9.chera docums donedone

7/31/2019 9.chera docums donedone

1/70

CHAPTER 1

INTRODUCTION

1.1 General

The frequent attacks on network infrastructure, using various forms of

denial of service (DoS) attacks and worms, have led to an increased need for

developing techniques for analyzing and monitoring network traffic. If efficient

analysis tools were available, it could become possible to detect the attacks,

anomalies and take action to suppress them before they have had much time to

propagate across the network. In this paper, we study the possibilities of traffic-

analysis based mechanisms for attack and anomaly detection. The motivation for

this work came from a need to reduce the likelihood that an attacker may hijack the

campus machines to stage an attack on a third party.

A campus may want to prevent or limit misuse of its machines in staging

attacks, and possibly limit the liability from such attacks. In particular, we study

the utility of observing packet header data of outgoing traffic, such as destination

addresses, port numbers and the number of flows, in order to detect

attacks/anomalies originating from the campus at the edge of a campus. Detecting

anomalies/attacks close to the source allows us to limit the potential damage close

to the attacking machines. Traffic monitoring close to the source may enable the

network operator quicker identification of potential anomalies and allow better

control of administrative domains resources.

Attack propagation could be slowed through early detection. Our approach

passively monitors network traffic at regular intervals and analyzes it to find any

abnormalities in the aggregated traffic. By observing the traffic and correlating it to

previous states of traffic, it may be possible to see whether the current traffic is

behaving in a similar manner.

1


2/70

The network traffic could look different because of flash crowds, changing

access patterns, infrastructure problems such as router failures, and DoS attacks. In

the case of bandwidth attacks, the usage of network may be increased and

abnormalities may show up in traffic volume. Flash crowds could be observed

through sudden increase in traffic volume to a single destination. Sudden increase

of traffic on a certain port could signify the onset of an anomaly such as worm

propagation. Our approach relies on analyzing packet header data in order to

provide indications of possible abnormalities in the traffic.

2


3/70

CHAPTER 2

LITERATURE REVIEW

2.1 General

General properties of network packet traffic have been studies intensely for

many years - standard references include. Many different analysis techniques have

been employed in these and other studies including wavelets in. The majority of

these traffic analysis studies have been focused on the typical, packet level and

end-to-end behavior (a notable exception being ). Our focus is mainly at the flow

level and on identifying frequency characteristics of anomalous network traffic.

There have been many prior studies of network fault detection methods. Example

includes.

Feather et al. use statistical deviations from normal traffic behavior to

identify faults while a method of identifying faults by applying thresholds in time

series models of network traffic is developed in.

These are focus on accurate detection of deviations from normal behavior.

Our work is focused on identifying anomalies by removing first from the signal itspredictable, ambient part, and only then employing statistical methods. Wavelet are

used for the former task.

Detection of black-hat activity including denial-of-service (DoS) attacks

and port scan attacks has also been treated widely. Methods for detecting intrusions

include clustering , neural networks and Markov models.

3


4/70

2.2 Literature Survey

Moore et al. show that flow data can be effective for identifying DoS

attacks . A number of intrusion detection tools have been developed in recent years

in response to the rise in black-hat activity. An example is Bro which provides an

extensible environment for identifying intrusion and attack activity. Our work

complements this work by providing another means for identifying a variety of

anomalous behaviors including attacks. We identify flash crowds as an important

anomaly category.

The events of September 11, 2001 and the inability of most online news

services to deal with the offered demand is the most extreme example of this kind

of behavior. While infrastructure such as content delivery networks (CDNs) have

been developed to mitigate the impact of flash crowds, almost no studies of their

characteristics exist. A recent study on flash crowds is by Jung. That work

considers flash crowds (and DoS attacks) from the perspective of Web servers logs

whereas ours is focused on network traffic. Finally, cooperative pushback are to be

proposed in as a means for detection and control of events such as flash crowds.

Rule-based approaches, such as IDS (intrusion detection system), try to

apply previously established rules against incoming traffic to detect and identify

potential DoS attacks close to the victims network. To cope with novel attacks,

however, IDS tools such as Snort require to be updated with the latest rules. This

paper looks at the problem of designing generalized measurement based real-time

detection mechanism. Measurement-based studies have considered traffic volume,

number of flows as potential signals that can be analyzed in order to detect

anomalies in network traffic.

While we further treat the traffic headers such as addresses and port

numbers.Work in relies on input data from multiple sources while our work

focuses on a single link at a time.

4


5/70

Some approaches proactively seek methods to suppress the overflow of

traffic at the source. Controls based on rate limits have been adopted for reducing

the monopolistic consumption of available bandwidth, to diminish the effects of

attacks, either at the source or at the destination . The apparent symptoms of

bandwidth attack may be sensed through monitoring bit rates and/or packet counts

of the traffic flow. Bandwidth accounting mechanisms have been suggested to

identify and contain attacks .

Packeteer and others offer commercial products that can account traffic

volume along multiple dimensions and allow policy-based rate control of

bandwidth. Pushback mechanisms have been proposed to contain the detected

attacks closer to the source. Trace back has been proposed to trace the source ofDDoS attacks even when the source addresses may be spoofed by the attacker .

However, sophisticated low-rate attacks , which do not give rise to noticeable

variance in traffic volume, could go undetected when only traffic volume is

considered.

Recently statistical analysis of aggregate traffic data has been studied. In

general, the generated signal can be analyzed by employing techniques such as

FFT (Fast Fourier Transform) and wavelet transforms. FFT of traffic arrivals may

reveal inherent flow level information through frequency analysis. Fourier

transforms and wavelets have been applied to network traffic to study its

periodicity . Our previous work in and the work in studied traffic volume as a

signal for wavelet analysis and these earlier studies have considerably motivated

our current study.

. A similar data structure was employed with significant differences in

processing of collected data, detection mechanisms and the resulting traffic

anomaly detectors. The structure of addresses at various points in the network was

observed to be multi-fractal.

5


6/70

2.3 EXISTING SYSTEM

There is no established existing system to prevent the network traffic.And so

we are developing the statically analysis for detecting the traffic anomalies.

2.4 PROPOSED SYSTEM

In this project we are going to detect the anomalies using the following three

techniques.

Traffic Analysis at the Source

General mechanism of detector.

Trace.

Traffic Analysis at the Source

We focus on analyzing the traffic at an egress router. Monitoring traffic at a

source network enables early detection of attacks, to control hijacking of AD

(administrative domain, e.g., campus) machines, and to limit the squandering of

resources.

There are two kinds of filtering based on traffic controlling point as shown

in. Ingress filtering protects the flow of traffic entering into an internal network

under administrative control. IOn the other hand, egress filtering controls the flow

of traffic leaving the administered network.

Thus, internal machines are typically the origin of this outbound traffic in

view of an egress filter. As a result, the filtering is performed at the campus edge.

Outbound filtering has been advocated for limiting the possibility of address

spoofing with such filtering in place, we can focus on destination addresses and

port numbers of the outgoing traffic for analysis purposes.

6


7/70

General Mechanism of Detector

The first step is a traffic parser, in which the correlation signal is generated

from packet header traces or NetFlow records as input. The first step is a traffic

parser, in which the correlation signal is generated from packet header traces or

NetFlow records as input. Fields in the packet header, such as destination

addresses and port numbers, and traffic volume depending on the nature of the

traffic, can be used as a signal. By this way we generate the signal.

Second step is to transform the signal using the discrete wavelet transform

DWT. Analyzing discrete domains such as address spaces and port Numbers poses

interesting problems for wavelet analysis. We employ the correlation in different

domains to generate the suitable signal for analysis.Finally we use the technique of finding the attack or the anomalies. this is

done with the help of setting the threshold . And we are comparing the result with

the historical data .and the anomalies are detected using the statically analysis. We

report on our results employing correlation of destination addresses, port numbers

and the distribution of the number of flows as monitored traffic signals.

7


8/70

Trace

To verify the validity of our approach, we run our algorithm on four traces

of network traffic. First, we examine our method on traces from the University of

Southern California that contain real network attacks. Second, to inspect the

performance of our detector on backbone links, we examine the mechanism on

KREONet2 traces, which include over 230 organizations, from July 21, 2003, to

July 28, 2003, that contain real worm attacks . In the trace employed, there were

three major attacks and a few instantaneous probe attacks, which were judged by

various forensic traffic analyses in advance. Third, to compare our method with

Snort, we exploit a live network in Texas A&M University. Fourth, to evaluate the

sensitivity of our detectors performance over attacks of various configurations, weemploy the attack-free traces from the NLANR (National Laboratory for Applied

Network Research) , which are later superimposed with simulated virtual attacks.

8


9/70

2.5 PROBLEM FORMULATION

2.5.1 Main Objectives

In our project we detect the traffic anomalies by monitoring the header data.

Some attacks like denial of service led to develop the techniques for identifying the

network traffic. If we have the efficient analysis tool we could prevent the network

from the traffic before it could get attacked. We can analyze the network traffic

with the help of, correlation of the destination IP address in the egress router. The

address correlations are data transformed using the discrete wavelet transform for

detecting the traffic anomalies. Results from trace-driven evaluation suggest that

proposed approach could provide an effective means of detecting anomalies closeto the source. We also present a multidimensional indicator using the correlation of

port numbers and the number of flows as a means of detecting anomalies.

2.5.2 Modules

Login

Client

Ingress router

Egress router

File Sending

9


10/70

Login

In this module the user are allowed to sign up as a new user. Once the user

signs in there is a separate log maintained for the particular user. The existing user

can sign in to perform the operation.

Client

The user who wants to send a file is treated as client. Before selecting a file

to send, the client has to provide his details to the server. The client is restricted to

choose the file which creates traffic in the network.

Ingress RouterIngress filtering protects the flow of traffic entering into an internal network

under administrative control. Once the user signs in to the application his details

are stored in the server. After choosing a particular file the details of file is

gathered in order to prevent traffic.

Egress Router

In this module the activities of user after choosing a file is checked. An

separate log is created for the user. Here all the details including size and type of

the file he chooses is stored. If he chooses the file which may create trafficthe error

count in his account gets added.

File Sending

Server checks the size and type of the file chosen by the client. If the server

finds that it may create traffic then server provide request to the client to choose

another file. If the client tries to send the file which may create traffic for more

than 3times, the server disconnects his connection.

10


11/70

Module Input

Client chooses a file to send providing his details to the server.

Module Output

If the client choose the file which creates traffic server request him to

choose another file and increments his error count else his file is transferred.

2.6 SYSTEM REQUIREMENTS

2.6.1 HARDWARE REQUIREMENTS

SYSTEM : Pentium IV 2.4 GHz

HARD DISK : 40 GB

FLOPPY DRIVE : 1.44 MB

MONITOR : 15 VGA colour

MOUSE : Logitech.

RAM : 256 MB

KEYBOARD : 110 keys enhanced.

2.6.2 SOFTWARE REQUIREMENTS

Operating system :- Windows XP Professional

Front-End :- Microsoft Visual Studio .Net 2005

Coding Language :- C# 2.0

Database :- SQL SERVER 2000

11


12/70

2.7 LANGUAGE SPECIFICATION

XML and ADO.NET

ADO.NET leverages the power of XML to provide disconnected access

to data. ADO.NET was designed hand-in-hand with the XML classes in the .NET

Framework both are components of a single architecture.

ADO.NET and the XML classes in the .NET Framework converge in the

DataSet object. The DataSet can be populated with data from an XML source,

whether it is a file or an XML stream. The DataSet can be written as World Wide

Web Consortium (W3C) compliant XML, including its schema as XML Schema

definition language (XSD) schema, regardless of the source of the data in the

DataSet. Because the native serialization format of the DataSet is XML, it is anexcellent medium for moving data between tiers making the DataSet an optimal

choice for remoting data and schema context to and from an XML Web service.

The DataSet can also be synchronized with an XmlDataDocument to

provide relational and hierarchical access to data in real time.

12


13/70

ADO.NET Components

The ADO.NET components have been designed to factor data access from data

manipulation. There are two central components of ADO.NET that accomplish

this: the DataSet, and the .NET data provider, which is a set of components

including the Connection, Command, DataReader, and DataAdapter objects.

This is the core component of the disconnected architecture of

ADO.NET. The DataSet is explicitly designed for data access independent of any

data source. As a result it can be used with multiple and differing data sources,

used with XML data, or used to manage data local to the application. The DataSet

contains a collection of one or more DataTable objects made up of rows and

columns of data, as well as primary key, foreign key, constraint, and relationinformation about the data in the DataTable objects.

The other core element of the ADO.NET architecture is the .NET data

providers, whose components are explicitly designed for data manipulation and

fast, forward-only, read-only access to data. The Connection object provides

connectivity to a data source. The Command object enables access to database

commands to return data, modify data, run stored procedures, and send or retrieve

parameter information. The DataReader provides a high-performance stream of

data from the data source. Finally, the DataAdapter provides the bridge between

the DataSet object and the data source. The DataAdapter uses Command objects to

execute SQL commands at the data source to both load the DataSet with data, and

reconcile changes made to the data in the DataSet back to the data source.

You can write .NET data providers for any data source. The .NET

Framework ships with two .NET data providers the SQL Server .NET Data

Provider and the OLE DB .NET Data Provider. The following diagram illustrates

the components of ADO.NET architecture the SQL Server .NET Data Provider and

the OLE DB .NET Data Provider.

The following diagram illustrates the components of ADO.NET architecture

13


14/70

ADO.NET ARCHITECTURE

FIG NO 1:ADO.NET ARCHITECTURE

14


15/70

Remoting or Marshaling Data between Tiers and Clients

The design of the DataSet enables you to easily transport data to

clients over the Web using XML Web services, as well as allowing you to marshal

data between .NET components using .NET Remoting services. You can also

remote a strongly typed DataSet in this fashion. For an overview of XML Web

services.

An overview of remoting services can be found in the .NET Remoting

Overview to note that DataTable objects can also be used with remoting services,

but cannot be transported via an XML Web service.

Ado.Net Platform RequirementsThe Microsoft .NET Framework SDK (including ADO.NET) is

supported on Microsoft Windows 2000, Microsoft Windows NT 4 with Service

Pack 6a, Microsoft Windows Millennium Edition, Microsoft Windows 98, and

Microsoft Windows SE. Use of the SQL Server .NET Data Provider or OLE

DB .NET Data Provider requires the installation of Microsoft Data Access

Components version 2.6 or later.

The following code example shows how to include the System.Data

namespace in your applications, in order to use ADO.NET.

15


16/70

SQL Server

Microsoft and Sybase teamed up to create SQL Server. It ran only on IBMs

OS/2 operating system platform. After release of version 6.5 Microsoft and Sybase

separated and SQL Server made its progress into the competitive market.

SQL Server 6.5, the earlier mainly focused on database design and

implementation. The Latest version 7 is a significant release of SQL Server. In the

version two major changes have been made.

New Server architecture

Inclusion of graphical tools likes Web Assistant Wizard,

Data Transformation services.

However, the new version maintains ANSI standards and 6.x compatibility.SQL Server is an SQL-compliant RDBMS. SQL-complaint means it uses the

ANSI version of Structured Query Language (SQL). SQL is a set of commands

that allows you to modify or retrieve information from the database. The ANSI and

International Standards Organization have defined various standards for SQL.

Most Modern RDBMS products have their own dialect of SQL. For example,

Oracle has PL/SQL.

SQL Server supports SQL-92 standards. It uses a version of SQL called

Transact- SQL. Client/Server means that SQL Server is designed to store data in

the central location (the server) and it can be shared on demand to numerous other

locations (The client). SQL Sever is also a Relational Database Management

System.

16


17/70

Understanding Relational features of SQL Server

Information Representation

In SQL Server data is represented in terms of rows and columns of a table.

Data Stored as a table can be easily visualized, because we encounter data stored in

tables in everyday life. For example, train or plane schedule can be referenced as a

table.

Unique Definition of Rows

The relational model requires each row to be uniquely defined by at least

one or more columns of a table. The unique row requirement ensures that each row

in the table can be accessed and changed independently from other rows of a table.

It means a change made to a row in the table does not affect the other rows. In

Unique Definition of Rows we can make each row of a table unique by using a

feature called a constraint, which is a property that can be placed on a column or

set of columns in a table.

Systematic treatment of Null values

SQL Server, like most RDBMS treats Null values Zeros and blanks

differently. While creating a table, one can specify whether a field allows Null

values or not.

High Level Update, Insert and Delete

In SQL Server if a record is updated or deleted in a master table the

corresponding record in the other table is also updated or dropped, this process of

ensuring that corresponding records of related tables are maintained to keep the

relationship intact is called Referential Integrity.

17


18/70

Query Fundamentals

Once the data is entered in SQL Server database, you need to have a way

to retrieve it, to change it, to add or insert new data or to delete existing data.

In SQL Server, a data that is stored across tables in one or more databases can

be combined using a query.

Query is a request for data stored in SQL Server database. Basically, it

is a specific demand from the user for retrieval, modification or deletion. Query is

fired by the user and is processed by the SQL Server .These are different ways of

accessing the information in SQL Server: Transact SQL is one of them.

18


19/70

Transact-SQL Programming Language

There are several methods of programming SQL Server applications.

Transact-SQL is the SQL database language used by the SQL Server. Client

applications use this language to communicate with the SQL Server. Transact-SQL

is used to create and manipulate database objects as well as for inserting, selecting

and updating data.

Transact-SQL is a standard language for communication between the SQL

Server and the application. The Transact-SQL language is an enhancement to

Structured Query Language (SQL), the ANSI standard relational database

language. It provides comprehensive language for defining tables, inserting,

deleting, updating and accessing the data in the table.

Elements of Transact-SQL

The elements of Transact-SQL are as follows:

Data Definition Language (DDL)

Data Manipulation Language (DML)

Data Control Language (DCL)

19


20/70

MICROSOFT SQL SERVER TOOLS

Enterprise Manager

Query Analyzer

Enterprise Manager

SQL Server Enterprise Manager is a graphical tool that allows easy

configuration and management of Microsoft SQL Server and SQL Server objects.

Enterprise Manager can be found in SQL Server7 program group.

SQL Server Enterprise Manager can also be used to:

Manage Logins, permissions and users

Create Database

Take back up of database and transaction logs

Manage Tables

Query Analyzer

The SQL Server Query Analyzer allows you to create adhoc queries and run

them interactively. The Query Analyzer also has a color-coded editor to assist the

user with checking of syntax. It also has context sensitive help.

20


21/70

VB SCRIPT

Scripting language used mostly at the client level which have the capability

of creating dynamic web pages. The essential need of VBScript is due to the

following requirements

user interaction

data validation

client side utility

FEATURES

Interpreted language

Object oriented support

Provides procedural capabilities

Works on event driven model

Embedded within ML format

Works on DOM (Document Object Model)

21


22/70

ELEMENTS OF VB SCRIPT

Variable

Arrays

Control statements

Functions

Objects

Events

To program with ASP.NET, VB Script is probably the most common

language. VB Scripts only has one data type the variant data type. The variant is

used because of its flexibility with all data types. The variant data type is unique in

the sense that the variant actually changes behavior depending on the type of data

it is storing. The variant uses subtypes to provide some optimization and data type

specific functionality.

22


23/70

Techniques and Algorithm Used

There are two kinds of filtering based on traffic controlling. Ingress

filtering protects the flow of traffic entering into an internal network under

administrative control. We focus on analyzing the traffic at an egress router.

Monitoring traffic at a source network enables early detection of attacks.

Applications:

Detecting anomalies through multiple levels will have a number of

advantages:

(i) by setting a high threshold at each level, anomalies can be detected withhigh confidence;

(ii) depending on operators filtering criteria, he/she can adjust the threshold

between accuracy and flexibility.

(iii) the attributes of attacks.

23


24/70

2.8 SYSTEM DESIGN

Module diagram

Fig No 2. Module Diagram

24

Start

Client

Registration and Login

Selecting fileIngress router

Egress routerSending file

Stop


25/70

UML Diagrams

Use case diagram

Fig No 3 Use Case Diagram

CLASS DIAGRAM

25

Server

Registration

Select FileClient

Sending File

Stores client details

Check server activities

Maintain the error log

Server

File size, File type

Binary reader

Ingress router

IP address

User name

Client Details()

Egress router

Error count

Threat()

Repeated threat()

Client

Prov_id,prov_name,Add IP address

Choose file();

Sending file

Client Data

Socket,Get IP

Server

File size, File type

Binary reader

Ingress router

IP address

User name

Client Details()

Egress router

Error count

Threat()

Repeated threat()

Client

Prov_id,prov_name,Add IP address

Choose file();

Sending file

Client Data

Socket,Get IP


26/70

Fig No 4 Class Diagram

Object Diagram

Fig no 5 Object Diagram

State Diagram

26

Ingress routerClient

Login

Server

Select file

Sending file

Regress router

Client

File selection

File sending ()

Server

Getting IP

Type, size

Binding Data ()

Egress router

User name

File type()File length()

Ingress router

Error log

Threat()

Repeat threat()


27/70

Fig no 6State Diagram

Activity Diagram

27


28/70

Fig no 7 Activity Diagram

Sequence Diagram

28


29/70

Fig no 8 Sequence Diagram

Egress routerNew User Login Client ProvideDetail

Sending file Ingressrouteer

ErrorlogI

User Info

Login Info

User Details

File Details

Check threat

Repeated threat

IncrementingError count

29


30/70

Collaboration Diagram

Fig no 9 Collaboration Diagram

ClientLogin

FileSelection

SendingFile

UserDetails

Error count

CheckingDetails

ErrorMessage

ReceivingFile

1: User Info

2: IP address

3: Details

4: File SizeType of file

5: File creatingTraffic

6: Completed Job

30


31/70

Component Diagram

Fig no 10 Component Diagram

Client

FilleSelection

ClientDetails

Server ErrorMessage

FileDetails

Errorcount

31


32/70

32


33/70

Fig no 12 DATA FLOW DIAGRAM

Transfer file

Client

Login

Yes

No

Stop

VerifyingAddress

Normalfile

File selection

File does not

create traffic

Yes

No

Select another file

Yes

Display error

message

Maintaining error

countNo

33

DATA FLOW DIAGRAM


34/70

Project Flow Diagram

Fig no 13 Project Flow Diagram

System Architecture

Fig no 14 System Architecture

34

Sending file Verification

Receiving file

Choose fileClient

Maintain errorcount

Server

Client

IPaddress

ClientDetails

Login

Server

GuidenceReceiving

FileChecking

ErrorSending

File

Maintaing

Error


35/70

2.8.1 SYSTEM DESIGN AND DEVELOPMENT

System Design

The most creative and challenging phase of the system development is

system design it is a solution, a how to approach to the creation of the proposed

system. It provides the understanding and procedural details necessary for

implementing the system recommended in the feasibility study. Design goes

through the logical and physical stages of development.

At an early stage in designing in new system, the system analyst must

have a clear understanding of the objectives which the design is aiming to fulfill.

The first step is toe determine how the output is to be produced and in what format.

Second input data and the files have to be designed to meet the requirements of the

proposed output.

The operational (processing) phases are handled though program

construction and testing. Finally details related to justification of the system and an

estimate of the impact of the candidate system on the user and the organization are

documented and evaluated by management.

The final report prior to the implementation phase includes procedural

flow charts, records and layout and a workable plan for implementing the

candidate system.

35


36/70

Input Design

Input design is the process of converting user oriented inputs to computer

based format. It also includes determining the record media, method of input,

speed of capture, and entry into the system. Consideration can be given to:

Type of input

Flexibility of format

Speed

Accuracy

Verification methods

Rejection rates

Ease of correction

Offline facilities

Need for specialized documentation

Storage and handling requirements

Automatic features

Hard copy requirements

Security

Ease of use

Portability

Compatibility with other system

Cost etc.,

Keyboard may be used as in input media. The data are displayed on

cathode ray tube screen for verification. In accurate input data are the most

common cause of errors in data processing. Errors entered by the user can be

controlled by input design.

In this project USER NAME, PASSWORD and etc., are given as input.

36


37/70

Output Design

The normal procedure is to design the outputs in detail first and then to

work back to the inputs. The outputs can be in the form of operational documents,

lengthy reports. The input records have to be validated, edited, organized and

accepted by the system before being processed to produse the outputs. The output

may have been defined, in terms of:

Type of output

Content

Format

Location

Frequency

Response

Volume

Sequence

Action required

The next stage is to determine the most appropriate medium for output

Consideration will be:

Suitability of the device to the particular application

The need for hard copy

The response time required

The location of the user

The software/hardware available and the cost

37


38/70

Code Design

The process of code is to facilitate the identification and retrieval of

items of information. The code should be simple and easily understandable. The

codes were designed in such a way that the features such as optimum human-

oriented use and machine efficiency are unaffected.

For the code to be designed effectively, the following characteristics

were also considered while designing the code.

Uniqueness

Versatility

Stability

Simplicity

Consciousness

The code should be adequate for present and anticipated data processing for

machine and human use. Care was taken to minimize the clerical effort andcomputer time required to continue operations.

38


39/70

Database Design

All the general activities of the application is identified in the system

analysis stage. For the list of activities identified, the subject areas of the

application need to maintain. Identified the activities and relationship between the

tables primary keys were identified.

List all the data needed to be used in the application . These data describes

the tables. The supporting data identified becomes the names of the columns in the

table.

Normalization is a series of tests used against the data to eliminateredundancy and make sure the data is associated with the correct table or

relationship. Normal forms are tests usually used to normalize data. Data

structuring is refined through the process of normalization.

Normalization is used to reduce data redundancy. All the tables identified in

the system are subjected to the first normal form, second normal form and the third

normal form.

The data is analyzed before normalization to set the primary key of each

table. After the normalization process the relationship between the tables were

resolved. Relationships, like one-to-many, one-to-one must be set carefully.

39


40/70

2.9 TESTING

TESTING TECHNIQUES

Software testing is a critical element of software quality assurance and

represents the ultimate review of specification, design and code generation. Once

source code has been generated, software must be tested to uncover (and correct)

as many errors as possible before delivery to the customer.

Software is tested from two different perspectives:

Internal program logic is exercised using 'White Box' test case design

techniques.

Software requirements are exercised using 'Black Box' test case design

techniques.

In both cases the intention is to find the maximum number of errors with the

minimum amount of effort and time.

40


41/70

Testing Strategies

Designing effective test cases is important, but so is the strategy you use to

execute them. Testing is a set of activities that can be planned in advance and

conducted systematically. For this reason a template for software testing - a set of

steps into which we can place specific test case design techniques and testing

methods - should be defined for the software process.

A strategy for software testing must accommodate low-level tests that are

necessary to verify that a small source code segment has been correctly

implemented as well as high-level tests that validate major system functions

against customer requirements.

Verification and Validation

Software testing is one element of a broader topic that is often referred to as

Verification and Validation. Verification refers to the set of activities that ensure

that software correctly implements a specific function. Validation refers to a

different set of activities that ensure that the software that has been built is

traceable to customer requirements.

Verification:"Are we building the product right?"

Validation: "Are we building the right product?"

Verification and Validation encompasses a wide array of SQA (Software

Quality Assurance) activities that include formal technical reviews, quality and

configuration audits, performance monitoring, simulation, feasibility study,

documentation review, database review, algorithm analysis, development testing,

qualification testing, and installation testing.

41


42/70

Software Testing Strategy

The software engineering process may be viewed as the spiral. Initially,

system engineering defines the role of software and leads to software requirement

analysis, where the information domain, function, behavior, performance,

constraints and validation criteria for software are established.

A Strategy for software testing may also be viewed in the context of the

spiral. Unit Testing begins at the vortex of the spiral and concentrates on each unit

of the software as implemented in source code. Testing progresses by moving

outward along the spiral as to Integration testing, where the focus is on design and

the construction of the software architecture. Taking another turn outward on thespiral, we encounter validation testing, where requirements established as part of

software requirement analysis are validated against the software that has been

constructed. Finally, we arrive at system testing, where the software and other

system elements are test as a whole.

Unit Testing

At a very lowest level is Unit Testing, where the programmer who

writes the code testing the same as per the detailed specification. Each individual

programs of the software were tested and the outputs obtained were found

satisfactory.

42


43/70

Integration Testing

Top-Down integration testing is used, which is an incremental approach to

construction of program structure. Modules are integrated by moving downward

through the control hierarchy, beginning with the main control module. Modules

subordinate to the main control module are incorporated into the structure in either

a depth-first or breadth-first manner.

Therefore in this Project we are using the Depth-First Method for testing

and executing the Modules.

First username and password is checked. If it is valid go to the next module

Here Host name is checked.

Next selecting a file and Encryption and Decryption are tested and also the

corresponding tables are also checked.

Validation Testing

Validation succeeds when software functions in a manner that can be

reasonably expected by the customer. It is done by executing the application with a

set of inputs, for which the manual result is ready. The application's output and the

required output is tallied with the manual one. There may be two conditions -

performance satisfactory and accepted or deviations / deficiencies uncovered for

which a solution is found.

Enter Login ID and password of the registered user, and execute the Login

Process for the same and verify the results.

Enter the Host Name and checks whether it is true or not.

43


44/70

2.9.1 SYSTEM TESTING

Recovery Testing

It is a system test that forces the software to fail in a variety of ways and

verifies that recovery is properly performed.

This application requires human intervention.

Security Testing

It attempts to verify that protection mechanisms built into a system will, in

fact, protect it from improper penetration using the following measures: Using certain commands, which are not permitted and granted by the

DBA in Oracle 9i.

Using a wrong User Name or a Password will not allow the user to login

to that particular page.

Trying to edit the entries where permission is not granted.

Performance Testing

It is designed to test the run-time performance of software within the

context of an integrated system In addition the following test strategies are also

carried out during the test period.

44


45/70

Application Function Test

The functionality of Client Application is tested using the methods of

Software testing strategies, Unit testing, Validation testing and Integration testing.

Server Test: The coordination and Data Management Function of the Server are

tested. Server performance i.e. overall response time and data throughput is also

considered.

Database Test

The accuracy and integrity of data stored by the server is tested.

Transactions posted by clients application are examined to ensure that data areproperly stored, updated and retrieved.

Transaction Testing

A series of test are made to ensure that each class of transaction is processed

according to the requirements.

Acceptance Testing

When the user finds no major problems with its accuracy, the system passes

through a final acceptance test. This confirms that the system meets the original

goals, objectives and requirements established during analysis. The responsibilities

for acceptance test falls on the shoulders of the users and management. If the

system fulfills all requirements, it is finally acceptable and ready for operation.

45


46/70

2.10 IMPLEMENTATION

System Implementation is the process of converting a new

record design in to an operational one. It is the key stage in achieving a successful

new system because usually it involves a lot of uphill in the user. It involves user

training, system testing and successful running of the new system Apart from

planning; the two major tasks of preparing for implementation are educational

training of users and testing of the system.

Implementation Procedures

The procedures of implementation includes Testing

Training

Installation

Changeover

Testing: Software testing is a critical element of software quality assurance andrepresent the ultimate reviews of the requirement specification, design and coding.

Before the system turns out into a tangible implementation from an abstract

concept, it is to be thoroughly tested and verified. Testing is the phase where the

errors in study, design and coding is identified. Testing uncovers the problems that

are left unsolved by the system. It also proves user acceptance and attitude of users

towards the developed software.

46


47/70

CHAPTER 3

CONCLUSION AND FUTURE ENHANCEMENT

In this Project the feasibility of analyzing packet header

data through wavelet analysis for detecting traffic anomalies.

Specifically, and the proposed use of correlation of destination IP

addresses, port numbers and the number of flows in the outgoing

traffic at an egress router. Our results show that statistical

analysis of aggregate traffic header data may provide an effective

mechanism for the detection of anomalies within a campus

oredge network.

FUTURE ENHANCEMENT

In this effectiveness of our approach in postmortem and real-

time analysis of network traffic. The results of our analysis are

encouraging and point to a number of interesting directions for

future research.

47


48/70

APPENDICES

APPENDIX 1: SAMPLE CODING

server

using System;

using System.Collections.Generic;

using System.ComponentModel;

using System.Data;

using System.Drawing;

using System.Text;

using System.Windows.Forms;

using System.Data.SqlClient;

namespace trafficServer

{

publicpartialclasslogin : Form

{

SqlCommand cmd;

SqlDataReaderdr; SqlConnection cn;

publicstaticString m;

public login()

{

48


49/70

InitializeComponent();

}

privatevoid btnLog_Click(object sender, EventArgs e)

{

m = "" + textBox1.Text + "";

Recieve rec = newRecieve();

rec.Show();

}

privatevoid button1_Click(object sender, EventArgs e)

{ if((txtUser.Text != "") && (txtPass.Text != ""))

{

cn = new SqlConnection("server=.;initial

catalog=Yokesh;uid=sa;pwd=;");

cn.Open();

cmd = newSqlCommand("Select * from login1 where username='" +

txtUser.Text + "' AND pass='" + txtPass.Text + "'", cn);

dr = cmd.ExecuteReader();

dr.Read();

if(dr.HasRows)

{

//groupBox1.Visible = false;

groupBox2.Visible = true;

button1.Enabled = false;

btnCancel.Enabled = false;

txtUser.Text = "";

txtPass.Text = "";

49


50/70

}

else

{

lblError.Text = "";

lblError.Text = "Username or Password Incorrect";

}

} else

{

lblError.Text = "User Name or Password cannot be blank";

}

}

privatevoid btnServerPath_Click(object sender, EventArgs e)

{

rdoDefault.Checked = false;

FolderBrowserDialog fd = newFolderBrowserDialog();

if(fd.ShowDialog() == DialogResult.OK)

{

Server.receivedPath = fd.SelectedPath;

}

txtFilePath.Text= Server.receivedPath;

}

50


51/70

Client

publicvoid btnLogin_Click(object sender, EventArgs e)

{

cn = newSqlConnection("server=.;initial catalog=Yokesh;uid=sa;pwd=;");

cn.Open();

string server = "" + txtUname.Text + ".txt";

Servername = "" + textBox1.Text + "";

string path3 = "\\\\" + Servername + "/DOTNET/" + server + ""; if(System.IO.File.Exists(path3))

{

lblError1.Text = "";

lblError1.Text = "Contact Admin To use the tool";

txtUname.Text = "";

txtPass.Text = "";

}

else

{

fileName = "uname.txt";


path = "\\\\" + Servername + "/DOTNET/" + fileName + "";

// path = "\\\\" + Servername + "/DOT NET/" + server + "";

FileStream fileStr = newFileStream(path, FileMode.Create,

FileAccess.Write);

51


52/70

StreamWritersw = newStreamWriter(fileStr);

sw.Write(txtUname.Text);

sw.Close();

fileStr.Close();


sendFile objsendfile = newsendFile();

objsendfile.Show();

//this.Hide();

}


{cn = newSqlConnection("server=.;initial catalog=Yokesh;uid=sa;pwd=;");

cn.Open();

if((txtUname.Text != "") && (txtPass.Text != ""))

{

cmd = newSqlCommand("Select * from login where username='" +

txtUname.Text + "' AND pass='" + txtPass.Text + "'", cn);


dr.Read();

if(dr.HasRows)

{


txtUname.Text = "";

txtPass.Text = "";


}

52


53/70

Codes:

Server

using System;



using System.Data;


using System.Text;using System.Windows.Forms;

using System.Data.SqlClient;

namespace trafficServer

{

publicpartialclasslogin : Form

{

SqlCommand cmd;

SqlDataReaderdr;

SqlConnection cn;

publicstaticString m;

public login()

{


}

privatevoid btnLog_Click(object sender, EventArgs e)

{

m = "" + textBox1.Text + "";

53


54/70

Recieve rec = newRecieve();

rec.Show();

}


{

if((txtUser.Text != "") && (txtPass.Text != ""))

{

cn = new SqlConnection("server=.;initial

catalog=Yokesh;uid=sa;pwd=;");

cn.Open();

cmd = newSqlCommand("Select * from login1 where username='" +txtUser.Text + "' AND pass='" + txtPass.Text + "'", cn);


dr.Read();

if(dr.HasRows)

{




btnCancel.Enabled = false;

txtUser.Text = "";

txtPass.Text = "";

}

else

{

lblError.Text = "";

lblError.Text = "Username or Password Incorrect";

}

54


55/70

}

else

{

lblError.Text = "User Name or Password cannot be blank";

}

}

privatevoid btnServerPath_Click(object sender, EventArgs e)

{

rdoDefault.Checked = false; FolderBrowserDialog fd = newFolderBrowserDialog();

if(fd.ShowDialog() == DialogResult.OK)

{

Server.receivedPath = fd.SelectedPath;

}

txtFilePath.Text= Server.receivedPath;

}

Client

publicvoid btnLogin_Click(object sender, EventArgs e)

{


cn.Open();

string server = "" + txtUname.Text + ".txt";


55


56/70

string path3 = "\\\\" + Servername + "/DOTNET/" + server + "";

if(System.IO.File.Exists(path3))

{


lblError1.Text = "Contact Admin To use the tool";

txtUname.Text = "";

txtPass.Text = "";

}

else

{fileName = "uname.txt";


path = "\\\\" + Servername + "/DOTNET/" + fileName + "";

// path = "\\\\" + Servername + "/DOT NET/" + server + "";

FileStream fileStr = newFileStream(path, FileMode.Create,

FileAccess.Write);

StreamWritersw = newStreamWriter(fileStr);

sw.Write(txtUname.Text);

sw.Close();

fileStr.Close();


sendFile objsendfile = newsendFile();

objsendfile.Show();

//this.Hide();

}


{

56


57/70


cn.Open();

if((txtUname.Text != "") && (txtPass.Text != ""))

{

cmd = newSqlCommand("Select * from login where username='" +

txtUname.Text + "' AND pass='" + txtPass.Text + "'", cn);


dr.Read();

if(dr.HasRows)

{

groupBox2.Visible = true;txtUname.Text = "";

txtPass.Text = "";


}

else

{


lblError1.Text = "Username or Password Incorrect";

}

}

else

{

lblError1.Text = "User Name or Password cannot be blank";

}

using System;



57


58/70

namespace trafficClient

{

staticclassProgram

{

[STAThread]

staticvoid Main()

{

Application.EnableVisualStyles();

Application.SetCompatibleTextRenderingDefault(false);

Application.Run(newlogin());

}}

}

using System;



using System.Data;


using System.Text;


using System.Net;

using System.IO;


{

publicpartialclassCheckServer: Form

{

58


59/70

publicstring Server = "";

publicString Filename = login.fileName;

publicString Servername = login.Servername;

public CheckServer()

{


}

privatevoid CheckServer_Load(object sender, EventArgs e)

{}

privatevoid btnServer_Click(object sender, EventArgs e)

{ if(System.IO.File.Exists(path))

{

StreamReadersr = newStreamReader(path);

Server = sr.ReadLine();

MessageBox.Show("Server Connected");

lblIP.Text = Server;

sendFile sf = newsendFile();

sf.Show();

this.Close();

}

else

{

MessageBox.Show( "Server is not connected Contact Admin");

sendFile sf = newsendFile();

sf.btnSend.Enabled = false;

sf.Show();

this.Close();

59


60/70

}

}

}


{

partialclasssendFile

{

private System.ComponentModel.IContainercomponents = null;

protectedoverridevoid Dispose(bool disposing)

{

if(disposing && (components != null)){

components.Dispose();

}

base.Dispose(disposing);

}

#region Windows Form Designer generated code

privatevoid InitializeComponent()

{

this.lblError = new System.Windows.Forms.Label();

this.lblS = new System.Windows.Forms.Label();

this.lblf = new System.Windows.Forms.Label();

this.btnSend = new System.Windows.Forms.Button();

this.btnOpen = new System.Windows.Forms.Button();

this.txtFilename = new System.Windows.Forms.TextBox();

this.lblFilesize = new System.Windows.Forms.Label();

this.btnAvail = new System.Windows.Forms.Button();

this.groupBox1 = new System.Windows.Forms.GroupBox();

60


61/70

this.label1 = new System.Windows.Forms.Label();

this.groupBox1.SuspendLayout();

this.SuspendLayout();

this.lblError.AutoSize = true;

this.lblError.Font = new System.Drawing.Font("Forte", 14.25F,

System.Drawing.FontStyle.Italic, System.Drawing.GraphicsUnit.Point, ((byte)

(0)));

this.lblError.ForeColor = System.Drawing.Color.Maroon;

this.lblError.Location = new System.Drawing.Point(99, 221);

this.lblError.Margin = new System.Windows.Forms.Padding(4, 0, 4, 0);

this.lblError.Name = "lblError"; this.lblError.Size = new System.Drawing.Size(0, 21);

this.lblError.TabIndex = 14;

this.lblS.AutoSize = true;

this.lblS.Font = new System.Drawing.Font("Forte", 14.25F,


(0)));

this.lblS.ForeColor = System.Drawing.Color.Red;

this.lblS.Location = new System.Drawing.Point(85, 177);

this.lblS.Margin = new System.Windows.Forms.Padding(4, 0, 4, 0);

this.lblS.Name = "lblS";

this.lblS.Size = new System.Drawing.Size(84, 21);

this.lblS.TabIndex = 12;

this.lblf.AutoSize = true;

this.lblf.Font = new System.Drawing.Font("Forte", 14.25F,


(0)));

this.lblf.ForeColor = System.Drawing.Color.Red;

61


62/70

this.lblf.Location = new System.Drawing.Point(88, 91);

this.lblf.Margin = new System.Windows.Forms.Padding(4, 0, 4, 0);

this.lblf.Name = "lblf";

this.lblf.Size = new System.Drawing.Size(101, 21);

this.lblf.TabIndex = 10;

this.lblf.Text = "Flie Name:";

this.btnSend.Font = new System.Drawing.Font("Forte", 14.25F,


(0)));

this.btnSend.ForeColor = System.Drawing.Color.Maroon;

this.btnSend.Location = new System.Drawing.Point(734, 286); this.btnSend.Margin = new System.Windows.Forms.Padding(4);

this.btnSend.Name = "btnSend";

this.btnSend.Size = new System.Drawing.Size(124, 32);

this.btnSend.TabIndex = 3;

this.btnSend.Text = "Send";

this.btnSend.UseVisualStyleBackColor = true;

this.btnSend.Click += new System.EventHandler(this.btnSend_Click);

this.btnOpen.Font = new System.Drawing.Font("Forte", 14.25F,


(0)));

this.btnOpen.ForeColor = System.Drawing.Color.Maroon;

this.btnOpen.Location = new System.Drawing.Point(759, 80);

this.btnOpen.Margin = new System.Windows.Forms.Padding(4);

this.btnOpen.Name = "btnOpen";

this.btnOpen.Size = new System.Drawing.Size(124, 32);

this.btnOpen.TabIndex = 1;

this.btnOpen.Text = "Open File";

62


63/70

this.btnOpen.UseVisualStyleBackColor = true;

this.btnOpen.Click += new System.EventHandler(this.btnOpen_Click);

this.txtFilename.Font = new System.Drawing.Font("Forte", 14.25F,


(0)));

this.txtFilename.ForeColor = System.Drawing.Color.Maroon;

this.txtFilename.Location = new System.Drawing.Point(244, 77);

this.txtFilename.Margin = new System.Windows.Forms.Padding(4);

this.txtFilename.Name = "txtFilename";

this.txtFilename.Size = new System.Drawing.Size(465, 33);

this.txtFilename.TabIndex = 2; this.lblFilesize.AutoSize = true;

this.lblFilesize.Font = new System.Drawing.Font("Forte", 14.25F,


(0)));

this.lblFilesize.ForeColor = System.Drawing.Color.Maroon;

this.lblFilesize.Location = new System.Drawing.Point(237, 177);

this.lblFilesize.Margin = new System.Windows.Forms.Padding(4, 0, 4, 0);

this.btnAvail.ForeColor = System.Drawing.Color.Maroon;

this.btnAvail.Location = new System.Drawing.Point(164, 286);

this.btnAvail.Margin = new System.Windows.Forms.Padding(4);

this.btnAvail.Name = "btnAvail";

this.btnAvail.Size = new System.Drawing.Size(228, 32);

this.btnAvail.TabIndex = 0;

this.btnAvail.Text = "Check Availability";

this.btnAvail.UseVisualStyleBackColor = true;

this.btnAvail.Click += new System.EventHandler(this.btnAvail_Click);

this.groupBox1.Controls.Add(this.txtFilename);

63


64/70

this.groupBox1.Controls.Add(this.btnAvail);

this.groupBox1.Controls.Add(this.btnOpen);

this.groupBox1.Controls.Add(this.btnSend);

this.groupBox1.Controls.Add(this.lblError);

this.groupBox1.Controls.Add(this.lblf);

this.groupBox1.Controls.Add(this.lblFilesize);

this.groupBox1.Controls.Add(this.lblS);

this.groupBox1.Location = new System.Drawing.Point(30, 100);

this.groupBox1.Name = "groupBox1";

this.groupBox1.Size = new System.Drawing.Size(1027, 448);

this.groupBox1.TabIndex = 15; this.groupBox1.TabStop = false;

this.label1.AutoSize = true;

this.label1.Font = new System.Drawing.Font("Forte", 24F,


(0)));

this.label1.ForeColor = System.Drawing.Color.Red;

this.label1.Location = new System.Drawing.Point(230, 32);

this.label1.Name = "label1";

this.label1.Size = new System.Drawing.Size(269, 35);

this.label1.TabIndex = 16;

this.label1.Text = "Send File To Server";

this.Controls.Add(this.label1);

this.Controls.Add(this.groupBox1);

this.Font = new System.Drawing.Font("Palatino Linotype", 9.75F,

System.Drawing.FontStyle.Regular, System.Drawing.GraphicsUnit.Point, ((byte)

(0)));

this.Margin = new System.Windows.Forms.Padding(4);

64


65/70

this.Name = "sendFile";

this.Text = "sendFile";

System.Windows.Forms.FormClosedEventHandler(this.sendFile_FormClosed);

this.Load += new System.EventHandler(this.sendFile_Load);

this.groupBox1.ResumeLayout(false);

this.groupBox1.PerformLayout();

this.ResumeLayout(false);

this.PerformLayout();

}

#endregion

private System.Windows.Forms.Label lblError; private System.Windows.Forms.Label lblS;

private System.Windows.Forms.Label lblf;

private System.Windows.Forms.Button btnOpen;

private System.Windows.Forms.TextBox txtFilename;

private System.Windows.Forms.Label lblFilesize;

private System.Windows.Forms.Button btnAvail;

private System.Windows.Forms.GroupBox groupBox1;

private System.Windows.Forms.Label label1;

public System.Windows.Forms.Button btnSend;

}

}

65


66/70

APPENDIX: 2 SCREEN SHOTS

66


67/70

67


68/70

68


69/70

69


70/70

REFERENCES

1. A. Ramanathan, WADeS: A tool for distributed denial of service attack

detection M.S. thesis, TAMU-ECE-2002-02, Aug. 2002.

2. NLANR measurement and operations analysis team, NLANR Network

Traffic Packet Header Traces, Aug. 2002

3. J. Mirkovic, G. Prier, and P. Reiher, Attacking DDoS at the source,

inIEEE Int. Conf. Network Protocols, Nov. 2002.

4. CERT Advisory CA-2003-04 MS-SQL Server Worm, CERT

Coordination Ctr.(CERT/CC),Jan 2003

5. Packeteer, PacketShaper Express, white paper, 2003

6. KREONet2 (Korea Research Environment Open NETwork2).

7. Garg and A. L. N. Reddy, Mitigation of DoS attacks through QoS

regulation, inProc. IWQOS, May 2002

Sites Referred:

1. http://www.pma.nlanr.net/Traces/2. http://www.cert.org/advisories/CA-2003-04.html

3. http://www.packeteer.com/resources/prod-sol/ Xpress_Whitepaper.pdf.

4. http://www.kreonet2.net
http://www.pma.nlanr.net/Traces/http://www.cert.org/advisories/CA-2003-04.htmlhttp://www.kreonet2.net/http://www.pma.nlanr.net/Traces/http://www.cert.org/advisories/CA-2003-04.htmlhttp://www.kreonet2.net/

9.chera docums donedone

Documents

Transcript of 9.chera docums donedone