Introduction: Any IT graduate involved in IT security will need to be able to adapt and respond to unfamiliar and changing security threats and to evaluate and use new tools. To be capable in their pr

Introduction: Any IT graduate involved in IT security will need to be able to adapt and respond to unfamiliar and changing security threats and to evaluate and use new tools. To be capable in their profession, graduates need to be able to apply skills through design and planning, categorisation, evaluation and analyse of tools, techniques, threats and procedures.

Attack & Security Tools: PHISHING (3000 WORDS)

You will need to research 1 tool attacker’s use, and 1 security tool used to counter attackers in the area chosen. Your assignment involves running both tools, evaluating and analysing their use in means to evade or detect threats/detection. That is, how are you going to use these tools? To show how attackers can bypass detection, or how tools can be used to detect this threat type? Or show how both operate? From this perspective, you should justify your choice (over others), install, run and demonstrate the use of tools, producing some output or results. You should analyse and evaluate the usage and results from both attacker and defender perspectives, and potential impact. Be sure to discuss threats and countermeasures of these risks.

Attacker or Malware Analysis (scenario)

1. Using scripts and web services, trace (over 50) spam e-mails to their source as best as you can, try to detect them

To evaluate the spam, you are required to implement a spam detection engine (either in R or Python: there are many resources and datasets on GitHub). After investigating the sources of your spam, you should outline the purpose of the spam and impact it may have. Then you should first train and test a detection model, and have it predict the emails you obtained. You should analyse and evaluate the usage and results (confusion matric metrics) from both attacker and defender perspectives, and include language, topics, spam technique (to trick the target or bypass the filter) along with visualisation.

• Collect spam
• Collect ham and maybe some examples (you’ll know what ham is if you look properly here)
• Define a scenario, risks, and threats. What is the impact of spam, challenges to stopping it etc.
• Process data, train machine learning, run, document, and justify your choice of algorithms
• Analyse/contrast, evaluate/judge/critique/summarise the result, challenges, usage, impact and threat/need within the security landscape + discuss this from a security professional’s perspective and make reference to attacker too. Did you succeed in detecting your new spam? Why? Why not? Is this because of language, the techniques?

References

All externally sourced information (i.e. not common knowledge or course material) must be cited. Referencing conventions required for this unit are: Vancouver (as used by IEEE).