User Account

All Pages

Perform appropriate analysis on your chosen data

Assignment Help Computer Network Security
Reference no: EM132868515

Task

This assessment builds on the work you have completed and the skills you have developed in the tutorials during the course. You have a variety of honeypot data sources to consider for your assessment

- coming from both a network of Cowrie sensors and a selection zero interaction Network Telescopes. You need to consider both data sets and to make a choice fairly quickly. Your options are to complete a detailed analysis over a smaller set of data or to use a larger dataset and perform a more high-level analysis

Datasets
Two datasets are provided for this task. You need to choose one Clearly state in your report which one is being used, and why you chose it. Details of the data provided are contained in the appendix at the end of this document.

1. Cowrie honeypot datasets
Two months of data are provided (April and June 2018). These are taken froma distributed network of Cowrie sensors run globally across AWS zones. Data _les are provided in JSON format.
2. Network Telescope datasets(CHOOSE THIS ONE)
One week of data (17-23 April 2021) is provided across five separate sensors. Combined, these
datasets contain around 35 million recorded events.

Analysis(Describe what commands you used to find these and what you found. Use graphs where this is appropriate.)
You need to perform appropriate analysis on your chosen data. As a minimum (at best this can score 50%) this analysis needs to include:
• 7 Days worth of traffic (7x 24 hour periods)
• Basic descriptive statistics as appropriate
These would include: counts of various data types; averages observed values over a period of time
and anything else that you feel helps describe the data to the reader.
• An analysis of the top 20 sources.
• An analysis of the top 20 destination ports (in the case of the network telescope data).
• An analysis of the variation of IP TTL values (in the case of the network telescope data).
• An analysis of the top 30 passwords and usernames (Cowrie data).
• Some basic enrichment of the data (Geolocation is likely the easiest).
• Use of at least one Threat Intelligence (TI) source for specific enrichment other than the Greynoisedata provided in the tutorials.

For additional threat feeds for enrichment, you are encouraged to look at the multitude
of sources provided by threatfeeds.io and other resources discussed in lectures.

Extend the analysis above to include items such as the following:
• A comparison of multiple time periods, possible across months (Cowrie Data).
• A comparison of the same period across multiple sensors (Telescope Data).
• Time-series analysis (and plot) of traffic - by sources/ports/volume/usernames (as appropriate).
• Additional Enrichment (and analysis) of Source addresses.
• Use of more than two TI sources.
• Explore your data.

Setup of the report and questions to answer(These sections 1-5 with names need to be listed for each section and fill in the answers)
1. Define your dataset

How was it extracted, what data ranges were used, why this was selected?

Clarification of data source/systems. Statement of any assumptions you have made around the data.

2. Description of dataset
This would include a discussion of how many incidents/events/uniquesources observed, volume of traffic, overall trends and other content relating to the data.

3. An overview of your analysis process
This explains your analysis process and how you distilled and explored your data. One approachcould be a description of scripts, datafiles, command lines etc. This should provide sufficient detail to allow someone to replicate your analysis. An important element here is what is the logicalprocess you followed.
Note: There is a separate submission link for uploading code/scripts/notes.

4. Findings
What are the basic results obtained, how do they relate to the data, and possibly to other research. What did you find that was interesting/unexpected? How do you interpret the results you have obtained? This is intended to be more of a discussion than just a description of raw results. In your findings clearly indicate how the data processed could be used to improve an organizations security.

5. References
5-10 references which relate to the analysis (these do not need to all be journals.

Attachment:- Task - Data Analysis.rar

Reference no: EM132868515

Questions Cloud

Understanding of finance in organizations : 1) What is your understanding of finance in organizations? What exposure or experience do you have with finance?
Differentiate globalization from globalism and globality : 1. Differentiate globalization from internationalization, liberalization, universalization, and westernization. Explain.
Is business a political actor : Is business a political actor? Discuss using examples.
Characteristics of government business relations in sweden : What are the key characteristics of government business relations (GBR) in Sweden?
Perform appropriate analysis on your chosen data : perform appropriate analysis on your chosen data - Use of at least one Threat Intelligence (TI) source for specific enrichment other than the Greynoise data
What concerns does the research raise : The last observed 10-year government bond yield was 2%. What concerns does the research raise in regards to dividend valuation models
Why are many managers reluctant to coach employees : Why have the roles and activities of the HRM function changed over the past 20-30 years? What has been driving this change? How effectively do you think HRM ha
Identifying internal strengths and weaknesses : Discuss the importance of identifying internal strengths and weaknesses.
Discuss the computation in getting the income : The day after his arrival, he had a flu and was forced to go on leave for 2 weeks. Discuss the computation in getting the income is subject to tax

Reviews

len2868515

4/26/2021 5:11:58 AM

Network Telescope Data The task is to process and analyze five .pcap files. From these files, you will find information and answer the questions in the section Analysis. From your analysis, you have to write a report and see more in section Setup of the report and question to answer. Using a VMware like VirtualBox or VMware is needed, and install Ubuntu version 20.04.02. It would be best if you were skilled with commands to get ahold of information within the files using the command prompt window and analyzing through Wireshark.

Write a Review

Computer Network Security Questions & Answers

  What is the simple equation for determining risk

Define consequence and likelihood. What is the simple equation for determining risk? Why is this equation not commonly used in practice?

  What will be your plan to enhance your network security

Assume that you are the network security officer of one company, what will be your plan to enhance your network security (firewall? VPN? Content level protection? Or combination of them?) More details about your security infrastructure design will..

  What some of the most common symptoms of malware

What are examples of harmful spyware application? What risk or threat do they pose to the workstation domain?

  Create a report on the threat scope

What are the counter measures to those threats, and how do they fit within the Situational Crime Prevention framework and how does the current law help or hinder your countermeasures? Are there any proposals for laws that would assist?

  Evaluate the result of the penetration test

MIT Australia - T2, 2019 - MN623 Cyber Security and Analytics Group Assignment - Data Analytics for Intrusion Detection. Evaluate result of the penetration test

  Open this using a brute-force attack

What is the worst case number of combinations he must now test to try open this using a brute-force attack?

  Explain the benefits of the proposed network solution

Explain the benefits of the proposed network solution. Identify the risks and risk mitigation strategies associated with the proposed network solution.

  KF7031 - Wireless Networks and Security Assignment

KF7031 - Wireless Networks and Security Assignment Help and Solution - Northumbria University, UK. Title: 802.11 WLAN data throughput and security overheads

  Improving critical infrastructure cybersecurity

Analyze the way in which CIP has or has not advanced between the releases of the DHS' NIPP and the NIST's Framework for Improving Critical Infrastructure Cybersecurity. Justify your response.

  How does a syn attack deny service

How long is the data portion of each packet? Why?Why is the sequence number zero (seq=0) in every packet?Why do the port numbers change in every packet?

  Mobile technologies and commerce

Your attention in this paper can be focused on any of the following topics covered in our text: · Information Management / IT Architecture. · Database, Data, Warehouse, and Data Mining. · Networks, Collaboration, and Sustainab..

  How each of algorithms can be broken or stated more plainly

Then detail how each of these algorithms can be broken or stated more plainly, what are the weaknesses of each algorithm?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd