COMP1806 Information Security Contribution

(2024/25) Coursework 60% of course

Module Leader Release Date Deadline Date
Dr Sakshyam Panda 11th Oct 2024 22nd Nov 2024
This coursework should take an average student who is up to date with the module content approximately 20
hours. Feedback and grades are normally made available within 21 days from the coursework deadline.
Learning Outcomes: A, B, C, D, E

Plagiarism is presenting somebody else's work as your own. It includes copying information directly from the
Web or books without referencing the material; submitting joint coursework as an individual effort; copying
another student's coursework; stealing coursework from another student and submitting it as your own
work. Suspected plagiarism will be investigated and if found to have occurred will be dealt with according to the
procedures set down by the University. Please see your student handbook for further details of what is / isn't
plagiarism.

All material copied or amended from any source (e.g. internet, books) must be referenced correctly according
to the Harvard reference style.

If you use AI in the process of undertaking your assignment, for example to create an outline of your
assignment or to summarize articles, you should acknowledge this by adding a declaration at the end of your
work. Check the links below for detailed information on the use of AI for your studies.

• Guidance on how to use AI effectively, and how to reference ChatGPT and other generative AI in your
work.
• Declaration of AI Use (also appended to the student guidance).

Your work will be submitted for plagiarism checking. Any attempt to bypass our plagiarism detection systems
will be treated as a severe Assessment Offence.

Coursework Submission Requirements

• An electronic copy of your work for this coursework must be fully uploaded by the Deadline Date.
• For this coursework you must submit a single Acrobat PDF document. In general, any text in the
document must not be an image (ie must not be scanned) and would normally be generated from other
documents (eg MS Office using "Save As .. PDF"). An exception to this is handwritten mathematical
notation, but when scanning do ensure the file size is not excessive.
• Make sure that any files you upload are virus-free and not protected by a password or corrupted
otherwise they will be treated as null submissions.
• Your work will not be printed in colour. Please ensure that any pages with colour are acceptable when
printed in Black and White.

Coursework Regulations
• If you have Extenuating Circumstances, you may submit your coursework up to two weeks after the
published deadline without penalty but this is subject to acceptance of your claim by the Faculty
Extenuating Circumstances Panel.
• Late submissions will be dealt with in accordance with University Regulations.
• Coursework submitted more than two weeks late may be given feedback but will be recorded as a non-
submission regardless of any extenuating circumstances.
 • Do not ask the lecturers for extensions to published deadlines - they are not authorised to award an
extension.
• All courseworks must be submitted as above. Under no circumstances can they be accepted by
academic staff.
Please refer to the University Portal for further detail regarding the University Academic Regulations concerning
Extenuating Circumstances claims.

Coursework Specification
Attack vs Defence for Machnine Learning and AI-powered Systems

Admin details
Students are encouraged and allowed to work in teams of 4 or 5 members (strictly not more than 5). Half of the
team members (at least 2) will be the “Defence” team and the rest of the members will be the “Attack” team. Each
team will submit a single coursework file (PDF). Members of a team must elect a team head who is going to submit
the essay to the Moodle area on behalf of the entire team, while you must include all names of students in this
submission. All members of the team will receive the same mark. You must discuss and agree amongst yourselves
how the work will be split. The submission file must strictly adhere the following guidelines to avoid marks
reduction, which is usually 10% of the final coursework mark as a penalty for not following the exact guidelines.
For example, there is 10% penalty (rounded to the closest 10) if you do not adhere to any of the following:
• precisely following the template,
• name your file as explained below, and
• abide by the rule of a length of strictly 6 pages including references.

For this coursework, you will need to submit a PDF-format written essay named, e.g. for a team of five members
“COMP1806_2022_Surname1_Surname2_Surname3_Surname4_Surname5.pdf” where “SurnameX” should be
replaced by the surnames of the team memebers. The order of the surnames is irrelevant and you can choose any
order for entering the surnames. Alphabetic order is a recommended approach.

The final output will be a six-pages report (including references) according to the template provided as a separate
file in the Coursework folder in Moodle. This and only this must be used for preparing your essay. You may organise
your sections and subsections the way you find more suitable to your writing style.

Technical details
The goals of this essay are:
• to design a use case scenario for assessment.
• to propose and design an attack graph model for the selected organisation.
• to propose and discuss different attacking methods targeting Machine Learning (ML)-based assets.
• to propose and discuss defending methods to prevent the exploitation of the ML assets.

You must select one of the following use cases for carrying out your coursework:
• healthcare (hospital)
• autonomous vehicles (cars, drones, etc – just one type of them)
• online shopping
• smart homes
• smart cities

Do not forget to cite articles that discuss your attacking and defending methods. You must discuss these methods
within the context of your use case rather than blindly repeating their description from the literature. Try to connect
the different attacking methods, whenever possible, so that your report has a strong narrative. All articles must be
referenced appropriately. Use Google Scholar ([Link] for finding papers. It also gives you the
functionality of copying the reference of any paper you will choose to use. Be consistent and use the same
referencing style, i.e. Harvard, throughout your essay, as provided in the coursework template.

The assessment of the essay is based on the Assessment criteria in the form of a Rubric on the next page. You will
need to use the knowledge acquired during weeks 1-6. It is left to you to decide the technical depth of your report
as this choice is reflected in the marking scheme.

Marking Scheme – Rubric

The following Rubric matrix demonstrates the exact criteria that your report will assessed against
Grade Description
Assessment Domain 1: Knowledge and understanding of content (25%)
Assessment description: Accurate knowledge and critical and comprehensive understanding of the well-
established principles, theories, and concepts of their area(s) of study, and of the way in which those
principles have been developed. Demonstrates an awareness of different ideas, contexts, and frameworks,
and recognition of those areas where the knowledge base is most or least secure.
0%- Little or no understanding of the discussed and analysed information security concepts. There is
29% very little evidence of engagement with the key elements. Overall, a very unsatisfactory attempt.
30%- A poor understanding of the discussed and analysed information security concepts. There is
39% insufficient evidence of engagement with the key elements. Overall, an unsatisfactory attempt.
Has demonstrated a satisfactory level of understanding of the discussed and analysed information
40%-
security concepts. There are a few notable omission SECs and there is limited evidence of
49%
engagement with all key elements. Overall, a satisfactory attempt at these criteria.
Has demonstrated a good understanding of the discussed and analysed information security
50%-
concepts. There is also some good evidence of engagement with most key elements with some
59%
omission of detail.
60%- There is a very good systematic understanding of the discussed and analysed information security
69% concepts. There is also some very good evidence of engagement with all key elements.
70%- Demonstrates an excellent systematic understanding of the discussed and analysed information
79% security concepts. There is also excellent evidence of engagement with all key elements.
80%- Demonstrates exceptional systematic understanding of the discussed and analysed information
100% security concepts. There is exceptional evidence of engagement with all key elements.
Assessment Domain 2: Use of Research informed evidence (20%)
Assessment description: An ability to present, evaluate and interpret qualitative and quantitative data, to
develop lines of argument and make sound judgements in accordance with basic theories and concepts of
their subject(s) of study. Comprehensive range of evidence which is interpreted with insight in its application
of context. Some perception and persuasion demonstrated. Explicit understanding of other stances. Range
of evidence and critical engagement embedded in work. Can collect and interpret appropriate data and
successfully undertake research with a degree of autonomy.
There is almost no evidence of engagement in relevant background reading. There is no real
understanding of the techniques needed for analysis or enquiry into the research around the
0%-
discussed and analysed information security concepts. You need to spend time researching and
29%
engaging with module materials to develop an understanding into these concepts and the research
that supports them.
There is a failure to engage with enough relevant literature and, where background reading is
referred to there is little evidence that it has been understood. You have little understanding of
30%-
the techniques needed for analysis or enquiry into the research around the discussed and analysed
39%
information security concepts. You need to read much more widely and improve your
understanding into these concepts and the research that supports them.
Satisfactory reference is made to background reading, but it is limited in nature and draws on a
40%-
restricted number of authors. There is some limited evidence of techniques of enquiry. There is
49%
some evidence that the literature has helped to inform your thinking and satisfactory evidence of
 use of some techniques of analysis when researching into the discussed and analysed information
security concepts.
Some good relevant reading is evident and demonstrates good understanding of the issues. There
is evidence of some use of established techniques of analysis and enquiry when researching into
50%-
the discussed and analysed information security concepts. There is also some evidence of good
59%
commentary on aspects that include are mostly current research and scholarship into the
discussed and analysed information security concepts.
A very good range of appropriate literature is used. Views are discussed and arguments presented
with reference to this literature, and there is evidence of very good deployment of established
60%-
techniques of analysis and enquiry when researching into the discussed and analysed information
69%
security concepts. There is also evidence of very good commentary on aspects of current research
and scholarship into the discussed and analysed information security concepts.
You provide an extensive range of current and appropriate literature to support your strong
arguments and different perspectives, and you provide excellent commentary and strong
70%-
scholarship into the discussed and analysed information security concepts. An excellent ability to
79%
deploy established techniques of analysis and enquiry when researching into the discussed and
analysed information security concepts.
An extensively wide range of current and appropriate literature is presented to support your strong
80%- arguments and different perspectives, and you provide exceptional commentary and advanced
100% scholarship into the discussed and analysed information security concepts. An exceptional ability
to deploy established techniques of analysis and enquiry when researching into these concepts.
Assessment Domain 3: Evaluation and analysis (20%)
Assessment description: Demonstrates systematic thinking and the ability to critical evaluate arguments
and make judgements. Use a range of established techniques to initiate and undertake critical analysis of
information, and to propose solutions to problems arising from that analysis. An understanding of the limits
of their knowledge, and how this influences analyses and interpretations based on that knowledge.
No argument is provided to demonstrate your understanding of knowledge available on the
0%-
discussed and analysed information security concepts. You present no evidence of a hypothesis
29%:
and no real exploration of any literature.
Little in the way of argument is provided to demonstrate your understanding of knowledge
30%-
available on the discussed and analysed information security concepts. You present no real
39%:
hypothesis and explore very little literature around this.
A satisfactory ability to present some elements of an argument using your understanding of the
40%-
knowledge you have researched around the discussed and analysed information security concepts.
49%:
You present some evidence of a hypothesis and some exploration of this.
You demonstrate a good ability to devise and present a mostly clear argument using your
50%- understanding of the knowledge you have gained around the discussed and analysed information
59%: security concepts. You present evidence of a clear hypothesis and at times you justify your
approaches to exploring this.
You demonstrate a very good ability to devise and sustain a clear argument. Very good
60%- understanding of some of the limits in the knowledge available around the discussed and analysed
69%: information security concepts. Very good hypothesis presented and a justified approach to
exploring this.
An excellent ability to devise and sustain a comprehensive argument. Excellent understanding of
70%- both the limits and the gaps in the knowledge available around the discussed and analysed
79%: information security concepts. Strong hypothesis presented and well-justified approaches to
exploring this.
An exceptional ability to devise and sustain a comprehensive argument. An exceptional
80%- understanding of both the limits and the gaps in the knowledge available around the discussed and
100%: analysed information security concepts. Very strong hypothesis presented and well-justified
approaches to exploring this.
Assessment Domain 4: Communication, Organisation and Presentation (20%)
Assessment description: Produce a coherent and well-structured assessment which effectively
communicates information, arguments, and analysis in a variety of forms to specialist and non-specialist
audiences and deploy key techniques of the discipline effectively. Emerging evidence of innovation and/or
well-judged experimentation. Use of clear, accurate English, well organised, with flow and progression.
No structure presented and the assessment includes a significant number of errors in Standard
0%-
English. It lacks academic style, and this impedes flow. Further proofreading clearly needed and
29%
additional support for academic writing.
Little structure and the work are hampered by errors in Standard English. It lacks academic style
30%-
and does not flow well. Further proofreading clearly needed and additional support for academic
39%
writing.
The structure is satisfactory overall but does need improvement. Many errors appear in the use of
40%-
Standard English (possibly due to poor proof reading). The work does not flow well in several
49%
places, and this affects clarity.
A good structure for the most part. The work observes many academic conventions in style and
50%-
content and is mostly presented in Standard English, with some errors and omissions. Some
59%
sentence structure also needs revision, and this can affect the flow of your work in places.
A very good structure – with clear presentation and organisation of ideas. The work observes
60%-
almost all academic conventions in style, content and is presented well, mostly using Standard
69%
English throughout. The majority of this work uses a style which flows well.
Excellent structure and very well organised ides. The written English is of a very high standard and
70%-
the work observes all academic conventions in style and content. Excellent flow and style and a
79%
pleasure to read.
This assessment is exceptionally well structured and organised. The written English is of an
80%-
extremely high standard and observes all academic conventions in style and content. The
100%
assessment flows exceptionally well and is a pleasure to read.
Assessment Domain 5: Referencing and coverage (15%)
Assessment description: Sources used are all acknowledged in the text and reference list/bibliography using
correct academic citation – including online sources. Bibliography is wide and extensive, and sources cited
in text are predominately primary sources. Evidence of broad, independent reading from appropriate
sources.
The assignment lacks a reference list/bibliography, or it is incorrectly laid out. Referencing system
0%-
within the assignment (i.e., Harvard) has not been followed and you need further support with
29%:
this.
The reference list/bibliography has many errors in its layout. Many references in the main text are
30%-
incomplete or incorrect and may be missing from the bibliography. You need further support with
39%
this.
The assignment includes citations within the main body and has a reference list /bibliography.
40%-
However, this referencing is often inaccurate and/or there are several omissions. Reading list is
49%
short and limited. An over reliance on secondary sources
Literature is not always correctly referenced within the text and/or reference list/bibliography.
50%-
Almost all texts are included in bibliography. Reading list is good in terms of number of sources but
59%
there are several secondary sources.
Sources used are almost all acknowledged in the text and the reference list/bibliography, mostly
60%-
using correct citation – including most online sources. A very good approach to academic practice.
69%
Bibliography is very good in its breadth and depth and most sources are primary sources.
Sources used are all acknowledged in the text and the reference list/bibliography, using correct
70%-
citation – including online sources. Follows an excellent, professional approach to academic
79%
practice. Bibliography is also excellent in its breadth and depth and all sources are primary sources.
Sources used are, without exception, acknowledged in the text and the reference list/bibliography,
80%- using correct citation – including online sources. Follows an exceptionally strongly professional
100% approach to academic practice. Bibliography is also exceptional in its breadth and depth and all
sources are primary sources.