Appendix A
ITS64904 Computer Intrusion Detection
Group Project (30%)
Semester January 2025
|
Name (Block Capital) |
Registration No. |
Signature |
Marks (For Lecturer Use) |
|---|---|---|---|
|
1. |
|||
|
2. |
|||
|
3. |
|||
|
4. |
|||
|
5. |
I declare that:
• I understand what is meant by plagiarism
• The implication of plagiarism has been explained to us by our lecturer. This project is all our work and I have acknowledged any use of the published or unpublished works of other people.
Appendix B
ITS64904 Computer Intrusion Detection
Individual Tasks Allocation
Indicate (√) in the member’s name column if he/she has been involved in that task. Add rows if necessary
|
Tasks |
Name 1 |
Name 2 |
Name 3 |
Name 4 |
Name 5 |
|
|---|---|---|---|---|---|---|
|
1. |
||||||
|
2. |
||||||
|
3. |
||||||
|
4. |
||||||
|
5. |
||||||
ITS64904 Assignment Assessment Rubrics
|
Group Member Names: |
Final Group Marks |
Individual Participation |
Final Total Marks |
|---|---|---|---|
|
1. |
|||
|
2. |
|||
|
3. |
|||
|
4. |
|||
|
5. |
Feedback:
Presentation Assessment Rubrics
|
Individual Participation Criteria |
Overall Weight (%) |
Excellent (10-8)
|
Good (7-6) |
Satisfactory (5) |
Average (4-3) |
Poor (2-0) |
Marks |
|||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Points and examples are clearly shown in slides and excellent oral explanation |
Excellent contribution |
Good points are discussed with a good oral presentation |
Good contributor |
Enough points are discussed with enough oral presentation |
Someho w good a contributor |
Unclear voice and identification in the slides |
Average contributor |
Insufficient information in the slides and unable to present the content |
Poor Contributor |
|||
|
Presentation (Student 1) |
20 |
|||||||||||
|
Presentation (Student 2) |
20 |
|||||||||||
|
Presentation (Student 3) |
20 |
|||||||||||
|
Presentation (Student 4) |
20 |
|||||||||||
|
Presentation (Student 5) |
20 |
|||||||||||
ITS60904
Computer Intrusion and Detection
Group Project (30%)
Semester MAY 2024
Group Formation
Students will form a group of 5 members, depending on the tutorial class size.
Every member of the team is expected to contribute and participate actively in the entire process of completing this assignment. Each of the group members will be responsible for individual activity; the task depends on the allocation by the respective group leader. Sharing of ideas, extensive group discussion, and brainstorming among group members are required to complete this given assignment.
Assignment Tasks
Comparative Analysis and Simulation of IDS/IPS Tools
1. Compare and contrast Snort, Suricata, OSSEC, and Wazuh in terms of their: o Type (NIDS/HIDS/SIEM)
o Detection Mechanisms (Signature-based, Anomaly-based)
o Key Features and Applications
Provide examples where each tool is most effective.
2. Simulate an attack scenario to evaluate the detection capabilities of Snort and Suricata. o Set up a virtualized network environment with Snort and Suricata configured as NIDS.
o Generate a simulated attack, such as a port scan or SQL injection, using tools like Nmap or Metasploit.
o Collect the alerts and analyze the results.
3. Perform a similar simulation for OSSEC and Wazuh in a host-based environment. o Configure OSSEC and Wazuh on a test host.
o Simulate malicious activities, such as unauthorized file modifications or privilege escalations.
o Compare their detection and reporting capabilities.
4. Show the necessary calculations or metrics used to evaluate the performance of these tools, such as:
o Detection rate (True Positives / Total Attacks).
o False-positive rate (False Positives / Total Non-Attacks).
o Resource utilization (CPU, Memory, and Network overhead).
5. Based on your findings, recommend the best tool or combination of tools for: o Protecting a high-traffic web server.
o Securing distributed endpoints in a corporate environment.
You are required to do research through Internet sites acquired further information from reference books/journals, and obtain additional ideas from other resources.
Prepare a report according to the attached report format to assess and complete the following assignment tasks
Marking Rubric for Comparative Analysis and Simulation of IDS/IPS Tools
|
Criteria |
Excellent (9- 10) |
Good (7-8) |
Average (5-6) |
Poor (0-4) |
|---|---|---|---|---|
|
Comparison of Tools (20%) |
Comprehensive comparison with accurate details on types, detection mechanisms, key features, and applications. Examples clearly demonstrate effectiveness. |
Clear comparison with minor omissions in details or examples. Covers most key features and applications effectively. |
Limited comparison with some inaccuracies or superficial examples. Key features or applications not fully addressed. |
Inaccurate or incomplete comparison with no meaningful examples. Key aspects (types, features, applications) poorly explained or missing. |
|
Simulation of Snort & Suricata (20%) |
Successfully sets up virtualized environments, generates attack traffic, and accurately analyzes alerts. Detailed explanation of configuration steps and results. |
Simulation is mostly accurate, with minor setup or analytical errors. Good explanation of configurations and results. |
Simulation attempted but incomplete or with significant errors. Analysis of alerts is minimal or lacks clarity. |
Simulation is not attempted or completely fails. Configuration steps are missing, and no analysis is provided. |
|
Simulation of OSSEC & Wazuh (20%) |
Accurately configures both tools, simulates malicious activities, and provides detailed comparison of detection and reporting capabilities. |
Configurations and simulations are mostly accurate. Provides a reasonable comparison of detection and reporting, but lacks depth in some areas. |
Configurations or simulations are incomplete or inaccurate. Comparison of detection and reporting is superficial or unclear. |
Configurations and simulations are not attempted or fail completely. No meaningful comparison is provided. |
|
Performance Metrics & Calculations (20%) |
Provides clear and accurate calculations for detection rates, false-positive rates, and resource utilization. Analysis is well-supported with relevant data. |
Includes calculations for most metrics but may have minor errors or omissions. Analysis is reasonably supported with data. |
Includes some calculations but with significant inaccuracies or missing key metrics. Analysis lacks sufficient supporting data. |
Calculations are missing or incorrect. Performance metrics are not addressed or are poorly explained. |
|---|---|---|---|---|
|
Recommendatio ns (15%) |
Provides insightful and well-supported recommendatio ns for tool selection based on findings. Clearly justifies choices with relevant scenarios. |
Recommendatio ns are logical and reasonably supported but may lack depth or specific examples. |
Recommendatio ns are generic or inadequately supported by findings. Little connection between findings and choices made. |
Recommendatio ns are absent or poorly justified. No connection between findings and tool selection is evident. |
|
Presentation & Clarity (5%) |
Work is well organized, clearly written, and easy to follow. Includes diagrams, charts, or screenshots to support explanations. |
Work is organized and clearly written, but diagrams, charts, or screenshots may be limited or lacking in detail. |
Work is somewhat organized but lacks clarity in explanations. Visual aids are minimal or poorly integrated. |
Work is poorly organized, unclear, and difficult to follow. No visual aids are provided or used effectively. |
Module Learning Outcome (MLO)
MLO 2: Propose secure systems to defend against security threats in the computer and network systems
Assignment Submission
Submission Format: ONE (1) softcopy of a complete report that is type-written using Google Docs/Microsoft Doc to be submitted online via Times in pdf format. The punctuality of submission is based on the softcopy time stamp.
The final report submission should consist of the following components:
|
(a) Cover Sheet |
|
|---|---|
|
– |
Refer to Appendix A |
|
(b) Clear listing of individual task allocation for this assignment |
|
|
– |
Refer to Appendix B |
|
(c) Marking Rubrics |
|
|
– |
Students should attach the assignment assessment rubrics in this section (Refer to Appendix C) |
|
(d) Table of contents |
|
The report must be typewritten in the format of the following requirements:
|
Font Size |
A body text of font size 12 is required while for headings and subheadings font-size is also the same. |
|---|---|
|
Font Style |
Use Times New Roman for body text. Main headings and subheadings should be clearly stated and use Times New Roman font styles. |
|
Line Spacing |
The typed material should be 1.15-line spaced. |
|
Alignment |
Use Justify for alignment. |
|
Table & Figure Numbering |
All tables and figures should be progressively numbered, following the order cited in the text. Tables must be accompanied by a caption at the top, while figures must be accompanied by a caption underneath. |
|
Page Numbering |
Ensure that all pages (except the cover page) are numbered |
The maximum number of pages is not more than 22 pages (Excluding Cover Page, Task Allocation List, Marking Rubrics, Table of content, References and Appendices)
Presentation date: Week 11 – Week 13 (During Tutorial and Practical Class). Report Submission: Week 10
Submit: Submit in TIMeS. (In PDF format).
➢ Submit a softcopy of the presentation slides via Times after the presentation. Please prepare at most 20 minutes of the slide presentation. All group members must present.
Assessment
This assignment will contribute 30% to the coursework marks of the course. A report shall be produced as an outcome of the research, findings, recommendations, and evaluation. The students will be assessed on a written report in NOT more than 22 pages (the number of pages and word count for the cover page, list of tasks allocation, table of contents, appendices and references are NOT counted), where this will be assessed based on the following criteria:
• Clarity of explanation
• Reasonable command of English
• Reasonable coverage of discussion, information and evaluation.
• The ability to find and manage relevant information from a different source • Quality of references and citation
Late Submission
All assignments should be submitted by the stated due date unless it is revised and approved by the respective lecturer/tutor. Penalty for late submission shall be imposed as followed (unless reasons or application for extension and approval is given before the due date of the assignment):
• Late submission within 1 – 3 days: total marks to be deducted is 10 marks • Late submission within 4 – 7 days: total marks to be deducted is 20 marks • Late submission after 7 days: submission will be rejected and zero mark shall be awarded
As a general rule, no extension of time will be granted. The assignment question and its due dates are normally disclosed in advance to students so that they will be able to manage their time according to different subject study progress and complete this assignment on time.
Feedback
Written feedback on the assignment and rubrics will be returned to the students latest by Week 13/Week 14, by the lecturer.
Plagiarism & Collusion
The School of Computing and Information Technology views cases of plagiarism or collusion by students very seriously. Any students who intentionally plagiarize or collude in any part of their assignments/projects or written work threatens the values of academic work and undermines the credibility and integrity of Taylor’s awards. Plagiarism or collusion discovered at any stage of the student’s course of study will be dealt with appropriately by the School. Such offender shall appear before a panel of enquiry at the School and appropriate punishment will be meted out. Punishment may include failing the student for the assignment or project, re-submission of another piece of work or downgrading the work to the maximum of a passing grade even if the actual grade achieved was higher.
What constitutes “Plagiarism” and “Collusion”?
Plagiarism according to the Oxford Advanced Learner’s Dictionary of Current English means “take and use somebody else’s ideas, words, etc as if they were one’s own.” Plagiarism can take the form of reproduction without acknowledgement from published or unpublished works of others including materials downloaded from computer files and the Internet.
Students work submitted for assessment is accepted on understanding that it is the students’ effort without falsification of any kind. Acknowledgement to the source must be made if students had relied on any sources for information with appropriate reference being made in their work. In particular, you need to cite sources discovered on the Internet or any other publications. Given the explosion of electronic publications in recent years, students need to be careful that their assignments do not become an exercise in cutting and pasting existing abstracts or portions of World Wide Web pages. Rarely will such an approach produce acceptable results.
Collusion can be deemed to be a form of plagiarism involving the unauthorized cooperation between two or more people with a deceptive intention.
Collusion can take the form of two or more students producing a piece of work together but with one intentionally passing it off as his work with the knowledge of the others. A student may have submitted the work of another as his own with consent from that other student. In such cases, both parties are guilty of collusion.
As this assignment is considered a group assignment, the forming of a group to share ideas and assist in the development of assignments or projects is an accepted and encouraged practice. However, it is NOT acceptable for members of one group to submit identical answers to the assignment, by simply copying the work done from another group and cosmetically disguising it with some modifications.
All assignment findings under the same grouping must be submitted as unique group work as a whole and the lecturer is entitled to consider identical layout, identical mistakes, identical argument and identical presentation to be prima facie evidence of collusion.
Obligations of students
Students are required to sign a declaration that the work submitted such as course work assignments, essays and projects, etc. is their original work/effort and that they have not in any way knowingly or allowed another student to copy it. It will be assumed that all submitted work is that of the student’s work.
Students are expected to familiarize themselves with or make use of the method(s) of citing other people’s work by acceptable references.
Great post! I really enjoyed reading it. Your insights are valuable and well-presented. Keep up the excellent work!