6CCS3NSE/7CCSMNSE Network Security

Page 1 of 6

6CCS3NSE/7CCSMNSE

Network Security

6CCS3NSE/7CCSMNSE Network Security 

2023-24 Academic Year

Coursework Specification

Module title: Network security

Module code: 6CCS3NSE/7CCSMNSE

Coursework title: Network attack and defence

Individual or group: This coursework can be done in a group or individually. The group 

size depends on the experimental needs and is capped at a maximum 

of 4. If working in a group, all group members are awarded the same 

mark that is awarded to the submitted coursework. 

Once you have formed a group offline, everyone must use the link 

register your group. If you are doing the coursework individually then 

you should register a group too, but your group will have just 1 

member. 

Weight of the overall assessment 

for this module

15%

Learning outcomes assessed in 

this coursework

• Demonstrate knowledge of security properties for networks and 

the principal approaches to guaranteeing those properties

• Demonstrate an understanding of network attacks

• Demonstrate an understanding of network defence

Data work handed out: 9

th February 2024

Data work to be handed in: 24

th April 2024

Target date for the return of the 

marked assignment:

within 4 weeks of handed in

Submission requirements: Each submission (individually or in a group) should contain a report 

of maximally 1500 words or a video of maximum 15 minutes long. If 

working in a group, 1 submission only is required per group.

Page 2 of 6

The goal of this coursework is to apply the knowledge and the understanding from the classroom in a real 

network scenario. The overall task is to create a network, run and observe normal traffic, then launch 

network attacks, and observe the impact on network performance. Finally use network defence 

mechanisms to protect the network and observe the effectiveness. It contains several levels of tasks, and a 

total mark of 100.

Level 1: Build a network and test its connectivity (20 marks)

At this level, you are supposed to build a network using the module VMs or mininet. 

• Draw a diagram to show the topology代写6CCS3NSE/7CCSMNSE Network Security of your network. Each computer on the diagram should have 

its IP address labelled. 

• Test connectivity of the network by using the ping command. 

o If work in a group using VM, full connectivity between any two machines should be tested.

You should also test the connectivity to the Internet on VM. 

o If you use mininet, also show the connectivity between each host in your network. Hosts in 

mininet can also be connected to the Internet but it requires extra configuration so is not 

compulsory at this level. 

Level 2: Generate and analyse traffic on your network (20 marks)

At this level, you are supposed to generate some network traffic on your network, observe the traffic in 

network sniffer(s) and measure network performance. This step is important as it builds the benchmark for 

you to compare with later levels.

• Generate traffic.

o It is your choice of what kind of traffic you want to generate via standard Internet 

applications or a tool you research and find to generate Internet traffic. 

o You may use Internet applications to generate traffic. For example, you can open a web 

browser on your VM. 

o You may use the tool iperf to generate traffic such as UDP and TCP on your network. This 

makes the volume of the traffic easily controllable. Iperf can be used on VM and mininet. 

• Traffic analysis

o Use tcpdump or wireshark to monitor the traffic.

o Analyse the traffic at protocol level, packet level and flow level using wireshark

• Network performance analysis

o Analyse the performance of the TCP/UDP traffic such as throughput, delay and packet loss. 

You can get the performance data from iperf output or wireshark statistics. 

Level 3: Network attack(s) (25 marks)

At this level, let’s see how network attacks impact the network. 

• Generate normal traffic as you have done at level 2

• Generate an attack or multiple attacks such as ICMP flooding, TCP SYN flooding, IP spoofing or any 

other, when the normal traffic is ongoing

o Remember you can use multiple machines/VMs or multiple hosts in mininet 

o You can use hping3 or any other tools

Page 3 of 6

• Analyse how network attacks impact the network, via traffic analysis and network performance 

analysis by comparing the results with that at level 2. 

Level 4: Network defence (25 marks)

At this level, let’s see how firewall(s) in your network can defend the victim from the attacks. 

• Set a firewall on your network and configure its rules. You can use iptables on the VMs or in 

mininet. You can also choose to use other firewalls. Multiple rules can be used for the defence.

• Generate the normal traffic as you have done at level 2.

• Generate the attacks as you have done at level 3. 

• Show how the firewall works to mitigate the attacks.

• Compare and analyse the performance of level 2, 3, and 4 to demonstrate the effectiveness of the 

firewall.

Level 5: Critical evaluation and reflection (10 marks)

Critically evaluate what you have learnt from this coursework technically and socially. If you are in a group, 

each of you must tell your role in the experiment (attacker/victim) and what you have contributed to the 

design, development and running of the experiment. 

Submission

A report of maximum 1500 word that describes your experiments from level 1 to level 4 and analysis and

includes the critical evaluation and reflection at level 5. The report should be a PDF file. 

The report should be named as “24nse.gxxx.pdf”, where xxx is your group number. For example, if your 

group number is 2, the filename should be “24nse.g001.pdf”.

Or 

A video of maximum 15 minutes that demonstrates the experiments from level 1 to level 4 and analysis, 

and your verbal reflection at level 6. Each group member must say their reflection in the video. The video 

should be an mp4 file. 

The mp4 should be named as “24nse.gxxx.mp4”, where xxx is your group number. For example, if your 

group number is 2, the filename should be “24nse.g001.mp4”.

Marking

Marking is based on the marking scheme above from evidence in the submitted report or video. See 

marking rubrics next page. 

Page 4 of 6

Marking Rubrics

Level 1: Build a network and test its connectivity (20 marks)

Rubrics Marks

Excellent description or demonstration of a network built in VM or mininet. 

Network topology clearly drawn in report or shown in video with IP addresses of 

nodes marked correctly. Connectivity fully tested and shown in report by 

screenshots or in video by demonstration. 

15-20

A network built in VM or mininet. Network topology clearly drawn in report or 

shown in video with IP addresses of nodes marked correctly. Connectivity fully 

tested and shown in report by screenshots or in video by demonstration. 

There could be minor slips in description or demonstration. 

10-14

A network built in VM or mininet. Network topology drawn in report or shown in 

video with IP addresses of nodes marked. Some connectivity tested and shown

in report by screenshots or in video by demonstration. 

Errors are found in the drawing/testing. 

Not all necessary screenshots are provided in report or demonstrations not 

shown in video. 

5-9

Some attempt of building the network. 1-4

No network is built. 0

Level 2: Generate and analyse traffic on your network (20 marks)

Rubrics Marks

Excellent description or demonstration of sensible traffic generated on the 

network built at level 1, using iperf or other tools of choice. Excellent traffic 

analysis and network performance analysis.

Screenshots of traffic generation and traffic analysis are included in report or 

demonstrated in video submission. 

15-20

Good description or demonstration of sensible traffic generated on the network 

built at level 1, using iperf or other tools of choice. Good traffic analysis traffic 

analysis and network performance analysis.

Screenshots of traffic generation and traffic analysis are included in report or 

demonstrated in video submission. 

10-14

Some traffic generated on the network built at level 1, using iperf or other tools 

of choice. Some traffic analysis and network performance analysis but may 

contain some errors.

5-9

Page 5 of 6

Limited screenshots of traffic generation and traffic analysis are included in 

report or demonstrated in video submission. 

Some attempt of generating the traffic and analysis. 1-4

No attempt of generating traffic. 0

Level 3: Network attack(s) (25 marks)

Rubrics Marks

Excellent description or demonstration of multiple network attacks executed in 

the network. Excellent analysis on how network attacks impact the network via 

traffic analysis and network performance analysis compared with level 2. 

Screenshots of network attacks and analysis are included in report or 

demonstrated in video submission.

18-25

Good description or demonstration of one or multiple network attacks executed 

in the network. Good analysis on how network attacks impact the network via 

traffic analysis and network performance analysis compared with level 2. 

Screenshots of network attacks and analysis are included in report or 

demonstrated in video submission.

12-17

Some attack(s) generated on the network but may not be completed. Some 

analysis on how network attacks impact the network via traffic analysis and 

network performance analysis but not well explained. 

Limited screenshots of network attacks and analysis are included in report or 

demonstrated in video submission.

6-11

Some attempt of generating attacks. 1-5

No attempt of generating attacks. 0

Level 4: Network defence (25 marks)

Rubrics Marks

Effective firewall rule setup to block the attack. Excellent description or 

demonstration on how the firewall defends the network. Excellent traffic 

analysis and performance evaluation through comparison of level 2, 3 and 

4. 

Screenshots of firewall setup and experiments are included in report or 

demonstrated in video submission.

18-25

Good firewall rule setup to block the attack. Good description or 

demonstration on how the firewall defends the network. Good traffic 

12-17

Page 6 of 6

analysis and performance evaluation through comparison of level 2, 3 and 

4.

Screenshots of firewall setup and experiments are included in report or 

demonstrated in video submission.

Some firewall setup to block the attack but may not be effective. Some 

description or demonstration on how the firewall defends the network. 

There may be errors in traffic analysis and performance evaluation 

through comparison of level 2, 3 and 4.

Limited screenshots of firewall setup and experiments are included in report or 

demonstrated in video submission.

6-11

Some attempt of defending the network 1-5

No attempt of defending the network 0

Level 5: Critical evaluation and reflection (10 marks)

Rubrics Marks

Critical evaluation and reflection both technical and social aspects. 6-10

Some evaluation and reflection but may not be critical. 1-5

No attempt 0