Conjunction of Criminal Opportunity: Who and How

Summary

In online Problem-Based Learning (PBL), being able to provide immediate feedback to learners is invaluable, yet difficult to achieve. Using Spacy, we examine how well an off-the-shelf Natural Language Processing (NLP) framework is able to detect completeness of free-form short user input. More precisely, we solve two classification tasks: 1) the absence of an identified responsible stakeholder (Who) and 2) the absence of relevant necessary action (How) in ideas generated during security training.

To do this, we apply Part-of-Speech Tagging and Dependency Parsing on contextualised short written learner contributions, collected during the use of the CCO Toolkit, a publicly accessible experiential PBL environment. We test our heuristics on a dataset of 1174 contributions. These were contributed by 91 graduate students enrolled in courses at University College London and Ruhr Universität Bochum, working on three distinct problem scenarios within two different security domains.

We compare the results of the classification against a ground-truth, annotated by two security experts. Our results suggest that for the purposes of providing feedback in free input problem-solving exercises, generic transformer pipelines without fine-tuning can achieve good performance on the identification of missing stakeholder and only moderately satisfactory performance on missing relevant action.

Dataset

The data was annotated for Who and How by two security experts and differences in annotation were discussed between the experts until an agreement was found. The annotation assessed that 17.3% of the dataset is missing Who and 74.9% is missing How. Additionally, ungrammatical (12.3%) and ambiguous (30.5%) contributions were annotated by the experts.

Full expert-annotated dataset

Results

Task: Who (responsible stakeholder)
How (relevant action)

Heuristic: Plain (no dependency tree manipulation)
Prune (collapse subordinate clauses)

Spacy Model: Transformer
Large

CCO Toolkit

Playable at cco.works. Alternatively, consider watching the complete walkthrough.

Scenario	Domain	Ideas
Meltdown	information security	900
Phone2U	information security	141
Moonshine	community safety	133

Heuristics

Our classifiers implement the following grammatical rules:

Task	Voice	PoS	Dependency
How	Active	VERB	ROOT
How	Passive	VERB	parent of agent
Who	Active	Not PRON	nsubj
Who	Passive	NOUN	child of agent

The classification code is available on GitHub. Notice that for the purposes of this research, classification is positive when the response does not contain identified vocabulary.

Acknowledgments

This research would not have been possible without the continuous collaboration with and support of Bilyana Taneva-Popova. We trully regret that she is not part of the official authors list.

References

Ruskov M (2023) Who Should Do It? Automatic Identification of Responsible Stakeholder in Writings during Training. In: The 23rd IEEE International Conference on Advanced Learning Technologies (ICALT 2023). (pp.344-346). IEEE Conference Publishing Services: Orem, Utah, US. (doi)
Ruskov M (2023) Who and How: Using Sentence-level NLP to Evaluate Idea Completeness. In: The 24th International Conference on Artificial Intelligence in Education (AIED 2023). (pp.284-289). Springer. (doi)
Ruskov M, Ekblom P, Sasse MA (2022) Getting Users Smart Quick about Security: Results from 90 Minutes of Using a Persuasive Toolkit for Facilitating Information Security Problem Solving by Non-Professionals. arXiv.org. (pdf)
Ruskov M, Ekblom P, Sasse MA (2014) Towards a Simulation of Information Security Behaviour in Organisations. In: Blackwell C., Zhu H. (eds) Cyberpatterns. Springer. (pdf)
Ruskov M, Ekblom P, Sasse MA (2013) In Search for the Right Measure: Assessing Types of Developed Knowledge While Using a Gamified Web Toolkit. In: 7th European Conference on Games Based Learning (ECGBL 2013). (pp.722-729). Academic Conferences: Reading, UK. (pdf)
Ruskov M, Celdran JM, Ekblom P, Sasse MA (2012) Unlocking the Next Level of Crime Prevention: Development of a Game Prototype to Teach the Conjunction of Criminal Opportunity. In Information Technologies and Control. 10(3). (pp.15-21). (pdf)
Ekblom P (2011) Crime Prevention, Security and Community Safety Using the 5Is Framework. ISBN 9780230298996. (doi)
Ekblom P (2010) The conjunction of criminal opportunity theory. In Encyclopedia of Victimology and Crime Prevention. ISBN 9781412960472. (pp.140-146). (doi)
Ekblom P (2002) From the Source to the Mainstream is Uphill: The Challenge of Transferring Knowledge of Crime Prevention Through Replication, Innovation and Anticipation. In Analysis for Crime Prevention (Crime Prevention Studies 13). ISBN 1881798348. (pp.131-203). (pdf)