Benefits and Pitfalls of Using Capture the Flag Games in University Courses
This work provides practical guidance for cybersecurity instructors and CTF framework developers on integrating CTF games into formal university education, though it is incremental as it builds on existing informal uses.
The paper tackled the problem of using Capture the Flag (CTF) games in university cybersecurity courses by analyzing student data from an introductory undergraduate course, resulting in recommendations for addressing scoring, scaffolding, plagiarism, and learning analytics in CTF task design.
The concept of Capture the Flag (CTF) games for practicing cybersecurity skills is widespread in informal educational settings and leisure-time competitions. However, it is not much used in university courses. This paper summarizes our experience from using jeopardy CTF games as homework assignments in an introductory undergraduate course. Our analysis of data describing students' in-game actions and course performance revealed four aspects that should be addressed in the design of CTF tasks: scoring, scaffolding, plagiarism, and learning analytics capabilities of the used CTF platform. The paper addresses these aspects by sharing our recommendations. We believe that these recommendations are useful for cybersecurity instructors who consider using CTF games for assessment in university courses and developers of CTF game frameworks.