Cyber Vulnerabilities and Data Analytics (MN623 Assessment-3) Assignment Help

Assessment Details and Submission Guidelines

Trimester 

T2, 2024

Unit Code 

MN623

Unit Title 

Cyber Security and Analytics

Assessment Type

Assessment 3 – Group (4-5 Students per group)

Assessment 

Title

Assignment 3 (Cyber Vulnerabilities and Data Analytics)

Purpose of the 

assessment (with ULO Mapping)

This assignment assesses the following Unit Learning Outcomes; students should be able to demonstrate their achievements in them. 

c. Evaluate intelligent security solutions based on data analytics 

d. Analyze and interpret results from descriptive and predictive data analysis 

e. Propose cyber security solutions for business case studies

Weight 

20%

Total Marks 

100

Word limit for Group Report

2000-2500 words

Due Date for submission

24/9/2024, Week 11

Submission 

Guidelines

All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page. 

The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings. 

Reference sources must be cited in the text of the report and listed appropriately at the end in a reference list using IEEE referencing style.

Extension 

If an extension of time to submit work is required, a Special Consideration Application Must be submitted directly through AMS. You must submit this application within three working days of  the assessment due date. Further information is available at: 

Academic 

Misconduct

Academic Misconduct is a serious offense. Depending on the seriousness of the case,penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at. For further information, please refer to the Academic IntegritySection in your Unit Description.

Use of  

Generative Artificial  

Intelligence  (GenAI) in  

Assessments

More information about the use of Gen AI in student assessment can be found in the full  policy and procedure available at Further support can be found in the MIT LibGuide: Using Gen AI at MIT 

Further details on the type of assessment tasks, and whether Gen AI is permitted to be used or  not are provided in the assessment brief.


Assignment Description 

The assignment has two parts. 

Part I: Group Report 

Part II: Video Demonstration 

Submission Guidelines: 

1) Write a group report on the topics listed in Part I. 

2) Make a group video demonstration of three cyber security tools implemented for writing a  group report. 

3) Length of Video: The total length of the video presentation should not be more than 9  minutes (marks would be deducted for longer presentation). 

Note: Put the video link of your group video demonstration in the cover page of your Group Report. 

Part I – Finding Cyber Vulnerabilities (70 Marks) 

Task Description and Questions 

After implementing the Part I tasks and questions, take screenshots of your work and provide commentary  for each. You will create a report based on the following tasks using the vulnerable virtual machines  (vulnerable_vm), including Metasploitable2, DVWA, Mutillidae, and the OWASP Broken Web Applications  Project (OWASP BWA). You may also use OWASP Mantra as your web browser to conduct the tests. 

Metasploitable2 is a vulnerable virtual machine designed for practicing penetration testing and gaining  unauthorized access to systems. 

Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application intentionally made vulnerable. It is  divided into sections that focus on different types of vulnerabilities, with lessons and guidelines on how to  exploit them. 

OWASP Mutillidae is a free, open-source, deliberately vulnerable web application used for web-security  training. It offers numerous vulnerabilities and hints, making it an ideal environment for labs, security  enthusiasts, classrooms, Capture the Flag (CTF) events, and vulnerability assessment tool testing. 

OWASP Broken Web Applications (BWA) Project provides a collection of vulnerable web applications  designed for security testing. 

Tasks and Questions

1. Using the Hackbar Add-on for Parameter Probing: 

o How can the Hackbar add-on be utilized to streamline parameter probing during security  assessments? (Demonstrate using the SQL injection vulnerability in DVWA). 

2. Request Viewing and Alteration with ZAP: 

o How does ZAP facilitate the viewing and alteration of requests to identify potential  vulnerabilities? (Demonstrate using Mutillidae). 

3. Capabilities of Burp Suite in Security Assessments:

o What are the capabilities of Burp Suite in viewing and altering requests, and how does it  contribute to security assessments? (Demonstrate using Mutillidae). 

4. Techniques for Identifying Cross-Site Scripting (XSS) Vulnerabilities: 

o What techniques are employed in identifying XSS vulnerabilities during security evaluations?  (Demonstrate using DVWA). 

5. Identifying and Mitigating Error-Based SQL Injection Vulnerabilities: 

o How can error-based SQL injection vulnerabilities be identified and mitigated during security  assessments? (Demonstrate using DVWA). 

6. Detecting Blind SQL Injection Vulnerabilities: 

o What methods are utilized to detect blind SQL injection vulnerabilities, and what are the  associated risks? (Demonstrate using DVWA). 

7. Identifying and Addressing Cookie Vulnerabilities: 

o How are vulnerabilities in cookies identified and addressed to enhance web application  security? (Demonstrate using Mutillidae). 

8. Analyzing SSL/TLS Configurations with SSLScan: 

o What information can be obtained about SSL and TLS configurations using SSLScan, and how  does it contribute to security assessments? (Demonstrate using OWASP BWA). 

9. Approaches for Detecting File Inclusion Vulnerabilities: 

o What approaches are employed in searching for file inclusions as part of security  evaluations? (Demonstrate using DVWA). 

10. Identifying and Mitigating the POODLE Vulnerability: 

o How is the POODLE vulnerability identified and mitigated to enhance the security posture of  web applications? (Use the provided script from this link). 

11. Reporting Defenses Against Cyber Vulnerabilities: 

o Suggest and report defenses against the cyber vulnerabilities identified and exploited from  points 1 to 10. 

12. Data Analysis on Selected Datasets: 

o Demonstrate your data analytic skills on any three datasets available at Fordham  University’s Data Mining Datasets

13. Classification and Evaluation Using Recent Datasets: 

o Select a recent dataset from either: 

IoT-23 Dataset 

LITNET Dataset 

o Load the selected dataset into Weka or a tool of your choice, then follow these steps: i. Select the relevant features with rationale (using external references or your own  reasoning). 

ii. Create training and testing data samples. 

iii. Classify the network intrusion provided in the sample data. 

iv. Evaluate the performance of the intrusion detection using available tools and  technologies (e.g., confusion matrix). 

References: 

For additional information and to complete Task 13, refer to the following studies: 

1. Damasevicius, R., Venckauskas, A., Grigaliunas, S., Toldinas, J., Morkevicius, N., Aleliunas, T., & Smuikys, P.  (2020). LITNET-2020: An annotated real-world network flow dataset for network intrusion detection.  Electronics, 9(5), 800.


2. Larriva-Novo, X., Villagrá, V. A., Vega-Barbas, M., Rivera, D., & Sanz Rodrigo, M. (2021). An IoT-Focused  Intrusion Detection System Approach Based on Preprocessing Characterization for Cybersecurity Datasets.  Sensors, 21(2), 656. 

3. Tait, Kathryn-Ann, Jan Sher Khan, Fehaid Alqahtani, Awais Aziz Shah, Fadia Ali Khan, Mujeeb Ur Rehman,  Wadii Boulila, and Jawad Ahmad. “Intrusion Detection using Machine Learning Techniques: An Experimental  Comparison.” arXiv preprint arXiv:2105.13435 (2021). 

Part II: Video Demonstration (30 Marks) 

1. Make a group video demonstration of three cyber security tools implemented for writing a group  report. 

Marks distribution for this section include marks for Implementation and Demonstration, Presentation  Teamwork and Collaboration, Demo and Viva. 

Note: 

If you are using the dataset at a) for your research, please reference it as “Stratosphere Laboratory. A labeled dataset with malicious and benign IoT network traffic. January 22. Agustin Parmisano, Sebastian Garcia, Maria Jose Erquiaga. 

Students can find “IEEE-Reference-Guide.pdf” available in Assignments Folder after logging into your MOODLE account for referencing purposes.

Marking criteria for Assignment 3:

Part I: Group 

Report

Description of the section 

Marks

Introduction 

State the general topic and give some background for Part I  points

5

Report 

structure and 

report 

presentation

Writing is clear and relevant, with no grammatical  and/spelling errors – polished and professional. Conforming to the IEEE template and format. 

Compile a written report along with your evaluations  and recommendations. 

The report must contain several screenshots of  evidence and a short description for each snapshot that provides 

proof that you completed the work.

60

Conclusion 

A brief summary of the overall findings in relation to  the purpose of the study. 

Summary of report argument with concluding ideas that impact the reader.

3

References 

section and 

body citation

Must consider at least ten current references 

from journal/conference papers and books. 

Strictly follow the order and instruction by IEEE.

2

Total 

Total Marks for Part I: Group Report 

70

Part II: Video 

Demonstration 

Description of the section 

Marks

Implementation  

and 

Demonstration

Implement, analyze and discuss the importance of three  cyber security tools from Part I during group video demo.

15

Presentation  

Teamwork 

and 

Collaboration

The information and technical knowledge are presented clearly and effectively. 

Excellent teamwork and collaboration skills must be demonstrated

5

Demo and Viva 

Demo and Viva will be conducted in week 11 lab class. 

10

Total 

Total Marks for Part II: Video Demonstration 

30

Total 

Marks

Total Marks for Part I: Group Report Part II: Video Demonstration

100

Example Marking Rubric for Assignment 3

Grade 

Mark

HD 

80%+

70%-79%

CR 

60%-69%

50%-59%

Fail 

< 50%

Excellent 

Very Good 

Good 

Satisfactory 

Unsatisfactory

Introduction 

Introduction is 

clear, easy to 

follow, well 

prepared and 

professional

Introduction is clear and easy to follow.

Introduction is 

clear and 

understandable

Makes a basic 

Introduction to 

each of your data analytic tools and platforms

Does not make an introduction to each of 

your data 

analytic tools and platforms

Evaluation

Logic is clear and easy to follow 

with strong arguments 

Demonstrated 

excellent ability to think critically and sourced reference 

material 

appropriately 

Consistency 

logical and convincing 

Demonstrated excellent ability to think critically but did not source reference 

material 

appropriately 

Mostly consistent and convincing 

Demonstrated 

ability to think critically and sourced reference material 

appropriately

Adequate 

cohesion and conviction 

Demonstrated 

ability to think critically and did not source reference material appropriately

Argument is confused and disjointed 

Did not demonstrate 

ability to think 

critically and did not source reference 

material 

appropriately

Demonstration

All elements are present and 

very well 

demonstrated.

Components 

present with 

good cohesive

Components 

present and 

mostly well 

integrated

Most components present

Proposal lacks 

structure.

Report 

structure and 

report 

presentation 

Proper writing. Professionally 

presented

Properly 

written, with 

some minor 

deficiencies 

Mostly good, but some structure or presentation 

problems

Acceptable 

presentation

Poor structure, careless 

presentation

Reference style

Clear styles with excellent sources of references.

Clear 

referencing/ 

style

Generally good 

referencing/style

Unclear 

referencing/style

Lacks 

consistency 

with many 

errors