SIT384 Data Analytics For Cyber Security Assignment 1 Trimester 1, 2017 Objectives • To work e↵ectively in a small team. • To demonstrate the ability to research. • To apply proper techniques to address a given security threat. • To communicate with peers in a professional manner. Due Date: 2pm, Friday, March 31, 2017 Each assignment submission consists of three parts (30 marks in total): • Report file in PDF format. • 20 plain text files. • Presentation file in PowerPoint (.ppt or .pptx) format. – For on-campus students: Week 5–6 during normal tutorial time to do the oral presentation. Please indicate your preferred time to your tutor. – For o↵-campus students: Voice record embedded to PPT file is required. Submission instructions: You must submit an electronic copy of all your assignment files via CloudDeakin. You must include both your report, files containing 10 phishing messages and 10 non-phishing messages and demo presentation file. Assignments will not be accepted through any other manner. Students should note that this means that email and paper based submissions will ordinarily be rejected. Copying, Plagiarism Notice The University's policy on plagiarism can be viewed online at http://www.deakin.edu.au/students/ study-support/referencing/plagiarism 1Problem Statement Passive penetration attacks with social engineering elements is a serious security threat to corporate environment. Malicious attackers gather information of targeted victims and email the victims with messages appearing as job seeking or professional events. Upon satisfactory completion of this assignment you will be able to conduct basic level research in IT security, analyze gathered information, and communicate your findings. This is a group task. Each group must consist of two students from the same campus; each group will submit one report, and each member of the group will receive the same mark. Students are encouraged to form groups by themselves. The planning report should be approximately 2,000–2,500 words (excluding Appendix) and must include: • description of social engineering strategy used to engage the targeted victim, • a detailed analysis of the attacking environment, • and hypotheses/approaches for addressing security threats. Your report should consist of the following chapters: 1. A proper title which matches the contents of your report. 2. Your names and Deakin student numbers in the author line. 3. An executive summary which summarizes your findings. (You may find hints on writing good executive summaries from http://unilearning.uow.edu.au/report/4bi1.html.) 4. An introduction chapter which introduces each group member, briefly explains the process of passive penetration attacks via social engineering, the technical setup for your demo and an overview of your phishing and non-phishing messages. 5. An attack planning chapter which outlines the process of a social engineering attack. The details of gathered information should include the keywords, word frequency and other relevant information that are extracted from Dr. Jun Zhang's published papers (https://scholar.google.com.au/ citations?user=QmsjV8QAAAAJ&hl=en). That is, your targeted victim is Dr. Jun Zhang. You should explain four strategies in details on how you would use the gathered information to draft 10 phishing messages and 10 non-phishing messages. 6. A technical demonstration chapter which consists of fully explained screenshots when a successful attack is conducted. 7. A self evaluation chapter for group work. This evaluation must be conducted by following the guideline in the rubrics in terms of group members' participation, communication, feedback and cooperation. And the members of each group must agree on the proposed marks. You must complete this self evaluation in the report with your group member prior to the submission deadline. Student groups with only one member receive zero mark for this part. Moreover, the 10 phishing messages (message only, no email header or attachment) should be stored in the 10 TXT files each of which is named as "[student-id]-01-phishing.txt", "[student-id]-02-phishing.txt" and so on. Similarly, the 10 non-phishing messages should be stored in the TXT files each of which is named as "[student-id]-01-np.txt", "[student-id]-02-np.txt" and so on. Additionally, on-campus student groups will present your findings during your weekly practical class in week 5 or week 6. (The exact time is arranged by your practical tutor on the basis of first-come-firstserve.) O↵-campus student groups need to submit powerpoint presentation with voice embedded by the due date with the report. 2Facets Proficient (above 80%) Average (60-79%) Satisfactory (50-59%) Below Expectation (0-50%) Score Problem Definition Demonstrate the ability to construct a clear and insightful problem statement with evidence of all relevant contextual factors. Demonstrate the ability to construct a problem statement with evidence of most relevant contextual factors, and problem statement is adequately detailed. Begin to demonstrate the ability to construct a problem statement with evidence of most relevant contextual factors, but problem statement is superficial. Demonstrate a limited ability in identifying a problem statement or related contextual factors. out of 2 marks Strategy Identification Identify four approaches for generating phishing messages that closely targets the victim. Identify four approaches for generating phishing email, only some of which closely target the victim. Identify only a single approach for generating phishing messages that targets the victim. Identify one or more approaches for generating phishing messages that do not closely target the victim. out of 10 marks Analysis in Technical Demonstration Analyze and create information/data to fill studentidentified gaps or extend knowledge. Analyze and create information/data to fill knowledge gaps stated by others. Analyze and synthesize information/data to reorganize existing knowledge in standard formats. That is, ask relevant, researchable questions emerging from the research. Fail to analyze and to synthesize information/data to reproduce existing knowledge in prescribed formats. out of 3 marks Supply with phishing and nonphishing messages Supply with 10 phishing and 10 non-phishing messages as required, and the quality of these messages is great. Supply with 10 phishing and 10 non-phishing messages as required, and the quality of these messages is fair. Supply with 10 phishing and 10 non-phishing messages as required, and the quality of these messages is poor. Fail to supply with 10 phishing and 10 non-phishing messages as required. out of 5 marks Group work (must be agreed by group members and written in self evaluation in the report) Group member participated fully; Group member listened carefully to each others' ideas; Group member o↵ered detailed, constructive feedback when appropriate; Group member treated others respectfully and shared the workload fairly. Group member participated most of the time and was on task most of the time; Group member usually listened to others' ideas; Group member o↵ered constructive feedback when appropriate; Group member usually treated others respectfully and shared the workload fairly. Group member participated but wasted time regularly or was rarely on task; Group member sometimes did not listen to others' ideas; Group member occasionally o↵ered constructive feedback, but sometimes the comments were inappropriate or not useful; Group member sometimes treated others disrespectfully or did not share the workload fairly. Group member did not participate, wasted time, or worked on unrelated material; Group member did not listen to others and often interrupted them; Group member did not o↵er constructive or useful feedback; Group member often treated others disrespectfully or did not share the workload fairly. out of 5 marks Group Demonstration The entire demo is clear, delivered on time, correct and covers all major findings of the report. The entire demo is clear, but there are some mistakes. The structure of the demo is clear. But many parts of the presentation are not clear enough and/or contain major flows or mistakes. The demo has no clear structure. The presenter fails to deliver meaningful messages to the audience. out of 5 marks Table 1: SIT384 Assignment 1 Rubrics 3