paper presented at the FIE 2023 conference from Manuel Castro∗, Sathiamoorthy Manoharan†, Ulrich Speidel†, Xinfeng Ye†, and Jiayi Zu†
∗ Universidad Nacional de Educación a Distancia (UNED)
† University of Auckland
Observations of Cheating Behaviours in Online Examinations and Tools for Mitigation
1. Observations of
Cheating
Behaviours in
Online
Examinations and
Tools for
Mitigation
Manuel Castro∗, Sathiamoorthy
Manoharan† Ulrich Speidel†,
Xinfeng Ye†, and Jiayi Zu†
∗ Universidad Nacional de
Educación a Distancia (UNED)
† University of Auckland
https://www.slideshare.net/mmmcastro
2. Overview
• The Covid-19 pandemic necessitated a rapid transition to online
education, forcing most academic institutions to adopt online
assessments as a substitute for traditional, in-person examinations
• Many of these online assessments were conducted in an unsupervised
setting, with an underlying model that largely relied on the trust that students
would maintain academic integrity and adhere to the principles of honest
scholarship
• Unfortunately, this trust-based approach showed its vulnerabilities, as
we observed a significant uptick in incidents of cheating and
academic dishonesty across many educational institutions including
our own
5. 0%
10%
20%
30%
40%
50%
60%
A B C F
2019 2020
And nearly all students pass
Course B example
+ more time
+ open Internet
- cheating / collaboration
6. Aim
•We present here our first-hand observations of
cheating behaviors (anomalies) and describes a
tool (automated) we developed to detect
potential cheating in online assessments
•We also discuss some preventive measures to
curtail the observed cheating behaviours
7. Collusion attempts
• There were plenty of collusion cases
•Two main categories:
•Local exam parties
•Remote exam parties
8. Local Exam Parties
A group of students come together in
one location to collaboratively solve
exam questions
Most online assessment platforms
record the IP addresses of the users,
allowing for the identification of
students who share the same IP
address. This is a common indicator of
a local exam party, as many students
sharing a single IP address suggests
that they are in close physical proximity
• And/or sharing a
residence/dormitory
• And/or using a VPN
47.52.2.125
ALICLOUD-HK
9. Remote Exam Parties
Here a student uses
multiple IP addresses,
which may be located in
different geographic
regions
• And/or substitutes
• And/or leader/follower
10. 111.40.52.215
China Mobile (CN)
113.5.13.249
China Unicom (CN)
202.36.244.177
University of Auckland (NZ)
Here a student uses
multiple IP addresses,
which may be located in
different/concurrent
geographic regions
• And/or multiple device
network (pc/mobile)
11. Learning Management
System or Digital
Assessment Platform
Other Resources (e.g.,
country indicators, maps,
etc.)
Proxy
API access to logs API access
Online Application that generates Student Reports and Course
Reports
12. Check
dd/mm/yy --:-- -- 📆
Start time:
dd/mm/yy --:-- -- 📆
End time:
Please enter an integer
Canvas Course ID:
Please enter an integer
Canvas Student ID:
Choose log file
Inspera ▼
Select log type:
No file chosen
Download report(s)
Student ▼
Select report type:
Canvas as
LMS
Inspera /
CodeRunner
apps logs
14. Preventive Measures
•Enforce remote proctoring services
• R exams / Dividni
• Oral / Supervised examinations / Use guards against Chegg
Go back to academic integrity
•Use assessment designs that minimize the ability to cheat
• Most assignment designs do not scale to large classes
• Consider individualized assessments
•Most of the assessment designs are prone to cheating
using generative AI
• This underlines the importance of invigilation
15. Observations of
Cheating
Behaviours in
Online
Examinations and
Tools for
Mitigation
Manuel Castro∗, Sathiamoorthy
Manoharan† Ulrich Speidel†,
Xinfeng Ye†, and Jiayi Zu†
∗ Universidad Nacional de
Educación a Distancia (UNED)
† University of Auckland
https://www.slideshare.net/mmmcastro
Editor's Notes
While sharing an IP address with another student is a potential indicator of a local exam party, it doesn't necessarily mean that collusion has occurred. For instance, students in the same WiFi network (e.g. in their shared accommodation) is likely to have the same IP address during their examinations.
Each student in a remote exam party would solve a subset of questions for all the students in the party. Multiple IP addresses may also be seen when a student hires one or more substitutes to engage in contract cheating
However, there are legitimate uses for multiple IP addresses:
Use multiple devices. If, for example, a student uses a phone connected to a mobile service provider and a computer connected to a home network during an examination, two IP addresses would be observed.
Use of a VPN to access services abroad (e.g., in China)
Sample student report indicating logging into the examination using two geo-locations. In this case, from the physical university network (which is NOT a VPN exit node) and from two Chinese addresses. Case reported to disciplinary review.
This is the overall architecture of the analysis tool. Central to the tool is a proxy that acts as the gateway to access student logs using API calls (and an API key). The proxy also serves as the gateway to access other related resources such as IP registration data and location indicators (e.g., world map, country flags).
This shows the minimalistic UI for generating student and course reports for Canvas LMS.
This is the minimalistic UI for uploading Inspera/CodeRunner logs for analysis and subsequent download of student/course reports.
Multiple students sharing the same IP address. In this case, the address is valid VPN exit node facilitated by the university, and therefore this is legitimate.