Cyber Vulnerabilities and Data Analytics (MN623 Assessment-3) Assignment Help

Assessment Details and Submission Guidelines

Trimester

T2, 2024

Unit Code

MN623

Unit Title

Cyber Security and Analytics

Assessment Type

Assessment 3 – Group (4-5 Students per group)

Assessment

Title

Assignment 3 (Cyber Vulnerabilities and Data Analytics)

Purpose of the

assessment (with ULO Mapping)

This assignment assesses the following Unit Learning Outcomes; students should be able to demonstrate their achievements in them.

c. Evaluate intelligent security solutions based on data analytics

d. Analyze and interpret results from descriptive and predictive data analysis

e. Propose cyber security solutions for business case studies

Weight

20%

Total Marks

100

Word limit for Group Report

2000-2500 words

Due Date for submission

24/9/2024, Week 11

Submission

Guidelines

• All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page.

• The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings.

• Reference sources must be cited in the text of the report and listed appropriately at the end in a reference list using IEEE referencing style.

Extension

If an extension of time to submit work is required, a Special Consideration Application Must be submitted directly through AMS. You must submit this application within three working days of  the assessment due date. Further information is available at:

Academic

Misconduct

Academic Misconduct is a serious offense. Depending on the seriousness of the case,penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at. For further information, please refer to the Academic IntegritySection in your Unit Description.

Use of

Generative Artificial

Intelligence  (GenAI) in

Assessments

More information about the use of Gen AI in student assessment can be found in the full  policy and procedure available at Further support can be found in the MIT LibGuide: Using Gen AI at MIT

Further details on the type of assessment tasks, and whether Gen AI is permitted to be used or  not are provided in the assessment brief.

 

Assignment Description

The assignment has two parts.

Part I: Group Report

Part II: Video Demonstration

Submission Guidelines:

1) Write a group report on the topics listed in Part I.

2) Make a group video demonstration of three cyber security tools implemented for writing a  group report.

3) Length of Video: The total length of the video presentation should not be more than 9  minutes (marks would be deducted for longer presentation).

Note: Put the video link of your group video demonstration in the cover page of your Group Report.

Part I – Finding Cyber Vulnerabilities (70 Marks)

Task Description and Questions

After implementing the Part I tasks and questions, take screenshots of your work and provide commentary  for each. You will create a report based on the following tasks using the vulnerable virtual machines  (vulnerable_vm), including Metasploitable2, DVWA, Mutillidae, and the OWASP Broken Web Applications  Project (OWASP BWA). You may also use OWASP Mantra as your web browser to conduct the tests.

• Metasploitable2 is a vulnerable virtual machine designed for practicing penetration testing and gaining  unauthorized access to systems.

• Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application intentionally made vulnerable. It is  divided into sections that focus on different types of vulnerabilities, with lessons and guidelines on how to  exploit them.

• OWASP Mutillidae is a free, open-source, deliberately vulnerable web application used for web-security  training. It offers numerous vulnerabilities and hints, making it an ideal environment for labs, security  enthusiasts, classrooms, Capture the Flag (CTF) events, and vulnerability assessment tool testing.

• OWASP Broken Web Applications (BWA) Project provides a collection of vulnerable web applications  designed for security testing.

Tasks and Questions:

1. Using the Hackbar Add-on for Parameter Probing:

o How can the Hackbar add-on be utilized to streamline parameter probing during security  assessments? (Demonstrate using the SQL injection vulnerability in DVWA).

2. Request Viewing and Alteration with ZAP:

o How does ZAP facilitate the viewing and alteration of requests to identify potential  vulnerabilities? (Demonstrate using Mutillidae).

3. Capabilities of Burp Suite in Security Assessments:

o What are the capabilities of Burp Suite in viewing and altering requests, and how does it  contribute to security assessments? (Demonstrate using Mutillidae).

4. Techniques for Identifying Cross-Site Scripting (XSS) Vulnerabilities:

o What techniques are employed in identifying XSS vulnerabilities during security evaluations?  (Demonstrate using DVWA).

5. Identifying and Mitigating Error-Based SQL Injection Vulnerabilities:

o How can error-based SQL injection vulnerabilities be identified and mitigated during security  assessments? (Demonstrate using DVWA).

6. Detecting Blind SQL Injection Vulnerabilities:

o What methods are utilized to detect blind SQL injection vulnerabilities, and what are the  associated risks? (Demonstrate using DVWA).

7. Identifying and Addressing Cookie Vulnerabilities:

o How are vulnerabilities in cookies identified and addressed to enhance web application  security? (Demonstrate using Mutillidae).

8. Analyzing SSL/TLS Configurations with SSLScan:

o What information can be obtained about SSL and TLS configurations using SSLScan, and how  does it contribute to security assessments? (Demonstrate using OWASP BWA).

9. Approaches for Detecting File Inclusion Vulnerabilities:

o What approaches are employed in searching for file inclusions as part of security  evaluations? (Demonstrate using DVWA).

10. Identifying and Mitigating the POODLE Vulnerability:

o How is the POODLE vulnerability identified and mitigated to enhance the security posture of  web applications? (Use the provided script from this link).

11. Reporting Defenses Against Cyber Vulnerabilities:

o Suggest and report defenses against the cyber vulnerabilities identified and exploited from  points 1 to 10.

12. Data Analysis on Selected Datasets:

o Demonstrate your data analytic skills on any three datasets available at Fordham  University’s Data Mining Datasets.

13. Classification and Evaluation Using Recent Datasets:

o Select a recent dataset from either:

IoT-23 Dataset

LITNET Dataset

o Load the selected dataset into Weka or a tool of your choice, then follow these steps: i. Select the relevant features with rationale (using external references or your own  reasoning).

ii. Create training and testing data samples.

iii. Classify the network intrusion provided in the sample data.

iv. Evaluate the performance of the intrusion detection using available tools and  technologies (e.g., confusion matrix).

References:

For additional information and to complete Task 13, refer to the following studies:

1. Damasevicius, R., Venckauskas, A., Grigaliunas, S., Toldinas, J., Morkevicius, N., Aleliunas, T., & Smuikys, P.  (2020). LITNET-2020: An annotated real-world network flow dataset for network intrusion detection.  Electronics, 9(5), 800.

 

2. Larriva-Novo, X., Villagrá, V. A., Vega-Barbas, M., Rivera, D., & Sanz Rodrigo, M. (2021). An IoT-Focused  Intrusion Detection System Approach Based on Preprocessing Characterization for Cybersecurity Datasets.  Sensors, 21(2), 656.

3. Tait, Kathryn-Ann, Jan Sher Khan, Fehaid Alqahtani, Awais Aziz Shah, Fadia Ali Khan, Mujeeb Ur Rehman,  Wadii Boulila, and Jawad Ahmad. “Intrusion Detection using Machine Learning Techniques: An Experimental  Comparison.” arXiv preprint arXiv:2105.13435 (2021).

Part II: Video Demonstration (30 Marks)

1. Make a group video demonstration of three cyber security tools implemented for writing a group  report.

Marks distribution for this section include marks for Implementation and Demonstration, Presentation  Teamwork and Collaboration, Demo and Viva.

Note:

If you are using the dataset at a) for your research, please reference it as “Stratosphere Laboratory. A labeled dataset with malicious and benign IoT network traffic. January 22. Agustin Parmisano, Sebastian Garcia, Maria Jose Erquiaga.

Students can find “IEEE-Reference-Guide.pdf” available in Assignments Folder after logging into your MOODLE account for referencing purposes.

Marking criteria for Assignment 3:

Part I: Group

Report

Description of the section

Marks

Introduction

State the general topic and give some background for Part I  points

5

Report

structure and

report

presentation

• Writing is clear and relevant, with no grammatical  and/spelling errors – polished and professional. • Conforming to the IEEE template and format.

• Compile a written report along with your evaluations  and recommendations.

• The report must contain several screenshots of  evidence and a short description for each snapshot that provides

proof that you completed the work.

60

Conclusion

• A brief summary of the overall findings in relation to  the purpose of the study.

• Summary of report argument with concluding ideas that impact the reader.

3

References

section and

body citation

• Must consider at least ten current references

from journal/conference papers and books.

• Strictly follow the order and instruction by IEEE.

2

Total

Total Marks for Part I: Group Report

70

Part II: Video

Demonstration

Description of the section

Marks

Implementation

and

Demonstration

Implement, analyze and discuss the importance of three  cyber security tools from Part I during group video demo.

15

Presentation

Teamwork

and

Collaboration

The information and technical knowledge are presented clearly and effectively.

Excellent teamwork and collaboration skills must be demonstrated

5

Demo and Viva

Demo and Viva will be conducted in week 11 lab class.

10

Total

Total Marks for Part II: Video Demonstration

30

Total

Marks

Total Marks for Part I: Group Report Part II: Video Demonstration

100

Example Marking Rubric for Assignment 3

Grade

Mark

HD

80%+

D

70%-79%

CR

60%-69%

P

50%-59%

Fail

< 50%

Excellent

Very Good

Good

Satisfactory

Unsatisfactory

Introduction

Introduction is

clear, easy to

follow, well

prepared and

professional

Introduction is clear and easy to follow.

Introduction is

clear and

understandable

Makes a basic

Introduction to

each of your data analytic tools and platforms

Does not make an introduction to each of

your data

analytic tools and platforms

Evaluation

Logic is clear and easy to follow

with strong arguments

Demonstrated

excellent ability to think critically and sourced reference

material

appropriately

Consistency

logical and convincing

Demonstrated excellent ability to think critically but did not source reference

material

appropriately

Mostly consistent and convincing

Demonstrated

ability to think critically and sourced reference material

appropriately

Adequate

cohesion and conviction

Demonstrated

ability to think critically and did not source reference material appropriately

Argument is confused and disjointed

Did not demonstrate

ability to think

critically and did not source reference

material

appropriately

Demonstration

All elements are present and

very well

demonstrated.

Components

present with

good cohesive

Components

present and

mostly well

integrated

Most components present

Proposal lacks

structure.

Report

structure and

report

presentation

Proper writing. Professionally

presented

Properly

written, with

some minor

deficiencies

Mostly good, but some structure or presentation

problems

Acceptable

presentation

Poor structure, careless

presentation

Reference style

Clear styles with excellent sources of references.

Clear

referencing/

style

Generally good

referencing/style

Unclear

referencing/style

Lacks

consistency

with many

errors