Language investigation Assignment Help

Language investigation Assignment Help

1.) Packet Analysis and Log Reviews of all the network packets supplirf using wireshark. Discuss and analyse how protocols identified in each network attacks given below can be related to evasion techniques and the attack types. Tools such as Wireshark can be used to analyse the network packets attached (750 words). Please note the protocols below were identified when Weka was used in analysing the packets. i.) Denial of Service (DoS) attack Protocols No Protocol Label Count 1 Simple Service Discovery Protocol (SSDP) 56 2 NetBIOS Name Service (NBNS) 44 3 Address Resolution Protocol (ARP) 16 4 BROWSER 8 5 Domain Name System (DNS) 6 6 Link Local Multicast Name Resolution (LLMNR) 4 7 Transmission Control Protocol (TCP) 46 8 Dynamic Host Configuration Protocol (DHCPv6) 1 9 Server Message Block (SMB) 12 10 Multicast Domain Name Service (MDNS) 4 11 Internet Control Message Protocol (ICMP) 4 There are 9 distinct Source of network attacks Class no Boundary Frequency 1 fe80::4185:3bd6:2787:cb12 59 2 192.168.75.1 51 3 Vmware_f4:71:e8 8 4 Vmware_c0:00:04 1 5 192.168.75.129 69 6 192.168.75.2 1 7 192.168.75.128 5 8 Vmware_4f:6c:12 5 9 Vmware_ec:1d:9b 2 Destination Source for DOS Class No Destination Frequency 1 ff02::c 56 2 192.168.75.255 8 3 Broadcast 4 4 Vmware_f4:71:e8 8 5 192.168.75.1 34 6 192.168.75.2 27 7 192.168.75.129 46 8 ff02::1:3 2 9 224.0.0.252 2 10 192.168.75.128 5 11 Vmware_4f:6c:12 4 12 ff02::1:2 1 13 224.0.0.251 4 Destination Source table for DoS attack ii.) Discovery attack Protocols No Protocol Label Count 1 Simple Service Discovery Protocol (SSDP) 25 2 Address Resolution Protocol (ARP) 1550 3 Domain Name System (DNS) 33 4 Internet Control Message Protocol (ICMP) 3 5 Dynamic Host Configuration Protocol (DHCPv6) 6 6 NetBIOS Name Service (NBNS) 18 7 Multicast Domain Name Service (MDNS) 2 There are 10 distinct Source of network attacks Class no Boundary Frequency 1 fe80::4185:3bd6:2787:cb12 31 2 Vmware_4f:6c:12 1527 3 Vmware_c0:00:04 3 4 Vmware_ec:1d:9b 7 5 Vmware_f4:71:e8 7 6 Vmware_e8:0d:d2 6 7 192.168.75.128 18 8 192.168.75.2 18 9 192.168.75.129 18 10 192.168.75.1 2 Destination Source for Discovery attacks Class No Destination Frequency 1 ff02::c 25 2 Broadcast 1528 3 Vmware_4f:6c:12 21 4 192.168.75.2 36 5 192.168.75.128 18 6 ff02::1:2 6 7 Vmware_f4:71:e8 1 8 224.0.0.251 2 Destination Source table for Discovery attack iii) Port Scanning attack Protocols No Protocol Label Count 1 Simple Service Discovery Protocol (SSDP) 97 2 Address Resolution Protocol (ARP) 36 3 Domain Name System (DNS) 7 4 Internet Control Message Protocol (ICMP) 423 5 Dynamic Host Configuration Protocol (DHCPv6) 1 6 NetBIOS Name Service (NBNS) 33 7 Multicast Domain Name Service (MDNS) 4 8 Internet Protocol version 4 (IPv4) 757 9 Stream Control Transmission Protocol (SCTP) 1 10 Transmission Control Protocol (TCP) 2 11 User Datagram Protocol (UDP) 3 12 Internet Group Management Protocol (IGMPv6) 4 There are 10 distinct Source of network attacks Class no Boundary Frequency 1 fe80::4185:3bd6:2787:cb12 80 2 192.168.75.129 474 3 Vmware_4f:6c:12 16 4 Vmware_f4:71:e8 17 5 192.168.75.128 780 6 192.168.75.2 4 7 Vmware_ec:1d:9b 3 8 192.168.75.1 4 Destination Source for Port Scanning attacks Class No Destination Frequency 1 ff02::c 79 2 192.168.75.2 37 3 Broadcast 4 4 Vmware_4f:6c:12 15 5 192.168.75.128 423 6 192.168.75.129 780 7 Vmware_f4:71:e8 15 8 ff02::1:2 1 9 Vmware_ec:1d:9b 2 10 239.255.255.250 18 11 224.0.0.251 4 Destination Source table for port scanning attack iv) Sniffing attacks Protocols No Protocol Label Count 1 BROWSER 1 2 NetBIOS Name Service (NBNS) 1 3 Simple Service Discovery Protocol (SSDP) 21 4 Domain Name System (DNS) 2 5 Link Local Multicast Name Resolution (LLMNR) 4 6 Address Resolution Protocol (ARP) 2 7 Multicast Domain Name Service (MDNS) 2 There are 9 distinct Source of sniffing network attacks Class no Boundary Frequency 1 192.168.75.129 4 2 192.168.75.1 3 3 fe80::4185:3bd6:2787:cb12 23 4 192.168.75.2 1 5 Vmware_f4:71:e8 1 6 Vmware_ec:1d:9b 1 Destination Source for sniffing attacks Class No Destination Frequency 1 192.168.75.255 2 2 ff02::c 21 3 192.168.75.2 1 4 192.168.75.129 1 5 ff02::1:3 2 6 224.0.0.252 2 7 Vmware_ec:1d:9b 1 8 Vmware_f4:71:e8 1 9 224.0.0.251 2 Destination Source table for sniffing attack v) Spoofing attack Protocols No Protocol Label Count 1 Simple Service Discovery Protocol (SSDP) 103 2 Address Resolution Protocol (ARP) 111 3 NetBIOS Name Service (NBNS) 39 4 Multicast Domain Name Service (MDNS) 4 5 Dynamic Host Configuration Protocol (DHCPv6) 2 6 Bootstrap Protocol (BOOTP) 4 There are 10 distinct Source of network attacks Class no Boundary Frequency 1 fe80::4185:3bd6:2787:cb12 85 2 Vmware_4f:6c:12 105 3 192.168.75.129 57 4 192.168.75.1 4 5 Vmware_f4:71:e8 2 6 Vmware_ec:1d:9b 3 7 192.168.75.128 5 8 192.168.75.254 1 9 Vmware_e8:0d:d2 1 Destination Source for Spoofing attacks Class No Destination Frequency 1 ff02::c 85 2 Vmware_ec:1d:9b 104 3 Broadcast 21 4 224.0.0.251 4 5 Broadcast 2 6 192.168.75.129 2 7 192.168.75.2 36 8 192.168.75.254 1 9 192.168.75.128 1 10 Vmware_e8:0d:d2 1 11 Vmware_4f:6c:12 2 12 192.168.72.129 4 Destination Source table for spoofing attack vi.) SSH attacks SSH attack Protocols No Protocol Label Count 1 Simple Service Discovery Protocol (SSDP) 149 2 Address Resolution Protocol (ARP) 550 3 NetBIOS Name Service (NBNS) 60 4 Domain Name System (DNS) 21 5 Transmission Control Protocol (TCP) 58 6 Dynamic Host Configuration Protocol (DHCPv6) 7 7 Link Local Multicast Name Resolution (LLMNR) 20 8 Internet Control Message Protocol (ICMP) 1 9 Multicast Domain Name Service (MDNS) 6 10 Dynamic Host Configuration Protocol (DHCP) 2 11 Internet Control Message Protocol (ICMPv6) 5 12 Internet Group Management Protocol (IGMPv3) 5 There are 9 distinct Source of SSH network attacks Class no Boundary Frequency 1 fe80::4185:3bd6:2787:cb12 147 2 Vmware_f4:71:e8 18 3 Vmware_ec:1d:9b 8 4 192.168.75.129 128 5 Vmware_4f:6c:12 520 6 192.168.75.128 37 7 192.168.75.2 13 8 Vmware_c0:00:04 1 9 Vmware_e8:0d:d2 3 10 192.168.75.1 8 11 192.168.75.254 1 Destination Source for SSH attacks Class No Destination Frequency 1 ff02::c 125 2 Broadcast 517 3 Vmware_f4:71:e8 15 4 192.168.75.2 67 5 Vmware_4f:6c:12 16 6 192.168.75.128 35 7 29 8 Vmware_ec:1d:9b 2 9 ff02::1:2 7 10 ff02::1:3 10 11 224.0.0.252 10 12 192.168.75.254 6 13 192.168.75 2 14 224.0.0.251 6 15 Ff02::16 5 16 224.0.0.22 5 17 239.255.255.250 27 Destination Source table for SSH attacks Question 2.) Write Snort IDS rules that could prevent the network attacks in question 1 (DoS, Discovery attacks, port scanning, sniffing, spoofing and ssh) and ensure the snort IDS rules matches the protocols identified in each attacks above. Writing of Snort IDS rules for prevention of successful attacks signatures. Relate discussions to evasion techniques. (750 words) Question 3.)Testing of attacks against recommended snort rules (500 words) Discuss and analyse the impact of the recommended snort rules and how it could affect the performance of the network and services. Question 4.) Apply a machine learning Classification techniques for the successful network attacks. R tool can be used. (750 words) Section 12.4.4 (classification and regression trees) of Machine learning mastery in R Research paper Na?ve Bayes classification for IDS using live packet capture Page 52. chapter 4, section 4.4 of Machine learning and Data mining for Computer Security is a good. Chapter 5 of the book Machine Learning and Data Mining for Computer Security Section 5.3 & 5.4 Classifier to reduce false alarm in the text Machine Learning and Data Mining for Computer Security Question 5.) A Supervised and Unsupervised data mining techniques should be applied to the network attacks (500 words) KDD (classification using R) could be used, data cleaning and data integration, data selection and data transformation, data mining, pattern evaluation and knowledge representation using R tool. Section 10.4 in chapter 10 of Machine Learning Mastery with R Section 12.4.1 K Nearest Neighbors of Machine Learning Mastery with R Chapter 5 of Machine Learning and Data Mining for Computer Security. Chapter 6 of Machine Learning and Data Mining for Computer Security. Chapter 4 in Data Mining and Machine Learning in Cyber Security Section 4.4.7.1 clustering based anomaly detection


Comments are closed.