RET at UC

Research Experience for Teachers (2018-2019)

Using Statistics to Detect Cyber Intrusions

Adam Mesewicz's Poster
Author: Adam Mesewicz
Unit Title: Using Statistics to Detect Cyber Intrusions
Grade Level: 11 - 12
Subject: Statistics
Estimated Duration: 2 - 3 Weeks
Unit Activities:

Pre/Post Test:

A 10 question quiz, covering the statistical principles
they will be learning in this unit. The same quiz will be
given after the unit is taught.
Keywords:
  • Cybersecurity
  • Network Intrusion Detection
  • Summarizing Univariate Statistics
  • Normal Distribution
  • Z-Score

The Big Idea (including global relevance)

Cybersecurity is one of the most important emerging fields of the 21st century. The challenges that arise when attempting to secure cyberspace, combined with the increasing amount of information technology being integrated into physical systems, require that individuals who intend to work in the field must have a strong foundation in math and science principals. The Big Idea of this unit is learning how statistical methods can be used to detect.


Essential Questions

  • How is information transmitted over wireless networks?
  • How does a "bad actor" hack into a wireless network?
  • How can we defend against attacks over a wireless network?
  • Can we analyze network traffic to detect intruders?
  • Is there a relationship between network traffic and intrusion by outsiders?

The Hook

  • I will take my students outside and have one connect to the Parrot drone via wifi. I will allow them to fly the drone around and have some fun with it before I use my computer to take over the control and land it by my side.

The Challenge

Use various statistical tests, along with cybersecurity tools to determine whether or not bad actors are attempting to attack a network.


Guiding Questions

  • How do you think computers communicate with each other?
  • With such a large amount of data available in PCAP files, what are some methods we can use to summarize all of it?
  • How can we use knowledge of “normal” network traffic to identify malicious users


ACS (Real world applications; career connections; societal impact)

Cybersecurity is an issue that affects millions of Americans every year. Both individual citizens and businesses serve as targets for malicious hackers, and the hackers are only becoming more sophisticated with their attacks. With an understanding of basic cybersecurity concepts, students will be able to take steps to prevent an attack on themselves, and will begin to understand the steps professionals take to prevent these attacks from occurring at a massive scale.

This challenge provides a simplified version of a real world scenario. In the real world, information security experts have a plethora of tools to detect network intrusion. In our exercise, we will be using one specific tool and analyze the data it gives us with statistical concepts.

  • Information Security Analyst
  • Network Administrator
  • Cybersecurity Engineer

Misconceptions

  • The way in which computers transmit information is commonly misunderstood. Students are going to need to be able to think abstractly to understand that all of the information and content they receive on any of their connected devices is transmitted via wire in a series of zeros and ones. Once students can comprehend this system, then the difficult concepts that underlie IP Addresses, Packet Transfer, Routers, Internet Protocols and Packet Sniffing will become accessible.


Unit Lessons and Activities

  • Lesson 1: Information Transfer - Lesson 1 will focus on getting students hooked on the idea of Cybersecurity, and will also cover how univariate data can be summarized. I will teach students about the basics of information transfer over the internet, and will exemplify the vulnerabilities that exist by “hacking” a drone.
    • Activity 1: Hook (drone hack), Introduction of the Big Idea, Generating Essential Questions, Challenge and Guiding Questions (4 days)
    • Activity 2: Analyzing Packet Transfer with Univariate Statistics (2 days)

  • Lesson 2: Determining the Likelihood of an Attack - Lesson 2 will build on the cybersecurity principles that students will have learned in the first lesson. Now that students have learned and practiced summarizing univariate data by looking at network traffic, they will progress to determining the probability that an attack will take place using the normal distribution.
    • Activity 3: Identifying Attacks Using Z- Scores (3 days)
  • Evidence of CBL:
  • Evidence of EDP:


Additional Resources

  • Kali Linux OS
  • Laptop with Wireless Card that Supports airplay-ng
  • Wifi Controlled Drone (Ex: Parrot Bebop)
  • Worksheets for Activities