SlideShare a Scribd company logo

Smart like a Fox: How clever students trick dumb programming assignment assessment systems

Nane Kratzke
Nane Kratzke

This case study reports on two first-semester programming courses with more than 190 students. Both courses made use of automated assessments. We observed how students trick these systems by analysing the version history of suspect submissions. By analysing more than 3300 submissions, we revealed four astonishingly simple tricks (overfitting, evasion) and cheat-patterns (redirection, and injection) that students used to trick automated programming assignment assessment systems (APAAS). Although not the main focus of this study, it discusses and proposes corresponding counter-measures where appropriate. Nevertheless, the primary intent of this paper is to raise problem awareness and to identify and systematise observable problem patterns in a more formal approach. The identified immaturity of existing APAAS solutions might have implications for courses that rely deeply on automation like MOOCs. Therefore, we conclude to look at APAAS solutions much more from a security point of view (code injection). Moreover, we identify the need to evolve existing unit testing frameworks into more evaluation-oriented teaching solutions that provide better trick and cheat detection capabilities and differentiated grading support.

Education
1 of 28
Download to read offline
How clever students trick dumb automated programming assignment assessment systems (APAAS) Nane Kratzke SMART LIKE A FOX 1
Introduction Methodology Analysis Discussion, Counter Measures Limitations, Conclusion Agenda 2 Presentation on SpeakerDeck Preprint on ResearchGate Presentation at CSEDU 2019, Heraklion, Crete, Greece (2 – 4 May 2019)
• We are at a transition point between the industrialisation age and the digitisation age. • Computer science related skills are a vital asset in this context. One of these basic skills is practical programming. • The course sizes of university and college programming courses are steadily increasing. • Even MOOC’s are used more frequently to convey necessary programming capabilities to students of different disciplines. • The coursework is composed of assignments that are highly suited to be assessed automatically. • However, it is very often underestimated how astonishingly easy it is to trick these systems! Introduction 3 The question arises whether “robots” certificate the expertiseto program or to cheat?
A small example to get your attention ... 4 VPL == Virtual Programming Lab • Count the occurence of a character c in a String s. • Develop a method countChar(). How to get full points in Moodle/VPL? The same works for every assignment! INTRODUCTION
INTRODUCTION • APAAS solutions are systems that execute injected code (student submissions). • Code injection is known as a severe threat from a security point of view. • APAAS solutions protect the host system via sandbox mechanisms. • Much effort is invested in sophisticated code plagiarism detection and authorship control of student submissions. • But it was astonishing to see that APAAS solutions like VPL overlook the cheating cleverness of students. • The grading component can be cheated very straightforward. • Unattended automated programming examinations must be rated suspect. APAAS == Code Injection System 5
Introduction Methodology Analysis Discussion, Counter Measures Limitations, Conclusion Agenda 6
• Two first semester programming Java courses in the winter semester 2018/19: • A regular computer science study programme (CS) • An information technology and design focused study programme (ITD) • In both courses we searched for student submissions that intentionally trick the grading component. • APAAS: Moodle/VPL (Version 3.3.3) Methodology 7 • To minimise Hawthorne and Experimenter effects neither the students nor the advisers were aware to be part of this study. • Even if cheating was detected this had no consequences for the students. It was not even communicated. • Students were unaware that the version history of their submissions were logged and analyzed.
METHODOLOGY • VPL submissions were downloaded from Moodle • Python/Jupyter based sample selection • S1: triggered evaluations • S2: maximum versions • S3: low average high end • S4: condition related terms • S5: unusual terms (System.exit, ...) • S6: random submissions • NumPy, matplotlib, statistics, Javaparser libraries • Exported weekly into archived PDF documents (for manual analysis) Searching for cheats Automated sample selection, manual sample analysis 8
METHODOLOGY Analysis of submissions 9 Manual annotation Task description Result, workload, working phases, student identifier
Introduction Methodology Analysis Discussion, Counter Measures Limitations, Conclusion Agenda 10
ANALYSIS Observed cheat-pattern frequency 11
ANALYSIS Continuous Example Assignment 12 Count the occurence of a character c in a String s (not case-sensitive). We searched for solutions that differed significantly from this intendend (reference) solution. The reference solution used to check for correctness.
ANALYSIS CHEAT PATTERN (1) • Get a maximum of points but do not solve the given problem in a general way • Solution is completely useless outside the scope of the test cases • Mapping simply input parameters to expected output parameters (63%) Overfitting 13
ANALYSIS CHEAT PATTERN (2) (30%) Problem Evasion 14 Example assignment: Count the occurence of a character c in a String s recursively. Solution pretends to be recursive, but it is merely a redirection to an overloaded method using loops (non- recursive). Intended solution Evasion solution
ANALYSIS CHEAT PATTERN (3) (6%) Redirection 15 (1) A small spelling error will result in compiler messages indicating that a specific method is expected by the test logic! (2) Compiler error messages can reveal the reference solution. (3) A clever student might now simply redirect the submission to the reference method (to let the grader evaluate itself). Redirecting solution
ANALYSIS CHEAT PATTERN (4) (2%) Injection 16 Print simply the points you want to have in a APAAS specific format on standard out. • Change the intended workflow of the evaluation logic • Use the standard out stream to place text that is evaluated by the APAAS system • The evaluator calls the to be evaluated code. • The submission code can print to standard out and then terminates further evaluation calls. • The evaluator parses standard outs content and will give full points! Some strings with a specific meaning for VPL.
Introduction Methodology Analysis Discussion, Counter Measures Limitations, Conclusion Agenda 17
DISCUSSION • Randomize Test CasesOverfitting • AST-based code inspectionProblem Evasion • AST-based code inspectionRedirection • Seperate standard out stream for evaluation and submission logicInjection Counter Measures 18 A more detailed discussion can be found in the paper.
DISCUSSION JEdUnit 19 JEdUnit https://github.com/nkratzke/JEdUnit JEdUnit is a unit testing framework with a special focus on educational aspects. It strives to simplify automatic evaluation of (small) Java programming assignments using Moodle/VPL. It is used and developed for programming classes at the Lübeck University of Applied Sciences. However, this framework might be helpful for other programming instructors, so it has been open sourced.
DISCUSSION Randomize Test Cases 20 Don‘t do that: Do that: JEdUnit DSL to express randomized test values. E.g. apply regular expressions inversely to generate random strings.
DISCUSSION AST-based code inspections 21 E.g.: Don‘t allow to bypass recursions by inspecting and penalizing loop presence. The JEdUnit DSL is able to express selectors on abstract syntax trees (AST) to check for the presence or absence of language constructs. The selector model of JEdUnit works similar like CSS selectors work on DOM- trees.
DISCUSSION Isolation of submission and evaluation logic 22 Submission logic gets an isolated fake console Submission shares stdout with evaluation process JEdUnit approach VPL approach
DISCUSSION Further Features of JEdUnit 23 JEdUnit https://github.com/nkratzke/JEdUnit • Weighting of test cases (by annotations) • Checkstyle integration (weightened rules) • DSL • to formulate test cases in a check, explain, onError pattern • to randomize test cases • to write arbitrary code inspections based on a selector model • Predefined code inspections (switch on/off): proper collection usage, Loops, Lambdas, inner classes, datafields, sonsole output, etc. • Automated class structure comparison (OO use cases to compare the structural equality of a multi-class submission with a multi-class reference solution.
Introduction Methodology Analysis Discussion, Counter Measures Limitations, Conclusion Agenda 24
LIMITATIONS We searched qualitatively and not quantitatively for cheat-patterns • Do not draw any conclusions what kind of cheat-pattern occur at what level of programming expertise • Do not draw any conclusions on the quantitative aspects of cheating • The study does not proclaim to have identified all kinds of cheat- patterns The study does not proclaim that all APAAS solutions have the same set of vulnerabilities • Do not generalize Moodle/VPL specific-problems. • However, the Overfitting, Problem Evasion, Redirection, and Injection patterns can be used to check for vulnerabilities in other APAAS solutions. Threats on Validity 25
• We have to be aware that (even first-year) students are clever enough to trick automated grading solutions. • Cheat patterns: • Overfitting • Problem Evasion • Redirection • Injection • Options we currently investigate: • Randomise test cases • Pragmatic code inspection • Isolation of submission and evaluation logic • Exactly these features seem to be only incompletely provided by current APAAS systems. Conclusion 26 JEdUnit https://github.com/nkratzke/JEdUnit
Acknowledgement 27 Presentation on SpeakerDeck Preprint on ResearchGate Advisers of the practical courses • David Engelhardt, Thomas Hamer, Clemens Stauner, Volker Völz, Patrick Willnow Student tutors • Franz Bretterbauer, Francisco Cardoso, Jannik Gramann, Till Hahn, Thorleif Harder, Jan Steffen Krohn, Diana Meier, Jana Schwieger, Jake Stradling, and Janos Vinz Picture Reference • Hacker: Pixabay.com (CC0) • Robot: Pixabay.com (CC0)
About 28 Nane Kratzke Web: http://nane.kratzke.pages.mylab.th-luebeck.de/about Twitter: @NaneKratzke LinkedIn: https://de.linkedin.com/in/nanekratzke GitHub: https://github.com/nkratzke ResearchGate: https://www.researchgate.net/profile/Nane_Kratzke SlideShare: http://de.slideshare.net/i21aneka

Recommended

Istqb certification – foundation level syllabus
Istqb certification – foundation level syllabusIstqb certification – foundation level syllabus
Istqb certification – foundation level syllabusDautaydo Ken
 
Test design techniques
Test design techniquesTest design techniques
Test design techniquesManindra Simhadri
 
Design Test Case Technique (Equivalence partitioning And Boundary value analy...
Design Test Case Technique (Equivalence partitioning And Boundary value analy...Design Test Case Technique (Equivalence partitioning And Boundary value analy...
Design Test Case Technique (Equivalence partitioning And Boundary value analy...Ryan Tran
 
Survey Research In Empirical Software Engineering
Survey Research In Empirical Software EngineeringSurvey Research In Empirical Software Engineering
Survey Research In Empirical Software Engineeringalessio_ferrari
 
Controlled experiments, Hypothesis Testing, Test Selection, Threats to Validity
Controlled experiments, Hypothesis Testing, Test Selection, Threats to ValidityControlled experiments, Hypothesis Testing, Test Selection, Threats to Validity
Controlled experiments, Hypothesis Testing, Test Selection, Threats to Validityalessio_ferrari
 
Case Study Research in Software Engineering
Case Study Research in Software EngineeringCase Study Research in Software Engineering
Case Study Research in Software Engineeringalessio_ferrari
 
Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Praveen Penumathsa
 
Test design techniques
Test design techniquesTest design techniques
Test design techniquesGregory Solovey
 

Recommended

Istqb certification – foundation level syllabus
Istqb certification – foundation level syllabusIstqb certification – foundation level syllabus
Istqb certification – foundation level syllabusDautaydo Ken
 
Test design techniques
Test design techniquesTest design techniques
Test design techniquesManindra Simhadri
 
Design Test Case Technique (Equivalence partitioning And Boundary value analy...
Design Test Case Technique (Equivalence partitioning And Boundary value analy...Design Test Case Technique (Equivalence partitioning And Boundary value analy...
Design Test Case Technique (Equivalence partitioning And Boundary value analy...Ryan Tran
 
Survey Research In Empirical Software Engineering
Survey Research In Empirical Software EngineeringSurvey Research In Empirical Software Engineering
Survey Research In Empirical Software Engineeringalessio_ferrari
 
Controlled experiments, Hypothesis Testing, Test Selection, Threats to Validity
Controlled experiments, Hypothesis Testing, Test Selection, Threats to ValidityControlled experiments, Hypothesis Testing, Test Selection, Threats to Validity
Controlled experiments, Hypothesis Testing, Test Selection, Threats to Validityalessio_ferrari
 
Case Study Research in Software Engineering
Case Study Research in Software EngineeringCase Study Research in Software Engineering
Case Study Research in Software Engineeringalessio_ferrari
 
Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Generating test cases using UML Communication Diagram
Generating test cases using UML Communication Diagram Praveen Penumathsa
 
Test design techniques
Test design techniquesTest design techniques
Test design techniquesGregory Solovey
 
Lung-Hao Lee - 2015 - Overview of the NLP-TEA 2015 Shared Task for Chinese Gr...
Lung-Hao Lee - 2015 - Overview of the NLP-TEA 2015 Shared Task for Chinese Gr...Lung-Hao Lee - 2015 - Overview of the NLP-TEA 2015 Shared Task for Chinese Gr...
Lung-Hao Lee - 2015 - Overview of the NLP-TEA 2015 Shared Task for Chinese Gr...Association for Computational Linguistics
 
Exploratory testing STEW 2016
Exploratory testing STEW 2016Exploratory testing STEW 2016
Exploratory testing STEW 2016Per Runeson
 
Testing foundations
Testing foundationsTesting foundations
Testing foundationsNeha Singh
 
[Tho Quan] Fault Localization - Where is the root cause of a bug?
[Tho Quan] Fault Localization - Where is the root cause of a bug?[Tho Quan] Fault Localization - Where is the root cause of a bug?
[Tho Quan] Fault Localization - Where is the root cause of a bug?Ho Chi Minh City Software Testing Club
 
Empirical Methods in Software Engineering - an Overview
Empirical Methods in Software Engineering - an OverviewEmpirical Methods in Software Engineering - an Overview
Empirical Methods in Software Engineering - an Overviewalessio_ferrari
 
[01-B] Empirical software engineering
[01-B] Empirical software engineering[01-B] Empirical software engineering
[01-B] Empirical software engineeringIvano Malavolta
 
Ssbse12b.ppt
Ssbse12b.pptSsbse12b.ppt
Ssbse12b.pptPtidej Team
 
Shyam presentation prefinal
Shyam presentation prefinalShyam presentation prefinal
Shyam presentation prefinalShyam Raj
 
130321 zephyrin soh - on the effect of exploration strategies on maintenanc...
130321 zephyrin soh - on the effect of exploration strategies on maintenanc...130321 zephyrin soh - on the effect of exploration strategies on maintenanc...
130321 zephyrin soh - on the effect of exploration strategies on maintenanc...Ptidej Team
 
[2017/2018] RESEARCH in software engineering
[2017/2018] RESEARCH in software engineering[2017/2018] RESEARCH in software engineering
[2017/2018] RESEARCH in software engineeringIvano Malavolta
 
Programming with GUTs
Programming with GUTsProgramming with GUTs
Programming with GUTscatherinewall
 
MSR2017-RevHelper
MSR2017-RevHelperMSR2017-RevHelper
MSR2017-RevHelperMasud Rahman
 
Sound Empirical Evidence in Software Testing
Sound Empirical Evidence in Software TestingSound Empirical Evidence in Software Testing
Sound Empirical Evidence in Software TestingJaguaraci Silva
 
Ontology model for c overflow vulnerabilities attack
Ontology model for c overflow vulnerabilities attackOntology model for c overflow vulnerabilities attack
Ontology model for c overflow vulnerabilities attackNurul Haszeli Ahmad
 
Performance analysis of machine learning approaches in software complexity pr...
Performance analysis of machine learning approaches in software complexity pr...Performance analysis of machine learning approaches in software complexity pr...
Performance analysis of machine learning approaches in software complexity pr...Sayed Mohsin Reza
 
Wcre13a.ppt
Wcre13a.pptWcre13a.ppt
Wcre13a.pptPtidej Team
 
Industry-Academia Communication In Empirical Software Engineering
Industry-Academia Communication In Empirical Software EngineeringIndustry-Academia Communication In Empirical Software Engineering
Industry-Academia Communication In Empirical Software EngineeringPer Runeson
 
Week 10: Programming for Data Analysis
Week 10: Programming for Data AnalysisWeek 10: Programming for Data Analysis
Week 10: Programming for Data AnalysisFerdin Joe John Joseph PhD
 
Machine Learning Techniques with Ontology for Subjective Answer Evaluation
Machine Learning Techniques with Ontology for Subjective Answer EvaluationMachine Learning Techniques with Ontology for Subjective Answer Evaluation
Machine Learning Techniques with Ontology for Subjective Answer Evaluationijnlc
 
Influence of the population structure on the performance of an Agent-Based Ev...
Influence of the population structure on the performance of an Agent-Based Ev...Influence of the population structure on the performance of an Agent-Based Ev...
Influence of the population structure on the performance of an Agent-Based Ev...Juan J. Merelo
 
Testing of Object-Oriented Software
Testing of Object-Oriented SoftwareTesting of Object-Oriented Software
Testing of Object-Oriented SoftwarePraveen Penumathsa
 
Experimental Design for Distributed Machine Learning with Myles Baker
Experimental Design for Distributed Machine Learning with Myles BakerExperimental Design for Distributed Machine Learning with Myles Baker
Experimental Design for Distributed Machine Learning with Myles BakerDatabricks
 

More Related Content

What's hot

Lung-Hao Lee - 2015 - Overview of the NLP-TEA 2015 Shared Task for Chinese Gr...
Lung-Hao Lee - 2015 - Overview of the NLP-TEA 2015 Shared Task for Chinese Gr...Lung-Hao Lee - 2015 - Overview of the NLP-TEA 2015 Shared Task for Chinese Gr...
Lung-Hao Lee - 2015 - Overview of the NLP-TEA 2015 Shared Task for Chinese Gr...Association for Computational Linguistics
 
Exploratory testing STEW 2016
Exploratory testing STEW 2016Exploratory testing STEW 2016
Exploratory testing STEW 2016Per Runeson
 
Testing foundations
Testing foundationsTesting foundations
Testing foundationsNeha Singh
 
Empirical Methods in Software Engineering - an Overview
Empirical Methods in Software Engineering - an OverviewEmpirical Methods in Software Engineering - an Overview
Empirical Methods in Software Engineering - an Overviewalessio_ferrari
 
[01-B] Empirical software engineering
[01-B] Empirical software engineering[01-B] Empirical software engineering
[01-B] Empirical software engineeringIvano Malavolta
 
Shyam presentation prefinal
Shyam presentation prefinalShyam presentation prefinal
Shyam presentation prefinalShyam Raj
 
130321 zephyrin soh - on the effect of exploration strategies on maintenanc...
130321 zephyrin soh - on the effect of exploration strategies on maintenanc...130321 zephyrin soh - on the effect of exploration strategies on maintenanc...
130321 zephyrin soh - on the effect of exploration strategies on maintenanc...Ptidej Team
 
[2017/2018] RESEARCH in software engineering
[2017/2018] RESEARCH in software engineering[2017/2018] RESEARCH in software engineering
[2017/2018] RESEARCH in software engineeringIvano Malavolta
 
Programming with GUTs
Programming with GUTsProgramming with GUTs
Programming with GUTscatherinewall
 
Sound Empirical Evidence in Software Testing
Sound Empirical Evidence in Software TestingSound Empirical Evidence in Software Testing
Sound Empirical Evidence in Software TestingJaguaraci Silva
 
Ontology model for c overflow vulnerabilities attack
Ontology model for c overflow vulnerabilities attackOntology model for c overflow vulnerabilities attack
Ontology model for c overflow vulnerabilities attackNurul Haszeli Ahmad
 
Performance analysis of machine learning approaches in software complexity pr...
Performance analysis of machine learning approaches in software complexity pr...Performance analysis of machine learning approaches in software complexity pr...
Performance analysis of machine learning approaches in software complexity pr...Sayed Mohsin Reza
 
Industry-Academia Communication In Empirical Software Engineering
Industry-Academia Communication In Empirical Software EngineeringIndustry-Academia Communication In Empirical Software Engineering
Industry-Academia Communication In Empirical Software EngineeringPer Runeson
 
Machine Learning Techniques with Ontology for Subjective Answer Evaluation
Machine Learning Techniques with Ontology for Subjective Answer EvaluationMachine Learning Techniques with Ontology for Subjective Answer Evaluation
Machine Learning Techniques with Ontology for Subjective Answer Evaluationijnlc
 
Influence of the population structure on the performance of an Agent-Based Ev...
Influence of the population structure on the performance of an Agent-Based Ev...Influence of the population structure on the performance of an Agent-Based Ev...
Influence of the population structure on the performance of an Agent-Based Ev...Juan J. Merelo
 

What's hot (20)

Lung-Hao Lee - 2015 - Overview of the NLP-TEA 2015 Shared Task for Chinese Gr...
Lung-Hao Lee - 2015 - Overview of the NLP-TEA 2015 Shared Task for Chinese Gr...Lung-Hao Lee - 2015 - Overview of the NLP-TEA 2015 Shared Task for Chinese Gr...
Lung-Hao Lee - 2015 - Overview of the NLP-TEA 2015 Shared Task for Chinese Gr...
 
Exploratory testing STEW 2016
Exploratory testing STEW 2016Exploratory testing STEW 2016
Exploratory testing STEW 2016
 
Testing foundations
Testing foundationsTesting foundations
Testing foundations
 
[Tho Quan] Fault Localization - Where is the root cause of a bug?
[Tho Quan] Fault Localization - Where is the root cause of a bug?[Tho Quan] Fault Localization - Where is the root cause of a bug?
[Tho Quan] Fault Localization - Where is the root cause of a bug?
 
Empirical Methods in Software Engineering - an Overview
Empirical Methods in Software Engineering - an OverviewEmpirical Methods in Software Engineering - an Overview
Empirical Methods in Software Engineering - an Overview
 
[01-B] Empirical software engineering
[01-B] Empirical software engineering[01-B] Empirical software engineering
[01-B] Empirical software engineering
 
Ssbse12b.ppt
Ssbse12b.pptSsbse12b.ppt
Ssbse12b.ppt
 
Shyam presentation prefinal
Shyam presentation prefinalShyam presentation prefinal
Shyam presentation prefinal
 
130321 zephyrin soh - on the effect of exploration strategies on maintenanc...
130321 zephyrin soh - on the effect of exploration strategies on maintenanc...130321 zephyrin soh - on the effect of exploration strategies on maintenanc...
130321 zephyrin soh - on the effect of exploration strategies on maintenanc...
 
[2017/2018] RESEARCH in software engineering
[2017/2018] RESEARCH in software engineering[2017/2018] RESEARCH in software engineering
[2017/2018] RESEARCH in software engineering
 
Programming with GUTs
Programming with GUTsProgramming with GUTs
Programming with GUTs
 
MSR2017-RevHelper
MSR2017-RevHelperMSR2017-RevHelper
MSR2017-RevHelper
 
Sound Empirical Evidence in Software Testing
Sound Empirical Evidence in Software TestingSound Empirical Evidence in Software Testing
Sound Empirical Evidence in Software Testing
 
Ontology model for c overflow vulnerabilities attack
Ontology model for c overflow vulnerabilities attackOntology model for c overflow vulnerabilities attack
Ontology model for c overflow vulnerabilities attack
 
Performance analysis of machine learning approaches in software complexity pr...
Performance analysis of machine learning approaches in software complexity pr...Performance analysis of machine learning approaches in software complexity pr...
Performance analysis of machine learning approaches in software complexity pr...
 
Wcre13a.ppt
Wcre13a.pptWcre13a.ppt
Wcre13a.ppt
 
Industry-Academia Communication In Empirical Software Engineering
Industry-Academia Communication In Empirical Software EngineeringIndustry-Academia Communication In Empirical Software Engineering
Industry-Academia Communication In Empirical Software Engineering
 
Week 10: Programming for Data Analysis
Week 10: Programming for Data AnalysisWeek 10: Programming for Data Analysis
Week 10: Programming for Data Analysis
 
Machine Learning Techniques with Ontology for Subjective Answer Evaluation
Machine Learning Techniques with Ontology for Subjective Answer EvaluationMachine Learning Techniques with Ontology for Subjective Answer Evaluation
Machine Learning Techniques with Ontology for Subjective Answer Evaluation
 
Influence of the population structure on the performance of an Agent-Based Ev...
Influence of the population structure on the performance of an Agent-Based Ev...Influence of the population structure on the performance of an Agent-Based Ev...
Influence of the population structure on the performance of an Agent-Based Ev...
 

Similar to Smart like a Fox: How clever students trick dumb programming assignment assessment systems

Testing of Object-Oriented Software
Testing of Object-Oriented SoftwareTesting of Object-Oriented Software
Testing of Object-Oriented SoftwarePraveen Penumathsa
 
Experimental Design for Distributed Machine Learning with Myles Baker
Experimental Design for Distributed Machine Learning with Myles BakerExperimental Design for Distributed Machine Learning with Myles Baker
Experimental Design for Distributed Machine Learning with Myles BakerDatabricks
 
Intelligent Career Guidance System.pptx
Intelligent Career Guidance System.pptxIntelligent Career Guidance System.pptx
Intelligent Career Guidance System.pptxAnonymous366406
 
Internal assessment marking system
Internal assessment marking systemInternal assessment marking system
Internal assessment marking systemShreshth Saxena
 
Can we induce change with what we measure?
Can we induce change with what we measure?Can we induce change with what we measure?
Can we induce change with what we measure?Michaela Greiler
 
Automock: Interaction-Based Mock Code Generation
Automock: Interaction-Based Mock Code GenerationAutomock: Interaction-Based Mock Code Generation
Automock: Interaction-Based Mock Code GenerationSabrina Souto
 
Metamorphic Testing Thesis Defense.pptx
Metamorphic Testing Thesis Defense.pptxMetamorphic Testing Thesis Defense.pptx
Metamorphic Testing Thesis Defense.pptxentertainmentweekly11
 
MexADL - HADAS Presentation
MexADL - HADAS PresentationMexADL - HADAS Presentation
MexADL - HADAS Presentationjccastrejon
 
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)lifove
 
Expanding our Testing Horizons
Expanding our Testing HorizonsExpanding our Testing Horizons
Expanding our Testing HorizonsMark Micallef
 
Day 1 1620 - 1705 - maple - pranabendu bhattacharyya
Day 1 1620 - 1705 - maple - pranabendu bhattacharyyaDay 1 1620 - 1705 - maple - pranabendu bhattacharyya
Day 1 1620 - 1705 - maple - pranabendu bhattacharyyaPMI2011
 
Day1 1620-1705-maple-pranabendubhattacharyya-131008043643-phpapp02
Day1 1620-1705-maple-pranabendubhattacharyya-131008043643-phpapp02Day1 1620-1705-maple-pranabendubhattacharyya-131008043643-phpapp02
Day1 1620-1705-maple-pranabendubhattacharyya-131008043643-phpapp02PMI_IREP_TP
 
Computer Based Assessment.pptx
Computer Based Assessment.pptxComputer Based Assessment.pptx
Computer Based Assessment.pptxsalah327743
 
The Power of Auto ML and How Does it Work
The Power of Auto ML and How Does it WorkThe Power of Auto ML and How Does it Work
The Power of Auto ML and How Does it WorkIvo Andreev
 
MLOps and Data Quality: Deploying Reliable ML Models in Production
MLOps and Data Quality: Deploying Reliable ML Models in ProductionMLOps and Data Quality: Deploying Reliable ML Models in Production
MLOps and Data Quality: Deploying Reliable ML Models in ProductionProvectus
 
Algorithm ExampleFor the following taskUse the random module .docx
Algorithm ExampleFor the following taskUse the random module .docxAlgorithm ExampleFor the following taskUse the random module .docx
Algorithm ExampleFor the following taskUse the random module .docxdaniahendric
 

Similar to Smart like a Fox: How clever students trick dumb programming assignment assessment systems (20)

Testing of Object-Oriented Software
Testing of Object-Oriented SoftwareTesting of Object-Oriented Software
Testing of Object-Oriented Software
 
Experimental Design for Distributed Machine Learning with Myles Baker
Experimental Design for Distributed Machine Learning with Myles BakerExperimental Design for Distributed Machine Learning with Myles Baker
Experimental Design for Distributed Machine Learning with Myles Baker
 
Intelligent Career Guidance System.pptx
Intelligent Career Guidance System.pptxIntelligent Career Guidance System.pptx
Intelligent Career Guidance System.pptx
 
DITEC - Software Engineering
DITEC - Software EngineeringDITEC - Software Engineering
DITEC - Software Engineering
 
Internal assessment marking system
Internal assessment marking systemInternal assessment marking system
Internal assessment marking system
 
Can we induce change with what we measure?
Can we induce change with what we measure?Can we induce change with what we measure?
Can we induce change with what we measure?
 
Resume_Apoorva
Resume_ApoorvaResume_Apoorva
Resume_Apoorva
 
Automock: Interaction-Based Mock Code Generation
Automock: Interaction-Based Mock Code GenerationAutomock: Interaction-Based Mock Code Generation
Automock: Interaction-Based Mock Code Generation
 
Metamorphic Testing Thesis Defense.pptx
Metamorphic Testing Thesis Defense.pptxMetamorphic Testing Thesis Defense.pptx
Metamorphic Testing Thesis Defense.pptx
 
Ai in finance
Ai in financeAi in finance
Ai in finance
 
MexADL - HADAS Presentation
MexADL - HADAS PresentationMexADL - HADAS Presentation
MexADL - HADAS Presentation
 
Requirement and System Analysis
Requirement and System AnalysisRequirement and System Analysis
Requirement and System Analysis
 
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
 
Expanding our Testing Horizons
Expanding our Testing HorizonsExpanding our Testing Horizons
Expanding our Testing Horizons
 
Day 1 1620 - 1705 - maple - pranabendu bhattacharyya
Day 1 1620 - 1705 - maple - pranabendu bhattacharyyaDay 1 1620 - 1705 - maple - pranabendu bhattacharyya
Day 1 1620 - 1705 - maple - pranabendu bhattacharyya
 
Day1 1620-1705-maple-pranabendubhattacharyya-131008043643-phpapp02
Day1 1620-1705-maple-pranabendubhattacharyya-131008043643-phpapp02Day1 1620-1705-maple-pranabendubhattacharyya-131008043643-phpapp02
Day1 1620-1705-maple-pranabendubhattacharyya-131008043643-phpapp02
 
Computer Based Assessment.pptx
Computer Based Assessment.pptxComputer Based Assessment.pptx
Computer Based Assessment.pptx
 
The Power of Auto ML and How Does it Work
The Power of Auto ML and How Does it WorkThe Power of Auto ML and How Does it Work
The Power of Auto ML and How Does it Work
 
MLOps and Data Quality: Deploying Reliable ML Models in Production
MLOps and Data Quality: Deploying Reliable ML Models in ProductionMLOps and Data Quality: Deploying Reliable ML Models in Production
MLOps and Data Quality: Deploying Reliable ML Models in Production
 
Algorithm ExampleFor the following taskUse the random module .docx
Algorithm ExampleFor the following taskUse the random module .docxAlgorithm ExampleFor the following taskUse the random module .docx
Algorithm ExampleFor the following taskUse the random module .docx
 

More from Nane Kratzke

#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...Nane Kratzke
 
About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...
About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...
About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...Nane Kratzke
 
Serverless Architectures - Where have all the servers gone?
Serverless Architectures - Where have all the servers gone?Serverless Architectures - Where have all the servers gone?
Serverless Architectures - Where have all the servers gone?Nane Kratzke
 
There is no impenetrable system - So, why we are still waiting to get breached?
There is no impenetrable system - So, why we are still waiting to get breached?There is no impenetrable system - So, why we are still waiting to get breached?
There is no impenetrable system - So, why we are still waiting to get breached?Nane Kratzke
 
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...Nane Kratzke
 
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?Nane Kratzke
 
About an Immune System Understanding for Cloud-native Applications - Biology ...
About an Immune System Understanding for Cloud-native Applications - Biology ...About an Immune System Understanding for Cloud-native Applications - Biology ...
About an Immune System Understanding for Cloud-native Applications - Biology ...Nane Kratzke
 
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?Nane Kratzke
 
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...Nane Kratzke
 
Was die Cloud mit einem brennenden Haus zu tun hat
Was die Cloud mit einem brennenden Haus zu tun hatWas die Cloud mit einem brennenden Haus zu tun hat
Was die Cloud mit einem brennenden Haus zu tun hatNane Kratzke
 
What the cloud has to do with a burning house?
What the cloud has to do with a burning house?What the cloud has to do with a burning house?
What the cloud has to do with a burning house?Nane Kratzke
 
ClouNS - A Cloud-native Application Reference Model for Enterprise Architects
ClouNS - A Cloud-native Application Reference Model for Enterprise ArchitectsClouNS - A Cloud-native Application Reference Model for Enterprise Architects
ClouNS - A Cloud-native Application Reference Model for Enterprise ArchitectsNane Kratzke
 
RESTful APIs mit Dart
RESTful APIs mit DartRESTful APIs mit Dart
RESTful APIs mit DartNane Kratzke
 
ppbench - A Visualizing Network Benchmark for Microservices
ppbench - A Visualizing Network Benchmark for Microservicesppbench - A Visualizing Network Benchmark for Microservices
ppbench - A Visualizing Network Benchmark for MicroservicesNane Kratzke
 
About Microservices, Containers and their Underestimated Impact on Network Pe...
About Microservices, Containers and their Underestimated Impact on Network Pe...About Microservices, Containers and their Underestimated Impact on Network Pe...
About Microservices, Containers and their Underestimated Impact on Network Pe...Nane Kratzke
 
Java Streams und Lambdas
Java Streams und LambdasJava Streams und Lambdas
Java Streams und LambdasNane Kratzke
 
Dart (Teil II der Tour de Dart)
Dart (Teil II der Tour de Dart)Dart (Teil II der Tour de Dart)
Dart (Teil II der Tour de Dart)Nane Kratzke
 
Dart (Teil I der Tour de Dart)
Dart (Teil I der Tour de Dart)Dart (Teil I der Tour de Dart)
Dart (Teil I der Tour de Dart)Nane Kratzke
 
Cloud Economics in Training and Simulation
Cloud Economics in Training and SimulationCloud Economics in Training and Simulation
Cloud Economics in Training and SimulationNane Kratzke
 
Are cloud based virtual labs cost effective? (CSEDU 2012)
Are cloud based virtual labs cost effective? (CSEDU 2012)Are cloud based virtual labs cost effective? (CSEDU 2012)
Are cloud based virtual labs cost effective? (CSEDU 2012)Nane Kratzke
 

More from Nane Kratzke (20)

#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...
#BTW17 on Twitter (Die Bundestagswahl 2017 auf Twitter - war der Ausgang abzu...
 
About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...
About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...
About being the Tortoise or the Hare? Making Cloud Applications too Fast and ...
 
Serverless Architectures - Where have all the servers gone?
Serverless Architectures - Where have all the servers gone?Serverless Architectures - Where have all the servers gone?
Serverless Architectures - Where have all the servers gone?
 
There is no impenetrable system - So, why we are still waiting to get breached?
There is no impenetrable system - So, why we are still waiting to get breached?There is no impenetrable system - So, why we are still waiting to get breached?
There is no impenetrable system - So, why we are still waiting to get breached?
 
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...
Towards a Lightweight Multi-Cloud DSL for Elastic and Transferable Cloud-nati...
 
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
We have the Bricks to Build Cloud-native Cathedrals - But do we have the mortar?
 
About an Immune System Understanding for Cloud-native Applications - Biology ...
About an Immune System Understanding for Cloud-native Applications - Biology ...About an Immune System Understanding for Cloud-native Applications - Biology ...
About an Immune System Understanding for Cloud-native Applications - Biology ...
 
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?
Der Bundestagswahlkampf 2017 auf Twitter - War der Ausgang abzusehen?
 
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...
Smuggling Multi-Cloud Support into Cloud-native Applications using Elastic Co...
 
Was die Cloud mit einem brennenden Haus zu tun hat
Was die Cloud mit einem brennenden Haus zu tun hatWas die Cloud mit einem brennenden Haus zu tun hat
Was die Cloud mit einem brennenden Haus zu tun hat
 
What the cloud has to do with a burning house?
What the cloud has to do with a burning house?What the cloud has to do with a burning house?
What the cloud has to do with a burning house?
 
ClouNS - A Cloud-native Application Reference Model for Enterprise Architects
ClouNS - A Cloud-native Application Reference Model for Enterprise ArchitectsClouNS - A Cloud-native Application Reference Model for Enterprise Architects
ClouNS - A Cloud-native Application Reference Model for Enterprise Architects
 
RESTful APIs mit Dart
RESTful APIs mit DartRESTful APIs mit Dart
RESTful APIs mit Dart
 
ppbench - A Visualizing Network Benchmark for Microservices
ppbench - A Visualizing Network Benchmark for Microservicesppbench - A Visualizing Network Benchmark for Microservices
ppbench - A Visualizing Network Benchmark for Microservices
 
About Microservices, Containers and their Underestimated Impact on Network Pe...
About Microservices, Containers and their Underestimated Impact on Network Pe...About Microservices, Containers and their Underestimated Impact on Network Pe...
About Microservices, Containers and their Underestimated Impact on Network Pe...
 
Java Streams und Lambdas
Java Streams und LambdasJava Streams und Lambdas
Java Streams und Lambdas
 
Dart (Teil II der Tour de Dart)
Dart (Teil II der Tour de Dart)Dart (Teil II der Tour de Dart)
Dart (Teil II der Tour de Dart)
 
Dart (Teil I der Tour de Dart)
Dart (Teil I der Tour de Dart)Dart (Teil I der Tour de Dart)
Dart (Teil I der Tour de Dart)
 
Cloud Economics in Training and Simulation
Cloud Economics in Training and SimulationCloud Economics in Training and Simulation
Cloud Economics in Training and Simulation
 
Are cloud based virtual labs cost effective? (CSEDU 2012)
Are cloud based virtual labs cost effective? (CSEDU 2012)Are cloud based virtual labs cost effective? (CSEDU 2012)
Are cloud based virtual labs cost effective? (CSEDU 2012)
 

Recently uploaded

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...christianmathematics
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfJayanti Pande
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 

Recently uploaded (20)

Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 

Smart like a Fox: How clever students trick dumb programming assignment assessment systems

  • 1. How clever students trick dumb automated programming assignment assessment systems (APAAS) Nane Kratzke SMART LIKE A FOX 1
  • 2. Introduction Methodology Analysis Discussion, Counter Measures Limitations, Conclusion Agenda 2 Presentation on SpeakerDeck Preprint on ResearchGate Presentation at CSEDU 2019, Heraklion, Crete, Greece (2 – 4 May 2019)
  • 3. • We are at a transition point between the industrialisation age and the digitisation age. • Computer science related skills are a vital asset in this context. One of these basic skills is practical programming. • The course sizes of university and college programming courses are steadily increasing. • Even MOOC’s are used more frequently to convey necessary programming capabilities to students of different disciplines. • The coursework is composed of assignments that are highly suited to be assessed automatically. • However, it is very often underestimated how astonishingly easy it is to trick these systems! Introduction 3 The question arises whether “robots” certificate the expertiseto program or to cheat?
  • 4. A small example to get your attention ... 4 VPL == Virtual Programming Lab • Count the occurence of a character c in a String s. • Develop a method countChar(). How to get full points in Moodle/VPL? The same works for every assignment! INTRODUCTION
  • 5. INTRODUCTION • APAAS solutions are systems that execute injected code (student submissions). • Code injection is known as a severe threat from a security point of view. • APAAS solutions protect the host system via sandbox mechanisms. • Much effort is invested in sophisticated code plagiarism detection and authorship control of student submissions. • But it was astonishing to see that APAAS solutions like VPL overlook the cheating cleverness of students. • The grading component can be cheated very straightforward. • Unattended automated programming examinations must be rated suspect. APAAS == Code Injection System 5
  • 7. • Two first semester programming Java courses in the winter semester 2018/19: • A regular computer science study programme (CS) • An information technology and design focused study programme (ITD) • In both courses we searched for student submissions that intentionally trick the grading component. • APAAS: Moodle/VPL (Version 3.3.3) Methodology 7 • To minimise Hawthorne and Experimenter effects neither the students nor the advisers were aware to be part of this study. • Even if cheating was detected this had no consequences for the students. It was not even communicated. • Students were unaware that the version history of their submissions were logged and analyzed.
  • 8. METHODOLOGY • VPL submissions were downloaded from Moodle • Python/Jupyter based sample selection • S1: triggered evaluations • S2: maximum versions • S3: low average high end • S4: condition related terms • S5: unusual terms (System.exit, ...) • S6: random submissions • NumPy, matplotlib, statistics, Javaparser libraries • Exported weekly into archived PDF documents (for manual analysis) Searching for cheats Automated sample selection, manual sample analysis 8
  • 9. METHODOLOGY Analysis of submissions 9 Manual annotation Task description Result, workload, working phases, student identifier
  • 12. ANALYSIS Continuous Example Assignment 12 Count the occurence of a character c in a String s (not case-sensitive). We searched for solutions that differed significantly from this intendend (reference) solution. The reference solution used to check for correctness.
  • 13. ANALYSIS CHEAT PATTERN (1) • Get a maximum of points but do not solve the given problem in a general way • Solution is completely useless outside the scope of the test cases • Mapping simply input parameters to expected output parameters (63%) Overfitting 13
  • 14. ANALYSIS CHEAT PATTERN (2) (30%) Problem Evasion 14 Example assignment: Count the occurence of a character c in a String s recursively. Solution pretends to be recursive, but it is merely a redirection to an overloaded method using loops (non- recursive). Intended solution Evasion solution
  • 15. ANALYSIS CHEAT PATTERN (3) (6%) Redirection 15 (1) A small spelling error will result in compiler messages indicating that a specific method is expected by the test logic! (2) Compiler error messages can reveal the reference solution. (3) A clever student might now simply redirect the submission to the reference method (to let the grader evaluate itself). Redirecting solution
  • 16. ANALYSIS CHEAT PATTERN (4) (2%) Injection 16 Print simply the points you want to have in a APAAS specific format on standard out. • Change the intended workflow of the evaluation logic • Use the standard out stream to place text that is evaluated by the APAAS system • The evaluator calls the to be evaluated code. • The submission code can print to standard out and then terminates further evaluation calls. • The evaluator parses standard outs content and will give full points! Some strings with a specific meaning for VPL.
  • 18. DISCUSSION • Randomize Test CasesOverfitting • AST-based code inspectionProblem Evasion • AST-based code inspectionRedirection • Seperate standard out stream for evaluation and submission logicInjection Counter Measures 18 A more detailed discussion can be found in the paper.
  • 19. DISCUSSION JEdUnit 19 JEdUnit https://github.com/nkratzke/JEdUnit JEdUnit is a unit testing framework with a special focus on educational aspects. It strives to simplify automatic evaluation of (small) Java programming assignments using Moodle/VPL. It is used and developed for programming classes at the Lübeck University of Applied Sciences. However, this framework might be helpful for other programming instructors, so it has been open sourced.
  • 20. DISCUSSION Randomize Test Cases 20 Don‘t do that: Do that: JEdUnit DSL to express randomized test values. E.g. apply regular expressions inversely to generate random strings.
  • 21. DISCUSSION AST-based code inspections 21 E.g.: Don‘t allow to bypass recursions by inspecting and penalizing loop presence. The JEdUnit DSL is able to express selectors on abstract syntax trees (AST) to check for the presence or absence of language constructs. The selector model of JEdUnit works similar like CSS selectors work on DOM- trees.
  • 22. DISCUSSION Isolation of submission and evaluation logic 22 Submission logic gets an isolated fake console Submission shares stdout with evaluation process JEdUnit approach VPL approach
  • 23. DISCUSSION Further Features of JEdUnit 23 JEdUnit https://github.com/nkratzke/JEdUnit • Weighting of test cases (by annotations) • Checkstyle integration (weightened rules) • DSL • to formulate test cases in a check, explain, onError pattern • to randomize test cases • to write arbitrary code inspections based on a selector model • Predefined code inspections (switch on/off): proper collection usage, Loops, Lambdas, inner classes, datafields, sonsole output, etc. • Automated class structure comparison (OO use cases to compare the structural equality of a multi-class submission with a multi-class reference solution.
  • 25. LIMITATIONS We searched qualitatively and not quantitatively for cheat-patterns • Do not draw any conclusions what kind of cheat-pattern occur at what level of programming expertise • Do not draw any conclusions on the quantitative aspects of cheating • The study does not proclaim to have identified all kinds of cheat- patterns The study does not proclaim that all APAAS solutions have the same set of vulnerabilities • Do not generalize Moodle/VPL specific-problems. • However, the Overfitting, Problem Evasion, Redirection, and Injection patterns can be used to check for vulnerabilities in other APAAS solutions. Threats on Validity 25
  • 26. • We have to be aware that (even first-year) students are clever enough to trick automated grading solutions. • Cheat patterns: • Overfitting • Problem Evasion • Redirection • Injection • Options we currently investigate: • Randomise test cases • Pragmatic code inspection • Isolation of submission and evaluation logic • Exactly these features seem to be only incompletely provided by current APAAS systems. Conclusion 26 JEdUnit https://github.com/nkratzke/JEdUnit
  • 27. Acknowledgement 27 Presentation on SpeakerDeck Preprint on ResearchGate Advisers of the practical courses • David Engelhardt, Thomas Hamer, Clemens Stauner, Volker Völz, Patrick Willnow Student tutors • Franz Bretterbauer, Francisco Cardoso, Jannik Gramann, Till Hahn, Thorleif Harder, Jan Steffen Krohn, Diana Meier, Jana Schwieger, Jake Stradling, and Janos Vinz Picture Reference • Hacker: Pixabay.com (CC0) • Robot: Pixabay.com (CC0)
  • 28. About 28 Nane Kratzke Web: http://nane.kratzke.pages.mylab.th-luebeck.de/about Twitter: @NaneKratzke LinkedIn: https://de.linkedin.com/in/nanekratzke GitHub: https://github.com/nkratzke ResearchGate: https://www.researchgate.net/profile/Nane_Kratzke SlideShare: http://de.slideshare.net/i21aneka