UFCFFY-15-M Cyber Security Analytics¶
Assignment: Overview¶
For this module, you are expected to submit a project portfolio that showcases your knowledge and expertise related to cyber security analytics.
The four portfolio tasks are:
- Task 1 (Release Week 2, 20%): Conduct an investigation on a web application to identify malicious attack activity using Python data science libraries.
- Task 2 (Release Week 4, 20%): Conduct an investigation on a URL database to develop a DGA classification system using machine learning techniques.
- Task 3 (Release Week 6, 40%): Conduct a research study using a virtualised infrastructure to simulate attacks and identify these through a SIEM platform.
- Task 4 (Release Week 8, 20%): Produce a video presentation for a prospective employer that presents your practical work and provides a critical reflection of your learning.
Each task will be issued in the week numbers as stated above, providing a full marking criteria for each specific task.
Portfolio Task 1: Conduct an investigation on a web application to identify malicious attack activity using Python data science libraries (20%)¶
For this task, you will be provided with a personalised dataset that you are expected to analyse. You should aim to identify any suspicious activities that have occurred in the dataset, based on your knowledge and understanding of web application security. You will need to ensure that your submission is made based on the information in your assigned dataset - failure to use the dataset assigned to your username will result in a zero grade. Your portfolio submission for this task should be a Jupyter notebook that details your investigation, with accompanying Markdown.
As a cyber security analyst, you have been provided with a set of logs related to your organisation web server (Microsoft Internet Information Services (IIS))). You will need to analyse these logs and seek out suspicious activity based on the data available.
Portfolio Task 2: Conduct an investigation on a URL database to develop a DGA classification system using machine learning techniques (20%)¶
For this task, you will be provided with a URL dataset. You will need to develop a machine learning tool using Python and scikit-learn that can identify URLs based on Domain Generator Algorithms (DGA), widely used by command and control malware to avoid static IP blocking. You are expected to show how a suitable set of features can be derived from the data for developing a machine learning classifier using Python data science libraries. You should also compare the results of 3 different classifiers for your task using the scikit-learn library, and provide a confusion matrix and an accuracy score for each classifier. Your portfolio submission for this task should be a Jupyter notebook that details your investigation, with accompanying Markdown.
Portfolio Task 3: Conduct a research study using a virtualised infrastructure to simulate attacks and identify these through a SIEM platform (40%)¶
For this task, you should use a virtualised infrastructure (e.g., DetectionLab or Splunk Attack Range). You will need to conduct research to develop your study, to illustrate sample offensive attacks against the infrastructure. You could use Atomic Red Team for this, or you may choose an alternative approach such as connecting your own Kali instance to the infrastructure. You should then demonstrate from a 'blue team' perspective how a cyber security analyst could identify these attacks using a SIEM (e.g., Splunk). Your portfolio submission for this task should be a written report (max. 2000 words), using either Jupyter notebook (Markdown) or Microsoft Word, that details your offensive attacks and your defensive investigation, showing clear screenshots of your study. You MUST document fully your use of any online/3rd party resources giving appropriate citation and recognition to existing works.
Portfolio Task 4: Produce a video presentation for a prospective employer that presents your practical work and provides a critical reflection of your learning (20%)¶
You should provide a video presentation (up to 20 minutes) that presents your work for the previous portfolio tasks, highlighting the strengths of your submission, the aspects that you found challenging, and how you managed to overcome these issues. As part of this, you should provide video extracts from each of the practical portfolio tasks to illustrate these in action as deemed appropriate. The intended audience for your video is a prospective employer who wants to learn about your knowledge and expertise gained from your University study of this module. You should provide your video submission either using a online video hosting link (e.g., YouTube) by submitting your shared URL to Blackboard, or if this is not possible, then by uploading your video presentation to Blackboard - please note: it is your responsibility to ensure that the video format will work for your marking team, which is why we recommend using a popular video hosting platform such as YouTube.
Submission Documents¶
Your portfolio should be submitted to Blackboard by 14:00 on 12th May 2022. This should should be a ZIP file that contains four documents:
- Task1.html (an HTML document exported from your IPYNB file using Jupyter)
- Task2.html (an HTML document exported from your IPYNB file using Jupyter)
- Task3.pdf (a PDF report of your research investigation)
- Task4.txt (a text file that contains instructions for accessing your video, or the video itself in a suitable format)
Contact¶
Questions about this assignment should be directed to your module leader (Phil.Legg@uwe.ac.uk). You can use the Blackboard Q&A feature to ask questions related to this module and this assignment, as well as the scheduled teaching sessions.