COIT20262 – Advanced Network Security | My Assignment Tutor

Page 1 of 6COIT20262 – Advanced Network Security, Term 1, 2021Assignment 1 Questions Due date:11:45 pm Friday 23 April 2021 (Week 6)ASSESSMENTWeighting:35%1Length:N/A InstructionsAttempt all questions. This is an individual assignment, and it is expected students answer thequestions themselves. Discussion of approaches to solving questions is allowed (andencouraged), however each student should develop and write-up their own answers. SeeCQUniversity resources on Referencing and Plagiarism. Guidelines for this assignmentinclude: Do not exchange files (reports, captures, diagrams) with other students. Complete tasks with virtnet yourself – do not use results from another student. Draw your own diagrams. Do not use diagrams from other sources (Internet, textbooks)or from other students. Write your own explanations. In some cases, students may arrive at the same numericalanswer, however their explanation of the answer should always be their own. Do not copy text from websites or textbooks. During research you should read andunderstand what others have written, and then write in your own words. Perform the tasks using the correct values listed in the question and using the correctfile names.File Names and ParametersWhere you see [StudentID] in the text, replace it with your actual student ID. If your studentID contains a letter (e.g. “s1234567”), make sure the letter is in lowercase.Where you see [FirstName] in the text, replace it with your actual first name. If you do nothave a first name, then use your last name. Do NOT include any spaces or other nonalphabetical characters (e.g. “-“).SubmissionSubmit two files on Moodle only:1. The report, based on the answer template, called [StudentID]-report.docx.2. Submit[StudentID]-tcp.pcap file on moodle.Marking SchemeA separate spreadsheet lists the detailed marking criteria.Page 2 of 6Question 1. Packet Capture and Analysis [8 marks]For this question you must use virtnet (as used in the tutorials) to perform an interceptionattack. This assumes you have already setup and are familiar with virtnet. See Moodle andtutorial instructions for information on setting up and using virtnet. The tasks and subquestions are grouped into multiple phases. You must complete all phases, in order.Phase 1: Setup1. Create topology 5 in virtnet. node1 will be referred to as the client, node2 therouter, and node3 the server.2. The attacker has access to the router and will run tcpdump to capture packets.3. Users on the client and server will use applications to communicate. For this task,netcat will be used to generate the application traffic.4. Server port numbers must be assigned based on the last three (3) digits of your studentID, xyz, as defined below. Examples are given for a student ID of 12345678. For netcat TCP server use port 8xyz. Example port: 8678Phase 2: Intercept TCP Application TrafficThe attacker should capture traffic on the router (node1) for the following TCP applicationtraffic.1. Start the netcat TCP server using the assigned port on the server (node3)2. Start the netcat TCP client on the client (node1)3. On the client, type the following (use your actual first name):COIT20262 TCPMy ID is [studentID] My first name is [FirstName]The attacker should then stop the capture, and save the file as:[StudentID]-tcp.pcapPhase 3: AnalysisAnswer the following sub-questions regarding the previous phases.(a) Submit[StudentID]-tcp.pcap file on moodle. (0.5 marks)(b) Draw a message sequence diagram that illustrates all the TCP packets generated byusing netcat in phase 3. Do not draw any packets generated by other applications orprotocols, such as ARP, DNS or SSH, and do not draw the UDP packets. Only drawTCP packets. A message sequence diagram uses vertical lines to represent events thathappen at a computer over time (time is increasing as the line goes down). Addressesof the computers/software are given at the top of the vertical lines. Horizontal or slopedarrows are used to show messages (packets) being sent between computers. Each arrowshould be labelled with the protocol, packet type and important information of themessage. Examples of message sequence diagrams are given in tutorials. Note that youdo not need to show the packet times, and the diagram does not have to be to scale. YouPage 3 of 6must draw your own diagram; you cannot use the diagram generated by Wireshark. (2.5marks)(c) If the attacker performs a modification attack on the TCP exchange, changing the unitcode from COIT20262 to COIT20264, then will the server (node3) know that an attackmay have occurred? Explain why or why not. Also explain a technique that could beused so that the server (node3) is certain the message was not modified. (3 marks)(d) If the attacker performs a replay attack on the TCP exchange, replaying the messageswithout any modification, then will the server (node3) know that an attack may haveoccurred? Explain why or why not. (2 marks)Page 4 of 6Question 2. Attack Detection from Real Intrusion Dataset [10 marks]For this question you need to implement three multi-classifiers to identify attack and normalbehaviour from the UNSW-NB15 intrusion dataset. You are required to read the data fromtraining set (175,341 records) and test set (82,332 records).You are required to implement it by using the publicly available machine learning softwareWEKA.For this task you will need two files available on Moodle: training.arff and test.arff.You need to perform the following steps: Import training data. For each classifier:– Select an appropriate classifier (do not choose any meta classifier)– Specify test option– Perform the training– Supply test data set– Evaluate the classifier.You need to repeat for at least 5 classifiers, and eventually select the results from the best 3classifiers.You need to include in your report the following:(a) Screenshot of the performance details for 5 classifiers (2.5 marks)(b) Compare the results of the selected best 3 classifiers, evaluating with the metrics:Accuracy, precision, recall, F1-Score and false positive rate. (4.5 marks)Reflection:(c) Discuss why you consider the results of the 3 classifiers you choose (out of the 5 thatyou used) the best. (1.5 marks)(d) Which classifier gave the best performance overall? Justify your selection of the ‘best’classifier and given reasons why you think it is the best. Is there any way to improve theperformance further? (1.5 marks)Page 5 of 6Question 3. Cryptography [8 marks]Consider in the RSA encryption/decryption algorithm, the value of p and q randomly withinthe range 100 and 300 (where p and q are prime numbers) used to encrypt a message M whichis randomly chosen within the range 10 to 50. Using RSA, perform the following: Generate your own key pair (using the randomly chosen p and q). Ask your partner for their public key. Randomly select a message M within range 10 to 50. Encrypt the message for confidentiality sending to your partner and inform your partnerof the ciphertext. Decrypt the ciphertext that your partner sent you. Confirm with your partner that the decrypted message is correct. If incorrect, thendiscuss with your partner and fix.You need to include in your report the following:(a) Your and your partner’s public key and cyphertext [2 marks]Reflection:(b) Explain the role of two different keys (public and private) in asymmetric encryption,comparing to symmetric encryption. Is ordering of the keys important in RSA? [3marks](c) Suppose you have downloaded the dataset from Moodle for Question 2. How do youuse RSA to ensure that this dataset is not modified? [3 marks]Page 6 of 6Question 4. Denial of Service Attack Research [9 marks]The modern era is fully dependent on the Internet which serves as an information source for allusers. Thus, the availability of the Internet is very important. DDoS is one of the mosthighlighted attacks that obstructs network availability. Your task is to write a short report onDDoS that answers the following questions:(a) What is a DDoS attack? How does a DDoS attack work? Classify different types ofDDoS attacks. [2 marks](b) Discuss defence challenges (technical/non-technical) underlying the inability tomitigate DDoS attacks. [2](c) Describe three existing defence mechanisms to prevent DDoS. You need to include ifthey have any limitations. [3](d) Write recommendations to prevent DDoS attacks. [2]You should structure your report into a section for each of the above parts. There is nominimum/maximum length of the report. Support your findings by quoting reputable sourcesof information. You may draw diagrams if needed. Including pictures from other sources, orincluding pictures that do not help with the explanation will not gain marks and may lead toreduced marks. You may assume the audience of the report has a similar background onnetwork security as you. You should give sufficient technical detail to demonstrate youunderstand the issues.


Leave a Reply

Your email address will not be published. Required fields are marked *