CSCM38
Advanced Topics: Artificial Intelligence and Cyber Security
by Dr. Jingjing Deng
Released on 2nd March 2020
The assignment consists of multiple tasks that are designed to be completed during the lab
sessions and signed off by either module instructor or teaching assistant. If you are not able
to complete the tasks during the lab sessions, then you should do them at home and have
them ready to be marked off in the lab session by the deadline. All lab tasks also must be
uploaded to Blackboard before the deadline stated on each assignment sheet.
If there is any report or dissertation, it must be written and submitted in PDF format. Source
codes must be organised and formatted neatly, sufficient and clear comments are very welcome
and necessary for markers to assess your work. Submissions and feedback will be done via
Blackboard-Tunitin system. Plagiarism will not be tolerated. Zip all your files with the following
naming convention for submission:
• [Student Number]-[Last Name][First Initial]-[Assignment][Number].zip
• For example: 123456-DengJ-Assignment1.zip
CSCM38 Assignment 2 Complete by 20/03/2020
Background: The dataset to be audited was provided which consists of a wide variety of
intrusions simulated in a military network environment. It created an environment to acquire
raw TCP/IP dump data for a network by simulating a typical US Air Force LAN. The LAN was
focused like a real environment and blasted with multiple attacks. A connection is a sequence of
TCP packets starting and ending at some time duration between which data flows to and from a
source IP address to a target IP address under some well-defined protocol. Also, each connection
is labelled as either normal or as an attack with exactly one specific attack type. Each connection
record consists of about 100 bytes. For each TCP/IP connection, 41 quantitative and qualitative
features are obtained from normal and attack data (3 qualitative and 38 quantitative features).
The class variable has two categories: Normal or Anomalous.1 A copy of the dataset can be
downloaded from Blackboard.
Task 2.1 – AI-Driven Network Intrusion Detection (15 marks)
This assignment is to construct an artificial intelligence model using machine learning approach
to detect the anomalous network flows. The dataset consists of a training and a testing data
files in CSV format, and the problem can be formulated as a supervised classification problem
given the network measurements (all columns except the last one) and the label of intrusion
1Anonymised reference for module assignment purposed.
1
(the last column). The following steps are required to be completed using Python 3 program-
ming language in Jupyter Notebook format. Machine learning package Scikit-Learn2, data
manipulation package Pandas3 and visualisation packages matplotlib4 and ggplot2 5 can be used
in this assignment.
• Load the Dataset (2 marks): Read the training and the testing data from two CSV
files into your programme. Hints: You can use either Python built-in CSV reader6 or
Pandas CSV reader7 to achieve this. Be aware of that some attributes are categorical
variables in String format, where you might need to convert them into numerical variables.
• Visualise the Features (3 marks): Selection a few attributes to visually assess the
differences between normal and anomalous categories. Hints: For the same attribute,
you can plot the frequencies or distributions of two different categories using bar chart or
histogram.
• Train a Machine Learning Model (6 marks): To predict the network flow, train
a machine learning model using training data in a supervised fashion. Hints: A few
algorithms can be used for prediction, such as nearest neighbours, linear discriminant
analysis, random forests, Naive bayes classifier and neural networks.8 Normally, you
need to pre-process the data before applying the learning step, which may includes data
normalisation, feature extraction and selection.
• Test the Model (4 marks): Evaluate your model on testing data and calculate the
prediction accuracy. Hints: For detection problem, you can quantitatively compute the
confusion matrix 9 given the prediction from your model and the label provided in the data.
In addition, you can plot the ROC (Receiver Operating Characteristic)10 to illustrates
the diagnostic ability of a binary classifier system as its discrimination threshold is varied.
2https://scikit-learn.org/stable/
3https://pandas.pydata.org/
4https://matplotlib.org/
5https://ggplot2.tidyverse.org/
6https://docs.python.org/3/library/csv.html
7https://pandas.pydata.org/pandas-docs/stable/reference/api/pandas.read_csv.html
8https://scikit-learn.org/stable/user_guide.html
9https://en.wikipedia.org/wiki/Confusion_matrix
10https://en.wikipedia.org/wiki/Receiver_operating_characteristic
2