Cyber Security and Analytics (MN623) Assignment Help
Assessment Details and Submission Guidelines |
|
Trimester |
T1, 2024 |
Unit Code |
MN623 |
Unit Title |
|
Assessment Type |
Assessment 3 – Group (4-5 Students per group) |
Assessment Title |
Assignment 3 (Cyber Vulnerabilities and Data Analytics) |
Purpose of the assessment (with ULO Mapping) |
This assignment assesses the following Unit Learning Outcomes; students should be able to demonstrate their achievements in them. c. Evaluate intelligent security solutions based on data analytics d. Analyse and interpret results from descriptive and predictive data analysis e. Propose cyber security solutions for business case studies |
Weight |
20% |
Total Marks |
100 |
Word limit for Group Report |
2000-2500 words |
Due Date for submission |
28/5/2024, Week 11 |
Submission Guidelines |
• All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page. • The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings. • Reference sources must be cited in the text of the report and listed appropriately at the end in a reference list using IEEE referencing style. |
Extension |
• If an extension of time to submit work is required, a Special Consideration Application must be submitted directly to the School’s Administration Officer, on academic reception level. You must submit this application within three working days of the assessment due date. |
Academic Misconduct |
• Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at. For further information, please refer to the Academic Integrity Section in your Unit Description. |
Assignment Description
The assignment has two parts.
Part I: Group Report
Part II: Video Demonstration
Submission Guidelines:
1) Write a group report on the topics listed in Part I.
2) Make a group video demonstration of three cyber security tools implemented for writing a group report.
3) Length of Video: The total length of the video presentation should not be more than 9 minutes (marks would be deducted for longer presentation).
Note: Put the video link of your group video demonstration in the cover page of your Group Report.
Part I – Finding Cyber Vulnerabilities (70 Marks)
Complete the questions below after implementation (Take screenshots of your implemented work and include commentary for each screenshot) and make a report based on the following. You will be working with applications in vulnerable_vm (metasploitable2, DVWA, mutillidae, OWASP BWA virtual machine) and if required, may use OWASP Mantra, as the web browser to perform the tests. Metasploitable is a vulnerable virtual machine intended for practicing taking over machines. Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. The app is divided into sections for different types of vulnerabilities. The best thing about DVWA is it has lessons/guidelines on how to exploit a
vulnerability. Open Web Application Security Project (OWASP) Mutillidae is a free, open-source, deliberately vulnerable web application providing a target for web-security training. With dozens of vulnerabilities and hints to help the user; this is an easy-to-use web hacking environment designed for labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. OWASP Broken Web Applications Project, a collection of vulnerable web applications. Contents must include all the points:
1. How can the Hackbar add-on be utilized to streamline parameter probing during security assessments? (Demonstrate using SQL injection vulnerability in DVWA)
2. What role does the Tamper Data add-on play in intercepting and modifying requests for enhanced security testing? (Demonstrate using DVWA)
3. How does ZAP facilitate the viewing and alteration of requests to identify potential vulnerabilities? (Demonstrate using mutillidae)
4. What are the capabilities of Burp Suite in viewing and altering requests, and how does it contribute to security assessments? (Demonstrate using mutillidae)
5. What techniques are employed in identifying cross-site scripting (XSS) vulnerabilities during security evaluations? (Demonstrate using DVWA)
6. How can error-based SQL injection vulnerabilities be identified and mitigated during security assessments? (Demonstrate using DVWA)
7. What methods are utilized to detect blind SQL injection vulnerabilities, and what are the associated risks? (Demonstrate using DVWA)
8. How are vulnerabilities in cookies identified and addressed to enhance web application security? (Demonstrate using mutillidae)
9. What information can be obtained about SSL and TLS configurations using SSLScan, and how does it contribute to security assessments? (Demonstrate using BWA – Download from link – https://sourceforge.net/projects/owaspbwa/)
10. What approaches are employed in searching for file inclusions as part of security evaluations? (Demonstrate using DVWA)
11. How is the POODLE vulnerability identified and mitigated to enhance the security posture of web applications? (Download Link- https://nmap.org/nsedoc/scripts/ssl-poodle.html) 12. Suggest and report defenses against the cyber vulnerabilities implemented from point 1 to 11. 13. Demonstrate your data analytic skills on any three datasets available at:
14. Select any of the recently published data set available on the links mentioned below, a) https://www.stratosphereips.org/datasets-iot23 and load it to Weka tool preferably or tool of your choice, then select the features with rationale (external reference or your own reasoning).
Evaluate and select the data analytic techniques for testing and apply one method of classification and demonstrate the following steps.
i) Create training and testing data samples from dataset provided at a) or b) above
ii) Classify the network intrusion given at the sample data at a) or b) above
iii) Evaluate the performance of intrusion detection using the available tools and technologies (e.g. confusion matrix).
1. Damasevicius, R., Venckauskas, A., Grigaliunas, S., Toldinas, J., Morkevicius, N., Aleliunas, T., & Smuikys,P. (2020). LITNET-2020: An annotated real-world network flow dataset for network intrusion detection. Electronics, 9(5), 800. 2. Larriva-Novo, X., Villagrá, V. A., Vega-Barbas, M., Rivera, D., & Sanz Rodrigo, M. (2021). An IoT-FocusedIntrusion
Detection System Approach Based on Preprocessing Characterization for Cybersecurity Datasets. Sensors, 21(2), 656.
3. Tait, Kathryn-Ann, Jan Sher Khan, Fehaid Alqahtani, Awais Aziz Shah, Fadia Ali Khan, Mujeeb Ur Rehman,Wadii Boulila, and Jawad Ahmad. “Intrusion Detection using Machine Learning Techniques: An Experimental Comparison.” arXiv preprint arXiv:2105.13435 (2021).
1. Make a group video demonstration of three cyber security tools implemented for writing a group report. Marks distribution for this section include marks for Implementation and Demonstration, Presentation Teamwork and Collaboration, Demo and Viva.
Note:
If you are using the dataset at a) for your research, please reference it as “Stratosphere Laboratory. A labeled dataset with malicious and benign IoT network traffic. January 22. Agustin Parmisano, Sebastian Garcia, Maria Jose Erquiaga.
Students can find “IEEE-Reference-Guide.pdf” available in Assignments Folder after logging into your MOODLE account for referencing purposes.
Spark Plus activity is mandatory for MN623 Assignment 3 as it is a group assignment.
Part I: Group Report |
Description of the section |
Marks |
Introduction |
State the general topic and give some background for Part I points |
5 |
Report structure and report presentation |
• Writing is clear and relevant, with no grammatical and/orspelling errors – polished and professional. • Conforming to the IEEE template and format. • Compile a written report along with your evaluations andrecommendations. • The report must contain several screenshots of evidenceand a short description for each snapshot that provides proof that you completed the work. |
60 |
Conclusion |
• A brief summary of the overall findings in relation to thepurpose of the study. • Summary of report argument with concluding ideas that impact reader. |
3 |
References section and body citation |
• Must consider at least ten current references fromjournal/conference papers and books. • Strictly follow the order and instruction by IEEE. |
2 |
Total |
Total Marks for Part I: Group Report |
70 |
Part II: Video Demonstration |
Description of the section |
Marks |
Implementation and Demonstration |
Implement, analyze and discuss the importance of t h r ee cyber security tool from Part I during group video demo. |
15 |
Presentation Teamwork and Collaboration |
The information and technical knowledge are presented clearly and effectively. Excellent teamwork and collaboration skills must be demonstrated |
5 |
Demo and Viva |
Demo and Viva will be conducted in week 11 lab class. |
10 |
Total |
Total Marks for Part II: Video Demonstration |
30 |
Total Marks |
Total Marks for Part I: Group Report+ Part II: Video Demonstration |
100 |
Assignment 3
Grade Mark |
HD 80%+ |
D 70%-79% |
CR 60%-69% |
P 50%-59% |
Fail < 50% |
Excellent |
Very Good |
Good |
Satisfactory |
Unsatisfactory |
|
Introduction |
Introduction is clear, easy to follow, well prepared and professional |
Introduction is clear and easy to follow. |
Introduction is clear and understandable |
Makes a basic Introduction to each of your data analytic tools and platforms |
Does not make an introduction to each of your data analytic tools and platforms |
Evaluation |
Logic is clear and easy to follow with strong arguments Demonstrated excellent ability to think critically and sourced reference material appropriately |
Consistency logical and convincing Demonstrated excellent ability to think critically but did not source reference material appropriately |
Mostly consistent and convincing Demonstrated ability to think critically and sourced reference material appropriately |
Adequate cohesion and conviction Demonstrated ability to think critically and did not source reference material appropriately |
Argument is confused and disjointed Did not demonstrate ability to think critically and did not source reference material appropriately |
Demonstration |
All elements are present and very well demonstrated. |
Components present with good cohesive |
Components present and mostly well integrated |
Most components present |
Proposal lacks structure. |
Report structure and report presentation |
Proper writing. Professionally presented |
Properly written, with some minor deficiencies |
Mostly good, but some structure or presentation problems |
Acceptable presentation |
Poor structure, careless presentation |
Reference style |
Clear styles with excellent source of references. |
Clear referencing/ style |
Generally good referencing/style |
Unclear referencing/style |
Lacks consistency with many errors |
Leave A Comment