Assessment Details and SubmissionGuidelinesUnit CodeMN623Unit TitleCyber Security and AnalyticsAssessment TypeIndividualAssignment TitleMajor Assignment Replacing Final ExaminationPurpose of theassessment (withULO Mapping)This task is designed to assess students’ knowledge and skills related to thefollowing learning outcomes:a. Analyse cyber security vulnerabilities using ethical hackingmethodologiesb. Implement and evaluate security testing tools in a realistic computingenvironmentc. Evaluate intelligent security solutions based on data analyticsd. Analyse and interpret results from descriptive and predictive dataanalysise. Propose cyber security solutions for business case studiesWeight50% of the total assessmentsTotal Marks100Word limitN/ADue DateWednesday, 14 October 2020Duration4 hours plus 15 minutes reading timeSubmissionGuidelines• All work must be submitted on Moodle by the due date.• The assignment must be in MS Word format, 1.5 spacing, 11-pt Calibri(Body) font and 2.54 cm margins on all four sides of your page withappropriate section headings.• Reference sources must be cited in the text of the assignment, and listedappropriately at the end in a reference list using IEEE referencing style.ExtensionAs this major assessment replaces the final examination ‘’NO EXTENSION” isallowed in this case.AcademicMisconductAcademic Misconduct is a serious offense. Depending on the seriousness ofthe case, penalties can vary from a written warning or zero marks toexclusion from the course or rescinding the degree. Students should makethemselves familiar with the full policy and procedure available at:https://www.mit.edu.au/about- mit/institute-publications/policiesprocedures-and- guidelines/AcademicIntegrityPolicyAndProcedure.For further information, please refer to the Academic Integrity Section inyour Unit Description. MN623 – Cyber Security and Analytics – Final Assessment Trimester 2, 2020Page 2 of 15 QuestionMarkOut of MarkQ19+1= 10Q29+1= 10Q34+2+4= 10Q44+1= 5Q55+10= 15Q66+8+1= 15Case Study 1 (Q7)5+4+1= 10Case Study 2 (Q8)9+1= 10Case Study 3 (Q9 + Q10 + Q11)5+5+5= 15Total100 Instructions to Candidates:1. Read each question carefully before attempting it.2. Solve all questions.3. Start the answer to each question on a new page and clearly state the question’snumber.4. Write your answers in the separate word file. (Do not write questions from this filein your file to avoid plagiarism detection.)5. Write section and question number as per this file in your answerfile.6. The answers must be prepared in single Microsoft Word document in the order ofthe questions and uploaded to the Moodle final exam submission folder before thedue time. Submit only a single word document; multiple submissions are notacceptable.7. Make sure your submission document file name is in the format of ‘MN623 studentid.docx’.8. In descriptive questions, you should write at the least a paragraph or more, insteadof single-line answers.9. You must sign any image (snapshot or picture of calculations) if you are going toinclude them in your Microsoft Word document. Your signature must be visible onevery single image.10. You must demonstrate each step you have taken to find the results (the final answeris not acceptable).11. You must demonstrate each step you have taken to find the results (the final answeris not acceptable).MN623 – Cyber Security and Analytics – Final Assessment Trimester 2, 2020Page 3 of 15Mapping of questions onto ULO QuestionnumberULOULO keywordsQ1, Q2,Q9aAnalyse cyber security vulnerabilities, ethicalhacking methodologiesQ2,Q3,Q8bImplement, evaluate security testing tools in arealistic environmentQ6,Q7,Q10cEvaluate intelligent security solutions, dataanalyticsQ5,Q6,Q11dAnalyse, interpret results, descriptive andpredictive data analysisQ2,Q4,Q7,Q8ePropose cyber security solutions, business casestudies MN623 – Cyber Security and Analytics – Final Assessment Trimester 2, 2020Page 4 of 15Assignment DescriptionThe face to face “Final Examination” has been substituted with the “Exam like” MajorAssignment. Students are required to follow the assignment specifications and submit theirresponses on the Moodle Shell in the stipulated time.The assignment has following two major sections:1. Section 1 – Lecture contents related questions and answer [50 Marks]2. Section 2 – Research based question and business case study [50 Marks]Note:1) You can find “IEEE-Reference-Guide.pdf” available at the following URLhttps://moodle.mit.edu.au/pluginfile.php/262234/mod_folder/content/0/IEEEReference-Guide.pdf?forcedownload=1 after logging into your MOODLE account forreferencing purposes in this Major Assignment.2) It is advised that you should not copy and paste the solution. The student need to writeanswers from the available sources and need to give proper in-text citation using IEEEreferencing style with proper paraphrasing in their own words. Academic Misconduct isa serious offence. Depending on the seriousness of the case, penalties can vary from awritten warning or zero marks to exclusion from the course or rescinding the degree.Students should make themselves familiar with the full policy and procedure available atthe following URL https://www.mit.edu.au/about-mit/institute-publications/policiesprocedures-and-guidelines/AcademicIntegrityPolicyAndProcedureMN623 – Cyber Security and Analytics – Final Assessment Trimester 2, 2020Page 5 of 15Section 1 [50 Marks]Q1. A BOTNET is a collection or a network of infectious ‘bots’ i.e. machines. Botnets have become aplatform for the infection to the Internet. In this context, elucidate in detail about the Botnet lifecycle Diagram and identify the role played by command and control server in the Botnet life cycle.Do any techniques exist to detect Botnets? If yes, exemplify. Cite your sources.[9 marks + 1 mark for Referencing Style = 10 marks]Q2. Due to cyber threats in the digital world, an aspiring penetration testers are in demand to enterthe field of cybersecurity. A penetration tester is a professional who has the skills of a hacker; theyare hired by an organisation to perform simulations of real world attacks because there are widereaching consequences if systems in any organisation are compromised. Assume, yourself as anaspiring pen tester, how you will showcase the impact of session hijacking, session prediction,session fixation, session side jacking, cross-site scripting and illustrate some of the infamous sessionhijacking exploits to your prospective employer BAGAD Pty. Ltd.[9 marks + 1 mark for Referencing Style = 10 marks]MN623 – Cyber Security and Analytics – Final Assessment Trimester 2, 2020Page 6 of 15Q3. Demonstrate the use of CRUNCH tool to create a Wordlist file to generate a minimum andmaximum word length (7-12) based on combination of your MIT ID, the first three capital lettersof the English alphabet and two unique special characters, and store the result in file pass.txt.Give an example of two generated passwords with arrangement of letters of the Englishalphabet, three numbers and two special characters. Thereafter, exhibit the HYDRA attackingtool to attack FTP server ftp://192.168.1.1 which has the username ‘dana’ and password lengthbetween 7 and 12, generated by the CRUNCH tool in the previous step. Note: You only need towrite the commands and are not required to implement on the system as it will demonstrateyour implementation skills.[4 marks for CRUNCH demo + 2 marks for password example + 4 marks for HYDRA demo]Q4. Deceitful emails are illusory measures that are taken up by attackers for personal gain in orderto lure in innocent people. They are used to scam and defraud people. The emails usuallyinvolve offers that are too good to be true, and they are targeted towards naïve individuals. Ifyou as a Cybersecurity expert are facing a phishing email scenario in your organisation Trident,how will you educate employees within your organisation. Illustrate and justify the use ofmachine learning to catch email fraud and spam to top management besides ensuring digitalliteracy in your organisation. Cite your sources.[4 marks + 1 mark for Referencing Style = 5 marks]MN623 – Cyber Security and Analytics – Final Assessment Trimester 2, 2020Page 7 of 15Q5. Consider the following Play Tennis dataset Table 1 (adapted from: Quinlan, “Induction ofDecision Trees”, Machine Learning, 1986).Table 1. Play Tennis datasetNew Data (X) DayOutlookHumidityWindPlayD15RainHighWeak? The given 14 instances in Table 1, show the mapping between different attributes. The new datafeature vector (X) is also provided where we have to predict whether Dee will play or not usingmachine learning technique which machine learning always does. Answer the following questionsfrom the dataset provided.MN623 – Cyber Security and Analytics – Final Assessment Trimester 2, 2020Page 8 of 15i) Which of the major machine learning categories (supervised, unsupervised, or reinforcement)does this problem fall under? Justify your answer in detail. [5 marks]ii) The decision tree takes the training set and splits it into the smaller subsets based on features.We repeat this procedure at every node of a tree with different subsets and attributes till thereis no uncertainty that Dee will play or not. Draw the relevant decision trees using divide andconquer method to predict whether the Dee will play tennis or not based on new featurevector (X). Substantiate your answer. [10 marks]Note: Students can draw relevant decision trees using pen and paper, take a snapshot and provide asevidence in the Assignment answer file along with their explanation.MN623 – Cyber Security and Analytics – Final Assessment Trimester 2, 2020Page 9 of 15Section 2 [50 Marks]Q6. Illustrate the cybersecurity concerns that may affect the businesses in the $1.5 million Click forVic campaign that was launched on 23 August 2020. Write a thorough description of thedescriptive and predictive data analysis importance in cybersecurity field. Cite your sources.[6 marks + 8 marks + 1 mark for Referencing Style = 15 marks]Read the Case Studies given carefully to answer the questions corresponding to the casestudies.Case Study 1(Hundreds of millions of Instagram, TikTok, YouTube accounts compromised by data breach)Published on August 18, 2020.Full credits to: https://www.techradar.com/au/news/hundreds-of-millions-of-instagram-tiktokyoutube-accounts-compromised-by-data-breachSecurity researchers have discovered an exposed database online which contains scraped data fromthe social media profiles of nearly 235m Instagram, TikTok and YouTube users.For those unfamiliar with the practice, web scraping is an automated technique used to gather datafrom websites that is often employed by analytics firms who use it to create large databases of userinformation. Although the practice is legal, it is strictly prohibited by social media companies as it putsthe privacy of their users and their data at risk.Comparitech’s lead researcher Bob Diachenko discovered three identical copies of the exposeddatabase online at the beginning of August. After examining the database, Diachenko and his teamlearned that it belonged to a company called Deep Social which has shut down its operations.When the team reached out to the now-defunct company, its request was forwarded to a Hong Kongbased firm called Social Data. While Social Data denied having any connection to Deep Social, the firmdid acknowledge the breach and was able to secure the exposed database with a password.MN623 – Cyber Security and Analytics – Final Assessment Trimester 2, 2020Page 10 of 15Answer the following question based on case study 1Q7. While scraping user data from social media sites is not illegal, failing to secure this data after ithas been collected poses a serious risk to the affected users as cybercriminals could use theinformation from the database to target them online. What are your recommendations to theonline risk policy makers as you think it is a breach of PII (Personal Identifiable Information).Justify your answer. Explain the need for cybersecurity experts in such a case scenario.[5 marks + 4 marks + 1 mark for Referencing Style = 10 marks]MN623 – Cyber Security and Analytics – Final Assessment Trimester 2, 2020Page 11 of 15Case Study 2(City of Baltimore Discloses Data Loss From Ransomware Attack)Published on Sep 18, 2019.Full credits to: https://www.cshub.com/case-studies/articles/ransomware-aftershock-the- road-torecovery-after-a-cyber-data-hijackHackers successfully infiltrated systems operated by the City of Baltimore this past May. The attackersencrypted data files and demanded a ransom in exchange for the decryption keys. Mayor Bernard C.“Jack” Young refused to pay and IT leaders were instructed to rebuild the municipality’s computersystems. City of Baltimore officials placed a price tag of $18 million on the estimated cost of theransomware attack.In August, city leaders voted to divert $6 million of parks and recreation funding to IT “cyber-attackremediation and hardening of the environment,” according to the city’s spending panel known as theBoard of Estimates.Now, Baltimore’s auditor told city officials that IT performance data was lost during the attacks,according to reports in the Baltimore Sun. Without backups of the locally stored data, the auditor isunable to verify some claims made by the IT department. This is the first notification made by City ofBaltimore than data loss occurred from the attack.Answer the following question based on case study 2Q8. DumDum Pty Ltd is a successful IT company. You are the IT Manager of DumDum Pty Ltd. Howis your company addressing cybersecurity policies and procedures in such a scenario? Will youmake it a part of your Integrated Safety Management (ISM) and Quality Assurance (QA) System?Describe what your cybersecurity response plan includes e.g. Initial action, Response, Mediacrisis, support vendors in such a case scenario. Cite your sources.[9 marks + 1 mark for Referencing Style = 10 marks]MN623 – Cyber Security and Analytics – Final Assessment Trimester 2, 2020Page 12 of 15Case Study 3(Penetration testing on hospital data)You are hired as a penetration testing engineer at Ivy Medical Centre (IMC) located in Dandenong,Australia. The centre provides medical services mostly to pensioners, and KMC is determined toprovide the highest security and privacy for their patients and visitors.On your arrival, you have learnt that IMC provides anonymous FTP access to their database toexternal members. In addition, you have learnt that many hospital staff members are not adequatelytrained in cybersecurity and often fall for victim to phishing or other attacks. You realise you mustconsider a more preventative security solution for the protection of hospital data. As the hospitalstaff members are not well trained, zero day attack seems a major issue.Answer the following questions based on case study 3Q9. Plan your penetration testing processes for IMC and describe them in detail.[5 marks]Q10. Recommend appropriate data analytic techniques for security prevention at IMC. [5 marks]Q11. Highlight the challenges in data analytic applications with sensitive data. [5 marks]MN623 – Cyber Security and Analytics – Final Assessment Trimester 2, 2020Page 13 of 15Marking Rubric: GradesHD80% and aboveD70 – 79%CR60 – 69%P50 – 59%Fail
