EN 650 Computer Intrusion Detection Questions
Description
Slide 1 of 1
-
attachment_1attachment_1
Unformatted Attachment Preview
EN.650.654 Computer Intrusion Detection
Homework 1
Instructions:
This homework assignment is for individual students. No collaboration is allowed. You can use
any references that you can find. But you have to form your own solution.
Submit it through the given link at Canvas for this assignment as a PDF file. Proofread it before
submission.
Exercise 1 (15pts) Network-based Information Sources and Analysis (1-page limit)
According to our lecture and lab, SYN flood attacks (and other similar flooding attacks) send a lot of
packets to the target in a short time and may use source IP addresses that are unreachable.
a)
Can you create a tcpdump filter that captures only SYN flood packets, but not legitimate packets?
Explain why or why not.
b) Design a tcpdump filter that can be useful for detecting SYN flood attacks, i.e., this filter collects
packets used for detection. Show your filter as specific as possible. (You may refer to the manual
of tcpdump.) Then explain how information captured by this filter can be reasonably processed to
raise an alert. (Hint: You should consider how the volumes of different types of packets involved
in three-way handshakes change during an SYN flood attack.)
Exercise 2 (15pts) Host-based Information Sources and Analysis (1-page limit)
This practice will find some useful data on your personal computer and practice how to use it.
a)
List the full path to the log file of your computer in which failed logins are recorded. Include one
example of such log records.
b) Now you are asked to design a program that issues an alert if more than 3 login failures occur in
one minute. First, please list only the information sufficient and necessary needed for this
purpose that is available directly from the data records in (a), in the tuple format of {X,A,Y}
discussed in class. Then describe how you process this information for the task; you can use
pseudo-code for this purpose although it is not required as long as adequate/clear information is
given.
Purchase answer to see full
attachment
Homework 1
Instructions:
This homework assignment is for individual students. No collaboration is allowed. You can use
any references that you can find. But you have to form your own solution.
Submit it through the given link at Canvas for this assignment as a PDF file. Proofread it before
submission.
Exercise 1 (15pts) Network-based Information Sources and Analysis (1-page limit)
According to our lecture and lab, SYN flood attacks (and other similar flooding attacks) send a lot of
packets to the target in a short time and may use source IP addresses that are unreachable.
a)
Can you create a tcpdump filter that captures only SYN flood packets, but not legitimate packets?
Explain why or why not.
b) Design a tcpdump filter that can be useful for detecting SYN flood attacks, i.e., this filter collects
packets used for detection. Show your filter as specific as possible. (You may refer to the manual
of tcpdump.) Then explain how information captured by this filter can be reasonably processed to
raise an alert. (Hint: You should consider how the volumes of different types of packets involved
in three-way handshakes change during an SYN flood attack.)
Exercise 2 (15pts) Host-based Information Sources and Analysis (1-page limit)
This practice will find some useful data on your personal computer and practice how to use it.
a)
List the full path to the log file of your computer in which failed logins are recorded. Include one
example of such log records.
b) Now you are asked to design a program that issues an alert if more than 3 login failures occur in
one minute. First, please list only the information sufficient and necessary needed for this
purpose that is available directly from the data records in (a), in the tuple format of {X,A,Y}
discussed in class. Then describe how you process this information for the task; you can use
pseudo-code for this purpose although it is not required as long as adequate/clear information is
given.
Purchase answer to see full
attachment
Explanation & Answer:
2 Questions
User generated content is uploaded by users for the purposes of learning and should be used following our honor code & terms of service.
Have a similar assignment? "Place an order for your assignment and have exceptional work written by our team of experts, guaranteeing you A results."
