COM398SUST
COM398 Systems Security
60% OF THE TOTAL MARK
Release Date: 04th March 2024
Submission Date: 3rd May 2024 (12:00 (Noon) UK time)
Date returned with feedback: Within twenty working days after the submission deadline.
In submitting your assignment, you are agreeing to the following declaration of ownership:
I declare that this is all my own work and does not contain unreferenced material copied from any
other source. I have read the University’s policy on plagiarism and understand the definition of plagiarism.
If it is shown that material has been plagiarised, or I have otherwise attempted to obtain an unfair
advantage for myself or others, I understand that I may face sanctions in accordance with the policies
and procedures of the University. A mark of zero may be awarded and the reason for that mark will be
recorded on my file.
University policy on plagiarism is available here.
CW2 is an individual coursework which is worth 60% of the total coursework mark for this module.
The successful completion of CW2 will address the following learning outcomes:
• Develop practical prototypes to experiment with and reinforce core systems security
concepts.
• Illustrate a comprehension of the key issues and principles underlying modern security in
computing systems.
• Characterise the threats faced by computing systems, applications and systems; and
examine the role of security risks assessment and management in IT.
This coursework component requires students to research, write and make a presentation on the topic of
traffic analysis during a DoS / DDoS attack using Wireshark. This element would require each student to
prepare PowerPoint slides (10-15) and vodcast of the student presenting the slides. The vodcast should
be a maximum of 15 minutes long (vodcast exceeding the maximum limit will be penalised according to
the following scheme).
COM398SUST
15 minutes + 10% No penalty
15 minutes + >10% - 20% reduction in the total mark by 5%
15 minutes + >20% - 30% reduction in the total mark by 10%
15 minutes + >30% - 40% reduction in the total mark by 15%
15 minutes + >40% - 50% reduction in the total mark by 20%
15 minutes +>50% The maximum total mark achievable is 40%
This assessment component is designed to encourage students to reflect critically on the fundamentals of
systems security; and relate these fundamental concepts to developments within the field, and to realworld practical examples.
The students should submit the PPT they presented along with the video to show his / her ability to carry
out research on the CW topic.
This coursework component requires you to prepare (see also notes 1 & 2, and the coursework
preparation, submission and provision of feedback sections below) a video-recorded PPT
presentation and the PPT file (video + PPT slides) on traffic analysis using Wireshark. In this
coursework, you will be only considering the TCP/IP protocols for the analysis. Students will have
to log their experience (including any Wireshark based visualisation), observations and analysis
of the captured network traffic in a PPT document describing the TCP/IP protocol suit, and
addressing some specific points related to the provided Wireshark traffic file (PCAP file). The PPT
document and presentation may include (but not limited to) and address the following points:
- An explanation of代 写COM398 Systems Security the TCP/IP protocols suit including:
a) The Transmission Control Protocol (TCP) and User Datagram Protocol (UDP), and the
difference between the two protocols
b) The Internet Protocol (IP)
c) The Difference between TCP and IP
d) The work of the TCP 3-Way Handshake Process. - Describe and contrast the Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS)
attacks, and their sub-types. - In the provided PCAP file, identify the type of the attack; any of your observations and analysis
of the traffic should be justified and explained by adding suitable Wireshark snapshots (or
any suitable Wireshark trace visualisation approach that you can embed in your presentation
/ video) - What is the IP address of the suspected attacker in the PCAP file? Justify and explain?
COM398SUST - Reflecting on the detected attack(s), you should add in your conclusion the possible context
/ cause(s) that allowed such attack(s) to take place; and countermeasure recommendations.
You should prepare your PPT document and presentation in such a way that it may be understood
by and useful to a fictitious group of students taking a course in computing and who may be
joining placement employers.
Although you have the freedom to adopt and follow your own presentation plan and structure,
the expectation, however, is that there should be an ‘Introduction’ in which you should cover the
TCP/IP protocols suit from which you can elaborate on the DoS and DDoS as in the points above.
The body of the report should be divided and partitioned into sections and any appropriate
visualization means should be used (e.g snapshots).
Your presentation should be evidence-based and supported by relevant and up-to-date
references and links. Sources should include textbooks, academic web sites, manufacturers’ web
sites, RFCs, white papers and academic literature (conferences and journals). You may use your
own selected referencing style.
Note 1: You can use data from such sources as evidence but you need to express this in your own
words. Plagiarism will not be tolerated and will be dealt with according to University policy:
www.ulster.ac.uk/student/exa…. It is inappropriate to make a
presentation based on sources which are not listed.
Note 2: You should demonstrate good knowledge and understanding of the topics and points of
your presentation; and express them with high effectiveness, conciseness and succinctness.
When preparing your presentation, you should make sure to include only the most relevant
references.
Coursework preparation, submission and provision of feedback:
This coursework should be returned as an electronic submission by the due date specified above.
University regulations require that late submissions attract a mark of zero and will be rigorously
applied, without exception. If you have extenuating circumstances, you should complete an EC1
form according to your course rules; forms are found on your course website – your year tutor
and course director can advise.
• What should be returned is file 1) a copy of the PPT document used as the basis of your
presentation (in this case your researched material / script should either be embedded in
the notes section or appended to the end of your PPT document), file 2) the video (in a
suitable format, e.g. mp4, you may also use Panopto etc – for a Panopto submission,
please refer to the material on the module page). These files should be put saved in the
COM398SUST
same folder which is then compressed (zipped); the obtained ZIP file must be uploaded
using the CW2 Submission link in the module webpage on Cloud Campus.
You should also take note of the following:
• Please ensure the filename of the submitted project folder archive is given as YourBNumber_CW (i.e., B0011_CW2-PPT and B0011_CW2-VODCAST).
• As it may be expected that the file to be submitted can be of a substantial size, you are
advised to attempt your submission early to avoid any IT related issues.
• Feedback will be provided within 20 working days after submission by the date shown
above. Feedback can take the form of comments and a mark as shown herewith:
Student’s ID
Mark overall (%)
Criterion Weight
Research material (to include extent of background research,
quality of analysis and citations & references)
25
Trace files, traffic or design files analysis (as appropriate; and to
include quality of analysis and answers and approach
justification)
40
PPT presentation (to include quality of both PPT and text; ad
coherence of the points made)
20
Video recording (to include quality of recording, creativity,
communication, organization and clarity, use of adequate
visualization techniques (e.g. snapshots)
15
Comments:
- Research Material: The material you present should be evidence-based and supported
by relevant and up-to-date references. - PCAP files analysis: The analysis should include but not limited to filters and graphs to
support your argument(s). - PPT presentation: When preparing your presentation, you should be sure to include only
the most relevant points on the slides: you can give more details in the notes section if
you wish to, however, the purpose of the slide is to be succinct in your information. The
background image and snapshots (or additional graphics if you want to use them) and
sound/audio effects should be relevant to the points being made on the slide.
COM398SUST - Video recording: Your recording should demonstrate good knowledge and
understanding of the topic of your presentation and express them with high
effectiveness.
Submission: An electronic copy of the assignment may be submitted anytime up until the cutoff date but will not be accepted after it. ASSIGNMENT TO BE SUBMITTED VIA THE DROPBOX
MARKED ‘CW 2 Submission’ WITHIN Cloud Campus.
COM398SUST Coursework 2023/2024
Evaluation and Marking Rubric
COM398 System Security
Component Two: The Project (60%)
Criteria (100%) 80-100%
High 1st
70-79%
1st
60-69%
2.1
50-59%
2.2
40-49%
3rd
0-39%
fail
Research material
(to include extent
of background
research, quality of
analysis and
citations &
references)
25%
Subject knowledge is
evident throughout the
presentation; information
is clear and correct. The
presentation contains
pertinent points related
to the assignment topic;
and is free of errors and
weaknesses. Such points
are excellently addressed
in an appropriate depth
level and thoroughly
analysed. When needed,
specific support is
provided for each
statement from credible
sources.
Subject knowledge is
evident in much of the
presentation; with very
few exceptions, almost all
presented information is
clear; most references
are suitable, and the
statements made are
supported with
appropriate citations. The
researched material to a
considerable extent is
addressed and analysed
thoroughly. When
particular points are
addressed, it is done in a
particularly proficient
level of conciseness.
Subject knowledge is
evident in the
presentation; however,
there are few
exceptions where
details may be missing
or where particular
points are not
addressed in a good
depth and conciseness.
The researched
material is mainly
meeting the
requirements and
guidelines of the
assignments with very
few exceptions, it is
generally clear and easy
to identify the sources
of statements made
and references are
suitable.
The researched material
in the presentation
partially meets the
requirements and
general guidelines of the
assignment; details can
be missing, and when
particular points are
addressed, it is not
always done in an
appropriate level of
conciseness. There are
instances where material
sources may not be
suitable, or the claims
are not supported by
citations.
The researched
material may be
remotely related to the
topic of the
assignment; details are
somewhat sketchy and
do not support the
topic of the
assignment and may
lack conciseness.
Source materials may
not be relevant to the
purpose of the
presentation. Often, it
can be unclear where
information or facts
come from a source.
The researched
material and
information are
confusing, incorrect,
or flawed; the
presentation material
can be partially or
totally unrelated to the
topic of the
assignment; addressed
points are not well
defined, not well
argued and sketchily
covered. The
presented material
does not meet the
requirement of the
assignment; material is
not supported by
citations, or the
references used are
not suitable / credible.
Trace files, traffic
or design files
analysis (as
appropriate)
40%
The analysis addressed
the majority of the issues
related to the problem
area. The analysis
integrated sufficient
components to the bulk of
its goals.
The analysis addressed a
large part of the issues
related to the problem
area. The analysis
integrated a large
number of components
to the bulk of its goals.
The analysis addresses
a good number of the
issues related to the
problem area. The
analysis integrated a
good number of
components to achieve
a good range of goals.
The analysis partly
addresses some of the
issues related to the
problem area. The
analysis integrated
sufficient components to
achieve a moderate
range of goals.
An inadequate analysis
was presented which
did not clearly address
the problem at hand.
The analysis minimally
integrated elements to
achieve its goals.
The analysis is flawed
or incorrect. It is very
sketchy and does not
address the problem
at hand.
COM398SUST Coursework 2023/2024
PPT presentation
(to include quality
of both PPT and
text; ad coherence
of the points
made)
20%
Points made catch the
viewer/listener’s
attention and hook
him/her to the
presentation: they are
well organized and
motivating. Such
statements and points are
introduced in a logical
order and are well interlinked. The presentation
is error free and does not
encompass any grammar
or spelling errors.
The points made in the
presentation are clear
and coherent and evoke
good interest from the
viewer/listener. The text
has very few mistakes or
spelling errors, details are
presented in a logical
order.
The points made in the
presentation are
generally clear but may
be uncoherent
occasionally and the
link between such
points may not be
obvious. The text has
few mistakes or spelling
errors, details are
presented in a logical
order mainly, although
with some
incoherence.
The points made in the
presentation evoke a
limited interest from the
viewer/listener: they are
brief, sketchy and
incoherent. The
structure of the
presentation from its
introduction to its
conclusion did not orient
the student to the topic
being covered; there are
many spelling and other
mistakes in the text.
The points made in the
presentation do not
evoke interest from
the listener / viewer as
there is a very limited
coherence between
the points made. The
presentation is badly
structured; text
includes many errors.
The points made in the
presentation are
unclear; the listener or
viewer may lose
interest and is hard for
him / her to
comprehend the topic;
the presentation in
incoherent and is ill
structured.
Video recording (to
include quality of
recording,
creativity,
communication,
organization and
clarity, use of
adequate
visualization
techniques (e.g.
snapshots)
15%
The recording runs
smoothly; the
introduction of new ideas
transitions are smooth
and almost unnoticeable.
The video recording,
video or podcast is well
structured. The selections
of graphics, sound effects
and works of art have
assisted in the
communication of ideas.
The recording timing is
perfect.
The recording runs
mostly smoothly; only
very few changes of
introductions of new
ideas transitions are
noticeable. Still the
viewer is hooked and the
recording, video or
podcast is well
structured. The
selections of graphics,
sound effects and works
of art have assisted in
the communication of
ideas. The recording
timing is almost perfect.
Multiple types of
transitions may be
used; however, there is
little impact on the
smoothness of the
recording. Such
transitions are used for
a purpose: to help tell
the story of the
presentation. The
pacing and timing of
the video are good; and
the graphics are well
employed to convey
information.
Multiple types of
transitions may be used;
however, there is some
impact on the
smoothness of the
recording. There are few
transitions which do not
help the purpose of the
recording, or the
recording is ill
structured. The timing
and pacing need to be
reviewed as the
recording is either too
long or too short. When
used, graphics and sound
effects are not always
well employed.
Multiple types of
transitions may be
used: there is a clear
impact on the
smoothness of the
recording. There may
be multiple transitions
which do not help the
purpose of the
recording, or the
recording is ill
structured. The
recording is either too
short or too long; the
pacing is ill suited for
the recording length.
There may be no
graphics, sound effects
or work of art to
support the recording
story.
Video is of poor quality
and is unedited. There
are no transitions
added or transitions
are used so frequently
that they detract from
the video. There are no
graphics. The timing
and pacing are not
suitable.
COM398SUST Coursework 2023/2024
References
CHAPPELL, L. & COMBS, G. 2010. Wireshark network analysis: the official Wireshark certified network analyst study guide, Protocol Analysis
Institute, Chappell University.
OREBAUGH, A., RAMIREZ, G. & BEALE, J. 2006. Wireshark & Ethereal network protocol analyzer toolkit, Elsevier.
COM398SUST Coursework 2023/2024
Appendix A
Wireshark is an open-source tool used for capturing and analysing network traffic at a very granular level. Wireshark shows packet details captured
from different network sources, and breaks down the traffic into the individual layers of the Open Systems Interconnection (OSI) model (e.g. the
data link, network, transport, and application layers). Wireshark uses display filters to highlight and focus the analysis on the interesting
packets(Orebaugh et al., 2006, Chappell and Combs, 2010). For this CW component, the MC provides a single PCAP file that includes a network
activity. Such file content is to be analysed (the students are not allowed to analyse any other PCAP files as part of this assignment to explain a
Dos / DDos attack; however they are free to use any other PCAP files or resources in order to complete their presentation; e.g. students are at
liberty of using any resources to highlight any TCP, IP or any protocol’s activity using Wireshark for instance) WX:codinghelp
