Cyber Security and Analytics (MN623) Assignment Help

Assessment Details and Submission Guidelines

Trimester

T1, 2024

Unit Code

MN623

Unit Title

Cyber Security and Analytics

Assessment Type

Assessment 3 – Group (4-5 Students per group)

Assessment

Title

Assignment 3 (Cyber Vulnerabilities and Data Analytics)

Purpose of the

assessment (with ULO Mapping)

This assignment assesses the following Unit Learning Outcomes; students should be able to demonstrate their achievements in them.

c. Evaluate intelligent security solutions based on data analytics

d. Analyse and interpret results from descriptive and predictive data analysis

e. Propose cyber security solutions for business case studies

Weight

20%

Total Marks

100

Word limit for Group Report

2000-2500 words

Due Date for submission

28/5/2024, Week 11

Submission

Guidelines

• All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page.

• The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings.

• Reference sources must be cited in the text of the report and listed appropriately at the end in a reference list using IEEE referencing style.

Extension

• If an extension of time to submit work is required, a Special Consideration Application must be submitted directly to the School’s Administration Officer, on academic reception level. You must submit this application within three working days of the assessment due date.

Academic

Misconduct

• Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at. For further information, please

refer to the Academic Integrity Section in your Unit Description.

Assignment Description 

The assignment has two parts.

Part I: Group Report

Part II: Video Demonstration

Submission Guidelines:

1) Write a group report on the topics listed in Part I.

2) Make a group video demonstration of three cyber security tools implemented for writing a  group report.

3) Length of Video: The total length of the video presentation should not be more than 9  minutes (marks would be deducted for longer presentation).

Note: Put the video link of your group video demonstration in the cover page of your Group Report.

                   Part I – Finding Cyber Vulnerabilities (70 Marks)

Complete the questions below after implementation (Take screenshots of your implemented work and include commentary for each screenshot) and make a report based on the following. You will be working  with applications in vulnerable_vm (metasploitable2, DVWA, mutillidae, OWASP BWA virtual machine) and if required, may use OWASP Mantra, as the web browser to perform the tests. Metasploitable is a  vulnerable virtual machine intended for practicing taking over machines. Damn Vulnerable Web App (DVWA)  is a PHP/MySQL web application that is damn vulnerable. The app is divided into sections for different  types of vulnerabilities. The best thing about DVWA is it has lessons/guidelines on how to exploit a

vulnerability. Open Web Application Security Project (OWASP) Mutillidae is a free, open-source,  deliberately vulnerable web application providing a target for web-security training. With dozens of  vulnerabilities and hints to help the user; this is an easy-to-use web hacking environment designed for  labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. OWASP Broken Web  Applications Project, a collection of vulnerable web applications. Contents must include all the points:

1. How can the Hackbar add-on be utilized to streamline parameter probing during security  assessments? (Demonstrate using SQL injection vulnerability in DVWA)

2. What role does the Tamper Data add-on play in intercepting and modifying requests for  enhanced security testing? (Demonstrate using DVWA)

3. How does ZAP facilitate the viewing and alteration of requests to identify potential  vulnerabilities? (Demonstrate using mutillidae)

4. What are the capabilities of Burp Suite in viewing and altering requests, and how does it  contribute to security assessments? (Demonstrate using mutillidae)

5. What techniques are employed in identifying cross-site scripting (XSS) vulnerabilities during  security evaluations? (Demonstrate using DVWA)

6. How can error-based SQL injection vulnerabilities be identified and mitigated during security  assessments? (Demonstrate using DVWA)

7. What methods are utilized to detect blind SQL injection vulnerabilities, and what are the  associated risks? (Demonstrate using DVWA)

8. How are vulnerabilities in cookies identified and addressed to enhance web application  security? (Demonstrate using mutillidae)

9. What information can be obtained about SSL and TLS configurations using SSLScan, and how  does it contribute to security assessments? (Demonstrate using BWA – Download from link – https://sourceforge.net/projects/owaspbwa/)

10. What approaches are employed in searching for file inclusions as part of security  evaluations? (Demonstrate using DVWA)

11. How is the POODLE vulnerability identified and mitigated to enhance the security posture of  web applications? (Download Link- https://nmap.org/nsedoc/scripts/ssl-poodle.html) 12. Suggest and report defenses against the cyber vulnerabilities implemented from point 1 to 11.  13. Demonstrate your data analytic skills on any three datasets available at:

14. Select any of the recently published data set available on the links mentioned below, a) https://www.stratosphereips.org/datasets-iot23 and load it to Weka tool preferably or tool of your choice, then select the features with rationale (external reference or your own reasoning).

Evaluate and select the data analytic techniques for testing and apply one method of classification and demonstrate the following steps.

i) Create training and testing data samples from dataset provided at a) or b) above

ii) Classify the network intrusion given at the sample data at a) or b) above

iii) Evaluate the performance of intrusion detection using the available tools and technologies (e.g. confusion matrix).

1. Damasevicius, R., Venckauskas, A., Grigaliunas, S., Toldinas, J., Morkevicius, N., Aleliunas, T., & Smuikys,P. (2020).  LITNET-2020: An annotated real-world network flow dataset for network intrusion detection. Electronics, 9(5), 800. 2. Larriva-Novo, X., Villagrá, V. A., Vega-Barbas, M., Rivera, D., & Sanz Rodrigo, M. (2021). An IoT-FocusedIntrusion

Detection System Approach Based on Preprocessing Characterization for Cybersecurity Datasets. Sensors, 21(2), 656.

3. Tait, Kathryn-Ann, Jan Sher Khan, Fehaid Alqahtani, Awais Aziz Shah, Fadia Ali Khan, Mujeeb Ur Rehman,Wadii Boulila, and Jawad Ahmad. “Intrusion Detection using Machine Learning Techniques: An Experimental Comparison.” arXiv preprint arXiv:2105.13435 (2021).

1. Make a group video demonstration of three cyber security tools implemented for writing a group report. Marks distribution for this section include marks for Implementation and Demonstration, Presentation Teamwork and Collaboration, Demo and Viva.

Note:

If you are using the dataset at a) for your research, please reference it as “Stratosphere Laboratory. A labeled dataset with malicious and benign IoT network traffic. January 22. Agustin Parmisano, Sebastian Garcia, Maria Jose Erquiaga.

Students can find “IEEE-Reference-Guide.pdf” available in Assignments Folder after logging into your MOODLE account for referencing purposes.

Spark Plus activity is mandatory for MN623 Assignment 3 as it is a group assignment.

 

Part I: Group

Report

Description of the section

Marks

Introduction

State the general topic and give some background for Part I  points

5

Report

structure and

report

presentation

• Writing is clear and relevant, with no grammatical  and/orspelling errors – polished and professional. • Conforming to the IEEE template and format.

• Compile a written report along with your evaluations  andrecommendations.

• The report must contain several screenshots of  evidenceand a short description for each snapshot that provides

proof that you completed the work.

60

Conclusion

• A brief summary of the overall findings in relation to  thepurpose of the study.

• Summary of report argument with concluding ideas that impact reader.

3

References

section and

body citation

• Must consider at least ten current references

fromjournal/conference papers and books.

• Strictly follow the order and instruction by IEEE.

2

Total

Total Marks for Part I: Group Report

70

Part II: Video

Demonstration

Description of the section

Marks

Implementation

and

Demonstration

Implement, analyze and discuss the importance of t h r ee  cyber security tool from Part I during group video demo.

15

Presentation

Teamwork

and

Collaboration

The information and technical knowledge are presented clearly and effectively.

Excellent teamwork and collaboration skills must be demonstrated

5

Demo and Viva

Demo and Viva will be conducted in week 11 lab class.

10

Total

Total Marks for Part II: Video Demonstration

30

Total

Marks

Total Marks for Part I: Group Report+ Part II: Video Demonstration

100

Assignment 3

Grade

Mark

HD

80%+

D

70%-79%

CR

60%-69%

P

50%-59%

Fail

< 50%

Excellent

Very Good

Good

Satisfactory

Unsatisfactory

Introduction

Introduction is

clear, easy to

follow, well

prepared and

professional

Introduction is clear and easy to follow.

Introduction is

clear and

understandable

Makes a basic

Introduction to

each of your data analytic tools and platforms

Does not make an introduction to each of

your data

analytic tools and platforms

Evaluation

Logic is clear and easy to follow

with strong arguments

Demonstrated

excellent ability to think critically and sourced reference

material

appropriately

Consistency

logical and convincing

Demonstrated excellent ability to think critically but did not source reference

material

appropriately

Mostly consistent and convincing

Demonstrated

ability to think critically and sourced reference material

appropriately

Adequate

cohesion and conviction

Demonstrated

ability to think critically and did not source reference material appropriately

Argument is confused and disjointed

Did not demonstrate

ability to think

critically and did not source reference

material

appropriately

Demonstration

All elements are present and

very well

demonstrated.

Components

present with

good cohesive

Components

present and

mostly well

integrated

Most components present

Proposal lacks

structure.

Report

structure and

report

presentation

Proper writing. Professionally

presented

Properly

written, with

some minor

deficiencies

Mostly good, but some structure or presentation

problems

Acceptable

presentation

Poor structure, careless

presentation

Reference style

Clear styles with excellent source of references.

Clear

referencing/

style

Generally good

referencing/style

Unclear

referencing/style

Lacks

consistency

with many

errors