A cheat detection system for an educational pentesting cyber range: an intrusion deficit approach

Sammanfattning: In academic courses, effort is given to detect and deal with plagiarism. Examplesof traditional plagiarism detection techniques include comparison of submittedhomework or supervised exams. Such techniques, however, are limitedin application to traditional teaching methods. This thesis explores a cheatingdetection system for the Ethical Hacking course at KTH. The course is organizedaround a cyber range where students interact with hacking challenges.The proposed CDS uses rule based detection whereby student actions in thecyber range are logged and analyzed offline. Each player’s actions are comparedagainst the attack graph of the cyber range. The attack graph contains theminimum hacking steps that a student needs to take to complete the course. Ifthere are actions that the player missed to perform, this is treated as an indicationof cheating. The preliminary results are very promising and the proposedCDS implementation will be used in the upcoming autumn course round.