Why Choose Universal Assignment?

Universal Assignment Services is the best place to get help in your all kind of assignment help. We have 172+ experts available, who can help you to get HD+ grades. We also provide Free Plag report, Free Revisions,Best Price in the industry guaranteed.

What services do you offer in my Assignment?

We provide all kinds of assignmednt help, Report writing, Essay Writing, Dissertations, Thesis writing, Research Proposal, Research Report, Home work help, Question Answers help, Case studies, mathematical and Statistical tasks, Website development, Android application, Resume/CV writing, SOP(Statement of Purpose) Writing, Blog/Article, Poster making and so on.

If I need and urgent revision or support, how can I approach you?

We are available round the clock, 24X7, 365 days. You can appach us to our Whatsapp number +1 (613)778 8542 or email to info@universalassignment.com . We provide Free revision policy, if you need and revisions to be done on the task, we will do the same for you as soon as possible.

Do you Familier with my University rules?

We provide services mainly to all major institutes and Universities in Australia, Canada, China, Malaysia, India, South Africa, New Zealand, Singapore, the United Arab Emirates, the United Kingdom, and the United States.

How much discount do you provide for the task?

We provide lucrative discounts from 28% to 70% as per the wordcount, Technicality, Deadline and the number of your previous assignments done with us.

After your assignment request our team will check and update you the best suitable service for you alongwith the charges for the task. After confirmation and payment team will start the work and provide the task as per the deadline.

Will you provide Plag report for the task?

Yes, we will provide Plagirism free task and a free turnitin report along with the task without any extra cost.

Do I have to pay any additional amount for the revisions or changes?

No, if the main requirement is same, you don’t have to pay any additional amount. But it there is a additional requirement, then you have to pay the balance amount in order to get the revised solution.

What is the minimum charge for the service.

The Fees are as minimum as $10 per page(1 page=250 words) and in case of a big task, we provide huge discounts.

How will I pay for the service?

We accept all the major Credit and Debit Cards for the payment. We do accept Paypal also.

Assignment 2 Machine Learning Modelling

Background

Early Incident Identification

Disc Consulting Enterprises (DCE) has identified some potentially suspicious attacks on their network and computer systems. The attacks are thought to be a new type of attack from a skilled threat actor. To date, the attacks have only been identified ‘after the fact’ by examining post-exploitation activities of the attacker on compromised systems.

Unfortunately, the attackers are skilled enough to evade detection and the exact mechanisms of their exploits have not been identified.

The incident response team, including IT services, security operations, security architecture, risk management, the CISO (Chief Information Security Officer), and the CTO (Chief Technology Officer) have been meeting regularly to determine next steps.

It has been suggested that the security architecture and operations teams could try to implement some real-time threat detection using machine learning models that build on earlier consultancy your firm has completed (i.e., building upon your Assessment 1 work).

Data description

The data have already been provided (in Assessment 1), and the ML team (you) have undertaken some initial cleaning and analysis.

Things to keep in mind:

Each event record is a snapshot triggered by an individual network ‘packet’. The exact triggering conditions for the snapshot are unknown. But it is known that multiple packets are exchanged in a ‘TCP conversation’ between the source and the target before an event is triggered and a record created. It is also known that each event record is anomalous in some way (the SIEM logs many events that may be suspicious).
The malicious events account for a very small amount of data. As such, your training needs to consider the “imbalanced” data and the effect these data may have on accuracy (both specificity and sensitivity).

A very small proportion of the data are known to be corrupted by their source systems and some data are incomplete or incorrectly tagged. The incident response team indicated this is likely to be less than a few hundred records.

Assembled Payload Size (continuous)	The total size of the inbound suspicious payload. Note: This would contain the data sent by the attacker in the “TCP conversation” up until the event was triggered
DYNRiskA Score (continuous)	An un-tested in-built risk score assigned by a new SIEM plug-in
IPV6 Traffic (binary)	A flag indicating whether the triggering packet was using IPV6 or IPV4 protocols (True = IPV6)
Response Size (continuous)	The total size of the reply data in the TCP conversation prior to the triggering packet
Source Ping Time (ms) (continuous)	The ‘ping’ time to the IP address which triggered the event record. This is affected by network structure, number of ‘hops’ and even physical distances. E.g.: < 1 ms is typically local to the device1-5ms is usually located in the local network5-50ms is often geographically local to a country~100-250ms is trans-continental to servers250+ may be trans-continental to a small network. Note, these are estimates only and many factors can influence ping times.
Operating System (Categorical)	A limited ‘guess’ as to the operating system that generated the inbound suspicious connection. This is not accurate, but it should be somewhat consistent for each ‘connection’
Connection State (Categorical)	An indication of the TCP connection state at the time the packet was triggered.
Connection Rate (continuous)	The number of connections per second by the inbound suspicious connection made prior to the event record creation
Ingress Router (Binary)	DCE has two main network connections to the ‘world’. This field indicates which connection the events arrived through
Server Response Packet Time (ms) (continuous)	An estimation of the time from when the payload was sent to when the reply

	packet was generated. This may indicate server processing time/load for the event
Packet Size (continuous)	The size of the triggering packet
Packet TTL (continuous)	The time-to-live of the previous inbound packet. TTL can be a measure of how many ‘hops’ (routers) a packet has traversed before arriving at our network.
Source IP Concurrent Connection (Continuous)	How many concurrent connections were open from the source IP at the time the event was triggered
Class (Binary)	Indicates if the event was confirmed malicious, i.e. 0 = Non-malicious, 1 = Malicious

The needle in the haystack

The data were gathered over a period of time and processed by several systems in order to associate specific events with confirmed malicious activities. However, the number of confirmed malicious events was very low, with these events accounting for less than 1% of all logged network events.

Because the events associated with malicious traffic are quite rare, rate of ‘false negatives’ and ‘false positives’ are important.

Scenario

Following the meetings of the security incident response team, it has been decided to try to make an ‘early warning’ system that extends the functionality of their current SIEM. It has been proposed that DCE engage 3rd party developers to create a ‘smart detection plugin’ for the SIEM.

The goal is to have a plug-in that would extract data from real-time network events, send it to an external system (your R script) and receive a classification in return.

However, for the plugin to be effective it must consider the alert-fatigue experienced by security operations teams as excessive false-positives can lead to the team ignoring real incidents. But, because the impact of a successful attack is very high, false negatives could result in attackers overtaking the whole network.

You job

Your job is to develop the detection algorithms that will provide the most accurate incident detection. You do not need to concern yourself about the specifics of the SIEM plugin or software integration, i.e., your task is to focus on accurate classification of malicious events using R.

You are to test and evaluate two machine learning algorithms to determine which supervised learning model is best for the task as described.

Task

You are to import and clean the same MLData2023.csv, that was used in the previous assignment. Then run, tune and evaluate two supervised ML algorithms (each with two types of training data) to identify the most accurate way of classifying malicious events.

Part 1 – General data preparation and cleaning

Import the MLData2023.csv into R Studio. This version is the same as Assignment 1.
Write the appropriate code in R Studio to prepare and clean the MLData2023 dataset as follows:
1. Clean the whole dataset based on what you have suggested / feedback received for Assignment 1.
1. Filter the data to only include cases labelled with Class = 0 or 1.
1. For the feature Operating.System, merge the three Windows categories together to form a new category, say Windows_All. Furthermore, merge iOS, Linux (Unknown), and Other to form the new category named Others. Hint: use the forcats:: fct_collapse(.) function.
1. Similarly, for the feature Connection.State, merge INVALID, NEW and RELATED for form the new category named Others.
1. Select only the complete cases using the na.omit(.) function, and name the dataset MLData2023_cleaned.

Briefly outline the preparation and cleaning process in your report and why you believe the above steps were necessary.

Use the code below to generated two training datasets (one unbalanced mydata.ub.train and one balanced mydata.b.train) along with the testing set (mydata.test). Make sure you enter your student ID into the command set.seed(.).

Text Box: # Separate samples of non-malicious and malicious events
dat.class0 <- MLData2023_cleaned %>% filter(Class == 0) # non-malicious
dat.class1 <- MLData2023_cleaned %>% filter(Class == 1) # malicious

# Randomly select 19800 non-malicious and 200 malicious samples, then combine them to form the training samples
set.seed(Enter your student ID)
rows.train0 <- sample(1:nrow(dat.class0), size = 19800, replace = FALSE) rows.train1 <- sample(1:nrow(dat.class1), size = 200, replace = FALSE)
# Your 20000 unbalanced training samples
train.class0 <- dat.class0[rows.train0,] # Non-malicious samples train.class1 <- dat.class1[rows.train1,] # Malicious samples mydata.ub.train <- rbind(train.class0, train.class1) mydata.ub.train <- mydata.ub.train %>%
mutate(Class = factor(Class, labels = c("NonMal","Mal")))
“></td></tr></tbody></table></figure>

<p>Note that in the master data set, the percentage of malicious events is less than 1%. This distribution is roughly represented by the unbalanced data. The balanced data is generated based on up-sampling of the minority class using bootstrapping. The idea here is to ensure the trained model is not biased towards the majority class, i.e. non-malicious event.</p>

<h2 class=

Assignment 2 Machine Learning Modelling

Early Incident Identification

Data description

The needle in the haystack

Scenario

You job

Task

Part 1 – General data preparation and cleaning

What to submit

Marking Criteria

Assignment Extensions

Please note along with our service, we will provide you with the following deliverables:

Recent Assignments

Categories

Get 90%* Discount on Assignment Help

Most Frequent Questions & Answers

Popular Assignments

Can't Find Your Assignment?

Universal Assignment

Quick links

Services

Legal

Follow Us

Best Assignment Help services available in