Enhancing learning management systems with intrusion alerts and forensic logging
List of Authors
  • Norhidayah Abd Hamid , Nurul Hidayah Ab Rahman

Keyword
  • Forensic Readiness, Forensic Log, Intrusion Alert, Learning Management System

Abstract
  • Web-based Learning Management Systems (LMS) are gaining popularity in the education sector as they provide more convenience in the teaching and learning experience. However, these systems are vulnerable to cyber-attacks, such as intrusion attempts. In the event of a security incident, it is imperative to conduct thorough investigations. Therefore, this study proposed Sistem Pengurusan Pembelajaran (SiPP) an LMS developed with intrusion alert and forensic log to provide incident notification and forensic-ready LMS. The prototyping model was adopted to develop the SiPP system, which includes modules such as login, intrusion notification, forensic log, activity log, teacher management, student management, learning material, and assessments. Functional testing results confirm SiPP's ability to log user activities, detect intrusion attempts, and notify users through Short Messaging Service (SMS) and other system modules function successfully. The user acceptance test shows positive feedback and high satisfaction, confirming the effectiveness of SiPP's features and performance. To sum up, SiPP demonstrates promising features that protect against intrusions and ensures forensic readiness.

Reference
  • 1. Ahmad, N. A., Elias, N. F., & Sahari, N. (2021). The Motivational Factors in Learning Management System. Proceedings of the International Conference on Electrical Engineering and Informatics. https://doi.org/10.1109/ICEEI52609.2021.9611140

    2. Ali, M. I., & Kaur, S. (2021). Next-Generation Digital Forensic Readiness BYOD Framework. Security and Communication Networks, 2021, 1–19. https://doi.org/10.1155/2021/6664426

    3. Amalia, E. L., Kirana, A. P., Lestari, V. A., Wijayaningrum, V. N., Shofiah, A., & Agustin, R. U. (2021). Application of Learning Management System to Improve Teaching and Learning Activities in Vocational High Schools. Proceedings - IEIT 2021: 1st International Conference on Electrical and Information Technology, 63–68. https://doi.org/10.1109/IEIT53149.2021.9587448

    4. Ayu, D., Wulandari, N., Alfin, A., Bahar, H., Arfananda, M. G., Apriyani, H., & Author, C. (2021). Prototyping Model In Information System Development Of Al-Ruhamaa’ Bogor Yatim Center Foundation. Jurnal Pilar Nusa Mandiri, 17.

    5. Azzam, M., Pasquale, L., Provan, G., & Nuseibeh, B. (2022). Forensic Readiness of Industrial Control Systems Under Stealthy Attacks. Computers & Security, 125, 103010. https://doi.org/10.1016/j.cose.2022.103010

    6. Choudhary, S., & Sharma, D. (2016). International Journal of Computer Science and Mobile Computing A Review of Logs, Protection of Log data & Computer Forensics. In International Journal of Computer Science and Mobile Computing (Vol. 5, Issue 5). www.ijcsmc.com

    7. Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012). Computer Security Incident Handling Guide : Recommendations of the National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-61r2

    8. Esheridan. (2017). Blocking Brute Force Attacks. owasp.org.

    9. Kebande, V. R., Karie, N. M., Choo, K. R., & Alawadi, S. (2021). Digital forensic readiness intelligence crime repository. SECURITY AND PRIVACY, 4(3), 1–11. https://doi.org/10.1002/spy2.151

    10. Lagrasse, M., Avinash, S., Munkhondya, H., Ikuesan, A., & Venter, H. (2020). Digital forensic readiness framework for software-defined networks using a trigger-based collection mechanism. Proceedings of the 15th International Conference on Cyber Warfare and Security, ICCWS, 296–305.

    11. Manawar, A. (2023). An Innovative and Secure Platform for Leveraging the Blockchain Approach for Online Exams. Aptisi Transactions on Technopreneurship (ATT), 5(1), 99–108. https://doi.org/10.34306/att.v5i1.314

    12. Manjiri, S. (2021, April 16). Importance of E Learning - LEAD. https://leadschool.in/blog/growing-importance-of-e-learning-in-the-21st-century/

    13. OWASP. (2021). Logging - OWASP Cheat Sheet Series. https://cheatsheetseries.owasp.org/cheatsheets/Logging_Cheat_Sheet.html

    14. Razak, M., Ab Rahman, N., Cahyani, N., Xin Hui, T., & Taylor, S. (2023). M-health digital evidence taxonomy system (MDETS): Enabling digital forensics readiness with knowledge sharing approach. In AIP Conference Proceedings (Vol. 2508). https://doi.org/10.1063/5.0119345

    15. Rivera Ortiz, F., & Pasquale, L. (2019). Towards Automated Logging for Forensic-Ready Software Systems. https://doi.org/10.1109/REW.2019.00033

    16. Rowlingson, R. (2004). A Ten Step Process for Forensic Readiness. In International Journal of Digital Evidence Winter (Vol. 2, Issue 3).

    17. Sam, F. (2020, November 18). Security Best Practices for Your LMS. Reflection Software. https://www.reflectionsoftware.com/blog/security-best-practices-for-your-lms

    18. Sylla, K., Babou, B., & Ouya, S. (2022). Secure Dematerialization of Assessments in Digital Universities through Moodle, WebRTC and Safe Exam Browser (SEB). Proceedings of the 19th International Conference on Cognition and Exploratory Learning in Digital Age (CELDA 2022), 259–266.

    19. Tam, K., & Jones, K. (2019). Forensic Readiness within the Maritime Sector. 2019 International Conference on Cyber Situational Awareness, Data Analytics and Assessment (Cyber SA), 1–4. https://doi.org/10.1109/CyberSA.2019.8899642

    20. Taylor, J. (2020, June 20). Hackers target NSW school online accounts in phishing campaign. The Guardian. https://www.theguardian.com/technology/2020/jun/20/hackers-target-nsw-school-online-accounts-in-phishing-campaign

    21. Wan Osman, W. N. N., & Ab Rahman, N. H. (2023). EdQuizy: A Development of a Quiz Mobile Application with Anti-Cheating Features. Applied Information Technology and Computer Science, 168–184.