IY2840 – Coursework 1: Threat Detection and CoreConcepts in Computer SecurityDeadline: 27th Feb 2020. Each sub-question is worth 10 marks (out of 100). This is anblind submission, and submissions are to be made in PDF format on Moodle. This courseworkcounts for 10% of your grade on this module. Learning outcomes assessed are:• Understanding of fundamental security concepts and independent problem solving.• Understanding of application security, and how to assess vulnerabilities.• Understanding of threat modelling and security justifications.DescriptionThis coursework is aimed to have you reflect on the fundamentals of computer security. To getstarted, it is important to review the lecture material, the course text, but also to investigateonline. We are not after essays in this coursework. We are after concise and succinct responsesto each question, e.g.: use bulletpoints and sketches where appropriate. We expect a verygood submission to be less than 5 pages in length. Do share useful resources that you findwith others on the Moodle forum, but do not give any answers away. Note: All the workyou submit must be solely your own work. Submissions are routinely checked forplagiarism.Questions1. Question 1: Vulnerabilities, Exploits and Attacks(a) Investigate the Stuxnet case that was discussed in lecture. Calculate the StuxnetCVSS 3.1 base score (5 marks). Justify your assumptions and show yourcalculations (5 marks). You can use the CVSS 3.1 calculator https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator to check that your results are correct.(b) Assume that you are a SOC analyst working for a company with the industrial controllersthat are vulnerable to the Stuxnet exploit. Outline how the temporalscore is likely to change over time (5 marks) – assuming a patch is and isn’tmade available. What courses of action should you take in light of this?Justify your answer (5 marks).(c) Now, assume you are a SOC analyst working for a bank. They mainly use Linuxand Windows, but no Siemens industrial controllers. Outline how this impactsthe environmental score of Stuxnet for both organisations (5 marks perorganisation).(d) “Shell shock” (CVE-2014-6271) and “Heart bleed” (CVE-2014-0160) are two widelyknownvulnerabilities that took the security community by surprise in 2014. Reflecton the two vulnerabilities for the same aforementioned bank scenario. Outline thekey actions you should take to combat attacks seeking to exploit thosevulnerabilities (5 marks). Create an attack treIY2840留学生作业代做、代写Threat Detection作业、代写R语言作业、R编程设计作业调试 代写留学生 Se that makes use of the twovulnerabilities (5 marks). Make sure to describe AND/OR relationships in thetree.1(e) Compare and contrast CVE, CVSS and ATT&CK as a table and reviewtheir advantages and limitations. (5 marks) Justify how you might use allof them (5 marks) in the aforementioned bank scenario to improve your organisation’soverall security posture.2. Question 2: Threat Detection(a) It is often difficult to predict and determine real-world harms that arise from an attackalerted in IDSs. Outline why this is the case (5 marks)? Justify your answerand provide two concrete examples (5 marks).(b) The following convention for misuse detection is for use in an intrusion detectionsystem. A misuse rule R is formed using the following notation:alert, activity, source -> target, payload of interestwhere an alert is generated if a packet or syscall is detected, originating from a sourcewhich might be a process or a machine, targeting a specific process or machine, carryinga specific payload. To be valid, a rule must instantiate all of the fields. You mustpresent five rules, each rule must be fully described in terms of what kindsof intrusion it is intended to catch and why the rule will work (2 marks perrule). You may use groups and lists. (Hint: you can use the SNORT documentationfor inspiration here, but note that you ought to be original and technically creative.)(c) In lectures we discussed the CIA triad. One of the aspects of a system that we wish toprotect is its availability. Investigate the concept of a Distributed Denial of Service.Briefly explain how DDoS attacks are conducted (3 marks); provide anexample vulnerability and weakness an attacker might exploit to recruitmore bots (3 marks); and outline potential harms (2 marks); Identify apotential false-positive and false-negative threat detection issues that mayappear during a DDoS in threat detection (2 marks)?(d) Outline how an attacker might plan (5 marks) for, and execute a DDoS attackfrom a single Command and Control machine. The DDoS should be executed onceenough bots have been recruited. State your assumptions and create an attacktree (5 marks) (note: make sure to include recruitment and execution of the attack).(e) With the previous sub-question in mind and after conducting research online: Proposea defence strategy for DDoS attacks: how you can make your organisationmore robust against DDoS attacks (5 marks)? Propose a strategyto benchmark your defences (5 marks)?JH February 20202转自：http://www.6daixie.com/contents/18/4930.html