Cyber Security and Analytics (MN623) Assignment Help

 

Assessment Details and Submission Guidelines

Trimester 

T1, 2024

Unit Code 

MN623

Unit Title 

Cyber Security and Analytics

Assessment Type

Assessment 3 – Group (4-5 Students per group)

Assessment 

Title

Assignment 3 (Cyber Vulnerabilities and Data Analytics)

Purpose of the 

assessment (with ULO Mapping)

This assignment assesses the following Unit Learning Outcomes; students should be able to demonstrate their achievements in them. 

c. Evaluate intelligent security solutions based on data analytics 

d. Analyse and interpret results from descriptive and predictive data analysis 

e. Propose cyber security solutions for business case studies

Weight 

20%

Total Marks 

100

Word limit for Group Report

2000-2500 words

Due Date for submission

28/5/2024, Week 11

Submission 

Guidelines

All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page. 

The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings. 

Reference sources must be cited in the text of the report and listed appropriately at the end in a reference list using IEEE referencing style.

Extension 

If an extension of time to submit work is required, a Special Consideration Application must be submitted directly to the School’s Administration Officer, on academic reception level. You must submit this application within three working days of the assessment due date.

Academic 

Misconduct

Academic Misconduct is a serious offence. Depending on the seriousness of the case, penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at. For further information, please 

refer to the Academic Integrity Section in your Unit Description.

Assignment Description 

The assignment has two parts. 

Part I: Group Report 

Part II: Video Demonstration 

Submission Guidelines: 

1) Write a group report on the topics listed in Part I. 

2) Make a group video demonstration of three cyber security tools implemented for writing a  group report. 

3) Length of Video: The total length of the video presentation should not be more than 9  minutes (marks would be deducted for longer presentation). 

Note: Put the video link of your group video demonstration in the cover page of your Group Report. 

                   Part I – Finding Cyber Vulnerabilities (70 Marks) 

Complete the questions below after implementation (Take screenshots of your implemented work and include commentary for each screenshot) and make a report based on the following. You will be working  with applications in vulnerable_vm (metasploitable2, DVWA, mutillidae, OWASP BWA virtual machine) and if required, may use OWASP Mantra, as the web browser to perform the tests. Metasploitable is a  vulnerable virtual machine intended for practicing taking over machines. Damn Vulnerable Web App (DVWA)  is a PHP/MySQL web application that is damn vulnerable. The app is divided into sections for different  types of vulnerabilities. The best thing about DVWA is it has lessons/guidelines on how to exploit a 

vulnerability. Open Web Application Security Project (OWASP) Mutillidae is a free, open-source,  deliberately vulnerable web application providing a target for web-security training. With dozens of  vulnerabilities and hints to help the user; this is an easy-to-use web hacking environment designed for  labs, security enthusiast, classrooms, CTF, and vulnerability assessment tool targets. OWASP Broken Web  Applications Project, a collection of vulnerable web applications. Contents must include all the points: 

1. How can the Hackbar add-on be utilized to streamline parameter probing during security  assessments? (Demonstrate using SQL injection vulnerability in DVWA) 

2. What role does the Tamper Data add-on play in intercepting and modifying requests for  enhanced security testing? (Demonstrate using DVWA

3. How does ZAP facilitate the viewing and alteration of requests to identify potential  vulnerabilities? (Demonstrate using mutillidae)

4. What are the capabilities of Burp Suite in viewing and altering requests, and how does it  contribute to security assessments? (Demonstrate using mutillidae) 

5. What techniques are employed in identifying cross-site scripting (XSS) vulnerabilities during  security evaluations? (Demonstrate using DVWA) 

6. How can error-based SQL injection vulnerabilities be identified and mitigated during security  assessments? (Demonstrate using DVWA) 

7. What methods are utilized to detect blind SQL injection vulnerabilities, and what are the  associated risks? (Demonstrate using DVWA) 

8. How are vulnerabilities in cookies identified and addressed to enhance web application  security? (Demonstrate using mutillidae) 

9. What information can be obtained about SSL and TLS configurations using SSLScan, and how  does it contribute to security assessments? (Demonstrate using BWA – Download from link – https://sourceforge.net/projects/owaspbwa/) 

10. What approaches are employed in searching for file inclusions as part of security  evaluations? (Demonstrate using DVWA) 

11. How is the POODLE vulnerability identified and mitigated to enhance the security posture of  web applications? (Download Link- https://nmap.org/nsedoc/scripts/ssl-poodle.html) 12. Suggest and report defenses against the cyber vulnerabilities implemented from point 1 to 11.  13. Demonstrate your data analytic skills on any three datasets available at:

14. Select any of the recently published data set available on the links mentioned below, a) https://www.stratosphereips.org/datasets-iot23 and load it to Weka tool preferably or tool of your choice, then select the features with rationale (external reference or your own reasoning). 

Evaluate and select the data analytic techniques for testing and apply one method of classification and demonstrate the following steps. 

i) Create training and testing data samples from dataset provided at a) or b) above

ii) Classify the network intrusion given at the sample data at a) or b) above 

iii) Evaluate the performance of intrusion detection using the available tools and technologies (e.g. confusion matrix).

1. Damasevicius, R., Venckauskas, A., Grigaliunas, S., Toldinas, J., Morkevicius, N., Aleliunas, T., & Smuikys,P. (2020).  LITNET-2020: An annotated real-world network flow dataset for network intrusion detection. Electronics, 9(5), 800. 2. Larriva-Novo, X., Villagrá, V. A., Vega-Barbas, M., Rivera, D., & Sanz Rodrigo, M. (2021). An IoT-FocusedIntrusion  

Detection System Approach Based on Preprocessing Characterization for Cybersecurity Datasets. Sensors, 21(2), 656. 

3. Tait, Kathryn-Ann, Jan Sher Khan, Fehaid Alqahtani, Awais Aziz Shah, Fadia Ali Khan, Mujeeb Ur Rehman,Wadii Boulila, and Jawad Ahmad. “Intrusion Detection using Machine Learning Techniques: An Experimental Comparison.” arXiv preprint arXiv:2105.13435 (2021). 

1. Make a group video demonstration of three cyber security tools implemented for writing a group report. Marks distribution for this section include marks for Implementation and Demonstration, Presentation Teamwork and Collaboration, Demo and Viva. 

Note: 

If you are using the dataset at a) for your research, please reference it as “Stratosphere Laboratory. A labeled dataset with malicious and benign IoT network traffic. January 22. Agustin Parmisano, Sebastian Garcia, Maria Jose Erquiaga. 

Students can find “IEEE-Reference-Guide.pdf” available in Assignments Folder after logging into your MOODLE account for referencing purposes. 

Spark Plus activity is mandatory for MN623 Assignment 3 as it is a group assignment.

 

Part I: Group 

Report

Description of the section 

Marks

Introduction 

State the general topic and give some background for Part I  points

5

Report 

structure and 

report 

presentation

Writing is clear and relevant, with no grammatical  and/orspelling errors – polished and professional. Conforming to the IEEE template and format. 

Compile a written report along with your evaluations  andrecommendations. 

The report must contain several screenshots of  evidenceand a short description for each snapshot that provides 

proof that you completed the work.

60

Conclusion 

A brief summary of the overall findings in relation to  thepurpose of the study. 

Summary of report argument with concluding ideas that impact reader.

3

References 

section and 

body citation

Must consider at least ten current references 

fromjournal/conference papers and books. 

Strictly follow the order and instruction by IEEE.

2

Total 

Total Marks for Part I: Group Report 

70

Part II: Video 

Demonstration 

Description of the section 

Marks

Implementation  

and 

Demonstration

Implement, analyze and discuss the importance of t h r ee  cyber security tool from Part I during group video demo.

15

Presentation  

Teamwork 

and 

Collaboration

The information and technical knowledge are presented clearly and effectively. 

Excellent teamwork and collaboration skills must be demonstrated

5

Demo and Viva 

Demo and Viva will be conducted in week 11 lab class. 

10

Total 

Total Marks for Part II: Video Demonstration 

30

Total 

Marks

Total Marks for Part I: Group Report+ Part II: Video Demonstration

100

Assignment 3

Grade 

Mark

HD 

80%+

70%-79%

CR 

60%-69%

50%-59%

Fail 

< 50%
 

Excellent 

Very Good 

Good 

Satisfactory 

Unsatisfactory

Introduction 

Introduction is 

clear, easy to 

follow, well 

prepared and 

professional

Introduction is clear and easy to follow.

Introduction is 

clear and 

understandable

Makes a basic 

Introduction to 

each of your data analytic tools and platforms

Does not make an introduction to each of 

your data 

analytic tools and platforms

Evaluation

Logic is clear and easy to follow 

with strong arguments 

Demonstrated 

excellent ability to think critically and sourced reference 

material 

appropriately 

Consistency 

logical and convincing 

Demonstrated excellent ability to think critically but did not source reference 

material 

appropriately 

Mostly consistent and convincing 

Demonstrated 

ability to think critically and sourced reference material 

appropriately

Adequate 

cohesion and conviction 

Demonstrated 

ability to think critically and did not source reference material appropriately

Argument is confused and disjointed 

Did not demonstrate 

ability to think 

critically and did not source reference 

material 

appropriately

Demonstration

All elements are present and 

very well 

demonstrated.

Components 

present with 

good cohesive

Components 

present and 

mostly well 

integrated

Most components present

Proposal lacks 

structure.

Report 

structure and 

report 

presentation 

Proper writing. Professionally 

presented

Properly 

written, with 

some minor 

deficiencies 

Mostly good, but some structure or presentation 

problems

Acceptable 

presentation

Poor structure, careless 

presentation

Reference style

Clear styles with excellent source of references.

Clear 

referencing/ 

style

Generally good 

referencing/style

Unclear 

referencing/style

Lacks 

consistency 

with many 

errors