Network security Project 5

/in /by

  1. Network security Project 5

    Project Description:

    Need help with below homework

    CS6262-O01 Network Security – Project 5 Training & Evading ML based IDS 1 Introduction/Assignment Goal The goal of this project is to introduce students to machine learning techniques and methodologies, that help to differentiate between malicious and legitimate network traffic. In summary, the students are introduced to: • Use a machine learning based approach to create a model that learns normal network traffic. • Learn how to blend attack traffic, so that it resembles normal network traffic, and by-pass the learned model. NOTE: To work on this project, we recommend you to use Linux OS. However, in the past, students faced no difficulty while working on this project even on Windows or Macintosh OS. 2 Readings & Resources This assignment relies on the following readings: • “Anomalous Payload-based Worm Detection and Signature Generation”, Ke Wang, Gabriela Cretu, Salvatore J. Stolfo, RAID2004. • “Polymorphic Blending Attacks”, Prahlad Fogla, Monirul Sharif, Roberto Perdisci, Oleg Kolesnikov, Wenke Lee, Usenix Security 2006. • “True positive (true detections) and False positive (false alarms)” 3 Task A • Preliminary reading. Please refer to the above readings to learn about how the PAYL model works: a) how to extract byte frequency from the data, b) how to train the model, and c) the definition of the parameters; threshold and smoothing factor. Note: Without this background it will be very hard to follow through the tasks. • Code and data provided. Please look at the PAYL directory, where we provide the PAYL code and data to train the model. • Install packages needed. Please read the file SETUP to install packages that are needed for the code to run. • PAYL Code workflow. Here is the workf

    Project 5: ML for Security Constructing & Evading network traffic based model of IDS

    1 Introduction​: The goal of this project is to introduce students to machine learning techniques and methodologies, that help to differentiate between malicious and legitimate network traffic. In summary, the students are introduced to:

    1. Use a machine learning based approach to create a model that learns normal network traffic.

    2. Learn how to blend attack traffic, so that it resembles normal network traffic, and bypass the learned model.

    NOTE: To work on this project, we recommend you to use Linux OS. However, in the past, students faced no difficulty while working on this project even on Windows or Macintosh OS. 2 Readings & Resources: This assignment relies on the following readings:

    1. “Anomalous Payload-based Worm Detection and Signature Generation”, Ke Wang and Salva- tore J.Stolfo, RAID2004

    2. “Polymorphic Blending Attacks”, Prahlad Fogla, Monirul Sharif, Roberto Perdisci, Oleg Kolesnikov, Wenke Lee, Usenix Security 2006

    3. “True positive (true detections) and False positive (false alarms)” 3 Task A:

    ● Preliminary reading: ​Please refer to the above readings to learn about how the PAYL model works: a) how to extract byte frequency from the data, b) how to train the model, and c) the definition of the parameters; threshold and smoothing factor.

    ● Code and data provided: ​Please look at the PAYL directory, where we provide the PAYL code and data to train the model.

    ● Install packages needed: ​Please read the file SETUP to install packages that are needed for the code to run.

    ● PAYL Code workflow: ​Here is the workflow of the provided PAYL code: ○ It operates in two modes: a) training mode: It reads in pcap files provided in the

    ‘data’ directory, and it tests parameters and reports True Positive rates, and b) testing mode: It trains a model using specific parameters and using data in the directory, it will use a specific packet to test and then will decide if the packet fits the model.

    CS 6262 – O01 Network Security 1

     

    http://cs.fit.edu/~pkc/id/related/wang05raid.pdf
    http://cs.fit.edu/~pkc/id/related/wang05raid.pdf
    http://people.scs.carleton.ca/%257Esoma/id-2006w/readings/stolfo-payl.pdf
    http://wenke.gtisc.gatech.edu/papers/usenix_security_2006.pdf
    http://wenke.gtisc.gatech.edu/papers/usenix_security_2006.pdf
    https://en.wikipedia.org/wiki/Sensitivity_and_specificity

     

    ○ Training mode: It reads in the normal data and separates it into training and testing. 75% of the provided normal data is for training and 25% of the normal data is for testing. It sorts the payload strings by length and generates a model for each length. Each model per length is based on [ ​mean frequency of each ascii, standard deviation of frequencies for each ascii​]

    ○ To run PAYL on training mode: python wrapper.py. You will have to modify the port numbers in the read pcap.py (commented in the sourcecode) according to the protocol.

    ○ Testing mode: It reads in normal data from directory, it trains a model using specific parameters, and it tests the specific packet (fed from command line) against the trained model. 1. It computes the mahalanobis distance between each test payload and the model (of the same length), and 2. It labels the payload: If the mahalanobis distance is below the threshold, then it accept the payload as normal traffic. Otherwise, it reject the packet as attack traffic.

    ○ To run PAYL on testing mode: python wrapper.py [FILE.pcap]

    Tasks: Perform experiments to select proper parameters.

    ● You are provided a single traffic trace (artificial-payload) to train a PAYL model. ● After reading the reference papers above, it should make sense that you cannot train the

    PAYL model on the entire traffic because it contains several protocols. ● Modify the IP addresses/port numbers (also commented in the python files) in the source

    code according to the traffic you are working with. ● Use the artificial traffic corresponding to the protocol that you have chosen and proceed

    to train PAYL. Use the provided code in the training mode and make sure that you are going to use the normal traffic(artificial payload) that is fed to your code while training. Provide a range of the two parameters (threshold and smoothing factor). For each pair of parameters you will observe a True Positive Rate. Select a pair of parameters that gives 96% or more True Positive; more than 99% true positive rate is possible. You may find multiple pairs of parameters that can achieve that.

    Task B:

    ● Download your unique attack payload: To download your unique attack payload, visit the following url: ​http://www.prism.gatech.edu/~vseshadri30/Pcap/einstein7.pcap​ and replace “einstein7” with your GTID.

    CS 6262 – O01 Network Security 2

     

    http://www.prism.gatech.edu/~vseshadri30/Pcap/einstein7.pcap
    http://www.cc.gatech.edu/%257Ergiri8/6262_P5/einstein7.pcap

     

    ● Use PAYL in testing mode. Feed the training data that you used before, use the same pair of parameters that you found from Task A and provide the attack trace.

    ● Verify that your attack trace gets rejected – in other words that it doesn’t doesn’t fit the model.

    ● You should run as follows and observe the following output:

    ● Finally, use the artificial payload of the protocol provided. Test the artificial payload

    against your model(use testing mode as explained above). This packet should be accepted by your model. You should get an output that says “It fits the model”.

    Task C:

    ● Preliminary reading. ​Please refer to the “Polymorphic Blending Attacks” paper. In particular, section 4.2 that describes how to evade 1-gram and the model implementation. More specifically we are focusing on the case where ​m <​= ​n ​and the substitution is one-to-many.

    ● We assume that the attacker has a specific payload (attack payload) that he would like to blend in with the normal traffic. Also, we assume that the attacker has access to one packet (artificial profile payload) that is normal and is accepted as normal by the PAYL model.

    ● The attacker’s goal is to transform the byte frequency of the attack traffic so that is matches the byte frequency of the normal traffic, and thus bypass the PAYL model.

    ○ Code provided: ​Please look at the Polymorphic blend directory. All files (including attack payload) for this task should be in this directory.

    ○ How to run the code: ​Run ​task1.py ○ Main function: ​task1.py ​contains all the functions that are called. ○ Output: ​The code should generate a new payload that can successfully bypass

    the PAYL model that you have found above (using your selected parameters). The new payload (output) is shellcode.bin + encrypted attack body + XOR table + padding. Please refer to the paper for full descriptions and definitions of Shellcode, attack body, XOR table and padding. The Shellcode is provided.

    CS 6262 – O01 Network Security 3

     

     

    ○ Substitution table: ​We provide the skeleton for the code needed to generate a substitution table, based on the byte frequency of attack payload and artificial profile payload. According to the paper the substitution table has to be an array of length 256. For the purpose of implementation, the substitution table can be e.g.a python dictionary table. We ask that you complete the code for the substitution function. ​The substitution is one-to-many.

    ○ Padding: ​Similarly we have provided a skeleton for the padding function and we are asking you to complete the rest.

    ○ Main tasks: ​Please complete the code for the ​substitution.py ​and ​padding.py​, to generate the new payload.

    ○ Deliverables: ​Please deliver your code for the substitution and the padding, and the output of your code. Please see section deliverables.

    ● Test your output. ​Test your output (below noted as output) against the PAYL model and verify that it is accepted. FP should be 100% indicating that the payload got accepted as legit, even though is malicious. You should run as follows and observe the following output:

     

    Deliverables & Rubric:

    ● Task A: 35 points​ Please report the protocol that you used and the parameters that you found in a file named parameters. Please report a decimal with 2 digit accuracy for each parameter. Format​: |Protocol:HTTP| |Threshold:1.23| |SmoothingFactor:1.24| |TruePositiveRate:80.95|

    ● Task B: 5 points​ Please append a new line in parameters with the score of the attack payload after completing Task B. Format:

    CS 6262 – O01 Network Security 4

     

     

    |Distance:2000| ● Task C: 60 points

    ○ Code: 40 points.​ Please submit the code for substitution.py, substitution table.txt and padding.py.

    ○ Output: 20 points.​ Please submit your output of Task C generated as a new file after running task1.py.

    How to Verify your task C: If you only have 64-bit compiler, you need to run following:

    Next, then create a Makefile with following:

    Now, modify the hardcoded attack payload length at line no. 10 of shellcode.S with the length of your malicious attack payload. It should be an integer value equal to or the next multiple of 4 of your attack payload length. You can also get this number from task1.py and seeing what len(adjusted attack body) is. Without this, the code won’t point to the correct xor table location. Next, you need to generate your payload. So, somewhere near the end of task1.py add the following to create your payload.bin:

    Now, run task1.py to generate payload.bin and once it’s generated, run the makefile with make and then run a.out:

    If all is well you should see your original packet contents. If not and you get a bunch of funny letters.. it didn’t work. Note: It was only tested on Linux, you might need to make a few modifications according to your system configuration. Sample Substitution Table: Below is the one-line output generated using “print substitution table” in python. Your substitution table.txt should look like this:

    CS 6262 – O01 Network Security 5

     

     

    Please don’t procrastinate completing this project. Good luck for your finals!

    CS 6262 – O01 Network Security 6

Based on what you have learned throughout the past 5 weeks, summarize:

/in /by

Reflection

Based on what you have learned throughout the past 5 weeks, summarize:

  • At least two insights you have gained with regard to the impact of parents, families, early childhood care and education, and community on children’s development
  • How the information you learned and evaluated in developing one of your Action Plans will impact the way you view and support the children and families with whom you work
  • Your thinking with regard to the relationship between the role of a child and family advocate and that of an early childhood professional

Assignment length: Approximately 1 and 1/2 pages

Running head: CONTENT REVIEW 1

CONTENT REVIEW 2

Content Review

Linda Dotson

Walden University

Q).1 Define in your own words the structures of this ecological model, microsystems, mesosystems, ecosystems, microsystems, and chronosystem, and explain how each influences the socialization of a young child.

Microsystems can be described as the various proficiencies that one is able to interact and develop relationships with in a particular environment. Microsystems are essential and have an immense influence in the socialization of a child by influencing how a child responds to a given aspect of the environment he or she lives in. Mesosystems can be defined as the relationship that exists between a child and the environment of that child. Mesosystems helps to provide a bond between the microsystems of a child, for example the connection that may exist between a parent and the teacher of their child. Ecosystems on the other hand can be defined as an aspect of the social system that affect a child but the child does not directly participate in. An example by be health policy’s affecting the children but being felt by the parent. Macrosystems in this case can be defined as the customs and the culture where a child is being raised in. Macrosystems affect the way parents disseminate their responsibilities on their children. Lastly we have the chronosystem, this aspect deals with the aspect of time and how children are able to adapt to various developments associated with time such as the death of parents or the growth of a child (Härkönen, 2005).

As a child, I believe that the aspect of microsystems had an effect on my socialization. As a child I spent more time with my grandmother that people often confused her as my mother. This close relationship led to the development of a bond and I felt closer to my grandmother than my mother. The second aspect that influenced my socialization is the aspect of mesosystems. During my early years in school I had a problem when it came to spelling of English words. This may teacher develop a close relationship with my parents with the aim of trying to help me improve on reading and writing skills (Tudge, & Hogan, 2005).

References

Härkönen, U. (2005). The Bronfenbrenner ecological systems theory of human development. children44, 45.

Tudge, J., & Hogan, D. (2005). An ecological approach to observations of children’s everyday lives. Researching children’s experience, 102-121.

Research In Education: An Overview Of Action Research Questions

/in /by

To help prepare:

· View the Action Research Study Examples.

· Consider how action research compares to traditional models of educational research and how it can open doors for educational exploration.

Respond Questions below:

Briefly, answer the following questions below. Using APA style and references to support your respond. 200-300 words.

  1. How  do you currently involve traditional educational research in your work as an educator?
  2. How  might engagement in collaborative teacher inquiry/action research become a part of your current work as an educator?
  3. What  did you notice about the research methods used in the examples you read?
  4. What role does research play in educational reform? Does that role shift or change based on the use of traditional research versus action research?
  5. To what degree does promoting positive social change play a role in educational research?

 

Helpful Reference

Lawlor, L. A., Hansen, C. C., Zambo, D., & Horn, P. (2015). Empowering teachers and engaging students. Educational Digest, 80(6), 4–8.

Fowler, C., Wu, C., & Lam, W. (2014). Participatory action research: Involving students in parent education. Nurse Education in Practice, 14(1), 76–81.

Gordon, C. A. (2015). Evidence-based stories from school library research and practice: Creating synergy for change. Knowledge Quest, 43(3), 6–7.

Benchmark – Collaboration And Communication Action Plan

/in /by

Respond to at least two of your colleagues’ postings in one or more of the following ways:

  • Compare your initial posting with that of your colleague, including insights on the 7 S Model’s use for executing change within an organization.
  • In what ways do you agree or disagree with your colleague on the value of the 7 S Model components, and how can this enhance or expand on your understanding of strategic planning?
  • Provide a suggestion for an additional alternative for using the 7 S Model to execute change to better support your colleague’s posting, including a rationale for your suggestion.

Please note that, for each response, you must include a minimum of one appropriately cited scholarly reference.

Lauren

Introduction

Before this discussion assignment I had never seen the 7-S model. Peters (2011) defines the 7-S as a strategic implantation that positions businesses to achieve organizational goals and objectives. This may sound very simple, but in most cases, it is not. This discussion has helped enlighten me on the 7-S model and how it helps different organization.

The 7 -S Model

The 7-S model consist of 7 different components. These components are strategy, systems, skills, style, staffing, sharing values, and structure. A strategy is a series of actions and unique characteristics of the firm that support sustainable competitive advantages. Structure deals on how work is divided a and how authority is shared across the organization. Systems are the processes, policies and other mechanisms used to measure and support the strategy. Staffing and skills support the implementation of the strategy by deploying, training and even recruiting people with the necessary skills to execute each task. Style is a construct that captures how interactions and relationships affect the strategy. Shared values or superordinate goals encompass the guiding principles and operational priorities of the organization in a way that supports the strategy (Dyer et al., 2016).

Dual Component Analysis

All seven components of the 7-S model are equally important in any organization. But, there are two components that work very well together. These components are strategy and structure. These two components are the foundation of any organization. When an organization has a well put together staggery and structure this will allow the leaders of an organization to measure success and evaluate what is not going correctly. When done correctly this will be beneficial to any organization.

Most Challenging Components of Implementation

Although all seven parts of the 7-S model aren’t easy to implement I believe staffing is the most challenging. There are so many different factors that may arise with staffing. One big factor is the turnover rate in an organization. If an organization has a high turnover rate and the organization pays for training for new employees. This can cost a lot of money if employees keep quitting.

 

References

Dyer, J. H., Godfrey, P., Jensen, R., & Bryce, D. (2016). Strategic management:

Peters, T. (2011). McKinsey 7-S model. Leadership Excellence Essentials, 28(10), 7.

Justin

 

A description of the value of each step within the 7 S model to implementing change with the organization, including at least one supportive example

The 7-S Model was created by McKinsey and Company in the 1980’s, providing leaders with a way to identify the elements of their organization that must be in alignment if they want to effectively implement their strategy for creating and sustaining competitive advantage (Dyer, Godfrey, Jensen, & Bryce, 2016). The 7 elements include: (a) strategy, (b) structure, (c) systems, (d) staffing, (e) skills, (f) style, and (g) shared values (Dyer et al., 2016). The strategy is an organization’s plan to create and sustain their competitive advantage (Dyer et al., 2016). The structure of an organization divides the tasks and labor throughout the organization’s members (Dyer et al., 2016). Furthermore, structure identifies the authority structure, creates accountability, and provides an opportunity for performance measurement of a single organizational unit (Dyer et al., 2016). Two examples of organizational structure are the matrix structure and the M-form corporation (Dyer et al., 2016). The systems element identifies the organizational processes that coordinate and control the work performed throughout the firm (Dyer et al., 2016). This could include the information system and how it affects different parts of the organization. The staffing element of the 7-S Model includes the human resource management of the organization, to include recruiting, hiring, training, firing, etc.  (Dyer et al., 2016). Leaders must identify their recruiting strategy, their training strategy, and if they want to promote from within the company or not. The skills element not only refers to the abilities of the organization’s members, but also how well the leaders are able to combine the talent of their employees to create competitive advantage (Dyer et al., 2016). The skills element is closely related to the staffing element, as it will help determine who a firm must hire and/or train. The style element describes the interpersonal relationships within an organization  (Dyer et al., 2016). Style can usually be described as formal or informal, and heavily affects the culture of the organization (Dyer et al., 2016). Lastly, the shared values element describes the values and priorities of the organization (Dyer et al., 2016). What the organization’s members deem important can be referred to as superordinate goals, and help create shared values and the culture of the organization (Dyer et al., 2016).

An analysis of which one or two specific component(s) of the 7 S Model could be most helpful from a change management perspective, including at least one supportive example

I believe the shared values element of the 7-S model could be the most helpful from a change management perspective. To create culture, leaders must clearly identify the values and priorities of the organization. These values should be used as the foundation of all decision making and action taken within the organization. For example, Nordstrom attempts to create the value of respect and extraordinary customer service by telling stories that provide examples of the behavior they expect from their employees (Dyer et al., 2016). Peters (2011) explains the importance of creating a culture of empowerment and responsibility to quickly solve problems. To be able to continuously learns, the members of an organization must scrutinize the shared values element of the model and correct errors as needed (Peters, 2011). Leaders must find a way to create their desired culture so that all stakeholders are operating with the same values and priorities.

An explanation for which specific component(s) of the 7 S Model could be most challenging when implementing organizational change, including at least one supportive example

In relation to my previous response, I believe that creating shared values in an organization could be the most challenging when implementing organizational change. As I mentioned above, leaders must find a way to ensure that everyone in the organization shares values, virtues, and priorities. If this does not happen, the members of the organization will be working with different agendas, which does not optimize the chances of creating and sustaining competitive advantage. Furthermore, because shared values is one characteristic of an organization’s culture, it greatly affects the style element of the 7-s Model. Leaders must understand the importance of creating shared values and more importantly, understand that shared values will take a long time to influence and change (Dyer et al., 2016). Changing style and shared values may take decades (Dyer et al., 2016).

References

Dyer, J.H., Godfrey, P., Jensen, R., & Bryce, D. (2016). Strategic management: Concepts and tools for creating real world strategy. Retrieved from https://mbsdirect.vitalsource.com

Peters, T. (2011). McKinsey 7-S model. Leadership Excellence Essential, 28(10), 7. Retrieved from https://eds-b-ebscohost-com.ezp.waldenulibrary.org