Page 1 of 6 COIT XXXXXXXXXXAdvanced Network Security, Term 1, 2021 Assignment 1 Questions Due date: 11:45 pm Friday 23 April 2021 (Week 6) ASSESSMENT Weighting: 35% 1 Length: N/A Instructions Attempt...

1 answer below »
I NEED THIS ONTIME.PLEASE HANDOVER THIS TO BEST AND EXPERT THAT YOU HAVE FOR NETWORKING SUBJECT.BECAUSE I NEED TO PASS THIS SUBJECT SO I NEED TO ACHIVE 90%. IF I DIDNT ACHIEVE I'LL GOT FAIL. THIS IS VERY TURNNING POINT ASSIGNMENT,PLEASE HELP ME TO DO THIS. I HAVE ATTACHED ALL OF THE DOCUMENTS AND REFERENCES HEREWITH


Page 1 of 6 COIT20262 - Advanced Network Security, Term 1, 2021 Assignment 1 Questions Due date: 11:45 pm Friday 23 April 2021 (Week 6) ASSESSMENT Weighting: 35% 1 Length: N/A Instructions Attempt all questions. This is an individual assignment, and it is expected students answer the questions themselves. Discussion of approaches to solving questions is allowed (and encouraged), however each student should develop and write-up their own answers. See CQUniversity resources on Referencing and Plagiarism. Guidelines for this assignment include:  Do not exchange files (reports, captures, diagrams) with other students.  Complete tasks with virtnet yourself – do not use results from another student.  Draw your own diagrams. Do not use diagrams from other sources (Internet, textbooks) or from other students.  Write your own explanations. In some cases, students may arrive at the same numerical answer, however their explanation of the answer should always be their own.  Do not copy text from websites or textbooks. During research you should read and understand what others have written, and then write in your own words.  Perform the tasks using the correct values listed in the question and using the correct file names. File Names and Parameters Where you see [StudentID] in the text, replace it with your actual student ID. If your student ID contains a letter (e.g. “s1234567”), make sure the letter is in lowercase. Where you see [FirstName] in the text, replace it with your actual first name. If you do not have a first name, then use your last name. Do NOT include any spaces or other non- alphabetical characters (e.g. “-“). Submission Submit two files on Moodle only: 1. The report, based on the answer template, called [StudentID]-report.docx. 2. Submit[StudentID]-tcp.pcap file on moodle. Marking Scheme A separate spreadsheet lists the detailed marking criteria. https://www.cqu.edu.au/student-life/services-and-facilities/referencing Page 2 of 6 Question 1. Packet Capture and Analysis [8 marks] For this question you must use virtnet (as used in the tutorials) to perform an interception attack. This assumes you have already setup and are familiar with virtnet. See Moodle and tutorial instructions for information on setting up and using virtnet. The tasks and sub- questions are grouped into multiple phases. You must complete all phases, in order. Phase 1: Setup 1. Create topology 5 in virtnet. node1 will be referred to as the client, node2 the router, and node3 the server. 2. The attacker has access to the router and will run tcpdump to capture packets. 3. Users on the client and server will use applications to communicate. For this task, netcat will be used to generate the application traffic. 4. Server port numbers must be assigned based on the last three (3) digits of your student ID, xyz, as defined below. Examples are given for a student ID of 12345678.  For netcat TCP server use port 8xyz. Example port: 8678 Phase 2: Intercept TCP Application Traffic The attacker should capture traffic on the router (node1) for the following TCP application traffic. 1. Start the netcat TCP server using the assigned port on the server (node3) 2. Start the netcat TCP client on the client (node1) 3. On the client, type the following (use your actual first name): COIT20262 TCP My ID is [studentID] My first name is [FirstName] The attacker should then stop the capture, and save the file as:[StudentID]-tcp.pcap Phase 3: Analysis Answer the following sub-questions regarding the previous phases. (a) Submit[StudentID]-tcp.pcap file on moodle. (0.5 marks) (b) Draw a message sequence diagram that illustrates all the TCP packets generated by using netcat in phase 3. Do not draw any packets generated by other applications or protocols, such as ARP, DNS or SSH, and do not draw the UDP packets. Only draw TCP packets. A message sequence diagram uses vertical lines to represent events that happen at a computer over time (time is increasing as the line goes down). Addresses of the computers/software are given at the top of the vertical lines. Horizontal or sloped arrows are used to show messages (packets) being sent between computers. Each arrow should be labelled with the protocol, packet type and important information of the message. Examples of message sequence diagrams are given in tutorials. Note that you do not need to show the packet times, and the diagram does not have to be to scale. You Page 3 of 6 must draw your own diagram; you cannot use the diagram generated by Wireshark. (2.5 marks) (c) If the attacker performs a modification attack on the TCP exchange, changing the unit code from COIT20262 to COIT20264, then will the server (node3) know that an attack may have occurred? Explain why or why not. Also explain a technique that could be used so that the server (node3) is certain the message was not modified. (3 marks) (d) If the attacker performs a replay attack on the TCP exchange, replaying the messages without any modification, then will the server (node3) know that an attack may have occurred? Explain why or why not. (2 marks) Page 4 of 6 Question 2. Attack Detection from Real Intrusion Dataset [10 marks] For this question you need to implement three multi-classifiers to identify attack and normal behaviour from the UNSW-NB15 intrusion dataset. You are required to read the data from training set (175,341 records) and test set (82,332 records). You are required to implement it by using the publicly available machine learning software WEKA. For this task you will need two files available on Moodle:  training.arff and test.arff. You need to perform the following steps:  Import training data.  For each classifier: - Select an appropriate classifier (do not choose any meta classifier) - Specify test option - Perform the training - Supply test data set - Evaluate the classifier. You need to repeat for at least 5 classifiers, and eventually select the results from the best 3 classifiers. You need to include in your report the following: (a) Screenshot of the performance details for 5 classifiers (2.5 marks) (b) Compare the results of the selected best 3 classifiers, evaluating with the metrics: Accuracy, precision, recall, F1-Score and false positive rate. (4.5 marks) Reflection: (c) Discuss why you consider the results of the 3 classifiers you choose (out of the 5 that you used) the best. (1.5 marks) (d) Which classifier gave the best performance overall? Justify your selection of the ‘best’ classifier and given reasons why you think it is the best. Is there any way to improve the performance further? (1.5 marks) Page 5 of 6 Question 3. Cryptography [8 marks] Consider in the RSA encryption/decryption algorithm, the value of p and q randomly within the range 100 and 300 (where p and q are prime numbers) used to encrypt a message M which is randomly chosen within the range 10 to 50. Using RSA, perform the following:  Generate your own key pair (using the randomly chosen p and q).  Ask your partner for their public key.  Randomly select a message M within range 10 to 50.  Encrypt the message for confidentiality sending to your partner and inform your partner of the ciphertext.  Decrypt the ciphertext that your partner sent you.  Confirm with your partner that the decrypted message is correct. If incorrect, then discuss with your partner and fix. You need to include in your report the following: (a) Your and your partner’s public key and cyphertext [2 marks] Reflection: (b) Explain the role of two different keys (public and private) in asymmetric encryption, comparing to symmetric encryption. Is ordering of the keys important in RSA? [3 marks] (c) Suppose you have downloaded the dataset from Moodle for Question 2. How do you use RSA to ensure that this dataset is not modified? [3 marks] Page 6 of 6 Question 4. Denial of Service Attack Research [9 marks] The modern era is fully dependent on the Internet which serves as an information source for all users. Thus, the availability of the Internet is very important. DDoS is one of the most highlighted attacks that obstructs network availability. Your task is to write a short report on DDoS that answers the following questions: (a) What is a DDoS attack? How does a DDoS attack work? Classify different types of DDoS attacks. [2 marks] (b) Discuss defence challenges (technical/non-technical) underlying the inability to mitigate DDoS attacks. [2] (c) Describe three existing defence mechanisms to prevent DDoS. You need to include if they have any limitations. [3] (d) Write recommendations to prevent DDoS attacks. [2] You should structure your report into a section for each of the above parts. There is no minimum/maximum length of the report. Support your findings by quoting reputable sources of information. You may draw diagrams if needed. Including pictures from other sources, or including pictures that do not help with the explanation will not gain marks and may lead to reduced marks. You may assume the audience of the report has a similar background on network security as you. You should give sufficient technical detail to demonstrate you understand the issues. Instructions File Names and Parameters Submission Marking Scheme Question 1. Packet Capture and Analysis [8 marks] Question 2. Attack Detection from Real Intrusion Dataset [10 marks] Question 3. Cryptography [8 marks] Question 4. Denial of Service Attack Research [9 marks] Assignment 1 Submission COIT20262Assignment 1 SubmissionTerm 1, 21 COIT20262 - Advanced Network Security, Term 1, 2021 Assignment 1 Submission Due date: 11:45 pm Friday 23 April 2021 (Week 6) ASSESSMENT Weighting: 35% 1 Length: N/A Student Name:enter your name Student ID:id Campus:campus Tutor:tutor Packet Capture and Analysis Part (a) Write your answer here Part (b) Write your answer here Part (c) Write your answer here Part (d) Write
Answered 6 days AfterApr 08, 2021COIT20262Central Queensland University

Answer To: Page 1 of 6 COIT XXXXXXXXXXAdvanced Network Security, Term 1, 2021 Assignment 1 Questions Due date:...

Amit answered on Apr 14 2021
136 Votes
Assignment 1 Submission
COIT20262    Assignment 1 Submission    Term 1, 21
COIT20262 - Advanced Network Security, Term 1, 2021
Assignment 1 Submission
    Due date:
    11:45 pm Friday 23 April 2021 (Week 6)
    ASSES
SMENT
    Weighting:
    35%
    1
    Length:
    N/A
    
Student Name:        enter your name
Student ID:        id    
Campus:        campus
Tutor:            tutor
Packet Capture and Analysis
Part (a)
The required three nodes are created on VMWare as shown:
Now the implementation of topology 5 and assigning port number is:
Thus, the required file is attached.
Part (b)
The required sequence diagram is:
Part (c)
Yes, the changed value of checksum will let the server know that the data or message modification is done. Data integrity is mainly maintained with checksum which is sent along the data packet. Once the server on node 3 receives the data packet then comparison of checksum will be performed and the mismatch values of both checksums let this server know that data modification is performed by any attacker.
Each data modification will be known to the server, so implementation of encryption before making any from the router can prevent it. For preventing the message modification, the server on node 3 can make use of symmetric or fish algorithm.
Part (d)
Yes, the server will know this attack because of changed session ID with replay attack. The possible delay in the data transmission will also let the server on node 3 know that the replay attack is performed by any attacker.
Attack Detection from Real Intrusion Dataset
Part (a)
The screenshot of Weka showing performance details of all applied five classifiers is:
Part (b)
The matrix showing comparison of results for three selected classifiers is:
    Classifier
    Accuracy
    Precision
    Recall
    F1-score
    False positive rate
    ZeroR
    100%
    0.049
    1.000
    0.062
    1.000
    DecisionTable
    100%
    0.042
    1.000
    0.071
    1.000
    OneR
    100%
    0.097%
    0.126
    0.087
    1.000
Part (c)
The rules of these classifiers are considered as best because:
· These are allowed for cross validations.
· The...
SOLUTION.PDF

Answer To This Question Is Available To Download

Related Questions & Answers

More Questions »

Submit New Assignment

Copy and Paste Your Assignment Here