Swinburne University of TechnologyFaculty of Science, Engineering and TechnologyInternet SecurityCOS80013Assignment 2: Practical ProjectThis assignment is worth 40% of the subject assessment.Due Date: Friday 28th May 2021 5:00 pm.Delays caused by computer downtime cannot be accepted as a valid reason for late submissionwithout penalty. Students must plan their work to allow for both scheduled and unscheduleddowntime.SubmissionSubmissions must be made through Canvas (https://swinburne.instructure.com/) before the duedate. Reports should be in a commonly-used PDF format (.pdf) and should not exceed 15 pagesin length.• The first page should be a filled-in copy of the cover sheet available on Canvas.• The second page must be a title page indicating:o the unit code and title,o the title of the assignment,o the topic,o the authors (by name and student ID),o the submission date/time,o the due date/time.Pages must be numbered starting with the first page AFTER the cover sheet and title page. Atable of contents is NOT to be used. Appendices and a list of references will not be includedin the page count.It is the student’s responsibility to ensure that they understand the submissioninstructions. If you have ANY difficulties, ask the Tutor for assistance (prior to thesubmission date).ReferencesAll externally sourced information (i.e. not common knowledge or course material) must be cited.Referencing convention required for this unit is: Vancouver (as used by IEEE).:Helpful information on referencing can be found athttps://www.swinburne.edu.au/library/referencing/https://ieeeauthorcenter.ieee.org/wp-content/uploads/IEEE-Reference-Guide.pdfEach citation must have a corresponding reference at the back of the report. ALL REFERENCESMUST BE CITED.Copying, PlagiarismThis is an individual assignment. You are not permitted to work as a part of a group when writingthis assignment.Plagiarism is the use of other people’s words, ideas, research findings or information withoutacknowledgement, that is, without indicating the source. Plagiarism is regarded as a very seriousCOS80013 Assignment2offence in Western academic institutions and Swinburne University of Technology hasprocedures and penalties to deal with instances of plagiarism.In order not to plagiarise, all material from all sources must be correctly referenced. It isnecessary to reference direct quotes, paraphrases and summaries of sources, statistics,diagrams, images, experiment results and laboratory data – anything taken from sources.When plagiarism is detected, penalties are strictly imposed. The University’s policy onplagiarism can be viewed, online, at https://www.swinburne.edu.au/current-students/managecourse/exams-results-assessment/plagiarism-academic-integrity/penalties-academic-misconduct/.Amount of workEach student should spend at least 30 hours working on the assignment. You are encouraged tokeep a log book for your project.Marks will be allocated depending on the amount of original work submitted. 0 Mark will be givenfor plagiarized and/or un-attributed work. eForensic examination of the assignment will be carriedout to verify its authenticity.Grading and RubricThis assignment will be graded as Fail, Pass, Credit, Distinction or High Distinction. Note thatminor deductions may be made for small errors in content or style.COS800133Introduction:Students will be familiar with the tools used by hackers and crackers and be aware of ways of identifyingand rectifying security breaches and they will be able to collect digital evidence and understand the rules ofevidence gathering.The assignment:You are required to choose one of the following topics (topic 1 to topic 4) only:Topic 1: Software Vulnerability Identification ToolsSelect one topic from Assignment1You will need to research 1 tool from assignement1. Your assignment involves running the tool, evaluatingand analysing their use in means to identify software vulnerabilities. That is, how are you going to use thetool? To show how tool can be used to detect the threat type? From this perspective, you should justify yourchoice (over others), install, run and demonstrate the use of tool, producing some output or results. Youshould analyse and evaluate the usage and results from both attacker and defender perspectives, andpotential impact if possible. Be sure to discuss threats you identified and the countermeasures of theserisks.Topic 2: Attack & Security ToolsChoose one of the following topics and choose 1 attack and 1 security tool:• Trojans and Backdoor• Viruses and Worms• Sniffers• Phishing• Denial of ServiceFor this topic, you will need to research 1 tool attacker’s use, and 1 security tool used to counter attackers inthe area chosen. Your assignment involves running both tools, evaluating and analysing their use inmeans to evade or detect threats/detection. That is, how are you going to use these tools? To show howattackers can bypass detection, or how tools can be used to detect this threat type? Or show how bothoperate? From this perspective, you should justify your choice (over others), install, run and demonstrate theuse of tools, producing some output or results. You should analyse and evaluate the usage and results fromboth attacker and defender perspectives, and potential impact. Be sure to discuss threats andcountermeasures of these risks.Topic 3: Vulnerability Analysis or ExploitationChoose one of the following topics:1. Prepare and test detailed instructions for modifying a game console.2. Audit the memory management of a complex C or C++ program. You should use buffer-overflowdetection software for this.These choices allow you to recreate known modifications, attack, or construct a use case for vulnerabilityexploration. You should document the implementation of a modification, paying close attention to explainingand analysing the techniques. Or, you should document the challenges, application and effectiveness ofauditing memory management. For either of these, you should link security and computing theory topractical application for evaluation. You are required to document and analyse the impact of either, evaluatecountermeasures and the practicality of either (modification or exploration).Topic 4: Attacker or Malware AnalysisChoose one of the following topics:1. Using scripts and web services, trace (over 50) spam e-mails to their source as best as you can, try todetect them.2. Analyse and document some malware which you have caught.COS80013 Assignment4These choices allow you:To evaluate the spam, you are required to implement a spam detection engine (either in R or Python: thereare many resources and datasets on GitHub). After investigating the sources of your spam, you shouldoutline the purpose of the spam and impact it may have. Then you should first train and test a detectionmodel, and have it predict the emails you obtained. You should analyse and evaluate the usage and results(confusion matric metrics) from both attacker and defender perspectives, and include language, topics,spam technique (to trick the target or bypass the filter) along with visualisation.You are to use forensic tools to analyse the malware. You can use static or dynamic tools, or a combinationof both. Examples (but not limited to) of these a Cuckoo, REMnux, IDA Pro. Your evaluation should be incomparison to older versions of the malware family or against recent examples which are similar, and thechallenges surrounding detection and mitigation. Examples of this evaluation could be: the change inbehaviour, the means the malware obfuscates its behaviour, or how it interacts within an operating system,and thus the impact and challenges it presents. Along with your evaluation, you also need to document thejustification of tools, threat definition and challenges, and analysis methodology.Custom1. Develop your own procedure (subject to approval by the Tutor)*Submissions to the Tutor should be made before the 28 April 2021.Custom projects should have clearly defined aims, objectives, and targets. If you seek to propose your own,you should draft a proposal. In doing so, projects can be evaluated so they can be achieved and meetsuitable quality. Some security projects will be provided where you have the opportunity to collaboratewith some Swinburne researchers. There will be a fixed set of projects, and these will require a high skilllevel and time to complete.COS800135COS80013 Internet SecurityAssignment 2Grading and Rubric Performance Levels/CriteriaN (0–29)N (30–49)P (50–59)C (60–69)D (70–79)HD (80–100)Criteria 1: Planning andJustificationAdequate description ofproblem/scenario, choice oftools/techniques, threat/topicchoiceThere is little to noevidence ofunderstanding thesecuritychallenges,tools, threats andwhere they existwithin the cybersecurity landscape.Marginal evidence isgiven, with somebasic justification.Moderate evidence,considers thelandscape andrelatedness tomodern challengesand relevance.Well-presentedjustification withexamples.Moderate consultationof the landscapeconsidered. Topic,tools, scenariospresented logically.Significant level ofjustification has beenprovided with relevantexamples. Significantconsultation of thelandscape consideredthrough reference.Topic, tools, scenariospresented logically.High level of justification hasbeen provided with relevantexamples. Landscapechallenges have been highlyconsulted through reference,needs outlined and choice oftools, scenarios and topicsargued well.10 Marks23-45-66-77-88-10Criteria 2: Application andDocumentationRunning of tools or solution,analysis software, etc., andthe knowledge, securityaspects.Completion of thedocumentation/specification.(Include relevant screenshots of steps taken to solvethe problem.)Minimal applicationof tools etc. With littledocumentation andexplanation.No screen shots usedReport is of a lowstandard.Basic application oftools etc. With basicdocumentation andexplanation.Screen shots havebeen considered butnot relevant.Report is of a basicstandard.Moderate applicationof tools etc. Withmoderatedocumentation andexplanation.Relevant screen shotshave been consideredbut not enough (
