Post on 28-Jun-2015
1.INTRODUCTION
There are several types of such attacks. An attacker can possibly launch aDoSattack by studying the flaws of network protocols or applications and then sending malformed packets which might cause the corresponding protocols or applications getting into a faulty state. An example of such attacks is Teardrop attack, which is sending incorrect IP fragments to the target. The target machine may crash if it does not implement TCP/IP fragmentation reassembly code properly. This kind of attacks can be prevented by fixing the corresponding bugs in the protocols or applications. However, the attacker does not always have to do its best to study the service if it wants to make it unavailable. It can just flood packets to keep the server busy with processing packets or cause congestion in the victim’s network, so that the server might not have the ability to handle the packets from legitimate hosts or even cannot receive packets from them .In order to deplete the victim’s key resources (such as bandwidth and CPU time), the attacker has to aggregate a big volume of malicious traffic. Most of the time, the attacker collects many (could be millions) of zombie machines or bots to flood packets simultaneously, which forms a Distributed Denial of Service (DDoS) attack. Most of the methods that protect systems from DoS and DDoS attacks focus on mitigating malicious bandwidth consumption caused by packets flooding, as that is the most simple and common method adopted by attackers. Those methods may mitigate DDoS attacks reactively by identifying the malicious traffic and informing the upstream routers to filter or rate-limit the corresponding traffic they may also mitigate DDoS attacks by deploying secure overlays or by distinguishing the legitimate traffic with valid network capabilities. These solutions are suitable for filtering bandwidth attacks. However, the attacker may change its strategy and attack an application directly, especially when the application involves complex computations. It could be easier to exhaust its computational resources with small volume of messages. Therefore, the malicious traffic against an application has usually small volume and it is difficult to be detected. Defence methods mentioned above may help, but they might not be efficient and accurate with respect to a certain application, as they lack application related information. Considering there are numerous applications, it would be very expensive and impractical for traffic monitors to keep information for every application.
1.1ObjectiveInternet grows rapidly since it was created. Via theInternet infrastructure, hosts can
not only share their information, but also complete tasks cooperatively by contributing their computing resources. Moreover, an end host can easily join the network and communicate with any other host by exchanging packets. These are encouraging features of the Internet, openness and scalability. However, attackers can also take these advantages to prevent legitimate users of a service from using that service by flooding messages to the corresponding server, which forms a Denial of Service (DoS) attack.
There are several types of such attacks. An attacker can possibly launch aDoSattack by studying the flaws of network protocols or applications and then sending malformed packets which might cause the corresponding protocols or applications getting into a faulty state.
1
1.2 Scope
There are many network-based solutions against DDoS attacks. These solutions usually use routers or overlay networks to filter malicious traffic propose an ack-based port-hopping protocol focusing on the communication only between two parties, modeled as sender and receiver. The receiver sends back an acknowledgment for every message received from the sender, and the sender uses these acknowledgments as signals to change the destination port numbers of its messages. Since this protocol is ack-based, time synchronization is not necessary
2
2.Software Requirement Specification
2.1EXISTING SYSTEM
Internet grows rapidly since it was created, Via the Internet infrastructure, hosts can not only share their information, but also complete tasks cooperatively by contributing their computing resources. Moreover, an end host can easily join the network and communicate with any other host by exchanging packets. These are encouraging features of the Internet, openness and scalability. However, attackers can also take these advantages to prevent legitimate users of a service from using that service by flooding messages to the corresponding server.
2.2PROPOSED SYSTEM
We focus on the problem that an adversary wants to subvert the communication of client-server application by attacking their communication channels or, for brevity, ports. At each time point, some port must be open at the server side toreceive the messages sent from legitimate clients. At the server side, the size of port number space is N, meaning that there are N ports that the server can use for communication. The server and the legitimate clients share a pseudorandomfunction to generate the port numbers which will be used in the communication. We assume that there exists a preceding authentication procedure which enables the server to distinguish the messages from the legitimate clients. Wealso assume that every client is honest which means any execution of the client is based on the protocol and clients will not reveal the random function to the adversary.
2.3 Software Requirement Specifications
Content Description
OS Windows XP with SP2
Database MS-Access
Technologies C#.NET
IDE Visual Studio .Net 2010
Browser IE
2.4 Hardware Requirement specifications
3
Content Description
Processor Pentium
HDD 20 GB Min
40 GB Recommended
RAM 1 GB Min
2 GB Recommended
2.5 Problem Definition
We focus on the problem that an adversary wants to subvertthe communication of client-server application by attackingtheir communication channels or, for brevity, ports. At eachtime point, some port must be open at the server side toreceive the messages sent from legitimate clients. At theserver side, the size of port number space is N, meaning thatthere are N ports that the server can use for communication.The server and the legitimate clients share a pseudorandom function f to generate the port numbers which will be usedin the communication. We assume that there exists apreceding authentication procedure which enables the server to distinguish the messages from the legitimate clients. We also assume that every client is honest which means any execution of the client is based on the protocol and clients willnot reveal the random function to the adversary.
The attacker is modeled as an adaptive adversary which can eavesdrop and attack a bounded number of ports simultaneously. For the purpose of the analysis, we bound the strength of the adversary by Q, meaning that it can attack arbitrarily at most Q ports of the server simultaneously.We also assume that when the adversary attacks a certain port of the server then this port cannot receive any message from the clients. As mentioned in the related work section, Badishi et al. [18] presented an analysis about the effect of adversary’s different strategies when it launches blind attacks that disable open ports only partially. We donot elaborate on this again.
4
3.System Analysis
3.1 Module Description
MODULES
Analysis Network
Routing
Multiple Routing
Adaptive hopping period
Analysis of network:
We initiate a fixed-length walk from the node. This walk should be long enough to
ensure that the visited peers represent a close sample from the underlying stationary
distribution. We then retrieve certain information from the visited peers, such as the
system details and process details. It acting as source for the network .In sender used to
create sends the request and received the response and destination used to received the
request and send the response for the source.
Routing :
When the packets are sending from the source, they are transferred to the
destination through the routers. Routers check for the IP address given by the source with
their own IP address for the destination confirmation.
Multiple routing:
• It is desirable to allow packets with the same source and destination to take more than one possible path. This facility can be used to ease congestion and overcome node failures.
• To operate such a scheme consistently nodes must maintainrouting tables.
• Multipath routing allows the establishment of multiple paths between a single source and single destination node.
5
• It is typically proposed in order to increase the reliability of data transmission (i.e., fault tolerance) or to provide load balancing.
• Load balancing is of especial importance in MANETs because of the limited bandwidth between the nodes.
Adaptive Hopping Period
A client C has a constant clock drift _c related to the server. It may happen that in
the datatransmission stage, the hopping time of C will drift apart from the server’s. This
might cause C to send messages to aport that is already closed or is not opened yet,
depending on whether C’s clock is slower or faster than S’s. illustrate the two situations,
respectively.
The HOPERAA execution interval is initiated to 0. In the contact-
initiation part, every contact-initiationmessage and reply message will
be attached with the timestamp of its sending time. The reply message
also includes the timestamp hcðt1Þ and the arrival time t2 of the first
contact-initiation message received by the server.
We say a client gets a successful access to the server,when at last one
of its contact-initiation messages isreceived by the server.
. A contact-initiation trial is a trial by a client to get theserver’s reply in
the contact-initiation part. It beginswhen a client randomly chooses an
interval of theport space and sends a contact-initiation message to each
of the ports in that interval and ends when theclient receives a reply
message from the server orreaches a time-out of waiting.
3.2 Feasibility Study
3.2.1FEASIBILITY STUDEY
Feasibility Studyis a high level capsule version of the entire process intended to answer a
number of questions like: What is the problem? Is there any feasible solution to the given
problem? Is the problem even worth solving? Feasibility study is conducted once the problem
clearly understood. Feasibility study is necessary to determine that the proposed system is Feasible
6
by considering the technical, Operational, and Economical factors. By having a detailed feasibility
study the management will have a clear-cut view of the proposed system.
The following feasibilities are considered for the project in order to ensure that the
project is variable and it does not have any major obstructions. Feasibility study
encompasses the following things:
Technical Feasibility
Economical Feasibility
Operational Feasibility
In this phase, we study the feasibility of all proposed systems, and pick the best feasible solution
for the problem. The feasibility is studied based on three main factors as follows.
3.2.2TECHNICAL FEASIBILITY
In this step, we verify whether the proposed systems are technically feasible or not. i.e.,
all the technologies required to develop the system are available readily or not.
Technical Feasibility determines whether the organization has the technology and skills
necessary to carryout the project and how this should be obtained. The system can be feasible
because of the following grounds.
All necessary technology exists to develop the system.
This system is too flexible and it can be expanded further.
This system can give guarantees of accuracy, ease of use, reliability and the data
security.
This system can give instant response to inquire.
Our project is technically feasible because, all the technology needed for our project
is readily available.
Front End : C#.NET
Back End : MS -ACCESS
Web-Server : IIS 5.0
Host : Windows-XP
7
3.2.3 ECONOMICAL FEASBILITY
In this step, we verify which proposal is more economical. We compare the financial
benefits of the new system with the investment. The new system is economically feasible only
when the financial benefits are more than the investments and expenditure. Economical Feasibility
determines whether the project goal can be within the resource limits allocated to it or not. It must
determine whether it is worthwhile to process with the entire project or whether the benefits
obtained from the new system are not worth the costs. Financial benefits must be equal or exceed
the costs. In this issue, we should consider:
The cost to conduct a full system investigation.
The cost of h/w and s/w for the class of application being considered.
The development tool.
The cost of maintenance etc.,
Our project is economically feasible because the cost of development is very minimal
when compared to financial benefits of the application.
3.3.1 OPERATIONAL FEASIBILITY
In this step, we verify different operational factors of the proposed systems like man-
power, time etc., whichever solution uses less operational resources, is the best operationally
feasible solution. The solution should also be operationally possible to implement. Operational
Feasibilitydetermines if the proposed system satisfied user objectives could be fitted into the
current system operation. The present system Enterprise Resource Information System can be
justified as Operationally Feasible based on the following grounds.
The methods of processing and presentation are completely accepted by the clients
since they can meet all user requirements.
The clients have been involved in the planning and development of the system.
The proposed system will not cause any problem under any circumstances.
Our project is operationally feasible because the time requirements and personnel requirements are
satisfied. We are a team of four members and we worked on this project for three working months.
8
ProjectInstructions:
Based on the solution requirements, conceptualize the Solution Architecture. Depict
the various architectural components, show interactions and connectedness and show
internal and external elements. Discuss suitability of typical architectural types like
Pipes, Filters, Event Handlers, and Layers etc.
Identify the significant class entities and carry out class modeling.
Carry out Detailed design of Classes, Database objects and other solution components.
Distribute work specifications and carry out coding and testing
3.3 Functional requirements
This section contains specification of all the functional requirements needed to develop this
module or sub-module.
ID Requirements Priority(A/B/C)
MDDS_R_01 System should provide provision for user to select destination system name
MDDS_R_02 System should provide provision for user to search nodes
MDDS_R_03 System should provide provision for user for user to send the data to destination
MDDS_R_04 System should provide provision for user to select the root for sending the data
MDDS_R_05 System should provide provision to receive the data through receiver
MDDS_R_06 System should provide provision to identify the intruder
MDDS_R_07 System should provide provision for user to receive the data
MDDS_R_08 System should provide provision to view the available nodes
3.4 Non- Functional requirements
Performance Requirements: Good band width, less congestion on the network. Identifying the shortest route to reach the destination will all improve performance.
Safety Requirements: No harm is expected from the use of the product either to the OS or any data.
9
Product Security Requirements: The product is protected from un-authorized users from using it. The system allows only authenticated users to work on the application. The users of this system are organization and ISP administrator.
Software Quality Attributes: The product is user friendly and its accessibility is from the client. The application is reliable and ensures its functioning maintaining the ISP web service is accessible to the various organizations. As it is developed in .Net it is highly interoperable with OS that have provided support for MSIL (Server side). The system requires less maintenance as it is not installed on the client but hosted on the ISP. The firewall, antivirus protection etc. is provided by the ISP.
3.5System architecture
N-Tier Applications:
N-Tier Applications can easily implement the concepts of Distributed Application Design and Architecture. The N-Tier Applications provide strategic benefits to Enterprise Solutions. While 2-tier, client-server can help us create quick and easy solutions and may be used for Rapid Prototyping, they can easily become a maintenance and security night mare
The N-tier Applications provide specific advantages that are vital to the business continuity of the enterprise. Typical features of a real life n-tier may include the following:
Security
Availability and Scalability
Manageability
Easy Maintenance
Data Abstraction
The above mentioned points are some of the key design goals of a successful n-tier application that intends to provide a good Business Solution.
Definition:
Simply stated, an n-tier application helps us distribute the overall functionality into various tiers or layers:
Presentation Layer
Business Rules Layer
Data Access Layer
Each layer can be developed independently of the other provided that it adheres to the standards and communicates with the other layers as per the specifications.
10
This is the one of the biggest advantages of the n-tier application. Each layer can potentially treat the other layer as a ‘Block-Box’.
In other words, each layer does not care how other layer processes the data as long as it sends the right data in a correct format.
Fig 1.1-N-Tier Architecture
1. The Presentation Layer:
Also called as the client layer comprises of components that are dedicated to presenting the data to the user. For example: Windows/Web Forms and buttons, edit boxes, Text boxes, labels, grids, etc.
2. The Business Rules Layer:
11
This layer encapsulates the Business rules or the business logic of the encapsulations. To have a separate layer for business logic is of a great advantage. This is because any changes in Business Rules can be easily handled in this layer. As long as the interface between the layers remains the same, any changes to the functionality/processing logic in this layer can be made without impacting the others. A lot of client-server apps failed to implement successfully as changing the business logic was a painful process.
3. The Data Access Layer:
This layer comprises of components that help in accessing the Database. If used in the right way, this layer provides a level of abstraction for the database structures. Simply put changes made to the database, tables, etc. do not affect the rest of the application because of the Data Access layer. The different application layers send the data requests to this layer and receive the response from this layer.
12
4. Implementation
4.1Technologies
4.1.1Microsoft.NET Framework
The .NET Framework is a new computing platform that simplifies application
development in the highly distributed environment of the Internet. The .NET Framework
is designed to fulfill the following objectives:
To provide a consistent object-oriented programming environment whether object
code is stored and executed locally, executed locally but Internet-distributed, or
executed remotely.
To provide a code-execution environment that minimizes software deployment and
versioning conflicts.
To provide a code-execution environment that guarantees safe execution of code,
including code created by an unknown or semi-trusted third party.
To provide a code-execution environment that eliminates the performance
problems of scripted or interpreted environments.
To make the developer experience consistent across widely varying types of
applications, such as Windows-based applications and Web-based applications.
To build all communication on industry standards to ensure that code based on
the .NET Framework can integrate with any other code.
The .NET Framework has two main components: the common language runtime and
the .NET Framework class library. The common language runtime is the foundation of the
.NET Framework. You can think of the runtime as an agent that manages code at
execution time, providing core services such as memory management, thread
13
management, and remoting, while also enforcing strict type safety and other forms of code
accuracy that ensure security and robustness. In fact, the concept of code management is a
fundamental principle of the runtime. Code that targets the runtime is known as managed
code, while code that does not target the runtime is known as unmanaged code. The class
library, the other main component of the .NET Framework, is a comprehensive, object-
oriented collection of reusable types that you can use to develop applications ranging from
traditional command-line or graphical user interface (GUI) applications to applications
based on the latest innovations provided by ASP.NET, such as Web Forms and XML Web
services.
The .NET Framework can be hosted by unmanaged components that load the common
language runtime into their processes and initiate the execution of managed code, thereby
creating a software environment that can exploit both managed and unmanaged features.
The .NET Framework not only provides several runtime hosts, but also supports the
development of third-party runtime hosts.
For example, ASP.NET hosts the runtime to provide a scalable, server-side environment
for managed code. ASP.NET works directly with the runtime to enable Web Forms
applications and XML Web services, both of which are discussed later in this topic.
Internet Explorer is an example of an unmanaged application that hosts the runtime (in the
form of a MIME type extension). Using Internet Explorer to host the runtime enables you
to embed managed components or Windows Forms controls in HTML documents.
Hosting the runtime in this way makes managed mobile code (similar to Microsoft®
ActiveX® controls) possible, but with significant improvements that only managed code
can offer, such as semi-trusted execution and secure isolated file storage.
14
The following illustration shows the relationship of the common language runtime and the
class library to your applications and to the overall system. The illustration also shows
how managed code operates within a larger architecture.
.NET Framework Class Library
The .NET Framework class library is a collection of reusable types that tightly integrate
with the common language runtime. The class library is object oriented, providing types from
which your own managed code can derive functionality. This not only makes the .NET Framework
types easy to use, but also reduces the time associated with learning new
features of the .NET Framework. In addition, third-party components can integrate
seamlessly with classes in the .NET Framework.
For example, the .NET Framework collection classes implement a set of interfaces that
you can use to develop your own collection classes. Your collection classes will blend
seamlessly with the classes in the .NET Framework.
As you would expect from an object-oriented class library, the .NET Framework types
enable you to accomplish a range of common programming tasks, including tasks such as
string management, data collection, database connectivity, and file access. In addition to
these common tasks, the class library includes types that support a variety of specialized
development scenarios. For example, you can use the .NET Framework to develop the
following types of applications and services:
Console applications.
Scripted or hosted applications.
Windows GUI applications (Windows Forms).
ASP.NET applications.
XML Web services.
Windows services.
15
For example, the Windows Forms classes are a comprehensive set of reusable types that
vastly simplify Windows GUI development. If you write an ASP.NET Web Form
application, you can use the Web Forms classes.
Client Application Development
Client applications are the closest to a traditional style of application in Windows-
based programming. These are the types of applications that display windows or forms on
the desktop, enabling a user to perform a task. Client applications include applications
such as word processors and spreadsheets, as well as custom business applications such as
data-entry tools, reporting tools, and so on. Client applications usually employ windows,
menus, buttons, and other GUI elements, and they likely access local resources such as the
file system and peripherals such as printers.
Another kind of client application is the traditional ActiveX control (now replaced by the
managed Windows Forms control) deployed over the Internet as a Web page. This
application is much like other client applications: it is executed natively, has access to
local resources, and includes graphical elements.
In the past, developers created such applications using C/C++ in conjunction with the
Microsoft Foundation Classes (MFC) or with a rapid application development (RAD)
environment such as Microsoft® Visual Basic®. The .NET Framework incorporates
aspects of these existing products into a single, consistent development environment that
drastically simplifies the development of client applications.
The Windows Forms classes contained in the .NET Framework are designed to be used
for GUI development. You can easily create command windows, buttons, menus, toolbars,
16
and other screen elements with the flexibility necessary to accommodate shifting business
needs.
For example, the .NET Framework provides simple properties to adjust visual attributes
associated with forms. In some cases the underlying operating system does not support
changing these attributes directly, and in these cases the .NET Framework automatically
recreates the forms. This is one of many ways in which the .NET Framework integrates
the developer interface, making coding simpler and more consistent.
Unlike ActiveX controls, Windows Forms controls have semi-trusted access to a user's
computer. This means that binary or natively executing code can access some of the
resources on the user's system (such as GUI elements and limited file access) without
being able to access or compromise other resources. Because of code access security,
many applications that once needed to be installed on a user's system can now be safely
deployed through the Web. Your applications can implement the features of a local
application while being deployed like a Web page.
17
4.2C#.NET
ADO.NET Overview
ADO.NET is an evolution of the ADO data access model that directly addresses
user requirements for developing scalable applications. It was designed specifically for the
web with scalability, statelessness, and XML in mind.
ADO.NET uses some ADO objects, such as the Connection and Command objects, and
also introduces new objects. Key new ADO.NET objects include the DataSet,
DataReader, and DataAdapter.
The important distinction between this evolved stage of ADO.NET and previous data
architectures is that there exists an object -- the DataSet -- that is separate and distinct
from any data stores. Because of that, the DataSet functions as a standalone entity. You
can think of the DataSet as an always disconnected recordset that knows nothing about the
source or destination of the data it contains. Inside a DataSet, much like in a database,
there are tables, columns, relationships, constraints, views, and so forth.
A DataAdapter is the object that connects to the database to fill the DataSet. Then, it
connects back to the database to update the data there, based on operations performed
while the DataSet held the data. In the past, data processing has been primarily
connection-based. Now, in an effort to make multi-tiered apps more efficient, data
processing is turning to a message-based approach that revolves around chunks of
information. At the center of this approach is the DataAdapter, which provides a bridge
to retrieve and save data between a DataSet and its source data store. It accomplishes this
by means of requests to the appropriate SQL commands made against the data store.
The XML-based DataSet object provides a consistent programming model that works
with all models of data storage: flat, relational, and hierarchical. It does this by having no
'knowledge' of the source of its data, and by representing the data that it holds as
collections and data types. No matter what the source of the data within the DataSet is, it
is manipulated through the same set of standard APIs exposed through the DataSet and its
subordinate objects.
18
While the DataSet has no knowledge of the source of its data, the managed provider has
detailed and specific information. The role of the managed provider is to connect, fill, and
persist the DataSet to and from data stores. The OLE DB and SQL Server .NET Data
Providers (System.Data.OleDb and System.Data.SqlClient) that are part of the .Net
Framework provide four basic objects: the Command, Connection, DataReader and
DataAdapter. In the remaining sections of this document, we'll walk through each part of
the DataSet and the OLE DB/SQL Server .NET Data Providers explaining what they are,
and how to program against them.
The following sections will introduce you to some objects that have evolved, and some
that are new. These objects are:
Connections: For connection to and managing transactions against a database.
Commands: For issuing SQL commands against a database.
Data Readers: For reading a forward-only stream of data records from a SQL Server
data source.
Datasets: For storing, remoting and programming against flat data, XML data and
relational data.
DataAdapters. For pushing data into a DataSet, and reconciling data against a
database.
When dealing with connections to a database, there are two different options: SQL Server
.NET Data Provider (System.Data.SqlClient) and OLE DB .NET Data Provider
(System.Data.OleDb). In these samples we will use the SQL Server .NET Data Provider.
These are written to talk directly to Microsoft SQL Server. The OLE DB .NET Data
Provider is used to talk to any OLE DB provider (as it uses OLE DB underneath).
Connections:
Connections are used to 'talk to' databases, and are respresented by provider-
specific classes such as SQLConnection. Commands travel over connections and
resultsets are returned in the form of streams which can be read by a DataReader object,
or pushed into a DataSet object.
Commands:
19
Commands contain the information that is submitted to a database, and are represented by
provider-specific classes such as SQLCommand. A command can be a stored procedure
call, an UPDATE statement, or a statement that returns results. You can also use input and
output parameters, and return values as part of your command syntax. The example below
shows how to issue an INSERT statement against the Northwind database.
Data Readers:
The Data Reader object is somewhat synonymous with a read-only/forward-only
cursor over data. The DataReader API supports flat as well as hierarchical data. A
DataReaderobject is returned after executing a command against a database. The format
of the returned DataReader object is different from a recordset. For example, you might
use the DataReader to show the results of a search list in a web page.
DataSets and DataAdapters :
DataSets:
The DataSet object is similar to the ADORecordset object, but more powerful,
and with one other important distinction: the DataSet is always disconnected. The
DataSet object represents a cache of data, with database-like structures such as
tables, columns, relationships, and constraints. However, though a DataSet can
and does behave much like a database, it is important to remember that DataSet
objects do not interact directly with databases, or other source data. This allows the
developer to work with a programming model that is always consistent, regardless
of where the source data resides. Data coming from a database, an XML file, from
code, or user input can all be placed into DataSet objects. Then, as changes are
made to the DataSet they can be tracked and verified before updating the source
data. The GetChanges method of the DataSet object actually creates a second
DatSet that contains only the changes to the data. This DataSet is then used by a
DataAdapter (or other objects) to update the original data source.
The DataSet has many XML characteristics, including the ability to produce and consume
XML data and XML schemas. XML schemas can be used to describe schemas
interchanged via WebServices. In fact, a DataSet with a schema can actually be compiled
for type safety and statement completion.
20
DataAdapters (OLEDB/SQL):
The DataAdapter object works as a bridge between the DataSet and the source
data. Using the provider-specific SqlDataAdapter (along with its associated
SqlCommand and SqlConnection) can increase overall performance when working with
a Microsoft SQL Server databases. For other OLE DB-supported databases, you would
use the OleDbDataAdapter object and its associated OleDbCommand and
OleDbConnection objects.
The DataAdapter object uses commands to update the data source after changes have
been made to the DataSet. Using the Fill method of the DataAdapter calls the SELECT
command; using the Update method calls the INSERT, UPDATE or DELETE command
for each changed row. You can explicitly set these commands in order to control the
statements used at runtime to resolve changes, including the use of stored procedures. For
ad-hoc scenarios, a CommandBuilder object can generate these at run-time based upon a
select statement. However, this run-time generation requires an extra round-trip to the
server in order to gather required metadata, so explicitly providing the INSERT,
UPDATE, and DELETE commands at design time will result in better run-time
performance.
1. ADO.NET is the next evolution of ADO for the .Net Framework.
2. ADO.NET was created with n-Tier, statelessness and XML in the forefront. Two new
objects, the DataSet and DataAdapter, are provided for these scenarios.
3. ADO.NET can be used to get data from a stream, or to store data in a cache for updates.
4. There is a lot more information about ADO.NET in the documentation.
5. Remember, you can execute a command directly against the database in order to do
inserts, updates, and deletes. You don't need to first put data into a DataSet in order to
insert, update, or delete it.
6. Also, you can use a DataSet to bind to the data, move through the data, and navigate
data relationships.
21
5.System Design
5.1Data Flow Diagrams:
A data flow diagram is graphical tool used to deMHribe and analyze movement of data
through a system. These are the central tool and the basis from which the other components are
developed. The transformation of data from input to output, through processed, may be
deMHribed logically and independently of physical components associated with the system.
These are known as the logical data flow diagrams. The physical data flow diagrams show the
actual implements and movement of data between people, departments and workstations. A full
deMHription of a system actually consists of a set of data flow diagrams. Using two familiar
notations Yourdon, Game and Sarsen notation develops the data flow diagrams. Each component
in a DFD is labeled with a deMHriptive name. Process is further identified with a number that will
be used for identification purpose. The development of DFD’s is done in several levels. Each
process in lower level diagrams can be broken down into a more detailed DFD in the next level.
The lop-level diagram is often called context diagram. It consists a single process bit, which plays
vital role in studying the current system. The process in the context level diagram is exploded into
other process at the first level DFD.
SAILENT FEATURES OF DFD’s:
1. The DFD shows flow of data, not of control loops and decision are controlled
considerations do not appear on a DFD.
2. The DFD does not indicate the time factor involved in any process whether the data flows
take place daily, weekly, monthly or yearly.
3. The sequence of events is not brought out on the DFD.
22
Sensor network Symmetric transmissionand reception
Packetscan be generated by higher layers of a node
Node within transmissionrangeSenseactivity due to higher signal strength
Node transmits at a fixed power level
Data Flow Diagram:
23
5.2 UML Diagrams
Use case diagram:
Class Diagram:
24
Sequence:
25
Activity Diagram:
26
6. CODING
DataAccess.cs:
using System;using System.Collections.Generic;using System.Text;using System.Text.RegularExpressions;using System.Net.Sockets;using System.Net;
namespace Receiver.DAL{classDataAccess {publicstring Connect() {string RecData = string.Empty;try {IPEndPoint IpEnd = newIPEndPoint(IPAddress.Any, 6000);Socket Recv = newSocket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.IP); Recv.Bind(IpEnd); Recv.Listen(100);
Socket NRecv = Recv.Accept();
byte[] RData = newbyte[1024 * 5000]; NRecv.Receive(RData);string Result = Encoding.ASCII.GetString(RData);string[] Res = Regex.Split(Result, ":");
RecData = Res[0].ToString();
NRecv.Close(); Recv.Close(); }catch { RecData = "Error"; }
return RecData; } }}
Receiver:
Form1.cs:
using System;using System.Collections.Generic;using System.ComponentModel;using System.Data;using System.Drawing;using System.Text;
27
using System.Windows.Forms;using System.Threading;using Receiver.BLL;
namespace Receiver{publicpartialclassForm1 : Form {public Form1() { InitializeComponent(); }
Thread Receiver;Business bus = newBusiness();delegatevoidSetText(string text);
privatevoid Form1_Load(object sender, EventArgs e) {try { Receiver = newThread(newThreadStart(Connection)); Receiver.IsBackground = true; Receiver.Start(); }catch {MessageBox.Show("Unable to Start - Restart Application"); } }
publicvoid Connection() {while (true) {try {string Result = bus.Connect();
if (Result != "Error") {if (this.lstResult.InvokeRequired) {SetText st = newSetText(SysName);this.Invoke(st, newobject[] { Result }); }else { lstResult.Items.Add(Result); } } }catch(Exception ex) {MessageBox.Show(ex.ToString()); } } }
publicvoid SysName(string text) {
28
lstResult.Items.Add(text); } }}
Optimal Jamming:
Form1.cs:
using System;using System.Collections.Generic;using System.ComponentModel;using System.Data;using System.Drawing;using System.Collections;using System.Text;using System.Text.RegularExpressions;using System.Windows.Forms;using OptimalJamming.BLL;using Microsoft.VisualBasic;
namespace OptimalJamming{publicpartialclassForm1 : Form {Business bus = newBusiness();PropertiesClass pc = newPropertiesClass();int PortNo = 5000;DataSet Res = newDataSet();Random r = newRandom();
public Form1() { InitializeComponent(); }
privatevoid Form1_Load(object sender, EventArgs e) {ArrayList Dest = bus.GetDestinations();
cmbDestination.Items.Clear(); cmbDestination.Items.Add("--Select--");
foreach (string Dests in Dest) {//cmbDestination.Items.Add("technova-6"); cmbDestination.Items.Add(Dests.Trim());//cmbDestination.Items.Add(Dests.Trim());//cmbDestination.Items.Add(Dests.Trim());//cmbDestination.Items.Add(Dests.Trim()); } }
privatevoid cmbDestination_SelectedIndexChanged(object sender, EventArgs e) {try { pc._Sysname = cmbDestination.Text.Trim();
string IpAddress = bus.GetIPaddress(pc);
29
lblIpAddress.Text = IpAddress; }catch {
} }
privatevoid button1_Click(object sender, EventArgs e) {string Result = string.Empty;try { Result = bus.DeleteBus();
if (Result != "Error") {for (int i = 1; i < cmbDestination.Items.Count; i++) { pc._Sysname = cmbDestination.Items[i].ToString(); pc._PortNo = PortNo + i;
Result = bus.ConnectionBus(pc);
if (Result != "Error") { pc._Dist = Convert.ToInt32(Result);string Update = bus.UpdateRoute(pc); } } }
Res = bus.ShowRange(); dgvAvaliableNodes.DataSource = Res.Tables["Range"].DefaultView; }catch {
} }
privatevoid button2_Click(object sender, EventArgs e) {int x = 0;string ResultString = string.Empty;string BlockedNodes = string.Empty;string FIntruder = string.Empty;try {if (cmbDestination.Text != ""&& cmbDestination.Text != "--Select--") {if (txtMessage.Text.Trim() != "") {if (dgvAvaliableNodes.RowCount != 0) {string Input = Microsoft.VisualBasic.Interaction.InputBox("Enter Number Between 1 to 4", "Sending Route Selection", "", 100, 100);
30
ResultString = txtMessage.Text.Trim();
if (Convert.ToInt16(Input) >= 5) {MessageBox.Show("Enter Number Between 1 to 4 to Send"); }else {for (int i = 0; i < dgvAvaliableNodes.RowCount - 1; i++) { pc._Sysname = dgvAvaliableNodes.Rows[i].Cells[0].Value.ToString(); pc._PortNo = 50;
FIntruder = bus.Intruder(pc);
if (FIntruder != "Error") {MessageBox.Show("Intruder Find Choosing Another Path");break; }elseif (Input == dgvAvaliableNodes.Rows[i].Cells[1].Value.ToString()) { x = x + 1;
if (ResultString == "") { ResultString = dgvAvaliableNodes.Rows[i].Cells[1].Value.ToString(); ResultString = ResultString + ":" + dgvAvaliableNodes.Rows[i].Cells[0].Value.ToString(); ResultString = ResultString + ":" + dgvAvaliableNodes.Rows[i].Cells[2].Value.ToString(); }else { ResultString = ResultString + ":" + dgvAvaliableNodes.Rows[i].Cells[1].Value.ToString(); ResultString = ResultString + ":" + dgvAvaliableNodes.Rows[i].Cells[0].Value.ToString(); ResultString = ResultString + ":" + dgvAvaliableNodes.Rows[i].Cells[2].Value.ToString(); } }else {if (BlockedNodes == "") { BlockedNodes = dgvAvaliableNodes.Rows[i].Cells[0].Value.ToString(); BlockedNodes = BlockedNodes + ":" + dgvAvaliableNodes.Rows[i].Cells[2].Value.ToString(); }else { BlockedNodes = BlockedNodes + ":" + dgvAvaliableNodes.Rows[i].Cells[0].Value.ToString(); BlockedNodes = BlockedNodes + ":" + dgvAvaliableNodes.Rows[i].Cells[2].Value.ToString(); } }
31
}
if (FIntruder != "Error") {int Rand = r.Next(dgvAvaliableNodes.Rows.Count-1); x = 1;if (ResultString == "") { ResultString = dgvAvaliableNodes.Rows[Rand].Cells[1].Value.ToString(); ResultString = ResultString + ":" + dgvAvaliableNodes.Rows[Rand].Cells[0].Value.ToString(); ResultString = ResultString + ":" + dgvAvaliableNodes.Rows[Rand].Cells[2].Value.ToString(); }else { ResultString = ResultString + ":" + dgvAvaliableNodes.Rows[Rand].Cells[1].Value.ToString(); ResultString = ResultString + ":" + dgvAvaliableNodes.Rows[Rand].Cells[0].Value.ToString(); ResultString = ResultString + ":" + dgvAvaliableNodes.Rows[Rand].Cells[2].Value.ToString(); }
if (ResultString == "") { ResultString = cmbDestination.Text + ":" + "6000" + ":" + x + ":" + "Complete"; }else { ResultString = ResultString + ":" + cmbDestination.Text + ":" + "6000" + ":" + x + ":" + "Complete"; }
string SendResultString = bus.SendResult(ResultString);
if (SendResultString == "Error") {MessageBox.Show("Connection Error - Unable to Send"); }else {string SendBlockedS = "Blocked" + ":" + BlockedNodes + ":" + "Completed";string Rs = bus.SendBlocked(SendBlockedS);if (Rs == "Error") {MessageBox.Show("Connection Error - Unable to Connect Blocked"); }else {MessageBox.Show("Message Sent Successfully"); } } }else {if (ResultString == "") {
32
ResultString = cmbDestination.Text + ":" + "6000" + ":" + x + ":" + "Complete"; }else { ResultString = ResultString + ":" + cmbDestination.Text + ":" + "6000" + ":" + x + ":" + "Complete"; }
string SendResultString = bus.SendResult(ResultString);
if (SendResultString == "Error") {MessageBox.Show("Connection Error - Unable to Send"); }else {string SendBlockedS = "Blocked" + ":" + BlockedNodes + ":" + "Completed";string Rs = bus.SendBlocked(SendBlockedS);if (Rs == "Error") {MessageBox.Show("Connection Error - Unable to Connect Blocked"); }else {MessageBox.Show("Message Sent Successfully"); } } } } }else {MessageBox.Show("Search Avaliable Nodes"); } }else {MessageBox.Show("Enter Message to Send"); } }else {MessageBox.Show("Select the Destination Before Sending Data"); } }catch {MessageBox.Show("Unable to Send Data"); } }
privatevoid dgvAvaliableNodes_CellContentClick(object sender, DataGridViewCellEventArgs e) {
}
}}
33
7.TESTING
Software testing is a critical element of software quality assurance and represents the ultimate review of specification, design and coding. The increasing visibility of software as a system element and attendant costs associated with a software failure are motivating factors for we planned, through testing. Testing is the process of executing a program with the intent of finding an error. The design of tests for software and other engineered products can be as challenging as the initial design of the product itself.
There of basically two types of testing approaches.
One is Black-Box testing – the specified function that a product has been
designed to perform, tests can be conducted that demonstrate each function is fully
operated.
The other is White-Box testing – knowing the internal workings of the
product ,tests can be conducted to ensure that the internal operation of the product
performs according to specifications and all internal components have been
adequately exercised.
White box and Black box testing methods have been used to test this package.
The entire loop constructs have been tested for their boundary and intermediate
conditions. The test data was designed with a view to check for all the conditions
and logical decisions. Error handling has been taken care of by the use of
exception handlers.
7.1 TESTING STRATEGIES:
Testing is a set of activities that can be planned in advanced and conducted systematically. A strategy for software testing must accommodation low-level tests that are necessary to verify that a small source code segment has been correctly implemented as well as high-level tests that validate major system functions against customer requirements.
Software testing is one element of verification and validation. Verification refers to the set of activities that ensure that software correctly implements as specific function. Validation refers to a different set of activities that ensure that the software that has been built is traceable to customer requirements.
The main objective of software is testing to uncover errors. To fulfill this objective, a series of test steps unit, integration, validation and system tests are planned and executed. Each test step is accomplished through a series of systematic test technique that assist in the design of test cases. With each testing step, the level of abstraction with which software is considered is broadened.
34
Testing is the only way to assure the quality of software and it is an umbrella activity
rather than a separate phase. This is an activity to be performed in parallel with the
software effort and one that consists of its own phases of analysis, design, implementation,
execution and maintenance.
UNIT TESTING:
This testing method considers a module as single unit and checks the
unit at interfaces and communicates with other modules rather than getting into details at
35
statement level. Here the module will be treated as a black box, which will take some
input and generate output. Outputs for a given set of input combination are pre-calculated
and are generated by the module.
SYSTEM TESTING:
Here all the pre tested individual modules will be assembled to create the
larger system and tests are carried out at system level to make sure that all modules are
working in synchronous with each other. This testing methodology helps in making sure
that all modules which are running perfectly when checked individually are also running
in cohesion with other modules. For this testing we create test cases to check all modules
once and then generated test combinations of test paths throughout the system to make
sure that no path is making its way into chaos.
INTEGRATED TESTING:
Testing is a major quality control measure employed during software
development. Its basic function is to detect errors. Sub functions when combined may not
produce than it is desired. Global data structures can represent the problems. Integrated
testing is a systematic technique for constructing the program structure while conducting
the tests. To uncover errors that are associated with interfacing the objective is to make
unit test modules and built a program structure that has been detected by design. In a non
- incremental integration all the modules are combined in advance and the program is
tested as a whole. Here errors will appear in an endless loop function. In incremental
testing the program is constructed and tested in small segments where the errors are
isolated and corrected.
Different incremental integration strategies are top – down integration,
bottom – up integration, regression testing.
7.2 TOP-DOWN INTEGRATION TEST:
Modules are integrated by moving downwards through the control
hierarchy beginning with main program. The subordinate modules are incorporated into
structure in either a breadth first manner or depth first manner. This process is done in
five steps:
Main control module is used as a test driver and steps are substituted or all
modules directly to main program.
36
Depending on the integration approach selected subordinate is replaced at a time
with actual modules.
Tests are conducted.
On completion of each set of tests another stub is replaced with the real module
Regression testing may be conducted to ensure trha6t new errors have not been
introduced.
This process continuous from step 2 until entire program structure is reached.
In top down integration strategy decision making occurs at upper levels in the hierarchy
and is encountered first. If major control problems do exists early recognitions is
essential.
If depth first integration is selected a complete function of the software may be
implemented and demonstrated.
Some problems occur when processing at low levels in hierarchy is required to
adequately test upper level steps to replace low-level modules at the beginning of the top
down testing. So no data flows upward in the program structure.
7.3BOTTOM-UP INTEGRATION TEST:
Begins construction and testing with atomic modules. As modules are
integrated from the bottom up, processing requirement for modules subordinate to a given
level is always available and need for stubs is eliminated. The following steps
implements this strategy.
Low-level modules are combined in to clusters that perform a specific software sub
function.
A driver is written to coordinate test case input and output.
Cluster is tested.
Drivers are removed and moving upward in program structure combines clusters.
Integration moves upward, the need for separate test driver’s lesions.
If the top levels of program structures are integrated top down, the number of drivers
can be reduced substantially and integration of clusters is greatly simplified.
37
REGRESSION TESTING:
Each time a new module is added as a part of integration as the software changes.
Regression testing is an actually that helps to ensure changes that do not introduce
unintended behavior as additional errors.
Regression testing maybe conducted manually by executing a subset of all test
cases or using automated capture play back tools enables the software engineer to capture
the test case and results for subsequent playback and compression. The regression suit
contains different classes of test cases.
A representative sample to tests that will exercise all software functions.
Additional tests that focus on software functions that are likely to be affected by the change.
VALIDATION TESTING:
Validation testing demonstrates the traces the requirements of the software. This can be achieved through a series of black box tests.
Test Id Test Inputs Actual Output Obtained Output Description
1 Activate optimal jamming page
Give computer name
Get system IP address automatically
Success Test passed. Passes the control to the Other Module Menus.
2 Search Nodes Click Search Nodes Button
Get nearable
Nodes
Success Test passed. Passes the control to the Other Module Menus.
3
Activate Intermeadiate1
Set the IpEnd values
Suceess Success Test passed. Passes the control to the Other Module Menus.
8.SCREEN SHORTS
Receiver:
38
Intruder:
Intermediate4:
39
Optimal jamming:
Intemediate2:
40
Intermediate1:
41
42
9.CONCLUSION
We investigate application-level protection against DoS attacks. More
specifically,supporting port hopping is investigated in the presence of timing uncertainty
and for enabling multiparty communications. We present an adaptive algorithm for
dealing with port hopping in the presence of clock-rate drifts (such a drift implies that the
peer’s clock values may differ arbitrarily with time). For enabling multiparty
communications with port-hopping, an algorithm is presented for a server to support port
hopping with many clients, without the server needing to keep state for each client
individually. A main conclusion is that it is possible to employ the port hopping method in
multiparty applications in a scalable way. The method does not induce any need for group
synchronization which would have raised scalability issues, but instead employs a simple
interface of the server with each client. The options for the adversary to launch a directed
attack to the application’s ports after eavesdropping is minimal, since the port hopping
period of the protocol is fixed. Another main conclusion is that the adaptive method can
work under timing uncertainty and specifically fixed clock drifts. An interesting issue to
investigate further is to address variable clock drifts and variable hopping frequencies as
well.
43
10. FUTURE ENHANCEMENT
While our system works well in most cases, there are also some limitations.
Here we discuss some of them. Firstly, our system is based purely on the web. While it
Is the key for the success of our system, it still has some shortcomings. 1) As addressed
before, Combiner is based on our web redundancy assumption, and currently only utilizes
the most reliable direct competitive information. However, our assumption is not always
true for all queries. If there is not enough redundant competitive information on the web,
our system may not be able to discover them. For example, if EntityAand EntityBare
competitors, and EntityBand EntityCare also discovered as competitors, then EntityAand
EntityCmay also be competitors and cannot be identified from the web directly. One way
to weaken the assumption is to leverage the latent relations. Previous work has shown that
both direct and indirect information are helpful in mining two entities’ associations [27].
We leave this as one of our future work. 2) Web spam is becoming more and more popular
with the fast development of WWW. Our system is sensitive to web spam. However,
compared with previous site centric web applications, our system has more immune ability
to the web spam since the
Spammer is easy to spam a specific site but much harder to the whole World Wide Web
44
Bibliography
FOR .NET INSTALLATION
www.support.mircosoft.com
FOR DEPLOYMENT AND PACKING ON SERVER
www.developer.com
www.16seconds.com
REFERENCES
[1] Z. Fu, M. Papatriantafilou, and P. Tsigas, “Mitigating DistributedDenial of Service Attacks in Multiparty Applications in thePresence of Clock Drifts,” Proc. IEEE Int’l Symp. Reliable DistributedSystems (SRDS), Oct. 2008.[2] CERT Advisory CA-1997-28 IP Denial-of-Service Attacks, http://www.cert.org/advisories/ca-1997-28.html, 2010.[3] K. Argyraki and D.R. Cheriton, “Active Internet Traffic Filtering:Real-Time Response to Denial-of-Service Attacks,” Proc. Ann.Conf. USENIX Ann. Technical Conf. (ATEC ’05), p. 10, 2005.[4] R. Mahajan, S.M. Bellovin, S. Floyd, J. Ioannidis, V. Paxson, and S.Shenker, “Controlling High Bandwidth Aggregates in the Network,”ACM SIGCOMM Computer Comm. Rev., vol. 32, no. 3,pp. 62-73, 2002.[5] D. Dean, M. Franklin, and A. Stubblefield, “An AlgebraicApproach to IP Traceback,” ACM Trans. Information and SystemSecurity, vol. 5, no. 2, pp. 119-137, 2002.
45