Abstract:

As total number of cyber-attacks is increasing year by year, the cultivation of security engineers becomes an urgent task all over the world. As the case in Japan, the Ministry of Economy, Trade and Industry published a report that approximately 200 thousand of security engineers will become shortage at Tokyo Olympic Games 2020. In response to these background, fulfilling educational environment and effective instructional design for cultivating security engineers are required. The purpose of this study is to examine that, in the learning for IoT (Internet of Things) security, whether experiential learning is effective or not to compare with e-learning (non-experiential learning). As an example of experiential learning, this study targets the course “Security Engineering Exercise” held in Kyushu University. In this course, students actually try to execute several cyber-attacks to the IoT systems we developed as an educational material and also try to implement several protections into the vulnerable system to avoid these cyber-attacks. This course is designed based on ADDIE (Analysis, Design, Development, Implementation, Evaluation) model for students to learn how to develop secure and safety IoT product. This paper introduces the details of ADDIE model of this experiential learning course. In Analysis section, we decided the achievement goal of this course and also decided target students taking into consideration the demands of students. In the section of Design, we built the course curriculum considering with what we should teach in each lesson and also set a scenario describing a situation that a hacker attacks a certain system so that the students are able to understand that they are learning what kind of cyber-attacks and cyber-defenses. In Development section, we developed IoT systems with various types of vulnerabilities as educational materials according to the curriculum. This paper introduces the details of the educational IoT systems. In the section of Implementation, in addition to the lecture, we executed pre-test and post-test in each lesson in order to examine how much the students understood the knowledge of cyber-security and obtained skills for cyber-defense in the course. This paper shows the test scores comparing the growths of each student and considers the tendencies appearing between question types and answers. In the Evaluation section, we compared the two types of test scores and also took a questionnaire based-on IMMS which investigates his/her learning motivation according to ARCS (Attention, Relevance, Confidence, Satisfaction) model. The paper also shows the IMMS scores of each student and discusses about the relevance of high test score students and their learning motivation. Lastly, this paper shows an evaluation result of the experiential learning for IoT security engineers and also discusses an effective instructional design to cultivate them by considering with the evaluation.

Keywords:

Experiential Learning, Instructional Design, ARCS, Security Education, IoT Security.