Cyber Vulnerabilities and Data Analytics (MN623 Assessment-3) Assignment Help
Assessment Details and Submission Guidelines
Trimester
T2, 2024
Unit Code
MN623
Unit Title
Cyber Security and Analytics
Assessment Type
Assessment 3 – Group (4-5 Students per group)
Assessment
Title
Assignment 3 (Cyber Vulnerabilities and Data Analytics)
Purpose of the
assessment (with ULO Mapping)
This assignment assesses the following Unit Learning Outcomes; students should be able to demonstrate their achievements in them.
c. Evaluate intelligent security solutions based on data analytics
d. Analyze and interpret results from descriptive and predictive data analysis
e. Propose cyber security solutions for business case studies
Weight
20%
Total Marks
100
Word limit for Group Report
2000-2500 words
Due Date for submission
24/9/2024, Week 11
Submission
Guidelines
• All work must be submitted on Moodle by the due date along with a completed Assignment Cover Page.
• The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri (Body) font and 2 cm margins on all four sides of your page with appropriate section headings.
• Reference sources must be cited in the text of the report and listed appropriately at the end in a reference list using IEEE referencing style.
Extension
If an extension of time to submit work is required, a Special Consideration Application Must be submitted directly through AMS. You must submit this application within three working days of the assessment due date. Further information is available at:
Academic
Misconduct
Academic Misconduct is a serious offense. Depending on the seriousness of the case,penalties can vary from a written warning or zero marks to exclusion from the course or rescinding the degree. Students should make themselves familiar with the full policy and procedure available at. For further information, please refer to the Academic IntegritySection in your Unit Description.
Use of
Generative Artificial
Intelligence (GenAI) in
Assessments
More information about the use of Gen AI in student assessment can be found in the full policy and procedure available at Further support can be found in the MIT LibGuide: Using Gen AI at MIT
Further details on the type of assessment tasks, and whether Gen AI is permitted to be used or not are provided in the assessment brief.
Assignment Description
The assignment has two parts.
Part I: Group Report
Part II: Video Demonstration
Submission Guidelines:
1) Write a group report on the topics listed in Part I.
2) Make a group video demonstration of three cyber security tools implemented for writing a group report.
3) Length of Video: The total length of the video presentation should not be more than 9 minutes (marks would be deducted for longer presentation).
Note: Put the video link of your group video demonstration in the cover page of your Group Report.
Part I – Finding Cyber Vulnerabilities (70 Marks)
Task Description and Questions
After implementing the Part I tasks and questions, take screenshots of your work and provide commentary for each. You will create a report based on the following tasks using the vulnerable virtual machines (vulnerable_vm), including Metasploitable2, DVWA, Mutillidae, and the OWASP Broken Web Applications Project (OWASP BWA). You may also use OWASP Mantra as your web browser to conduct the tests.
• Metasploitable2 is a vulnerable virtual machine designed for practicing penetration testing and gaining unauthorized access to systems.
• Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application intentionally made vulnerable. It is divided into sections that focus on different types of vulnerabilities, with lessons and guidelines on how to exploit them.
• OWASP Mutillidae is a free, open-source, deliberately vulnerable web application used for web-security training. It offers numerous vulnerabilities and hints, making it an ideal environment for labs, security enthusiasts, classrooms, Capture the Flag (CTF) events, and vulnerability assessment tool testing.
• OWASP Broken Web Applications (BWA) Project provides a collection of vulnerable web applications designed for security testing.
Tasks and Questions:
1. Using the Hackbar Add-on for Parameter Probing:
o How can the Hackbar add-on be utilized to streamline parameter probing during security assessments? (Demonstrate using the SQL injection vulnerability in DVWA).
2. Request Viewing and Alteration with ZAP:
o How does ZAP facilitate the viewing and alteration of requests to identify potential vulnerabilities? (Demonstrate using Mutillidae).
3. Capabilities of Burp Suite in Security Assessments:
o What are the capabilities of Burp Suite in viewing and altering requests, and how does it contribute to security assessments? (Demonstrate using Mutillidae).
4. Techniques for Identifying Cross-Site Scripting (XSS) Vulnerabilities:
o What techniques are employed in identifying XSS vulnerabilities during security evaluations? (Demonstrate using DVWA).
5. Identifying and Mitigating Error-Based SQL Injection Vulnerabilities:
o How can error-based SQL injection vulnerabilities be identified and mitigated during security assessments? (Demonstrate using DVWA).
6. Detecting Blind SQL Injection Vulnerabilities:
o What methods are utilized to detect blind SQL injection vulnerabilities, and what are the associated risks? (Demonstrate using DVWA).
7. Identifying and Addressing Cookie Vulnerabilities:
o How are vulnerabilities in cookies identified and addressed to enhance web application security? (Demonstrate using Mutillidae).
8. Analyzing SSL/TLS Configurations with SSLScan:
o What information can be obtained about SSL and TLS configurations using SSLScan, and how does it contribute to security assessments? (Demonstrate using OWASP BWA).
9. Approaches for Detecting File Inclusion Vulnerabilities:
o What approaches are employed in searching for file inclusions as part of security evaluations? (Demonstrate using DVWA).
10. Identifying and Mitigating the POODLE Vulnerability:
o How is the POODLE vulnerability identified and mitigated to enhance the security posture of web applications? (Use the provided script from this link).
11. Reporting Defenses Against Cyber Vulnerabilities:
o Suggest and report defenses against the cyber vulnerabilities identified and exploited from points 1 to 10.
12. Data Analysis on Selected Datasets:
o Demonstrate your data analytic skills on any three datasets available at Fordham University’s Data Mining Datasets.
13. Classification and Evaluation Using Recent Datasets:
o Select a recent dataset from either:
IoT-23 Dataset
LITNET Dataset
o Load the selected dataset into Weka or a tool of your choice, then follow these steps: i. Select the relevant features with rationale (using external references or your own reasoning).
ii. Create training and testing data samples.
iii. Classify the network intrusion provided in the sample data.
iv. Evaluate the performance of the intrusion detection using available tools and technologies (e.g., confusion matrix).
References:
For additional information and to complete Task 13, refer to the following studies:
1. Damasevicius, R., Venckauskas, A., Grigaliunas, S., Toldinas, J., Morkevicius, N., Aleliunas, T., & Smuikys, P. (2020). LITNET-2020: An annotated real-world network flow dataset for network intrusion detection. Electronics, 9(5), 800.
2. Larriva-Novo, X., Villagrá, V. A., Vega-Barbas, M., Rivera, D., & Sanz Rodrigo, M. (2021). An IoT-Focused Intrusion Detection System Approach Based on Preprocessing Characterization for Cybersecurity Datasets. Sensors, 21(2), 656.
3. Tait, Kathryn-Ann, Jan Sher Khan, Fehaid Alqahtani, Awais Aziz Shah, Fadia Ali Khan, Mujeeb Ur Rehman, Wadii Boulila, and Jawad Ahmad. “Intrusion Detection using Machine Learning Techniques: An Experimental Comparison.” arXiv preprint arXiv:2105.13435 (2021).
Part II: Video Demonstration (30 Marks)
1. Make a group video demonstration of three cyber security tools implemented for writing a group report.
Marks distribution for this section include marks for Implementation and Demonstration, Presentation Teamwork and Collaboration, Demo and Viva.
Note:
If you are using the dataset at a) for your research, please reference it as “Stratosphere Laboratory. A labeled dataset with malicious and benign IoT network traffic. January 22. Agustin Parmisano, Sebastian Garcia, Maria Jose Erquiaga.
Students can find “IEEE-Reference-Guide.pdf” available in Assignments Folder after logging into your MOODLE account for referencing purposes.
Marking criteria for Assignment 3:
Part I: Group
Report
Description of the section
Marks
Introduction
State the general topic and give some background for Part I points
5
Report
structure and
report
presentation
• Writing is clear and relevant, with no grammatical and/spelling errors – polished and professional. • Conforming to the IEEE template and format.
• Compile a written report along with your evaluations and recommendations.
• The report must contain several screenshots of evidence and a short description for each snapshot that provides
proof that you completed the work.
60
Conclusion
• A brief summary of the overall findings in relation to the purpose of the study.
• Summary of report argument with concluding ideas that impact the reader.
3
References
section and
body citation
• Must consider at least ten current references
from journal/conference papers and books.
• Strictly follow the order and instruction by IEEE.
2
Total
Total Marks for Part I: Group Report
70
Part II: Video
Demonstration
Description of the section
Marks
Implementation
and
Demonstration
Implement, analyze and discuss the importance of three cyber security tools from Part I during group video demo.
15
Presentation
Teamwork
and
Collaboration
The information and technical knowledge are presented clearly and effectively.
Excellent teamwork and collaboration skills must be demonstrated
5
Demo and Viva
Demo and Viva will be conducted in week 11 lab class.
10
Total
Total Marks for Part II: Video Demonstration
30
Total
Marks
Total Marks for Part I: Group Report Part II: Video Demonstration
100
Example Marking Rubric for Assignment 3
Grade
Mark
HD
80%+
D
70%-79%
CR
60%-69%
P
50%-59%
Fail
< 50%
Excellent
Very Good
Good
Satisfactory
Unsatisfactory
Introduction
Introduction is
clear, easy to
follow, well
prepared and
professional
Introduction is clear and easy to follow.
Introduction is
clear and
understandable
Makes a basic
Introduction to
each of your data analytic tools and platforms
Does not make an introduction to each of
your data
analytic tools and platforms
Evaluation
Logic is clear and easy to follow
with strong arguments
Demonstrated
excellent ability to think critically and sourced reference
material
appropriately
Consistency
logical and convincing
Demonstrated excellent ability to think critically but did not source reference
material
appropriately
Mostly consistent and convincing
Demonstrated
ability to think critically and sourced reference material
appropriately
Adequate
cohesion and conviction
Demonstrated
ability to think critically and did not source reference material appropriately
Argument is confused and disjointed
Did not demonstrate
ability to think
critically and did not source reference
material
appropriately
Demonstration
All elements are present and
very well
demonstrated.
Components
present with
good cohesive
Components
present and
mostly well
integrated
Most components present
Proposal lacks
structure.
Report
structure and
report
presentation
Proper writing. Professionally
presented
Properly
written, with
some minor
deficiencies
Mostly good, but some structure or presentation
problems
Acceptable
presentation
Poor structure, careless
presentation
Reference style
Clear styles with excellent sources of references.
Clear
referencing/
style
Generally good
referencing/style
Unclear
referencing/style
Lacks
consistency
with many
errors
