Reducing Student Hesitation through a Trial-and-Error Cyber Defense Exercise System for Security Beginners
DOI:
https://doi.org/10.52731/liir.v007.485Keywords:
security exercise system, cyber security training, Trial-and-Error, RewindingAbstract
Cyber defense exercises are important for developing cybersecurity personnel capable of re-sponding to increasingly sophisticated attacks. However, beginners often hesitate to execute commands during exercises because of anxiety about system failures. To address this issue, we developed a cyber defense exercise system that allows students to save and restore exercise states. Trial-and-Error function enables learners to retry operations safely and reflect on the results of their actions. In the evaluation experiment, students who had learned basic Linux commands were divided into two groups: one using the developed function and the other not using it. As a result, the former group tended to execute more commands than the latter. This result suggests that the proposed system reduces hesitation during operations. Interview responses also sug-gested that the system helped students feel psychologically comfortable and encouraged them to explore different defensive operations. These findings indicate that the proposed system can support learning for beginners by reducing hesitation and promoting reflective practice in cyber defense exercises.
References
ISC2, “How the economy, skills gap and artificial intelligence are challenging the globalcybersecurity workforce,” Oct. 2025;https://cybergovernancealliance.org/wp-content/uploads/2024/01/ISC2_Cybersecurity_Workforce_Study_2023-1.pdf
NRI SecureTechnologies, Ltd, NRI Secure Insight 2023, Oct. 2025; https://www.nri-secure.co.jp/download/insight2023-report.
G. Østby, B. Selebø, S. Kowalski, “Training the Trainers for Cybersecurity Exercises - De-veloping EXCON-teams”. In: Abbas Moallem (eds) Human Factors in Cybersecurity, AHFE(2023) International Conference, vol 91, 2023, pp.111-120, doi:10.54941/ahfe1003725.
E. Seker and H.H. Ozbenli, “The Concept of Cyber Defence Exercises (cdx): Planning, Ex-ecution, Evaluation,” 2018 International Conference on Cyber Security and Protection ofDigital Services (Cyber Security), 2018, pp.1–9.
K. Kida, “Seminars to develop information systems specialists who are good at informationsecurity | Course introduction | National University 55 Engineering Faculty HP”, Oct, 2025;https://www.mirai-kougaku.jp/lesson/pages/97.php (in Japanese).
Kagawa University, “Kagawa University Academic Affairs System Campus-Xs”, Oct, 2025;https://kyoumusyst.kagawa-u.ac.jp/campusweb/slbssbdr.do?value(risyunen)=2025&value(semekikn)=1&value(kougicd)=E5005150-1&value(crclumcd)=9999 (in Japanese).
I. Takehara, M. Ishizuka, H. Kamei, K. Kida and K. Saisho, “Evaluation of Processing Timein Trial-and-Error Function of Security Exercise System for Security Beginners”, Proc. the2023 World Congress in Computer Science, Computer Engineering, & Applied Computing(CSCE’23), 2023, pp.871-876, doi:10.1109/CSCE60160.2023.00147.
I. Takehara, Y. Kami, H. Kamei, K. Kida and K. Saisho, “Development of Score Measure-ment and Attack Functions in a Security Exercise System Enable Trial-and-Error”, Proc. 16thIIAI International Congress on Advanced Applied Informatics (IIAI-AAI), 2024, pp.206–211, doi: 10.1109/IIAI-AAI63651.2024.00048.
H. J. Perkinson, “Learning from Our Mistakes: A Reinterpretation of Twentieth CenturyEducational Theory”, Praeger, 1984.
M. Okamura, “Revisiting Donald Sch¨on’s “Reflection-In-Action”: from an Examination ofhis “Epistemology of Practice” ”, Annual Report of The Japanese Society for the Study onTeacher Education, vol.26, 2017, pp.64–74 (in Japanese).
K. Chiken, A. Hazeyama and Y. Miyadera, “A Programming Learning Environment Fo-cusing on Failure Knowledge”, The Journal of Institute of Electronics, Information andCommunication Engineers, vol. J88-D-1, no.1, 2005, pp.66–75 (in Japanese).
T. Hirashima and T. Horiguchi, “Error-Visualization for Learning from Mistakes”, Trans-actions of Japanese Society for Information and Systems in Education, vol. 21, no. 3, 2004,pp. 178–186, (in Japanese).
T. Horiguchi and T. Hirashima, “Simulation-Based Learning Environment for AssistingError-Correction Management of Error-Based Simulation Considering the Cause of Errors”,Transactions of the Japanese Society for Artificial Intelligence, vol. 17, no. 4, 2002, pp.462–472 (in Japanese).
T. Shinohara, I. Imai, T. Tomoto, T. Horiguchi, A. Yamada, S. Yamamoto, Y. Hayashi and T.Hirashima, “Experimental Use of Error-based Simulation for Force on Moving Object in Science Class at Junior High School”, vol. J99-D, no.4, 2016, pp.439–451, (in Japanese).
the European Union Agency for Cybersecurity: Cyber Europe― ENISA,Oct. 2025;https://www.enisa.europa.eu/topics/skills-and-competences-for-companies/cyber-europe.
MINI Hardening Project “MINI Hardening Project (ZANSIN Project) - connpass”, Oct.2025; https://minihardening.connpass.com/ (in Japanese).
Kawaguchi Sekkei, inc., “Microhardening”.Oct. 2025; https://www.sec-k.co.jp/mh (inJapanese).
Y. Kodera and K. Chinen, “Design and Implementation of a Cyber Security Training Re-winding Mechanism”, Security Psychology & Trust (SPT) of IPSJ, vol. 2021-SPT-41, no. 14,2021, pp. 1–6 (in Japanese).
K. Shiota,Y. Taniguchi and N. Iguchi, “A Security Risk Learning System in Public WirelessLAN Based on Failure Experiences”, IPSJ Journal, vol.65, no.3, 2024, pp.748–753,doi/10.20729/00233258 (in Japanese).
S. Ohta, S. Yasuda, T. Yumura and Y. Takano, “Toward Next-Generation Cyber ExerciseEnvironments”, Multimedia, Distributed, Cooperative, and Mobile Symposium, IPSJ Sym-posium Series, vol. 2016, no. 1, 2016, pp.1776–1782 (in Japanese).
F. Skopik and M. Leitner, “Preparing for National Cyber Crises Using Non-linear CyberExercises”, 2021 18th International Conference on Privacy, Security and Trust (PST), 2021,pp. 1-5, doi: 10.1109/PST52912.2021.9647795.
Y. Hoshino, K. Notomi, H. Nishimura and H. Shimeno, “A Development and Evaluation ofTraining Environment for System Administrator Based on Linux Server”, IEEJ Transactionson Electronics, Information and Systems, vol. 136, no.7, 2016, pp.986–994, doi:10.1541/ieejeiss.136.986 (in Japanese)
K. A. Gharabi and J. Arulappan, “Repeated Simulation Experience on Self-Confidence,Critical Thinking, and Competence of Nurses and Nursing Students-An Integrative Review”,Sage Open Nurs, vol. 6: l-8, 2020, pp.1-8 doi: 10.1177/2377960820927377.
WordPress Foundation, “Blog Tool, Publishing Platform, and CMS - WordPress.org”, Jan2025, https://wordpress.org/.
KVM, “KVM”, Jan 2025, https://www.linux-kvm.org/page/Main_Page.
HashiCorp, “Vagrant by HashiCorp”, Jan. 2025, https://www.vagrantup.com/.
Red Hat, “2.4. Storage Formats for Virtual Disk Images — Red Hat Product Documenta-tion”, Jan 2025,https://docs.redhat.com/en/documentation/red_hat_virtualization/4.0/html/technical_reference/qcow2.
