
Background
Early Incident Identification
Disc Consulting Enterprises (DCE) has identified some potentially suspicious attacks on their network and computer systems. The attacks are thought to be a new type of attack from a skilled threat actor. To date, the attacks have only been identified ‘after the fact’ by examining post-exploitation activities of the attacker on compromised systems.
Unfortunately, the attackers are skilled enough to evade detection and the exact mechanisms of their exploits have not been identified.
The incident response team, including IT services, security operations, security architecture, risk management, the CISO (Chief Information Security Officer), and the CTO (Chief Technology Officer) have been meeting regularly to determine next steps.
It has been suggested that the security architecture and operations teams could try to implement some real-time threat detection using machine learning models that build on earlier consultancy your firm has completed (i.e., building upon your Assessment 1 work).
Data description
The data have already been provided (in Assessment 1), and the ML team (you) have undertaken some initial cleaning and analysis.
Things to keep in mind:
- Each event record is a snapshot triggered by an individual network ‘packet’. The exact triggering conditions for the snapshot are unknown. But it is known that multiple packets are exchanged in a ‘TCP conversation’ between the source and the target before an event is triggered and a record created. It is also known that each event record is anomalous in some way (the SIEM logs many events that may be suspicious).
- The malicious events account for a very small amount of data. As such, your training needs to consider the “imbalanced” data and the effect these data may have on accuracy (both specificity and sensitivity).
A very small proportion of the data are known to be corrupted by their source systems and some data are incomplete or incorrectly tagged. The incident response team indicated this is likely to be less than a few hundred records.
Assembled Payload Size (continuous) | The total size of the inbound suspicious payload. Note: This would contain the data sent by the attacker in the “TCP conversation” up until the event was triggered |
DYNRiskA Score (continuous) | An un-tested in-built risk score assigned by a new SIEM plug-in |
IPV6 Traffic (binary) | A flag indicating whether the triggering packet was using IPV6 or IPV4 protocols (True = IPV6) |
Response Size (continuous) | The total size of the reply data in the TCP conversation prior to the triggering packet |
Source Ping Time (ms) (continuous) | The ‘ping’ time to the IP address which triggered the event record. This is affected by network structure, number of ‘hops’ and even physical distances. E.g.: < 1 ms is typically local to the device1-5ms is usually located in the local network5-50ms is often geographically local to a country~100-250ms is trans-continental to servers250+ may be trans-continental to a small network. Note, these are estimates only and many factors can influence ping times. |
Operating System (Categorical) | A limited ‘guess’ as to the operating system that generated the inbound suspicious connection. This is not accurate, but it should be somewhat consistent for each ‘connection’ |
Connection State (Categorical) | An indication of the TCP connection state at the time the packet was triggered. |
Connection Rate (continuous) | The number of connections per second by the inbound suspicious connection made prior to the event record creation |
Ingress Router (Binary) | DCE has two main network connections to the ‘world’. This field indicates which connection the events arrived through |
Server Response Packet Time (ms) (continuous) | An estimation of the time from when the payload was sent to when the reply |
packet was generated. This may indicate server processing time/load for the event | |
Packet Size (continuous) | The size of the triggering packet |
Packet TTL (continuous) | The time-to-live of the previous inbound packet. TTL can be a measure of how many ‘hops’ (routers) a packet has traversed before arriving at our network. |
Source IP Concurrent Connection (Continuous) | How many concurrent connections were open from the source IP at the time the event was triggered |
Class (Binary) | Indicates if the event was confirmed malicious, i.e. 0 = Non-malicious, 1 = Malicious |
The needle in the haystack
The data were gathered over a period of time and processed by several systems in order to associate specific events with confirmed malicious activities. However, the number of confirmed malicious events was very low, with these events accounting for less than 1% of all logged network events.
Because the events associated with malicious traffic are quite rare, rate of ‘false negatives’ and ‘false positives’ are important.
Scenario
Following the meetings of the security incident response team, it has been decided to try to make an ‘early warning’ system that extends the functionality of their current SIEM. It has been proposed that DCE engage 3rd party developers to create a ‘smart detection plugin’ for the SIEM.
The goal is to have a plug-in that would extract data from real-time network events, send it to an external system (your R script) and receive a classification in return.
However, for the plugin to be effective it must consider the alert-fatigue experienced by security operations teams as excessive false-positives can lead to the team ignoring real incidents. But, because the impact of a successful attack is very high, false negatives could result in attackers overtaking the whole network.
You job
Your job is to develop the detection algorithms that will provide the most accurate incident detection. You do not need to concern yourself about the specifics of the SIEM plugin or software integration, i.e., your task is to focus on accurate classification of malicious events using R.
You are to test and evaluate two machine learning algorithms to determine which supervised learning model is best for the task as described.
Task
You are to import and clean the same MLData2023.csv, that was used in the previous assignment. Then run, tune and evaluate two supervised ML algorithms (each with two types of training data) to identify the most accurate way of classifying malicious events.
Part 1 – General data preparation and cleaning
- Import the MLData2023.csv into R Studio. This version is the same as Assignment 1.
- Write the appropriate code in R Studio to prepare and clean the MLData2023 dataset as follows:
- Clean the whole dataset based on what you have suggested / feedback received for Assignment 1.
- Filter the data to only include cases labelled with Class = 0 or 1.
- For the feature Operating.System, merge the three Windows categories together to form a new category, say Windows_All. Furthermore, merge iOS, Linux (Unknown), and Other to form the new category named Others. Hint: use the forcats:: fct_collapse(.) function.
- Similarly, for the feature Connection.State, merge INVALID, NEW and RELATED for form the new category named Others.
- Select only the complete cases using the na.omit(.) function, and name the dataset MLData2023_cleaned.
Briefly outline the preparation and cleaning process in your report and why you believe the above steps were necessary.
- Use the code below to generated two training datasets (one unbalanced mydata.ub.train and one balanced mydata.b.train) along with the testing set (mydata.test). Make sure you enter your student ID into the command set.seed(.).
For each of your two ML modelling approaches, you will need to:
statistics (i.e. CV results, tables and plots), where appropriate. If you are using repeated CVs, a minimum of 2 repeats are required.
For the precision, recall and F-score metrics, you will need to do a bit of research as to how they can be calculated. Make sure you define each of the above metrics in the context of the study.
What to submitGather your findings into a report (maximum of 5 pages) and citing relevant sources, if necessary. Present how and why the data was ‘cleaned and prepared’, how the ML models were tuned and provide the relevant CV results. Lastly, present how they performed to each other in both the unbalanced and balanced scenarios. You may use graphs, tables and images where appropriate to help your reader understand your findings. All tables and figures should be appropriately captioned, and referenced in-text. Make a final recommendation on which ML modelling approach is the best for this task. Your final report should look professional, include appropriate headings and subheadings, should cite facts and reference source materials in APA-7th format. Your submission must include the following:
Note that no marks will be given if the results you have provided cannot be confirmed by your code. No more than 20% of your code can be from online resources, including ChatGPT. Furthermore, all pages exceeding the 5-page limit will not be read or examined. Marking Criteria
Academic Misconduct Edith Cowan University regards academic misconduct of any form as unacceptable. Academic misconduct, which includes but is not limited to, plagiarism; unauthorised collaboration; cheating in examinations; theft of other student’s work; collusion; inadequate and incorrect referencing; will be dealt with in accordance with the ECU Rule 40 Academic Misconduct (including Plagiarism) Policy. Ensure that you are familiar with the Academic Misconduct Rules. Assignment ExtensionsInstructions to apply for extensions are available on the ECU Online Extension Request and Tracking System to formally lodge your assignment extension request. The link is also available on Canvas in the Assignment section. Normal work commitments, family commitments and extra-curricular activities are not accepted as grounds for granting you an extension of time because you are expected to plan ahead for your assessment due dates. Where the assignment is submitted not more than 7 days late, the penalty shall, for each day that it is late, be 5% of the maximum assessment available for the assignment. Where the assignment is more than 7 days late, a mark of zero shall be awarded. ![]() Get expert help for Machine Learning Modelling and many more. 24X7 help, plag free solution. Order online now! Universal Assignment (July 1, 2025) Assignment 2 Machine Learning Modelling. Retrieved from https://universalassignment.com/assignment-2-machine-learning-modelling/. "Assignment 2 Machine Learning Modelling." Universal Assignment - July 1, 2025, https://universalassignment.com/assignment-2-machine-learning-modelling/ Universal Assignment May 22, 2023 Assignment 2 Machine Learning Modelling., viewed July 1, 2025,<https://universalassignment.com/assignment-2-machine-learning-modelling/> Universal Assignment - Assignment 2 Machine Learning Modelling. [Internet]. [Accessed July 1, 2025]. Available from: https://universalassignment.com/assignment-2-machine-learning-modelling/ "Assignment 2 Machine Learning Modelling." Universal Assignment - Accessed July 1, 2025. https://universalassignment.com/assignment-2-machine-learning-modelling/ "Assignment 2 Machine Learning Modelling." Universal Assignment [Online]. Available: https://universalassignment.com/assignment-2-machine-learning-modelling/. [Accessed: July 1, 2025] Please note along with our service, we will provide you with the following deliverables:
Please do not hesitate to put forward any queries regarding the service provision. We look forward to having you on board with us. ![]() Recent AssignmentsCategoriesGet 90%* Discount on Assignment HelpMost Frequent Questions & AnswersUniversal Assignment Services is the best place to get help in your all kind of assignment help. We have 172+ experts available, who can help you to get HD+ grades. We also provide Free Plag report, Free Revisions,Best Price in the industry guaranteed. We provide all kinds of assignmednt help, Report writing, Essay Writing, Dissertations, Thesis writing, Research Proposal, Research Report, Home work help, Question Answers help, Case studies, mathematical and Statistical tasks, Website development, Android application, Resume/CV writing, SOP(Statement of Purpose) Writing, Blog/Article, Poster making and so on. We are available round the clock, 24X7, 365 days. You can appach us to our Whatsapp number +1 (613)778 8542 or email to info@universalassignment.com . We provide Free revision policy, if you need and revisions to be done on the task, we will do the same for you as soon as possible. We provide services mainly to all major institutes and Universities in Australia, Canada, China, Malaysia, India, South Africa, New Zealand, Singapore, the United Arab Emirates, the United Kingdom, and the United States. We provide lucrative discounts from 28% to 70% as per the wordcount, Technicality, Deadline and the number of your previous assignments done with us. After your assignment request our team will check and update you the best suitable service for you alongwith the charges for the task. After confirmation and payment team will start the work and provide the task as per the deadline. Yes, we will provide Plagirism free task and a free turnitin report along with the task without any extra cost. No, if the main requirement is same, you don’t have to pay any additional amount. But it there is a additional requirement, then you have to pay the balance amount in order to get the revised solution. The Fees are as minimum as $10 per page(1 page=250 words) and in case of a big task, we provide huge discounts. We accept all the major Credit and Debit Cards for the payment. We do accept Paypal also. Popular AssignmentsNursing Ethics and Law – Henry Pearson Case StudyNursing Ethics and Law – Henry Pearson Case Study Course Code & NameNUR1103 |Context of Professional PracticeAssessment Item and NameAssessment THREE | Case StudyAssessment Item TypeEssay/ Case studyDue Date & TimeWeek 10 | 15th March 23:59 hrsLengthEssay is 1200 words + or – 10%Marks and WeightingOverall mark is out of NUR3397 – Complex Care Case Study PresentationCourse Code & NameNUR3397 |Complex Care AAssessment Item and NameAssessment TWO | PresentationAssessment Item TypeIndividual oral presentationDue Date & TimeWeek 10 | 22nd April 23:59 hrsResults data will be returned to you three weeks after your submission dateLength12-15 minute oral presentation recorded to ZOOM cloud + or – 10%Marks and AI in Recruitment: Legal and Ethical Implications for Harmony HavenPurposeThis assessment helps you demonstrate report-writing skills essential for HR and other professional roles. It develops your research abilities, including sourcing, reviewing, and synthesizing academic and non-academic literature. Strong report-writing skills support informed business decisions, enhancing your ability to assist managers and advance your career. AI in Recruitment: Legal and Youth Justice Crisis: Indigenous Incarceration in Australiaissues During Impact Root cause Youth justice crisis ongoing Disproportionate indigenous youth incarcerations reports of abuse eg Don Dale Low age of criminal responsibility (10) – Systemic racism and overpolicing – Lack of diversion and rehabilitation pathways Word: 1000 Topic selected: Youth Justic Crisis, Assessment 1: Conflict Analysis Exercise – PPMP20008 Assessment 3 Assignment 3: Project Plan for Tarneit Community CentreASSESSMENT#3 – TERM 1 2025 WRITTEN ASSIGNMENT – DESCRIPTION Assessment type: Group work – Project plan Word limit: Part A: Presentation Equivalent to 500 words |Part B: Project plan 4000 words ± 5% Due date: Week 11 Friday 11:45 pm AEST Late submission: Mark deduction of 10% per PV System Design and Energy Analysis for Residential UseExecutive Summary Provide a brief summary of the key methods and key results, max 500 words. 1. Introduction (aims and objectives and brief description of the system studied and methods of the next sections) approximately half a page 2. Solar irradiation analysis Provide location and data used. Provide hourly GHI, Assignment 3: Statistical Analysis and Recommendations for Enhancing HDIStudent Name: Your full name Student ID: Your Student ID Make sure to delete the instructions!! Introduction: Include a succinct introduction at the start of your report. You may write a few sentences about purpose of this report, the type of analysis, or any other relevant information (about 50 words). Brian Old Age Case study AssignmentAssessment 1 – Written AssessmentAssessment TypePurposeDescriptionWritten AssignmentThe purpose of this assessment is to broaden each student’s understanding of the modulecontent using a case study and assessment toolsCase Study: Brian is an 84-year-old retired farmer in a rural area in Northern Territory. Hewas recently assessed following a minor motor vehicle accident Assessment name: Portfolio of planning cycleAssessment name: Portfolio of planning cycleDue Date: Friday 13 June 11:59pmWeighting: 50%Length: 2000 wordsTask Description: This Portfolio is comprised of two tasks. You must submit your assessment as onedocument. Task 1: Anecdotal record and learning experienceAnecdotal recordView the video of pre-schoolers provided under the link “Video for Assessment 2” andcomplete NUR5327 Assessment 3 Assignment HelpName NUR5327 Assessment 3 (Essay)Purpose The purpose of this assessment is to demonstrate your understanding of therolesof leadership and management in healthcare by identifying and analysinga change you have actively participated in, and how it relates to key topicssuch as interprofessional communication, evidence-based practice, and staffdevelopment.LearningOutcomes NUR5327 Assessment 3 Assignment Mathematics Investigation and Reflection Assignment HelpSubmission: Mathematics Investigation and Reflection Assignment Help TurnitinFormat:Individual written document.Uses the current APA referencing style correctly.Length:2,000 wordsThreshold Detail:For this assessment task you must obtain at least 50% of the overall result (i.e. 25 points). If the total result for this unit is at least 50 points but you scored less FASS Research Proposal Template AssignmentFASS Research Proposal Template Word length2000 to 3000 wordsTitleUse a concise and descriptive title that accurately reflects the content of the proposal.Background context and significanceThis section should explain the background and context of the proposed research work,indicating the main contribution to knowledge you wish to make.Aims and objectivesInclude a clear Evidence to Inform Nursing Practice Assignment HelpUnit Code: NURS12165 Unit Title: Evidence to Inform Nursing Practice Assessment Three Type: Written Assessment Due date: Week 11: Wednesday, 28 May 2025 at 1600 (AEST) Extensions: Available as per policy Return date: Results for this assessment will be made available on Wednesday, 18 June 2025 Weighting: 50% Length: NUR1120 | Burden of Disease and Health EquityAssessment Item Task SheetCourse code andnameNUR1120 | Burden of Disease and Health Equity Assessment itemand nameAssessment Three | ReportDue date and time Week 11 | 22/04/2025 at 2359 hours AESTLength 1400 words (+/- 10% in each section) – includes in-text references, but not reference list.Marks out of:Weighting:80 Marks50%Assessed CourseLearning Outcomes(CLO)CLO1, PSY1040 Portfolio: Cultural Responsiveness & Self-AwarenessCourse Code and NamePSY1040: An Introduction to Cultural Safety in PracticeAssessment Item Number and NameAssessment 2: PortfolioAssessment Item TypePortfolio PSY1040 Portfolio: Cultural Responsiveness & Self-AwarenessDue Date & TimeTuesday, 29 April 2025 (Week 12), 11:59pmLength2000 words – an average of 400 words per task.Marks and WeightingMarked out of: 100Weighting: 50%Assessed Course Innovative Digital App Development ReportOVERALL DESCRIPTION OF TYPE OF ASSIGNMENT Assessment 1- Type of Assignment Individual Written Report Details Individual Written Report 3,000 words (500 words of the Report is Contextualisation) Weighting of Assessment : 70% INDIVIDUAL MARK Learning outcomes assessed by Assessment: 1, 2, 3 and 4 – See Module Listings of Learning SOM7001A – The Sports Business EnvironmentAssessment Brief – Assignment Two (Individual Report) SOM7001A – The Sports Business Environment MATH1316: Practical package utilisation and report writing on control chartingOverview of Assignment and Assessment Criteria MATH1316: Practical package utilisation and report writing on control charting Learning Outcomes Feedback and grades Feedback on your assignment and your grade will be released via the Grades item in the left menu. (a) Analyse these data using Individual, Moving Range and Cumulative Control charts. What Tourism Trends and Investment Decisions: A Comparative StudyAssignment TaskYou are a strategist working for a major hospitality group based in Australia. The company is planninginternational expansion, and the board has asked you to compile a report to identify the most suitablelocation for the project. The board has shortlisted two international locations (which will be allocatedto you by EC502 Language and Literacy in the Early YearsEC502 Language and Literacy in the Early Years Unit Code/Description EC502 Language and Literacy in the Early Years Course/Subject Bachelor of Early Childhood Education Semester March 2025 Assessment Overview Unit Learning Outcomes Addressed 1, 2, 3 Assessment Objective Assessment 1: Poster Including an Invigilated stage in Week 3. Due EC501 Early Childhood Learning and DevelopmentUnit Code/Description EC501 Early Childhood Learning and Development Course/Subject Graduate Diploma in Education (early childhood) Semester S 1, 2025 Assessment Overview Unit Learning Outcomes Addressed 1, 2, 3 Assessment Objective In this assessment, student are required to select one of the case studies provided and critically analyze the child’s JSB172: Professional Academic SkillsJSB172: Professional Academic SkillsAssessment: Workplace Report and Presentation Weight: 50%Due date: Friday 30th May 11:59pm Length: 1,750 words (+/- 10 %) / 5minutesPurpose/Learning Objectives:This assessment relates to Learning Outcomes 1, 2, 3, and 4: Task:Your task is to write a Workplace Report identifying how to address the topic/issue chosen or 2015PSY Developmental Psychology Assignment2015PSY Developmental Psychology Assignment 2025 2015PSY Developmental Psychology Assignment Assignment MaterialsAssignment Information Sheet & Marking Criteria.pdf (this document)Assignment Template.docx (template)Example Assignment.pdf (HD exemplar)Due Date: Friday 16 May, 11:59PM (Week 10)Weighting: Marked out of 100 (worth 30% of course grade)Word Count: 1,500 words maximum(inclusive of main text, headings, in-text citations; excluding Principles of Economics Federal BudgetPrinciples of Economics Short-answer Assignment V1 (20% of final mark) The assignment consists of four questions. You should allocate at least half a page (or 250 words) to each answer or 1000 words for all four answers depending on the nature of and/or marks allocated for the question/s. You may LML6003 – AUSTRALIA’S VISA SYSTEM 1 (FAMILY AND OTHERVISAS)Graduate Diploma in Migration Law LML6003 – AUSTRALIA’S VISA SYSTEM 1 (FAMILY AND OTHER VISAS) Assessment Task 2 – Semester 1, 2025 LML6003 – AUSTRALIA’S VISA SYSTEM 1 (FAMILY AND OTHERVISAS) Instructions: 1. Students must answer all questions as indicated. Make certain all answers are clearly labelled. 2. Make certain Construction Cadetships in the Australian Construction IndustryREPORT TOPICPrepare an Academic Report on the following:‘Construction Cadetships in the Australian Construction Industry’.The report should encompass the following: Your personal evaluation and critique of the key findings in your report including your evaluation of construction cadetships, yourfindings in relation to potential issues/problems with cadetships and your recommendations to improve Assessing Corporate Governance and its SignificanceAssessing Corporate Governance and its Significance: A Case Study Analysis Overview: Accounting irregularities have cost investors millions of dollars and, most importantly, adversely impacted their confidence in the financial system. While there have been remarkable improvements in regulatory supervision, auditing framework and reporting transparency, young graduates must assess major corporate Master of Professional Accounting and Accounting AdvancedAssessment 2 – Business Case (CVP) AnalysisUnit Code/Description ACC901 Accounting for Managerial DecisionsCourse/Subject Master of Professional Accounting and Master of Professional Accounting AdvancedSemester S1 2025 Assessment Overview Unit Learning OutcomesAddressed1,2,3,4 and 5Assessment Objective The primary objective of this assessment is to assess the students’ ability to apply CVPanalysis and relevant Urban Design Theory Essay writingEssays are a major form of assessment at university. Through essays, you develop your understanding of discipline-specific content, strengthen your critical thinking, and develop your ability to translate that thinking into a persuasive written form. This assignment assesses your understanding of the following Unit Learning Outcomes: 1) understand the historic Statutory Interpretation of Disability Discrimination in NSW LawFoundations of Law 70102 – Assessment Task 3 – Autumn 2025Statutory Interpretation and Research ExerciseDue: Thursday 22 May 2025 by 23.59Length: 2000 words (excluding the headings Part A, Part B and Part C, footnotes andbibliography. Any additional headings that you decide to use will be included in the wordcount)Weighting: 40%Task Can't Find Your Assignment?Free Assistance 1
Universal Assignment
Hello 👋 How can we help you? Open chat
|