Capture the Flag challenges are a popular form of cybersecurity education, where students solve hands-on tasks in an informal, game-like setting. The tasks feature diverse assignments, such as exploiting websites, cracking passwords, and breaching unsecured networks. However, it is unclear how the skills practiced by these challenges match formal cybersecurity curricula defined by security experts. We explain the significance of Capture the Flag challenges in cybersecurity training and analyze their 15,963 textual solutions collected since 2012. Based on keywords in the solutions, we map them to well-established ACM/IEEE curricular guidelines to understand which skills the challenges teach. We study the distribution of cybersecurity topics, their variance in different challenge formats, and their development over the past years. The analysis showed the prominence of technical knowledge about cryptography and network security, but human aspects, such as social engineering and cybersecurity awareness, are neglected. We discuss the implications of these results and relate them to contemporary literature. Our 1 ar X iv :2 10 1. 01 42 1v 1 [ cs .C R ] 5 J an 2 02 1 results indicate that future Capture the Flag challenges should include nontechnical aspects to address the current advanced cyber threats and attract a broader audience to cybersecurity.

中文翻译：

---

在夺旗挑战中教授网络安全知识和技能

夺旗挑战是一种流行的网络安全教育形式，学生在非正式的、类似游戏的环境中解决动手任务。这些任务具有不同的任务，例如利用网站、破解密码和破坏不安全的网络。然而，尚不清楚这些挑战所实践的技能如何与安全专家定义的正式网络安全课程相匹配。我们解释了夺旗挑战在网络安全培训中的重要性，并分析了自 2012 年以来收集的 15,963 个文本解决方案。根据解决方案中的关键字，我们将它们映射到完善的 ACM/IEEE 课程指南，以了解挑战教授哪些技能。我们研究了网络安全主题的分布、它们在不同挑战形式中的差异以及它们在过去几年的发展。分析表明，密码学和网络安全方面的技术知识很突出，但忽略了社会工程和网络安全意识等人为方面。我们讨论这些结果的含义并将它们与当代文学联系起来。我们的 1 ar X iv :2 10 1. 01 42 1v 1 [ cs .CR ] 5 J an 2 02 1 结果表明，未来的夺旗挑战应包括非技术方面，以应对当前先进的网络威胁并吸引更广泛的受众网络安全。