Page 1 of 6
6CCS3NSE/7CCSMNSE
Network Security
6CCS3NSE/7CCSMNSE Network Security 
2023-24 Academic Year
Coursework Specification
Module title: Network security
Module code: 6CCS3NSE/7CCSMNSE
Coursework title: Network attack and defence
Individual or group: This coursework can be done in a group or individually. The group 
size depends on the experimental needs and is capped at a maximum 
of 4. If working in a group, all group members are awarded the same 
mark that is awarded to the submitted coursework. 
Once you have formed a group offline, everyone must use the link 
register your group. If you are doing the coursework individually then 
you should register a group too, but your group will have just 1 
member. 
Weight of the overall assessment 
for this module
15%
Learning outcomes assessed in 
this coursework
• Demonstrate knowledge of security properties for networks and 
the principal approaches to guaranteeing those properties
• Demonstrate an understanding of network attacks
• Demonstrate an understanding of network defence
Data work handed out: 9
th February 2024
Data work to be handed in: 24
th April 2024
Target date for the return of the 
marked assignment:
within 4 weeks of handed in
Submission requirements: Each submission (individually or in a group) should contain a report 
of maximally 1500 words or a video of maximum 15 minutes long. If 
working in a group, 1 submission only is required per group.
Page 2 of 6
The goal of this coursework is to apply the knowledge and the understanding from the classroom in a real 
network scenario. The overall task is to create a network, run and observe normal traffic, then launch 
network attacks, and observe the impact on network performance. Finally use network defence 
mechanisms to protect the network and observe the effectiveness. It contains several levels of tasks, and a 
total mark of 100.
Level 1: Build a network and test its connectivity (20 marks)
At this level, you are supposed to build a network using the module VMs or mininet. 
• Draw a diagram to show the topology of your network. Each computer on the diagram should have 
its IP address labelled. 
• Test connectivity of the network by using the ping command. 
o If work in a group using VM, full connectivity between any two machines should be tested.
You should also test the connectivity to the Internet on VM. 
o If you use mininet, also show the connectivity between each host in your network. Hosts in 
mininet can also be connected to the Internet but it requires extra configuration so is not 
compulsory at this level. 
Level 2: Generate and analyse traffic on your network (20 marks)
At this level, you are supposed to generate some network traffic on your network, observe the traffic in 
network sniffer(s) and measure network performance. This step is important as it builds the benchmark for 
you to compare with later levels.
• Generate traffic.
o It is your choice of what kind of traffic you want to generate via standard Internet 
applications or a tool you research and find to generate Internet traffic. 
o You may use Internet applications to generate traffic. For example, you can open a web 
browser on your VM. 
o You may use the tool iperf to generate traffic such as UDP and TCP on your network. This 
makes the volume of the traffic easily controllable. Iperf can be used on VM and mininet. 
• Traffic analysis
o Use tcpdump or wireshark to monitor the traffic.
o Analyse the traffic at protocol level, packet level and flow level using wireshark
• Network performance analysis
o Analyse the performance of the TCP/UDP traffic such as throughput, delay and packet loss. 
You can get the performance data from iperf output or wireshark statistics. 
Level 3: Network attack(s) (25 marks)
At this level, let’s see how network attacks impact the network. 
• Generate normal traffic as you have done at level 2
• Generate an attack or multiple attacks such as ICMP flooding, TCP SYN flooding, IP spoofing or any 
other, when the normal traffic is ongoing
o Remember you can use multiple machines/VMs or multiple hosts in mininet 
o You can use hping3 or any other tools
Page 3 of 6
• Analyse how network attacks impact the network, via traffic analysis and network performance 
analysis by comparing the results with that at level 2. 
Level 4: Network defence (25 marks)
At this level, let’s see how firewall(s) in your network can defend the victim from the attacks. 
• Set a firewall on your network and configure its rules. You can use iptables on the VMs or in 
mininet. You can also choose to use other firewalls. Multiple rules can be used for the defence.
• Generate the normal traffic as you have done at level 2.
• Generate the attacks as you have done at level 3. 
• Show how the firewall works to mitigate the attacks.
• Compare and analyse the performance of level 2, 3, and 4 to demonstrate the effectiveness of the 
firewall.
Level 5: Critical evaluation and reflection (10 marks)
Critically evaluate what you have learnt from this coursework technically and socially. If you are in a group, 
each of you must tell your role in the experiment (attacker/victim) and what you have contributed to the 
design, development and running of the experiment. 
Submission
A report of maximum 1500 word that describes your experiments from level 1 to level 4 and analysis and
includes the critical evaluation and reflection at level 5. The report should be a PDF file. 
The report should be named as “24nse.gxxx.pdf”, where xxx is your group number. For example, if your 
group number is 2, the filename should be “24nse.g001.pdf”.
Or 
A video of maximum 15 minutes that demonstrates the experiments from level 1 to level 4 and analysis, 
and your verbal reflection at level 6. Each group member must say their reflection in the video. The video 
should be an mp4 file. 
The mp4 should be named as “24nse.gxxx.mp4”, where xxx is your group number. For example, if your 
group number is 2, the filename should be “24nse.g001.mp4”.
Marking
Marking is based on the marking scheme above from evidence in the submitted report or video. See 
marking rubrics next page. 
Page 4 of 6
Marking Rubrics
Level 1: Build a network and test its connectivity (20 marks)
Rubrics Marks
Excellent description or demonstration of a network built in VM or mininet. 
Network topology clearly drawn in report or shown in video with IP addresses of 
nodes marked correctly. Connectivity fully tested and shown in report by 
screenshots or in video by demonstration. 
15-20
A network built in VM or mininet. Network topology clearly drawn in report or 
shown in video with IP addresses of nodes marked correctly. Connectivity fully 
tested and shown in report by screenshots or in video by demonstration. 
There could be minor slips in description or demonstration. 
10-14
A network built in VM or mininet. Network topology drawn in report or shown in 
video with IP addresses of nodes marked. Some connectivity tested and shown
in report by screenshots or in video by demonstration. 
Errors are found in the drawing/testing. 
Not all necessary screenshots are provided in report or demonstrations not 
shown in video. 
5-9
Some attempt of building the network. 1-4
No network is built. 0
Level 2: Generate and analyse traffic on your network (20 marks)
Rubrics Marks
Excellent description or demonstration of sensible traffic generated on the 
network built at level 1, using iperf or other tools of choice. Excellent traffic 
analysis and network performance analysis.
Screenshots of traffic generation and traffic analysis are included in report or 
demonstrated in video submission. 
15-20
Good description or demonstration of sensible traffic generated on the network 
built at level 1, using iperf or other tools of choice. Good traffic analysis traffic 
analysis and network performance analysis.
Screenshots of traffic generation and traffic analysis are included in report or 
demonstrated in video submission. 
10-14
Some traffic generated on the network built at level 1, using iperf or other tools 
of choice. Some traffic analysis and network performance analysis but may 
contain some errors.
5-9
Page 5 of 6
Limited screenshots of traffic generation and traffic analysis are included in 
report or demonstrated in video submission. 
Some attempt of generating the traffic and analysis. 1-4
No attempt of generating traffic. 0
Level 3: Network attack(s) (25 marks)
Rubrics Marks
Excellent description or demonstration of multiple network attacks executed in 
the network. Excellent analysis on how network attacks impact the network via 
traffic analysis and network performance analysis compared with level 2. 
Screenshots of network attacks and analysis are included in report or 
demonstrated in video submission.
18-25
Good description or demonstration of one or multiple network attacks executed 
in the network. Good analysis on how network attacks impact the network via 
traffic analysis and network performance analysis compared with level 2. 
Screenshots of network attacks and analysis are included in report or 
demonstrated in video submission.
12-17
Some attack(s) generated on the network but may not be completed. Some 
analysis on how network attacks impact the network via traffic analysis and 
network performance analysis but not well explained. 
Limited screenshots of network attacks and analysis are included in report or 
demonstrated in video submission.
6-11
Some attempt of generating attacks. 1-5
No attempt of generating attacks. 0
Level 4: Network defence (25 marks)
Rubrics Marks
Effective firewall rule setup to block the attack. Excellent description or 
demonstration on how the firewall defends the network. Excellent traffic 
analysis and performance evaluation through comparison of level 2, 3 and 
4. 
Screenshots of firewall setup and experiments are included in report or 
demonstrated in video submission.
18-25
Good firewall rule setup to block the attack. Good description or 
demonstration on how the firewall defends the network. Good traffic 
12-17
Page 6 of 6
analysis and performance evaluation through comparison of level 2, 3 and 
4.
Screenshots of firewall setup and experiments are included in report or 
demonstrated in video submission.
Some firewall setup to block the attack but may not be effective. Some 
description or demonstration on how the firewall defends the network. 
There may be errors in traffic analysis and performance evaluation 
through comparison of level 2, 3 and 4.
Limited screenshots of firewall setup and experiments are included in report or 
demonstrated in video submission.
6-11
Some attempt of defending the network 1-5
No attempt of defending the network 0
Level 5: Critical evaluation and reflection (10 marks)
Rubrics Marks
Critical evaluation and reflection both technical and social aspects. 6-10
Some evaluation and reflection but may not be critical. 1-5
No attempt 0

请加QQ：99515681  邮箱：99515681@qq.com   WX：codinghelp