going to scientifically evaluate and compare the effectiveness of these two tools. We divided the class of forty-five students randomly into two groups. Group A was assigned HGUI lab and the Group B was assigned the HandsOn lab. The labs were assigned as a one and half week homework assignments. Both groups were given a pre-survey and a pre-quiz before the lab. After they submitted the lab, we gave them a post-survey and a post quiz. The analysis shows that prior to the labs, students in both groups have almost identical background in the knowledge of ARP Spoofing. After the lab, both groups made statistically significant improvements. Although group A did better on survey and group B did better on quiz, it is not statistically significant enough to draw a definitive conclusion according to the student’s t-test result. Also, in analyzing survey results, we found that actively reading cyber security related articles is a more significant contributing factor in students’ knowledge in the subject matter than other factors including having formal training or taking cyber security classes

Supporting Case-based Learning in Information Security with Web-based Technology

Case-based learning has been widely used in many disciplines. As an effective pedagogical method, case-based learning is also being used to support teaching and learning in the domain of information security. In this paper, we demonstrate case-based learning in information security by sharing our experiences in using a case study to teach security management. A process model of integrating a case library and Web 2.0 technologies to facilitate case-based learning is also presented in this paper. Insights and recommendations for implementing the process model are offered as well

Analyzing HTTP requests for web intrusion detection

Many web application security problems related to intrusion have resulted from the rapid development of web applications. To reduce the risk of web application problems, web application developers need to take measures to write secure applications to prevent known attacks. When such measures fail, it is important to detect such attacks and find the source of the attacks to reduce the estimated risks. Intrusion detection is one of the powerful techniques designed to identify and prevent harm to the system. Most defensive techniques in Web Intrusion Systems are not able to deal with the complexity of cyber-attacks in web applications. However, machine learning approaches could help to detect known and unknown web application attacks. In this paper, we present machine learning techniques to classify the HTTP requests in the well-known dataset CSIC 2010 HTTP (Giménez et al., 2012) as normal or abnormal traffic, and we compare our experimental results with the results reported by Pham et al. in 2016 and Nguyen et al. in 2011. These experiments produce results for overlapping sets of machine-learning techniques and different sets of features, allowing us to compare how good the various feature sets are for the various machine-learning techniques, at least on this dataset. Keywords: intrusion detection system; anomaly detection; web application attacks; machine learning

Teaching Security of Internet of Things in Using RaspberryPi

The Internet of Things (IoTs) is becoming a reality in today’s society. The IoTs can find its application in multiple domains including healthcare, critical infrastructure, transportation, and home and personal use. It is important to teach students importance and techniques that are essential in protecting IoTs. We design a series of hands-on labs in a smart home setting, which can exercise attack and protection of IoTs. Our hands-on labs use a Raspberry Pi and several diverse smart things that communicate through Z-Wave technology. Using this environment, students can operate a home automation system and learn security concepts by performing these labs. These labs demonstrate several fundamental security concepts and techniques that can be adopted in security curricula. Students are expected to understand and master how to implement various attacks, design and implement defenses to these attacks, and explore security solutions of Internet of Things in a Smart Home application

Single nucleotide polymorphisms in thymic stromal lymphopoietin gene are not associated with allergic rhinitis susceptibility in Chinese subjects

BACKGROUND: Thymic stromal lymphopoietin (TSLP) is an epithelial cell-derived cytokine, implicated in the development and progression of allergic diseases. Recent studies have demonstrated significantly increased expression and synthesis of TSLPin nasal mucosa of patients with allergic rhinitis (AR), compared with nonallergic control subjects. Also, there is significant correlation between the level of TSLP mRNA and symptom severity in AR patients. In this study, we investigated whether polymorphisms in the TSLP gene were associated with increased risk of AR in the Chinese population. METHODS: In a candidate gene association study, we tested 11 single nucleotide polymorphisms (SNPs) in the TSLP gene in 368 AR and 325 control adult Han Chinese subjects from Beijing. The 11 SNPs were selected from the Chinese HapMap genotyping dataset to ensure complete genetic coverage. AR was established by questionnaire and clinical examination, and blood was drawn from all subjects for DNA extraction. The PLINK software package was used to perform statistical testing. RESULTS: In the single-locus analysis of AR risk, no significant differences in allele and genotype frequencies were found between AR and control subjects. Further logistic regression analyses adjusted for age and gender also failed to reveal significant associations between AR and the selected SNPs. Similarly, analysis stratified by gender, and haplotype or diplotype did not reveal any association with AR risk. CONCLUSION: Although TSLP presents itself as a good candidate for contributing to allergy, this study failed to find an association between specific SNPs in the TSLP gene and AR susceptibility in the Han Chinese population

Semi-Supervised Deep Neural Network for Network Intrusion Detection

Network security is of vital importance for corporations and institutions. In order to protect valuable computer systems, network data needs to be analyzed so that possible network intrusions can be detected. Supervised machine learning methods achieve high accuracy at classifying network data as normal or malicious, but they require the availability of fully labeled data. The recently developed ladder network, which combines neural networks with unsupervised learning, shows promise in achieving a high accuracy while only requiring a small number of labeled examples. We applied the ladder network to classifying network data using the Third International Knowledge Discovery and Data Mining Tools Competition dataset (KDD 1999). Our experiments, show the ladder network was able to achieve similar results compared to supervised classifiers while using a limited number of labeled samples

(E)-2′-[(3,5-Di-tert-butyl-2-hy­droxy­benzyl­idene)amino]-1,1′-binaphthalen-2-ol methanol monosolvate

The title compound, C35H35NO2·CH4O, was obtained by the reaction of rac-2-amino-2-hy­droxy-1,1-binaphthyl and 3,5-di-tert-butyl-2-hy­droxy­benzaldehyde in absolute methanol. In the Schiff base mol­ecule, the two naphthyl bicycles are twisted by 71.15 (5)°. One hy­droxy group is involved in intra­molecular O—H⋯N hydrogen bond, while the methanol solvent mol­ecule is linked to another hy­droxy group via an inter­molecular O—H⋯O hydrogen bond

Promoting Diversity in Teaching Cybersecurity Through GICL

In summary, it is necessary to develop a diverse group of K-12 students’ interest and skills in cybersecurity as cyber threats continue to grow. Evidence shows that educating the next generation of cyber workers is a crucial job that should begin in elementary school. To ensure the effectiveness of cybersecurity education and equity at the K-12 level, teachers must create thoughtful plans for considering communities’ interests and needs, and to continually reconsider what’s working and how to adjust our strategies, approaches, design, and research plan to meet their specific needs, challenges, and strengths, particularly with students from under-served and underrepresented populations in the cybersecurity fields. By building a series of guided inquiry collaborative learning activities in the cybersecurity area, we hope that our approach could build a diverse group of students which creates a more holistic view of the problem and delivers a range of valuable problem-solving hard and soft skills. Professional development must be provided to teachers to get them prepared for adopting guided inquiry collaborative learning activities in classrooms