Background
Early Incident Identification
Disc Consulting Enterprises (DCE) has identified some potentially suspicious attacks on their network and computer systems. The attacks are thought to be a new type of attack from a skilled threat actor. To date, the attacks have only been identified ‘after the fact’ by examining post-exploitation activities of the attacker on compromised systems.
Unfortunately, the attackers are skilled enough to evade detection and the exact mechanisms of their exploits have not been identified.
The incident response team, including IT services, security operations, security architecture, risk management, the CISO (Chief Information Security Officer), and the CTO (Chief Technology Officer) have been meeting regularly to determine next steps.
It has been suggested that the security architecture and operations teams could try to implement some real-time threat detection using machine learning models that build on earlier consultancy your firm has completed (i.e., building upon your Assessment 1 work).
Data description
The data have already been provided (in Assessment 1), and the ML team (you) have undertaken some initial cleaning and analysis.
Things to keep in mind:
- Each event record is a snapshot triggered by an individual network ‘packet’. The exact triggering conditions for the snapshot are unknown. But it is known that multiple packets are exchanged in a ‘TCP conversation’ between the source and the target before an event is triggered and a record created. It is also known that each event record is anomalous in some way (the SIEM logs many events that may be suspicious).
- The malicious events account for a very small amount of data. As such, your training needs to consider the “imbalanced” data and the effect these data may have on accuracy (both specificity and sensitivity).
A very small proportion of the data are known to be corrupted by their source systems and some data are incomplete or incorrectly tagged. The incident response team indicated this is likely to be less than a few hundred records.
Assembled Payload Size (continuous) | The total size of the inbound suspicious payload. Note: This would contain the data sent by the attacker in the “TCP conversation” up until the event was triggered |
DYNRiskA Score (continuous) | An un-tested in-built risk score assigned by a new SIEM plug-in |
IPV6 Traffic (binary) | A flag indicating whether the triggering packet was using IPV6 or IPV4 protocols (True = IPV6) |
Response Size (continuous) | The total size of the reply data in the TCP conversation prior to the triggering packet |
Source Ping Time (ms) (continuous) | The ‘ping’ time to the IP address which triggered the event record. This is affected by network structure, number of ‘hops’ and even physical distances. E.g.: < 1 ms is typically local to the device1-5ms is usually located in the local network5-50ms is often geographically local to a country~100-250ms is trans-continental to servers250+ may be trans-continental to a small network. Note, these are estimates only and many factors can influence ping times. |
Operating System (Categorical) | A limited ‘guess’ as to the operating system that generated the inbound suspicious connection. This is not accurate, but it should be somewhat consistent for each ‘connection’ |
Connection State (Categorical) | An indication of the TCP connection state at the time the packet was triggered. |
Connection Rate (continuous) | The number of connections per second by the inbound suspicious connection made prior to the event record creation |
Ingress Router (Binary) | DCE has two main network connections to the ‘world’. This field indicates which connection the events arrived through |
Server Response Packet Time (ms) (continuous) | An estimation of the time from when the payload was sent to when the reply |
packet was generated. This may indicate server processing time/load for the event | |
Packet Size (continuous) | The size of the triggering packet |
Packet TTL (continuous) | The time-to-live of the previous inbound packet. TTL can be a measure of how many ‘hops’ (routers) a packet has traversed before arriving at our network. |
Source IP Concurrent Connection (Continuous) | How many concurrent connections were open from the source IP at the time the event was triggered |
Class (Binary) | Indicates if the event was confirmed malicious, i.e. 0 = Non-malicious, 1 = Malicious |
The needle in the haystack
The data were gathered over a period of time and processed by several systems in order to associate specific events with confirmed malicious activities. However, the number of confirmed malicious events was very low, with these events accounting for less than 1% of all logged network events.
Because the events associated with malicious traffic are quite rare, rate of ‘false negatives’ and ‘false positives’ are important.
Scenario
Following the meetings of the security incident response team, it has been decided to try to make an ‘early warning’ system that extends the functionality of their current SIEM. It has been proposed that DCE engage 3rd party developers to create a ‘smart detection plugin’ for the SIEM.
The goal is to have a plug-in that would extract data from real-time network events, send it to an external system (your R script) and receive a classification in return.
However, for the plugin to be effective it must consider the alert-fatigue experienced by security operations teams as excessive false-positives can lead to the team ignoring real incidents. But, because the impact of a successful attack is very high, false negatives could result in attackers overtaking the whole network.
You job
Your job is to develop the detection algorithms that will provide the most accurate incident detection. You do not need to concern yourself about the specifics of the SIEM plugin or software integration, i.e., your task is to focus on accurate classification of malicious events using R.
You are to test and evaluate two machine learning algorithms to determine which supervised learning model is best for the task as described.
Task
You are to import and clean the same MLData2023.csv, that was used in the previous assignment. Then run, tune and evaluate two supervised ML algorithms (each with two types of training data) to identify the most accurate way of classifying malicious events.
Part 1 – General data preparation and cleaning
- Import the MLData2023.csv into R Studio. This version is the same as Assignment 1.
- Write the appropriate code in R Studio to prepare and clean the MLData2023 dataset as follows:
- Clean the whole dataset based on what you have suggested / feedback received for Assignment 1.
- Filter the data to only include cases labelled with Class = 0 or 1.
- For the feature Operating.System, merge the three Windows categories together to form a new category, say Windows_All. Furthermore, merge iOS, Linux (Unknown), and Other to form the new category named Others. Hint: use the forcats:: fct_collapse(.) function.
- Similarly, for the feature Connection.State, merge INVALID, NEW and RELATED for form the new category named Others.
- Select only the complete cases using the na.omit(.) function, and name the dataset MLData2023_cleaned.
Briefly outline the preparation and cleaning process in your report and why you believe the above steps were necessary.
- Use the code below to generated two training datasets (one unbalanced mydata.ub.train and one balanced mydata.b.train) along with the testing set (mydata.test). Make sure you enter your student ID into the command set.seed(.).
Part 2 – Compare the performances of different ML algorithms
For each of your two ML modelling approaches, you will need to:
statistics (i.e. CV results, tables and plots), where appropriate. If you are using repeated CVs, a minimum of 2 repeats are required.
For the precision, recall and F-score metrics, you will need to do a bit of research as to how they can be calculated. Make sure you define each of the above metrics in the context of the study.
What to submitGather your findings into a report (maximum of 5 pages) and citing relevant sources, if necessary. Present how and why the data was ‘cleaned and prepared’, how the ML models were tuned and provide the relevant CV results. Lastly, present how they performed to each other in both the unbalanced and balanced scenarios. You may use graphs, tables and images where appropriate to help your reader understand your findings. All tables and figures should be appropriately captioned, and referenced in-text. Make a final recommendation on which ML modelling approach is the best for this task. Your final report should look professional, include appropriate headings and subheadings, should cite facts and reference source materials in APA-7th format. Your submission must include the following:
Note that no marks will be given if the results you have provided cannot be confirmed by your code. No more than 20% of your code can be from online resources, including ChatGPT. Furthermore, all pages exceeding the 5-page limit will not be read or examined. Marking Criteria
Academic Misconduct Edith Cowan University regards academic misconduct of any form as unacceptable. Academic misconduct, which includes but is not limited to, plagiarism; unauthorised collaboration; cheating in examinations; theft of other student’s work; collusion; inadequate and incorrect referencing; will be dealt with in accordance with the ECU Rule 40 Academic Misconduct (including Plagiarism) Policy. Ensure that you are familiar with the Academic Misconduct Rules. Assignment ExtensionsInstructions to apply for extensions are available on the ECU Online Extension Request and Tracking System to formally lodge your assignment extension request. The link is also available on Canvas in the Assignment section. Normal work commitments, family commitments and extra-curricular activities are not accepted as grounds for granting you an extension of time because you are expected to plan ahead for your assessment due dates. Where the assignment is submitted not more than 7 days late, the penalty shall, for each day that it is late, be 5% of the maximum assessment available for the assignment. Where the assignment is more than 7 days late, a mark of zero shall be awarded. Get expert help for Machine Learning Modelling and many more. 24X7 help, plag free solution. Order online now! Universal Assignment (December 26, 2024) Assignment 2 Machine Learning Modelling. Retrieved from https://universalassignment.com/assignment-2-machine-learning-modelling/. "Assignment 2 Machine Learning Modelling." Universal Assignment - December 26, 2024, https://universalassignment.com/assignment-2-machine-learning-modelling/ Universal Assignment May 22, 2023 Assignment 2 Machine Learning Modelling., viewed December 26, 2024,<https://universalassignment.com/assignment-2-machine-learning-modelling/> Universal Assignment - Assignment 2 Machine Learning Modelling. [Internet]. [Accessed December 26, 2024]. Available from: https://universalassignment.com/assignment-2-machine-learning-modelling/ "Assignment 2 Machine Learning Modelling." Universal Assignment - Accessed December 26, 2024. https://universalassignment.com/assignment-2-machine-learning-modelling/ "Assignment 2 Machine Learning Modelling." Universal Assignment [Online]. Available: https://universalassignment.com/assignment-2-machine-learning-modelling/. [Accessed: December 26, 2024] Please note along with our service, we will provide you with the following deliverables:
Please do not hesitate to put forward any queries regarding the service provision. We look forward to having you on board with us. Recent AssignmentsCategoriesGet 90%* Discount on Assignment HelpMost Frequent Questions & AnswersUniversal Assignment Services is the best place to get help in your all kind of assignment help. We have 172+ experts available, who can help you to get HD+ grades. We also provide Free Plag report, Free Revisions,Best Price in the industry guaranteed. We provide all kinds of assignmednt help, Report writing, Essay Writing, Dissertations, Thesis writing, Research Proposal, Research Report, Home work help, Question Answers help, Case studies, mathematical and Statistical tasks, Website development, Android application, Resume/CV writing, SOP(Statement of Purpose) Writing, Blog/Article, Poster making and so on. We are available round the clock, 24X7, 365 days. You can appach us to our Whatsapp number +1 (613)778 8542 or email to info@universalassignment.com . We provide Free revision policy, if you need and revisions to be done on the task, we will do the same for you as soon as possible. We provide services mainly to all major institutes and Universities in Australia, Canada, China, Malaysia, India, South Africa, New Zealand, Singapore, the United Arab Emirates, the United Kingdom, and the United States. We provide lucrative discounts from 28% to 70% as per the wordcount, Technicality, Deadline and the number of your previous assignments done with us. After your assignment request our team will check and update you the best suitable service for you alongwith the charges for the task. After confirmation and payment team will start the work and provide the task as per the deadline. Yes, we will provide Plagirism free task and a free turnitin report along with the task without any extra cost. No, if the main requirement is same, you don’t have to pay any additional amount. But it there is a additional requirement, then you have to pay the balance amount in order to get the revised solution. The Fees are as minimum as $10 per page(1 page=250 words) and in case of a big task, we provide huge discounts. We accept all the major Credit and Debit Cards for the payment. We do accept Paypal also. Popular AssignmentsRES800 Assessment 1 – Research Question and Literature ReviewSubject Title Business Research Subject Code RES800 Assessment Title Assessment 1 – Research Question and Literature Review Learning Outcome/s Utilise critical thinking to analyse managerial problems and formulate relevant research questions and a research design Apply research theories and methodologies to assist in developing a business research Assessment Task 2 Health advocacy and communication planAssessment Task 2 Health advocacy and communication plan Rationale and multimedia plan presentation Submission requirements Due date and time: Rationale: 8pm AEST Monday 23 September 2024 (Week 11) Multimedia plan presentation: 8pm AEST Monday 30 September 2024 (Study Period) % of final grade: 50% of overall grade Word limit: Time MLI500 Leadership and innovation Assessment 1Subject Title Leadership and innovation Subject Code MLI500 Assessment Assessment 1: Leadership development plan Individual/Group Individual Length 1500 words Learning Outcomes LO1 Examine the role of leaders in fostering creativity and innovation LO5 Reflect on and take responsibility for their own learning and leadership development processes Submission Weighting 30% CPCCBC4008B Supervise Site Communications and Administration Processes for Building and Constr. ProjectsAssignment Task 1 Unit of Competency CPCCBC4008B Supervise Site Communications and Administration Processes for Building and Constr. Projects Purpose of Assessment Supervise and maintain on-site Communications Submission Date Due Friday, 5pm, 27 September 2024. (Week 10) Tasks. You are a Developer that needs to communicate on FPC006 Taxation for Financial PlanningAssignment 2 Instructions Assignment marks: 95 | Referencing and presentation: 5 Total marks: 100 Total word limit: 3,000 words Weighting: 40% Download and use the Assignment 2 Answer Template provided in KapLearn to complete your assignment. Your assignment should be loaded into KapLearn by 11.30 pm AEST/AEDT on the wdue TCHR5001 Assessment Brief 1TCHR5001 Assessment Brief 1 Assessment Details Item Assessment 1: Pitch your pedagogy Type Digital Presentation (Recorded) Due Monday, 16th September 2024, 11:59 pm AEST (start of Week 4) Group type Individual Length 10 minutes (equivalent to 1500 words) Weight 50% Gen AI use Permitted, restrictions apply Aligned ULOS ULO1, ULO2, HSH725 Assessment Task 2turquoise By changing the Heading 3 above with the following teal, turquoise, orange or pink you can change the colour theme of your CloudFirst CloudDeakin template page. When this page is published the Heading 3 above will be removed, but it will still be here in edit mode if you wish to change the colour theme. Evidence in Health Assessment 2: Evidence SelectionEvidence in Health Assessment 2: Evidence Selection Student name: Student ID: Section 1: PICO and search strategy Evidence Question: Insert evidence question from chosen scenario here including all key PICO terms. PICO Search Terms Complete the following table. Subject headings Keywords Synonyms Population Assessment 1 – Lesson Plan and annotationASSESSMENT TASK INFORMATION: XNB390 Assessment 1 – Lesson Plan and annotation This document provides you with information about the requirements for your assessment. Detailed instructions and resources are included for completing the task. The Criterion Reference Assessment (CRA) Marking Matrix that XNB390 markers will use to grade the assessment task XNB390 Task 1 – Professional Lesson PlanXNB390 Template for Task 1 – Professional Lesson Plan CONTEXT FOR LESSON: SOCIAL JUSTICE CONSIDERATIONS: Equity Diversity Supportive Environment UNIT TITLE: TERM WEEK DAY TIME 1 5 YEAR/CLASS STUDENT NUMBERS/CONTEXT LOCATION LESSON DURATION 28 Children (chl): 16 boys; 12 A2 Critical Review AssignmentYouthSolutions Summary The summary should summarise the key points of the critical review. It should state the aims/purpose of the program and give an overview of the program or strategy you have chosen. This should be 200 words – included in the word count. Critical analysis and evaluation Your critical PUN364 – Workplace activity AssignmentAssessment 1 – DetailsOverviewFor those of you attending the on-campus workshop, you will prepare a report on the simulated simulated inspection below. For those of you who are not attending, you will be required to carry out your own food business inspection under the supervision of a suitably qualified Environmental FPC006 Taxation for Financial PlanningAssignment 1 Instructions Assignment marks: 95 | Referencing and presentation: 5 Total marks: 100 Total word limit: 3,600 words Weighting: 40% Download and use the Assignment 1 Answer Template provided in KapLearn to complete your assignment. Your assignment should be loaded into KapLearn by 11.30 pm AEST/AEDT on the due Mental health Nursing assignmentDue Aug 31 This is based on a Mental health Nursing assignment Used Microsoft word The family genogram is a useful tool for the assessment of individuals, couples, and families. It can yield significant data and lead to important, new patient understandings and insights as multigenerational patterns take shape and Assessment 2: Research and Policy ReviewLength: 2000 words +/- 10% (excluding references)For this assessment, you must choose eight sources (academic readings and policy documents) as the basis of your Research and Policy Review. You must choose your set of sources from the ‘REFERENCES MENU’ on the moodle site, noting the minimum number of sources required HSN702 – Lifespan NutritionAssessment Task: 2 Assignment title: Population Nutrition Report and Reflection Assignment task type: Written report, reflection, and short oral presentation Task details The primary focus of this assignment is on population nutrition. Nutritionists play an important role in promoting population health through optimal nutritional intake. You will be asked to Written Assessment 1: Case StudyBilly a 32-year-old male was admitted to the intensive care unit (ICU) with a suspected overdose of tricyclic antidepressants. He is obese (weight 160kg, height 172cm) and has a history of depression and chronic back pain for which he takes oxycodone. On admission to the emergency department, Paramedics were maintaining BLB1101 Australian Legal System in Context – Research AssignmentBLB1101 Australian Legal System in Context – Research Assignment – Case Summary Due date Monday Week 3 at 11.59pm Total marks 30 marks = 30% of total marks for the unit 1000 words in total Submission requirements Submit electronic copy via Assignment DropBox link on unit’s VU Collaborate space. Please name Assessment Task 8 – Plan and prepare to assess competenceAssessment Task 8 – Plan and prepare to assess competence Assessment Task 8 consists of the following sections: Section 1: Short answer questions Section 2: Analyse an assessment tool Section 3: Determine reasonable adjustment and customisation of assessment process Section 4: Develop an assessment plan Student Instructions To complete this Nutrition Reviews Assignment 2 – Part A and Part BThis assignment provides you with the opportunity to determine an important research question that is crucial to address based on your reading of one of the two systematic reviews below (Part A). You will then develop a research proposal outlining the study design and methodology needed to answer that question NUR332 – TASK 3 – WRITTEN ASSIGNMENTNUR332 – TASK 3 – WRITTEN ASSIGNMENT for S2 2024. DESCRIPTION (For this Task 3, the word ‘Indigenous Australians’, refers to the Aboriginal and Torres Strait Islander Peoples of Australia) NUR332 Task 3 – Written Assignment – Due – WEEK 12 – via CANVAS on Wednesday, Midday (1200hrs) 16/10/2024. The NUR332 – TASK 2 – DIGITAL POSTER (Part A) and SYNOPSIS (Part B)NUR332 – TASK 2 – DIGITAL POSTER (Part A) and SYNOPSIS (Part B) NOTE – Your Task 2 – aligns with your Module 2 content. DESCRIPTION NUR332 TASK 2 – Digital Poster and Synopsis – Due in WEEK 6 – via CANVAS on Wednesday, Midday (1200hrs) 28/08/2024 The aim of Task NUR100 Task 3 – Case studyNUR100 Task 3 – Case study To identify a key child health issue and discuss this issue in the Australian context. You will demonstrate understanding of contemporary families in Australia. You will discuss the role of the family and reflect on how the family can influence the overall health outcomes NUR 100 Task 2 Health Promotion PosterNUR 100 Task 2 Health Promotion Poster The weighting for this assessment is 40%. Task instructions You are not permitted to use generative AI tools in this task. Use of AI in this task constitutes student misconduct and is considered contract cheating. This assessment requires you to develop scholarship and BMS 291 Pathophysiology and Pharmacology CASE STUDYBMS 291 Pathophysiology and Pharmacology CASE STUDY Assessment No: 1 Weighting: 40% Due date Part A: midnight Friday 2nd August 2024 Due date Part B: midnight Sunday 29th September 2024 General information In this assessment, you will develop your skills for analysing, integrating and presenting information for effective evidence-based communication. Assessment Task: Health service deliveryAssessment Task Health service delivery is inherently unpredictable. This unpredictability can arise from, for example, the assortment of patient presentations, environmental factors, changing technologies, shifts in health policy and changes in division leadership. It can also arise from changes in policy within an organisation and/or associated health services that impact LNDN08002 Business Cultures Resit AssessmentLNDN08002 Business Cultures Resit Assessment Briefing 2023–2024 (Resit for Term 1) Contents Before starting this resit, please: 1 Assessment Element 1: Individual Report 1 Case Report Marking Criteria. 3 Assessment Element 2: Continuing Personal Development (CPD) 4 Guidance for Assessment 2: Reflection and Reflective Practice. 5 Student Marking Criteria – Assessment Task 2 – NAPLAN ExerciseAssessment Task 2 (35%) – Evaluation and discussion of test items Assessment Task 2 (35%) – Evaluation and discussion of test items AITSL Standards: This assessmeAITSL Standards: This assessment provides the opportunity to develop evidence that demonstrates these Standards: 1.2 Understand how students learn 1.5 Differentiate teaching to meet with EBY014 Degree Tutor Group 2 AssignmentAssignment Brief Module Degree Tutor Group 2 Module Code EBY014 Programme BA (Hons) Business and Management with Foundation Year Academic Year 2024/2025 Issue Date 6th May 2024 Semester Component Magnitude Weighting Deadline Learning outcomes assessed 2 1 2000 words Capstone Assessment 100% 26th July, 2024 1/2/3/4 Module Curriculum NTW 600 Computer Network and SecurityAssessment 2 Information and Rubric Subject Code NTW 600 Subject Name Computer Network and Security Assessment Number and Title Assessment 2: Cyber Security Threats to IT Infrastructure of a real-world Organisation Assessment Type Group Assessment Length / Duration 1500 words Weighting % 30% Project Report: 20% Presentation :10% (Recorded) Total Can't Find Your Assignment?Open chat
1
Free Assistance
Universal Assignment
Hello 👋 How can we help you? |