1. Homepage
  2. Programming
  3. CYBR3000 Information Security - Assignment 1: Intrusion Prevention and Intrusion Detection

CYBR3000 Information Security - Assignment 1: Intrusion Prevention and Intrusion Detection

Engage in a Conversation
UQCYBR3000Information SecurityIntrusion PreventionIntrusion DetectionPythonICMP

CYBR3000 Information Security Assignment

Introduction

This assignment is divided into two parts: Part A and Part B. CourseNana.COM

Part A: Intrusion Prevention (25 marks total)

  • You are required to write iptables rule sets for each of the following tasks. Each rule set for each of the tasks needs to be written in a separate .txt file. Each line in the .txt file refers to one single iptables rule. The name of the .txt file must match the name of the corresponding task (e.g. task1.txt). No marks will be given if the name of the .txt file is incorrect or mislabelled. The rules in each .txt file are supposed to be ready to use, which means others could copy-paste and run each rule of the rule set in the terminal to meet the requirements of the task.
  • To use iptables, you need to test your rules in a Linux-based system. Tools like Docker or a VM using software like VirtualBox or VMware would allow you to run a Linux environment where iptables can be used.

Tasks: CourseNana.COM

  • Task 1 (5 marks): Allow incoming SSH traffic (which is using port 22) from a specific IP address (192.168.1.100) and deny all other incoming SSH connections.
  • Task 2 (5 marks): Allow incoming HTTP (port 80) and HTTPS (port 443) traffic but drop all other incoming traffic.
  • Task 3 (5 marks): Limit incoming ICMP ping requests (ICMP echo-request) to only two per second.
  • Task 4 (5 marks): Allow only established and related connections for incoming traffic, blocking new incoming connections except for SSH.
  • Task 5 (5 marks): Block all incoming and outgoing traffic by default but allow SSH access from a specific IP (192.168.1.100), HTTP/HTTPS traffic, and DNS queries.

Part B: Intrusion Detection (75 marks in total)

  • In this part, you are required to write a Python program called IDS.py that mimics the behaviour of an Intrusion Detection System (IDS). This program would read two files: 1) one file includes intrusion detection rules (like rules used in Snort) and 2) the other file is the .pcap file that contains all the packets that your program would go through to check if any or some of them violates the rules. Both files will be passed into your Python program (IDS.py) through the Command-Line Argument. The start of IDS.py would be:
$python3 NIDS.py <path_to_the_pcap_file> <path_to_the_IDS_rules>

Both paths need to be absolute paths. CourseNana.COM

  • Python 3.9 is the version required for this part and the final test for marking this assignment will use Python 3.9 as well. We will not allow the use of any other Python versions, and no marks will be given if unexpected behaviours happen due to the wrong Python version. Scapy is the library allowed in this part, do not use any other external library in your code.
  • Examples for both IDS_rules.txt and .pcap files are given on the BlackBoard. You need to read and parse each rule and use the rule to monitor and detect packets in the .pcap file. Please be aware that the provided .pcap files are only a subset of the .pcap file which will be used in the final marking of this assignment.
  • The format of the IDS rules is like the format of snort rules with slight differences. One simple example of your IDS rules is:
alert tcp 192.168.102.132 any -> any any (msg: "receive a TCP packet";)

This rule would raise an alert when the packet is an incoming TCP packet that comes from any port from IP address 192.168.102.132 and is sent to any port number in any IP address. If a packet like that is found, the IDS.py would log the message into a log called IDS_log.txt that has the following format: CourseNana.COM

2024 - 08 - 18 11:47:53 - Alert: receive a TCP packet
2024 - 08 - 18 11:47:53 - Alert: receive a TCP packet
... (if more packets are found)

Each line in the IDS_log.txt represents that the IDS finds a packet that meets at least one of the rules. Each line starts with a time stamp and then follows with Alert: <content_in_msg>. The IDS_log.txt must match the format given above since you will be marked based on this. CourseNana.COM

  • A more complicated example is:
alert tcp 192.168.102.132 any -> 131.171.127.1 25 (content: "malicious"; msg: "multiple malicious TCP syn packets found"; flags: S; detection_filter: count 10, seconds 2;)

In this example, the IDS.py would raise an alert if the IDS found more than 10 TCP syn packets within 2 seconds is sent from any port number from IP address 192.168.102.132 to port 25 on IP address 131.171.127.1 that has a content that contains string “malicious”. CourseNana.COM

  • Your IDS.py should ignore any line that starts with “#” in the rule set.

Clarifications: CourseNana.COM

  • The IDS.py only has alert as the action after detecting a packet.
  • The IDS.py supports four different protocols: ip, icmp, tcp, udp.
  • The IDS.py does not support IP range, all test cases will have one source IP address and one Destination IP address.
  • The IDS.py only considers incoming traffic, the “->” symbol would remain the same across all test cases.
  • Each rule option inside the brackets in the rule should be separated by “;”. The last option in the rule should finish with a “;” follows with a “)”.
  • The “flags” option supports four different types: A, S, F, R
    • A: ACK (Acknowledgement)
    • S: SYN (Synchronize sequence numbers)
    • F: FIN (Finish)
    • R: RST (Reset the connection)
  • “detection_filter” would only and always have two options: “count ”, and “seconds ”. Please follow the exact format provided in the example.

Your IDS.py will be tested in the following scenarios (Tasks): CourseNana.COM

  • Detect multiple TCP packets (5 marks).
  • Detect multiple ICMP packets (5 marks).
  • Detect multiple IP packets (5 marks).
  • Detect multiple UDP packets (5 marks).
  • Detect a mix of TCP, ICMP, UDP and IP packets (5 marks).
  • Detect one packet with malicious content within all other benign packets (5 marks).
  • Detect packets with malicious content across different protocols (5 marks).
  • Detect TCP syn packets, fin packets, rst packets and ack packets (10 marks).
  • Detect TCP flooding (10 marks).
  • Detect TCP syn scan (10 marks).
  • Detect multiple TCP ack packets with malicious content within a short period of time (10 marks)

Get in Touch with Our Experts

WeChat (微信) WeChat (微信)
Whatsapp WhatsApp
UQ代写,CYBR3000代写,Information Security代写,Intrusion Prevention代写,Intrusion Detection代写,Python代写,ICMP代写,UQ代编,CYBR3000代编,Information Security代编,Intrusion Prevention代编,Intrusion Detection代编,Python代编,ICMP代编,UQ代考,CYBR3000代考,Information Security代考,Intrusion Prevention代考,Intrusion Detection代考,Python代考,ICMP代考,UQhelp,CYBR3000help,Information Securityhelp,Intrusion Preventionhelp,Intrusion Detectionhelp,Pythonhelp,ICMPhelp,UQ作业代写,CYBR3000作业代写,Information Security作业代写,Intrusion Prevention作业代写,Intrusion Detection作业代写,Python作业代写,ICMP作业代写,UQ编程代写,CYBR3000编程代写,Information Security编程代写,Intrusion Prevention编程代写,Intrusion Detection编程代写,Python编程代写,ICMP编程代写,UQprogramming help,CYBR3000programming help,Information Securityprogramming help,Intrusion Preventionprogramming help,Intrusion Detectionprogramming help,Pythonprogramming help,ICMPprogramming help,UQassignment help,CYBR3000assignment help,Information Securityassignment help,Intrusion Preventionassignment help,Intrusion Detectionassignment help,Pythonassignment help,ICMPassignment help,UQsolution,CYBR3000solution,Information Securitysolution,Intrusion Preventionsolution,Intrusion Detectionsolution,Pythonsolution,ICMPsolution,