CI6232 Intrusion Detection Assignment Brief WKWSCI - MSIS (CI6235) 1 Assessment • Assignment I – 30 % [Report & Presentation] • Assignment II – 60% [Report & Code] • Participation (Assignment I) – 10% [Posting of Questions] 2WKWSCI - MSIS (CI6235) Assignment Brief Assignment I • Learning Objectives • Problem Statement • Expected Deliverables • Grading & Schedule 3WKWSCI - MSIS (CI6235) Assignment Brief Learning Objectives (For Assignment I) § For this assignment – Learn to apply Cyber Kill Chain & MITRE ATT&CK to a real-world incident – Team Assessment (up to 4) 4WKWSCI - MSIS (CI6235) Assignment Brief Selection Guidance (For Assignment I) § Choose an Incident that minimally has … • Details about how the attacks were carried out • Details about involved intermediaries (part of the adversarial attacks or victims) 5WKWSCI - MSIS (CI6235) Assignment Brief Deliverable (For Assignment I) § Expected in Assignment Deliverable (PPT) – List the Cyber Kill Chain techniques used – List the MITRE ATT&CK techniques used – Reconstruct the Event (Adversarial Playbook – Techniques ordered by time) § PPT Structure [<15 slides] – Incident Background [up to 2 slides] – Cyber Kill Chain [up to 4 slides] – MITRE ATT&CK Techniques [up to 4 slides] – Event Reconstructed [up to 2 slides] § Details in PPT – Include details and references in Notes section of each slide 6WKWSCI - MSIS (CI6235) Assignment Brief Presentation (For Assignment I) § Team Presentation – 15 mins Presentation with 5 mins Q&A (queries posted earlier) – Focus on attack techniques and event reconstruction – Team to address two queries (posted online) – All team members to present at presentation (via Zoom) § Others (individual assessment) – Post Queries 7WKWSCI - Div of Information Studies (CI6235) Assignment Brief Grading (For Assignment I) § Grading – For Team Report (in PPT’s note sections), Content: 50% – For Team Presentation, Content: 25% and Q&A: 25% – For Individual, Participation with Query (minimally two queries): 100% § Submission Requirement – PPT: Incident Background, Identified Cyber Kill Chain & MITRE ATT&CK Techniques, Event Reconstruction – Post PPT into Discussion Forum -> “Assignment I” 8WKWSCI - MSIS (CI6235) Assignment Brief Schedule (For Assignment II) § Submission – Team Composition by 12 Sep 2020 – Topic Selection by 12 Sep 2020 – Team Submission of Presentation Slides in BlackBoard Discussion Forum by 10 Oct 2019 – Individual’s question postings by 24 Oct 2020 – Team Presentation with Answers to Queries on 7 Nov 2020 9WKWSCI - MSIS (CI6235) Assignment Brief Assignment II • Learning Objectives • Problem Statement • Expected Deliverables • Grading & Schedule 10WKWSCI - MSIS (CI6235) Assignment Brief Learning Objectives (For Assignment II) § For this assignment – Learn how to develop a ML / AI solution to solve a specific problem (network DFIR) – Experience the development process (of applying ML/AI to address such problem / challenge) – Test dataset (PCAP) will be provided (training and validation datasets will need to be self-sourced) – Solo submission (however collaborative development allowed – only up to validation stage) 11WKWSCI - MSIS (CI6235) Assignment Brief Problem Statement & Datasets (For Assignment II) § Choice one of Two Problems – Identify what user’s network activities – Identify hacking tool is being used § Example of Dataset Sources – Datasets for Cyber Forensics - https://datasets.fbreitinger.de/datasets/ – Cyber Security dataset - https://github.com/shramos/Awesome-Cybersecurity- Datasets 12WKWSCI - MSIS (CI6235) Assignment Brief Structure Deliverable (For Assignment II) § Sections 1. Selected forensic problem, 2. Survey of Related Work 3. Selection of existing computational methods or Design of new algorithms on demand 4. Data gathered 5. Define design of experiments 6. Details of how algorithm is prepared that includes data pre- processing and training of algorithm using gathered training dataset 7. Evaluate algorithm with gathered validation dataset 8. Analyze Test dataset manually using tool(s) 9. Evaluate algorithm with provided Test dataset 10. Conclusion 11. Appendix – Source Code 13WKWSCI - MSIS (CI6235) Assignment Brief Deliverable Format (For Assignment II) § Report – Describe the algorithms / model used or developed – Maximum word count of 5000 (as a guide) – Report Format : IEEE Conference Report https://www.ieee.org/conferences/publishing/templates.html – Source code to be included in report 14WKWSCI - MSIS (CI6235) Assignment Brief Grading (For Assignment II) § Grade Assignment – Solution (Algorithm design, training & validation): 50% – Test (with provided test dataset): 25% – Report (Structure and Write-up) : 25% § Grading Dimensions – Completeness (solving problem with validation and testing datasets) – Novelty (Algorithms) 15WKWSCI - MSIS (CI6235) Assignment Brief Schedule (For Assignment II) § Test dataset (Distributed on 24 Oct 2020) – Dataset will match problem type – Apply developed algorithm to test dataset § Submission Deadline (Due by 7 Nov 2020) – Complete Report with Source Code – Submission via TurnItIn – Penalty for late submission – No presentation § Source Code Retention (Till 14 Nov 2020) – In case, further validation and testing needed 16WKWSCI - MSIS (CI6235) The End Assignment Brief WKWSCI - MSIS (CI6235) 17
欢迎咨询51作业君