Puzzle-based learning in Cyber Security Education

Dipankar Dasgupta, IEEE Fellow Director, Center for Information Assurance and Professor of Computer Science
The University of Memphis


Different forms of puzzles are in existence for people to think, expand knowledge and stimulate their cognitive ability. Puzzle-based learning has proven to result in a better STEM learning environment in mathematics, physics, and computer science. However, no such work has been done in computer and cyber security. We recently introduced puzzle-based learning to basic cyber security education. We believe that such interactive learning will help students to understand complex cyber-attack paths and find countermeasures for fraud detection, cybercrime, and advanced persistent threats (APTs). Students will learn not only to protect a specific system but also an entire class of systems with different hardware/software components and architectures, providing similar services. We hypothesized different level of puzzles for introducing content knowledge i.e. puzzles have different difficulty levels like some popular games. We developed interactive puzzle-based learning environment for cyber security education, where the participants can take their own decision based on the options available. Some scenarios are created based on the real life events and depict some possible attacks. Participants are asked to find out existing vulnerabilities or best practices and how to avoid or address vulnerabilities being exploited. Their actions can lead to different states so to realize whether their response lead to any exposed state or data breaches. So the participants will know the consequences of their actions. This will give them an experience of the real world operation scenario beforehand.