Skip to main content Skip to navigation

University of Warwick Faculties

Developing Hands-on Labs for Source Code Vulnerability Detection with AI

Project Overview

The document highlights the transformative role of generative AI in education, particularly within the realm of cybersecurity. It introduces the SeCodEd framework, which integrates hands-on labs that leverage machine learning and natural language processing (NLP) for teaching source code vulnerability detection and secure programming practices. This approach emphasizes the importance of practical experience in cybersecurity education, aiming to equip future IT professionals with the necessary skills to identify and mitigate vulnerabilities in source code effectively. The framework supports personalized learning experiences and automates aspects of vulnerability detection, enhancing students' engagement and understanding. However, the implementation of these advanced technologies also presents challenges, such as varying levels of programming familiarity among students and the necessity for more engaging instructional materials. Overall, the integration of generative AI in educational settings is positioned as a crucial step towards improving cybersecurity education, fostering hands-on learning, and addressing the evolving demands of the IT workforce.

Key Applications

SeCodEd Framework for Secure Coding Education and Automated Vulnerability Detection

Context: Educational contexts aimed at undergraduate and graduate IT students learning software development, security, and vulnerabilities through hands-on labs and automated systems.

Implementation: Developed hands-on laboratories and a large-scale vulnerability detection system using machine learning and natural language processing tools. The implementation includes teaching secure programming practices, source code vulnerability analysis, and leveraging deep representation learning for automated detection of vulnerabilities in software code.

Outcomes: Improved student skills in identifying and mitigating source code vulnerabilities, increased awareness of security implications in software development, enhanced understanding of security vulnerabilities, and familiarity with static analysis tools.

Challenges: Students may lack practical exposure and experience with vulnerability detection tools, prior knowledge of source code vulnerabilities, and may struggle with technical setups and lengthy lab instructions. Additionally, challenges include the complexity of software vulnerabilities and the need for comprehensive datasets for training models.

Data-Driven Personalized Learning

Context: Students engaged in personalized learning approaches based on data analytics, utilizing surveys and analysis to tailor educational content.

Implementation: Utilized pre and post-surveys along with data analysis methods to adapt educational content to meet individual student needs, enhancing the learning experience.

Outcomes: Increased engagement and tailored learning experiences for students based on their understanding and progress.

Challenges: Need for effective data collection and analysis methods to accurately assess student needs and adapt instructional material.

Implementation Barriers

Educational Gap

Current IT curricula do not sufficiently cover practical cybersecurity skills, particularly in source code vulnerability analysis. Many students enter courses with minimal familiarity with source code vulnerabilities and associated tools.

Proposed Solutions: Integrate hands-on labs and experiential learning modules into the curriculum to enhance practical skills. Implement foundational courses or preparatory sessions to boost student knowledge before advanced labs.

Resource Limitation

Educational institutions may lack the necessary resources (tools, labs, instructors) to implement comprehensive cybersecurity training.

Proposed Solutions: Leveraging open-source tools and cloud-based platforms for lab execution to minimize resource needs.

Technical Barrier

Students faced difficulties in setting up necessary software environments, particularly with Kali Linux.

Proposed Solutions: Providing cloud-based environments to avoid local setup complexities.

Engagement Barrier

Students showed lack of motivation and engagement in following lengthy instructions and understanding lab content.

Proposed Solutions: Streamlining lab instructions and improving the presentation of materials to enhance engagement.

Project Team

Maryam Taeb

Researcher

Contact Information

For information about the paper, please contact the authors.

Authors: Maryam Taeb

Source Publication: View Original PaperLink opens in a new window

Project Contact: Dr. Jianhua Yang

LLM Model Version: gpt-4o-mini-2024-07-18

Analysis Provider: Openai

Let us know you agree to cookies

We use cookies to give you the best online experience. Please let us know if you agree to functional, advertising and performance cookies. You can update your cookie preferences at any time.

Cookie policy