Trust-Enabled Framework for Smart Classroom Ransomware Detection: Advancing Educational Cybersecurity Through Crowdsourcing

Abstract

The proliferation of e-learning has exposed smart classroom devices and online learning platforms to ransomware attacks, threatening the integrity of educational processes. This study introduced a novel trust-based crowdsourcing framework to mitigate such attacks in smart classrooms. We evaluated our framework using two trust management algorithms, EigenTrust and Trust Network Analysis with Subjective Logic (TNaSL), comparing them against a baseline scenario without trust management. Experimental results, based on success rate, accuracy, precision, and recall metrics, demonstrated the significant enhancement of security in crowdsourcing processes. Both implementations exhibited resilience against increasing proportions of malicious nodes. This study contributes to cybersecurity in smart educational settings by demonstrating the efficacy of trust-based crowdsourcing in ransomware detection. Our framework paves the way for more secure digital learning spaces, addressing the cybersecurity challenges in IoT-enabled educational environments.

1. Introduction

The digital transformation of education has led to the widespread adoption of e-learning platforms and smart classroom technologies. While these advancements revolutionized the learning experience, they also introduced new cybersecurity vulnerabilities. Among the most significant threats were ransomware attacks, which could severely impact the learning process and compromise sensitive information [1,2].

Ransomware, a particularly dangerous type of malware, encrypts data on a computer, rendering it inaccessible. The malicious actors behind such attacks then demand a ransom payment, threatening to destroy the data or release it publicly if their demands are not met. These attacks often involve Command and Control (C&C) servers, which are used by attackers to communicate with infected devices, issue commands, and exfiltrate data. In 2021, ransomware tactics and techniques became more advanced, posing a significant threat to organizations worldwide [2,3].

Smart classrooms, with their interconnected devices and data-rich environments, presented particularly attractive targets for cybercriminals. The educational sector saw a marked increase in ransomware incidents, with the IC3 reporting a surge in attacks on educational institutions across 12 US states and the UK in March 2021 [3]. These attacks not only disrupted educational activities but also posed significant financial and reputational risks to institutions.

Traditional cybersecurity approaches often struggle to keep pace with the rapidly evolving nature of ransomware attacks. In response to this challenge, crowdsourcing emerged as a promising solution for mitigating ransomware attacks by leveraging the collective knowledge and expertise of a large group of participants [4]. Crowdsourcing could potentially provide real-time threat detection and response, drawing on the diverse perspectives and experiences of the classroom community.

However, the effectiveness of crowdsourcing in cybersecurity heavily depends on the trustworthiness of the process and the participants involved. Malicious actors could potentially exploit a crowdsourcing system to spread misinformation or further their attacks. Therefore, implementing robust trust management mechanisms was crucial for ensuring the reliability and effectiveness of crowdsourced cybersecurity measures [5].

This study introduced a novel trust-based crowdsourcing framework for mitigating ransomware attacks in smart classroom environments. Our framework provided a conceptual model for leveraging collective intelligence in threat detection while incorporating trust mechanisms to ensure the reliability of crowdsourced information. To implement this framework, we utilized two prominent trust management algorithms: EigenTrust [6] and Trust Network Analysis with Subjective Logic (TNA-SL) [7]. EigenTrust was selected for its global reputation metric based on peer feedback, which aligned with our framework’s need for assessing device trustworthiness across the network. TNA-SL was chosen for its ability to simplify complex trust networks for computational analysis, which was valuable in the dynamic environment of a smart classroom.

The key contributions of this study were as follows:

• A novel trust-based crowdsourcing framework specifically designed for ransomware detection and mitigation in smart classroom environments.
• An evaluation of the framework’s effectiveness when implemented with two different trust management algorithms, providing insights into the impact of trust computation strategies on ransomware detection.
• A comprehensive analysis of the framework’s performance under varying levels of network compromise, demonstrating its resilience against malicious activities.
• Insights into the application of crowdsourced cybersecurity measures in educational settings, contributing to the development of more robust protection strategies for smart learning environments.

The rest of this paper is organized as follows: Section 2 reviews related work in crowdsourcing for cybersecurity and trust management. Section 3 describes our proposed framework design. Section 4 outlines our evaluation methodology, followed by results and discussions in Section 5. Finally, Section 6 concludes the paper and suggests directions for future work.

2. Related Work

The mitigation of ransomware attacks in smart classrooms through trusted crowdsourcing approaches involves several interconnected research areas. This section provides an overview of relevant studies in four key domains: trust management, crowdsourcing in cybersecurity, trust management in crowdsourcing systems, and ransomware detection methods.

2.1. Trust Management Systems

Trust management systems play a crucial role in securing decentralized networks, such as peer-to-peer (P2P) and Internet of Things (IoT) environments, where traditional authentication mechanisms are insufficient. Various models have been proposed to manage trust dynamically and counteract security threats.

EigenTrust [6] is a widely used trust model in P2P networks, known for its efficiency in computing global reputation scores. It mitigates collusion attacks by leveraging feedback from peers and reducing the impact of malicious entities [8] (TrustyFeer, Hones peer, Authentic Peer). EigenTrust is particularly suited for smart classroom environments because of its computational efficiency and its ability to aggregate trust across multiple nodes while maintaining robustness against attacks [9,10].

TNA-SL [7] incorporates subjective logic principles to model uncertainty in trust relationships. Unlike EigenTrust, which computes static global reputation scores, TNA-SL dynamically adjusts trust values based on ongoing interactions and feedback [9]. This adaptability makes TNA-SL ideal for real-time cybersecurity applications, particularly in environments where new participants continuously join or leave the system [11].

Bayesian trust models leverage probabilistic reasoning to estimate trust values based on prior knowledge and observed interactions. These models are highly effective in long-term behavior analysis and can refine trust evaluations over time [12]. However, they require large historical datasets to achieve high accuracy, making them less suitable for real-time ransomware detection, where immediate decision-making is crucial. Furthermore, Bayesian models struggle in sparse data environments, which can occur in newly deployed or evolving smart classroom networks.

Blockchain technology has been increasingly explored for trust management and reputation tracking due to its tamper-proof and decentralized nature [13]. While blockchain-based systems enhance security and prevent trust score manipulation, they introduce high computational and storage overhead that is impractical for resource-constrained IoT devices in smart classrooms. Additionally, consensus mechanisms introduce delays, making blockchain unsuitable for real-time ransomware detection [14].

Table 1. Comparison between reviewed trust management systems.

Trust Model	Strengths	Limitations	Complexity
EigenTrust	Efficient global trust computation; mitigates collusion; computationally lightweight [8].	Relies on pre-trusted nodes, which may introduce centralization biases [10].	O(k × n2); Where n = number of peers; k = number of iterations for convergence [6].
TNA-SL	Models uncertainty in trust decisions; dynamically adapts trust scores [9].	Higher computational overhead compared to EigenTrust [11].	O(n) [7].
Bayesian Inference Models	Strong in probabilistic trust prediction; well suited for long-term behavior analysis [12].	Requires large historical datasets; struggles with real-time decision-making.	Depends on dataset size
Blockchain-based Reputation Systems	Tamper-proof trust management; decentralized reputation storage [13].	High computational and storage overhead; slow consensus mechanisms hinder real-time responses [14].	High (varies by chain and protocol used)

briefly compares the above four models by discussing their strength and limitations. Based on the comparative analysis, EigenTrust and TNA-SL provide the most suitable combination of computational efficiency, adaptability, and security robustness for a smart classroom ransomware detection framework. Their ability to counteract malicious collusion (EigenTrust) and adapt dynamically to evolving cybersecurity threats (TNA-SL) makes them well suited for real-time trust evaluation in educational cybersecurity environments.

2.2. Crowdsourcing in Cybersecurity

Crowdsourcing has emerged as a promising approach to enhance cybersecurity by leveraging collective intelligence. Nieto et al. [4] proposed a model utilizing IoT device collaboration to protect networks against cyber threats, including ransomware. Their approach demonstrated the potential of crowdsourcing in real-time threat detection and mitigation.

Building on this concept, De Marchi et al. [15] introduced CrOMA, a framework that combines ontologies with crowdsourcing to improve the creation of malware detection rules. Their experiments showed that this approach could produce high-quality detection rules efficiently, highlighting the power of structured crowdsourcing in cybersecurity.

2.3. Trust Management in Crowdsourcing Systems

The efficacy of crowdsourcing in cybersecurity heavily depends on the trustworthiness of participants and the reliability of crowdsourced data. Several studies have addressed this crucial aspect by proposing various trust management approaches and frameworks.

In the context of mobile crowdsourcing, Hu et al. [16] developed the DTCS model to defend against internal threats and enhance data trustworthiness. Their approach showed effectiveness in countering collusion attacks and conflicting behavior, demonstrating the importance of considering malicious actors within the crowdsourcing system itself.

Building upon the concept of trust evaluation, Jayasinghe et al. [17] proposed a hybrid trust computational platform for evaluating both entity trust and data trust in IoT environments. Their model, when implemented in a crowd sensing scenario, successfully maintained the quality and integrity of outcomes, showcasing the potential of multi-faceted trust evaluation.

Focusing on worker–requester interactions, Zhou et al. [18] introduced TruthTrust, a model that provides effective feedback from workers in crowdsourcing processes. Their approach uses a truth inference framework to evaluate the trustworthiness of both workers and requesters based on interactive experiences, significantly improving the selection of honest workers.

In the realm of digital evidence handling, Nieto et al. [4] presented the Digital Witness (DW) concept, which provides mechanisms for handling and collecting digital evidence to implement a trustworthy environment. This work is crucial in establishing the integrity of evidence in crowdsourced cybersecurity efforts.

Addressing crowd management challenges, Al-Zawi et al. [19] presented the Trustworthy Sensing for Crowd Management (TSCM) framework, leveraging smartphone sensing in IoT environments. TSCM demonstrated enhanced public security and reduced the impact of malicious users in the crowdsourcing process.

To further address worker trustworthiness, Ye et al. [5] proposed three comprehensive models to assist crowdsourcing requesters: CrowdTrust, CrowdDefense, and Worker Trust Matrix (WTM). These models offer different approaches to identifying honest workers and mitigating the influence of malicious participants.

Incorporating emerging technologies, Li et al. [20] introduced CrowdR-FBC, a distributed framework based on fog–blockchain for crowdsourcing reputation management in IoT systems. This work emphasizes the protection of users’ private information and provides insights into secure reputation evaluation methods.

2.4. Ransomware Detection and Mitigation

Recent research has focused on developing effective methods for ransomware detection and mitigation, particularly in networked environments. Liu [21] introduced a dynamic node-level method for modeling ransomware’s spread in computer networks. This approach, which considers factors such as node vulnerability and the presence of antivirus software, showed promise in accurately modeling ransomware propagation and informing mitigation strategies.

Machine learning techniques have gained prominence in ransomware detection. Khammas [22] explored the use of the Random Forest algorithm, demonstrating high accuracy and robustness in identifying ransomware threats. Similarly, Masum et al. [23] presented a framework emphasizing feature selection and model training to improve detection accuracy.

Providing a comprehensive overview, Alraizza et al. [24] reviewed various machine learning methods for ransomware detection. Their work highlighted the importance of automated techniques for the quick and accurate identification of ransomware threats in evolving cybersecurity landscapes.

3. System Design

Our proposed model leverages crowdsourcing to detect and mitigate the ransomware spread in smart classroom environments. The core idea is to utilize smart devices within a classroom as a “crowd” to collaboratively monitor network activity and detect suspicious behavior indicative of ransomware attacks. This trust-based network enables real-time, collaborative monitoring and responses to potential ransomware threats.

3.1. Key Components

As illustrated in Figure 1, the framework consists of the following key components:

• Smart devices: Represented by mobile devices numbered 1 through n, these are the classroom devices (e.g., student tablets, teacher computers) running a background monitoring application. This application specifically checks for ransomware-related activities, including the following:
  • Unusual file system activities (mass file renaming or encryption);
  • Attempts to delete shadow copies or disable system restore;
  • Communication with known ransomware C&C servers;
  • Presence of ransomware-related files or processes.
• P2P communication: The dotted green line represents a P2P communication system. The devices communicate with each other in a P2P communication manner, allowing direct information sharing and collaboration on threat detection among devices.
• Central System Registry: It disseminates updates and instructions and maintains an updated database of known ransomware signatures, behaviors, and C&C servers. The registry serves as the hub for data collection, analysis, and management.

3.2. Trust Framework

The effectiveness of our crowdsourcing approach relies heavily on a robust trust mechanism. This mechanism is based on several interrelated parameters which include the following:

• Reporting Messages: Devices send these messages to the system registry when they detect suspicious activities. These messages contain details about the observed behavior, including timestamps and specific indicators of potential ransomware activity [16].
• Rewards: The system uses a non-monetary, reputation-based reward system [25]. Rewards can be positive (increasing trustworthiness) or negative (penalties decreasing trustworthiness).
• Trustworthiness Scores: each device is assigned a score that reflects its reliability in providing accurate threat information.
• Trust Threshold: a preset value used by the system registry to determine whether a reporting message from a device is credible and should be acted upon [26].

To implement trust-based decision-making, we integrated two widely studied trust management algorithms into our framework: EigenTrust [6] and TNA-SL [7]. These algorithms are responsible for computing trust scores for each peer device based on their observed behavior and interaction history. Devices with low trust scores are flagged as suspicious and may be down-weighted, ignored, or isolated. Further details of the algorithms are provided in Section 4.

3.3. Operational Scenario

To illustrate how the proposed crowdsourcing model responds to a potential ransomware threat, we describe it through the scenario illustrated in Figure 2. In this simulated attack scenario, the following steps occur:

• A phishing URL is sent to the network, leading to device D becoming infected with ransomware;
• Other devices in the network are continuously monitoring network activities;
• Device B detects suspicious behavior on device D;
• Device B broadcasts this information to other devices and the central system registry;
• Upon receiving the alert, other network devices implement immediate precautionary measures;
• Based on the accuracy and timeliness of the report, the devices update device B’s trustworthiness score;
• The central registry evaluates the report against the trustworthiness threshold;
• If the report’s trust score exceeds the threshold, the central registry initiates a network-wide response.

Figure 2. Simulated ransomware attack scenario in crowdsourcing system.

Figure 2. Simulated ransomware attack scenario in crowdsourcing system.

4. Evaluation Methodology

To evaluate our trust-based crowdsourcing framework for ransomware detection in smart classrooms, we used the QTM P2P Simulator [27] to implement multiple scenarios, with 1000 transactions per experiment, to mimic a smart classroom environment of 30 nodes, of which 10–60% are malicious nodes. To demonstrate flexibility and robustness in smart classroom environments, our model considered various ransomware attack variations, including multiple infection vectors [21], fileless ransomware [22], delayed encryption [23], and double extortion techniques [24].

We implemented our framework using two trust management algorithms. First is EigenTrust, developed by Kamvar et al. [6]. The algorithm’s resilience against the collusive behavior of malicious peers is particularly valuable in our setting, where a ransomware attack might attempt to compromise multiple devices to evade detection. Second is Trust Network Analysis with Subjective Logic (TNA-SL), proposed by Jøsang et al. [7]. It combines trust negotiation and subjective logic principles to compute trust values. In our ransomware detection framework for smart classrooms, TNA-SL offers a nuanced approach to trust computation that accounts for the uncertainties inherent in threat detection. We selected these two algorithms because they are among the most widely recognized trust management systems, with numerous recent trust models built upon their foundations [10,11]. As demonstrated in Table 1 (Section 2.1), both algorithms offer a balance of computational efficiency, adaptability, and security robustness, outperforming alternative trust mechanisms, such as Bayesian inference-based models and blockchain-based reputation systems, when applied to ransomware detection in smart classrooms. Additionally, both models were already implemented in the simulation tool used in our evaluation, ensuring seamless integration and enabling a realistic performance assessment without requiring additional modifications. As a baseline scenario, we considered a classroom setting without any trust management aspects.

To accurately model trust evolution within our framework, we used the following trust computation formulas for each algorithm:

$$\mathrm{EigenTrust} \mathrm{Trust} \mathrm{Score}:t_i={\sum }_j{c}_{ij}.t_j$$

(1)

where

• $t_{i }$ is the trust score of peer i
• $c_{ij}$ represents the normalized local trust score from peer j to i
• $t_j$ is the global trust score of peer i

The calculation iterates over multiple transactions to compute a global reputation score for each peer [21].

TNA-SL Trust Score: T (A,B) = (b,d,u)

(2)

where

• T(A,B) is the trust relationship from peer A to peer B
• b: (belief) represents positive trust feedback
• d: (disbelief) represents negative trust feedback
• u: (uncertainty) represents a lack of sufficient data

TNA-SL dynamically updates trust values based on subjective logic principles, allowing trust scores to adapt as more interactions occur [22].

We modeled malicious behavior using a two-dimensional approach, based on predefined threshold percentages for cleanup behavior (the likelihood of removing invalid or malicious files) and honesty behavior (the reliability of a peer’s feedback on received files). As illustrated in

Table 2. User’s models.

User Type	Cleanup	Honesty
Good Peers	90–100%	100%
Purely Malicious	0–10%	0%
Feedback Malicious	90–100%	0%
Malicious Provider	0-10%	100%

, our trust evaluation follows these threshold-based rules:

• Honesty = 1.0 → A user with an honesty value of exactly 1.0 is classified as a fully trusted entity (good peer).
• Cleanup ≥ 90% → A user with at least 90% cleanup behavior is classified as a trusted participant, meaning they frequently remove malicious files and engage honestly.
• Honesty ≤ 0.0 → A user with 0.0 or lower honesty is categorized as Purely Malicious or Feedback Malicious, indicating untrustworthy behavior.
• Honesty > 0.0 but <1.0 → Users with an honesty score between 0 and 1.0 are classified as potentially deceptive entities, such as Malicious Providers who contribute to harmful activities while maintaining some degree of honesty.

These threshold values were empirically validated in our simulation, balancing detection accuracy and robustness against adversarial influence. Their impact on trust score behavior over time is further analyzed in our experimental results.

Malicious nodes operate under two key strategies: Isolated and Collective. In the Isolated strategy, a malicious peer selectively provides truthful feedback to users it trusts while deceiving others, creating localized distortions in trust computation. This makes trust-based reputation models unstable, as certain users incorrectly perceive the attacker as trustworthy. The Collective strategy involves multiple malicious peers working together to manipulate trust scores, reinforcing each other’s false claims to undermine the system’s credibility. This coordination makes it difficult for normal users to distinguish between genuine and deceptive feedback. Our evaluation includes four primary attack vectors that leverage these malicious strategies: false reporting attacks, where feedback malicious nodes inflate trust scores by submitting misleading feedback; collusion attacks, where a group of purely malicious or malicious providers coordinate to manipulate trust computation; data poisoning attacks, where malicious providers inject invalid content while providing truthful feedback; and evasion attacks, where attackers behave normally before launching ransomware, delaying detection. The impact of these attack strategies on the framework’s trust evaluation and ransomware detection efficiency varies. False reporting attacks increase false positives, making malicious nodes appear credible, while collusion attacks significantly weaken global reputation-based trust models, like EigenTrust. Data poisoning attacks degrade long-term trust reliability, and evasion attacks make early-stage threat mitigation challenging.

To evaluate the resilience of EigenTrust and TNA-SL, we used the confusion matrix in

Table 3. Confusion matrix for peer behavior classification.

	Accurate	Inaccurate
Timely	True Positive (TP) “Good Peers”	False Positive (FP) “Feedback Malicious”
Slow	True Negative (TN) “Malicious Providers”	False Negative (FN) “Purely Malicious”

to classify the outcomes of peer interactions based on message validity and feedback honesty. The matrix helps quantify the impact of malicious behaviors on trust scores, false positives, and false negatives, further demonstrating how EigenTrust struggles with collusion-based attacks, whereas TNA-SL’s subjective logic provides better adaptability against uncertainty-based threats.

We used the following metrics to assess the effectiveness of our framework:

$$\mathrm{Success}\mathrm{rate}={\displaystyle \frac{\#\mathrm{authentic}\mathrm{message}\mathrm{received}\mathrm{from}\mathrm{good}\mathrm{peers}}{\#\mathrm{transaction}\mathrm{performed}\mathrm{by}\mathrm{good}\mathrm{peers}}}$$

(3)

$$\mathrm{Accuracy}={\displaystyle \frac{\#\mathrm{correctly}\mathrm{predicted}\mathrm{instances}}{\#\mathrm{total}\mathrm{instances}}}={\displaystyle \frac{\mathrm{True}\mathrm{Positives}+\mathrm{True}\mathrm{Negatives}}{\mathrm{Total}\mathrm{Instances}}}$$

(4)

$$\mathrm{Precision}={\displaystyle \frac{\mathrm{True}\mathrm{Positives}}{\mathrm{True}\mathrm{Positives}+\mathrm{False}\mathrm{Positives}}}$$

(5)

$$\mathrm{Recall}={\displaystyle \frac{\mathrm{True}\mathrm{Positives}}{\mathrm{True}\mathrm{Positives}+\mathrm{False}\mathrm{Negatives}}}$$

(6)

This simulation-based evaluation allows us to systematically vary key parameters, malicious node percentage, and attack strategies, enabling a comprehensive performance analysis that would be difficult to achieve in a real-world deployment due to ethical and logistical barriers. While real-world validation remains an important future step, simulation-based testing is a widely accepted approach in cybersecurity and trust management research, as it enables controlled experimentation without exposing critical systems to actual security threats. Additionally, our choice of the QTM P2P Simulator is justified by its ability to model trust propagation, peer interactions, and adversarial behaviors, making it an effective tool for evaluating the feasibility of our method.

5. Results and Discussion

Building upon the evaluation methodology outlined in Section 4, this section presents the results of our trust-based crowdsourcing framework for ransomware detection in smart classrooms. As previously described, we implemented our framework using EigenTrust and TNaSL algorithms to provide concrete realizations of our trust management concepts. We also included a baseline scenario without trust management for comparison. For each scenario, we conducted multiple experimental runs then the mean values of these runs were calculated and analyzed to ensure the reliability and consistency of our findings. The following subsections present detailed results for each evaluation metric.

5.1. Success Rate

In the context of our ransomware detection system, the success rate represents the proportion of accurate and timely threat reports received from trustworthy devices relative to the total number of reports from these devices. This metric is crucial for evaluating the effectiveness of our trust-based approach in filtering out false or malicious reports while maintaining a high rate of genuine threat detection.

Trust scores play a crucial role in determining the success rate of our framework. When trust scores accurately reflect peer behavior, the system successfully identifies and accepts messages from good peers, resulting in a high success rate. However, errors in trust assignment can significantly impact the success rate. False positives (where malicious nodes are mistakenly assigned high trust scores) allow them to have their messages accepted, lowering the success rate by introducing unreliable transactions. False negatives (where good peers are assigned low trust scores) result in their valid messages being rejected, also reducing the success rate by incorrectly penalizing trusted nodes.

The heatmap visualization in Figure 3 illustrates the success rates achieved by our framework when implemented with EigenTrust and TNaSL, compared to the baseline scenario without trust management. As shown in the figure, the success rate trends vary depending on the trust algorithm used and the percentage of malicious nodes in the system. The None baseline scenario, where no trust management is implemented, shows the lowest success rate across all malicious node percentages. Without a trust-based filtering mechanism, the system accepts messages indiscriminately, leading to severe performance degradation as malicious participation increases. This highlights the necessity of integrating trust mechanisms for effective attack mitigation. EigenTrust exhibits higher volatility in trust score assignments, particularly as the percentage of malicious nodes increases. The red-shaded areas in the heatmap indicate cases where the success rate declines due to trust inflation caused by feedback manipulation among colluding malicious nodes. In contrast, TNA-SL maintains a more stable success rate, as observed in the blue-shaded regions, where its subjective logic model better accounts for uncertainty and mitigates the effects of adversarial behavior.

Both models benefit from periodic trust score recalibration, where trust thresholds are adjusted to prevent excessive trust inflation (false positives) or degradation (false negatives). The classification thresholds used, based on honesty and cleanup percentages presented in Table 2, help reduce these issues by ensuring that good peers (honesty = 1.0, cleanup ≥ 90%) retain reliable trust scores, while malicious peers fall below these thresholds. By aligning trust scores with actual peer behavior, the framework improves its success rate and maintains detection accuracy over time.

These findings highlight the importance of adaptive trust management in improving cybersecurity detection. The comparison with the None scenario further reinforces the effectiveness of EigenTrust and TNA-SL, both of which significantly improve the success rate over an uncontrolled environment. While EigenTrust maintains a high performance at lower malicious node percentages, its vulnerability to trust inflation becomes evident as adversarial coordination increases. TNA-SL, by dynamically adjusting trust values, remains more stable, outperforming both EigenTrust and the baseline scenario under a high adversarial influence. While EigenTrust is effective in environments with low malicious activity, its reliance on global trust aggregation makes it more susceptible to trust inflation. TNA-SL, by dynamically adjusting trust values based on uncertainty, provides greater resilience against trust score manipulation, leading to more stable success rates in adversarial environments. However, trust scores can be affected by errors. False positives (where malicious nodes are mistakenly assigned high trust) allow bad peers to have their messages accepted, which lowers the success rate. False negatives (where good peers are assigned low trust) result in their valid messages being rejected, also reducing the success rate. Our classification thresholds based on honesty and cleanup percentages help reduce these issues. Good peers are expected to have an honesty = 1.0 and cleanup ≥ 90%. Malicious peers fall below these thresholds. This helps ensure that the trust scores align with actual behavior, improving the success rate and detection performance.

The results reveal several important insights into the performance of our trust-based crowdsourcing framework. Both EigenTrust and TNaSL implementations consistently outperform the baseline scenario across all percentages of malicious nodes, aligning with findings from previous studies [25,28]. This underscores the importance of trust management in improving the reliability of crowdsourced ransomware detection in smart classroom environments.

5.2. Accuracy

The accuracy results in Figure 4 align closely with success rate patterns. EigenTrust maintains the highest accuracy across all malicious node percentages, demonstrating a robust performance in both node classification and transaction success. TNaSL shows an intermediate performance, consistently better than baseline but below EigenTrust, with both metrics declining gradually as the network compromise increases.

The baseline approach exhibits the most significant performance degradation, highlighting the vulnerability of systems without trust management in compromised networks. These findings support previous research on the importance of trust mechanisms in crowdsourcing systems [17,26].

5.3. Precision

The precision heatmap (Figure 5) reveals remarkably consistent performances across all three approaches. All algorithms demonstrated excellent precision (97-98%) at lower percentages of malicious nodes (10–20%), aligning with previous findings [6,7]. As malicious nodes increased to 60%, precision declined uniformly across all approaches to about 86%, supporting earlier research on the impact of malicious node density [16,25].

Unlike the success rate and accuracy metrics, where EigenTrust showed clear advantages, the precision remained consistently similar across all approaches, indicating that the ability to avoid false positives is relatively independent of the trust management strategy employed [6].

5.4. Recall

Figure 6 shows the recall metric where all three algorithms achieved identical recall rates of 99% with 10% malicious nodes, maintaining a high performance (98%) at 20% malicious nodes. As the network compromise increased, recall declined gradually but consistently across all approaches, showing 96% at 30% malicious nodes.

A slight divergence emerged at higher compromise levels, with EigenTrust showing marginally lower recall (92% at 40% malicious nodes) compared to TNaSL and the baseline (94%). This trend continues at 50% malicious nodes, with EigenTrust at 87%, TNaSL at 88%, and the baseline at 89%. At the highest level of network compromise (60% malicious nodes), EigenTrust and TNaSL both show a recall of 81%, while the baseline approach maintains a slightly higher recall of 82%. However, it is crucial to note that while the baseline approach shows competitive recall in some cases, the trust-based implementations provide a more consistent and reliable performance across varying levels of network compromise.

These findings validate the effectiveness of our trust-based crowdsourcing framework in enhancing ransomware detection capabilities in educational settings while highlighting areas for future improvement and additional security considerations.

The results of this study demonstrate that trust-based crowdsourcing, particularly using models like EigenTrust and TNA-SL, can significantly enhance ransomware detection accuracy in smart classroom environments. However, when considering real-world deployment, several privacy and ethical concerns must be addressed. Trust scores may unintentionally introduce bias, especially against new or infrequently active users who lack sufficient interaction history. Moreover, crowdsourcing cybersecurity data, even in an anonymized form, can pose privacy risks if behavioral patterns or device identifiers become indirectly traceable. These challenges are less apparent in controlled simulations but become critical in practice. To mitigate them, future implementations should integrate data minimization, enforce anonymization protocols, and adopt fairness-aware trust mechanisms. Additionally, promoting transparency and explainability in trust decision-making processes will be essential to ensure an ethical, equitable, and trusted adoption in educational settings.

6. Conclusions and Future Work

This study introduces a trust-based crowdsourcing framework for mitigating ransomware attacks in smart classroom environments. Our evaluations, implementing both EigenTrust and TNaSL algorithms, demonstrate significant improvements in ransomware detection compared to systems without trust mechanisms. EigenTrust showed a superior performance across all metrics, particularly in highly compromised networks, while both implementations exhibited remarkable resilience against increasing proportions of malicious nodes.

The primary objective of this study was to explore the effectiveness of integrating trust-based crowdsourcing into cybersecurity attack detection, rather than proposing a new trust mechanism. For this reason, we implemented two widely recognized trust schemes, EigenTrust and TNA-SL, without modifications, to assess their applicability in ransomware detection in smart classroom environments. The results of our study indicate that both models perform effectively in this context, highlighting the potential of trust-based approaches in enhancing cybersecurity. Given these promising outcomes, future research directions will explore the feasibility of hybridizing EigenTrust and TNA-SL, leveraging the strengths of both models to develop an adaptive, more resilient trust-based detection framework that can dynamically respond to evolving threats. For example, a dynamic trust mechanism could use EigenTrust for the initial trust assessment and TNA-SL to refine trust scores based on ongoing interactions, adapting to evolving adversarial behaviors. Additionally, a hybrid model could integrate contextual feedback, modifying trust scores based on attack indicators or deviations from expected behavior patterns.

As educational institutions increasingly adopt IoT and smart technologies, our research contributes significantly to educational cybersecurity by demonstrating the effectiveness of trust-based crowdsourcing in ransomware detection. The framework provides a foundation for securing digital learning spaces, ensuring the integrity and continuity of modern educational processes in an increasingly connected world.

Future work should include real-world deployments to validate the framework’s effectiveness in diverse educational settings. However, deploying the proposed trust-based crowdsourcing framework in actual smart classroom environments presents several practical challenges that need to be addressed before real-world implementation. These include scalability issues, as smart classroom networks may have varying numbers of devices with different trust levels; adversarial adaptability, where attackers may evolve their strategies beyond what is modeled in simulations; and privacy concerns, particularly in ensuring that student and faculty data are protected while trust evaluations are performed. Furthermore, real-world testing would require the integration with existing learning management systems (LMSs) and IoT security frameworks, which may introduce additional complexities in interoperability. To bridge the gap between simulation and practical implementation, future empirical studies should focus on testbed-based evaluations within controlled smart classroom environments, ensuring safe and monitored deployment. Additionally, collaborations with educational institutions will be essential to assess the user acceptance, performance trade-offs, and real-time detection accuracy in real-world settings. These considerations provide a roadmap for translating our simulation-based findings into practical applications for enhancing cybersecurity in educational environments.