PACKET TRACEBACK SYSTEM
-
Upload
aish-warya -
Category
Documents
-
view
227 -
download
0
Transcript of PACKET TRACEBACK SYSTEM
-
8/12/2019 PACKET TRACEBACK SYSTEM
1/50
1
INTRODUCTION
1.1 ABOUT THE PROJECT
The denial-of-service (DoS) attack has been a pressing problem in recent years. DoS
defense research has blossomed into one of the main streams in network security. Various
techniques such as the pushback message, ICMP trace back, and the packet filtering techniques
are the results from this active field of research. The probabilistic packet marking (PPM)
algorithm by Savage et al. has attracted the most attention in contributing the idea of IP trace
back. The most interesting point of this IP trace back approach is that it allows routers to encode
certain information on the attack packets based on a predetermined probability. Upon receiving asufficient number of marked packets, the victim (or a data collection node) can construct the set
of paths that the attack packets traversed and, hence, the victim can obtain the location(s) of the
attacker(s).
The goal of the PPM (Probabilistic Packet Marking Algorithm) algorithm is to obtain a
constructed graph such that the constructed graph is the same as the attack graph, where an
attack graph is the set of paths the attack packets traversed, and a constructed graph is a graph
returned by the PPM algorithm. To fulfill this goal, Savage etal, suggested a method for
encoding the information of the edges of the attack graph into the attack packets through the
cooperation of the routers in the attack graph and the victim site. Specifically, the PPM algorithm
is made up of two separated procedures: the packet marking procedure, which is executed on the
router side, and the graph reconstruction procedure, which is executed on the victim side.
-
8/12/2019 PACKET TRACEBACK SYSTEM
2/50
2
1.2 PROBABILISTIC PACKET MARKING ALGORITHM
PPM algorithm is used to obtain a constructed graph. The constructed graph is the same
as the attack graph. An attack graph is the set of paths, the attack packets traversed. Aconstructed graph is a graph returned by the PPM algorithm. To full fill this method for
encoding the information of the edges of the attack graph into the attack packets through the
cooperation of the routers in the attack graph and the victim site. Specifically, the PPM
algorithm is made up of two separated procedures:
1. The packet marking procedure: The Packet Marking Procedure is executed on the
router side.
2. The graph reconstruction procedure: The graph reconstruction procedure is executed
on the victim side.
The packet marking procedure aims at encoding every edge of the attack graph and the routers
encode the information in three marking fields of an attack packet:
1) The start
2) 2) The end
3) 3) The distance field.
When a packet arrives at a router, the router determines how the packet can be processed based on a random number x. If x is less than the predefined marking probability the
router chooses to start encoding an edge. The router sets the start field of the incoming packet
to the routers address and resets the distance field of that packet to zero. Then, the router
forwards the packet.
-
8/12/2019 PACKET TRACEBACK SYSTEM
3/50
-
8/12/2019 PACKET TRACEBACK SYSTEM
4/50
4
LITERATURE SURVEY
ICMP Trace back Message (2003), this paper describes, that it is often
useful to learn the path that packets take through the Internet. This is important fordealing with certain denial-of-service attacks, where the source of the IP is forged. It
includes path characterization and trace out router. When forwarding packets, routers
with a low probability, generate a trace back message that is sent along to the destination
or back to the source. With enough trace back messages from enough routers along the
path, the traffic source and the path of forged packets canbe determined.
Practical Network Support for IP Trace back (2000), this paper describes a
technique for tracing anonymous attacks in the Internet back to their source. This work is
motivated by the increased frequency and sophistication of denial-of-service attacks and
by the difficulty in tracing packets with incorrect. It describe a general purpose trace back
mechanism based on probabilistic packet marking in the network. Our approach allows a
victim to identify the network path(s) traversed by an attacker without requiring
interactive operational support from Internet Service Providers (ISPs).
Network Ingress Filtering:Defeating Denial of Service Attacks which
employIP Source Address Spoofing (2000), this paper describes Recent
occurrences of various Denial of Service (DoS) attacks which have employed forged
source addresses have proven to be a troublesome issue for Internet Service Providers
and the Internet community overall. This paper discusses a simple, effective, and
straightforward method for using ingress traffic filtering to prohibit DoS attacks which
use forged IP addresses to be propag atedfrom behind an Internet Service Providers
(ISP) aggregation point.
-
8/12/2019 PACKET TRACEBACK SYSTEM
5/50
5
Implementing Push back: Router-Based Defense Against DDOS Attacks
(2002), this paper describes the Pushback is a mechanism for defending against
Distributed denial-of-service (DDOS) attacks. DDOS attacks are treated as a congestion-
control problem, but because most such congestion is caused by malicious hosts notobeying traditional end-to-end congestion control, the problem must be handled by the
routers. Functionality is added to each router to detect and preferentially drop packets that
probably belong to an attack. Upstream routers are also notified to drop such packets in
order that the routers resour ces be used to route legitimate traffic.
An Algebraic Approach to IP Trace back (2002), this paper describes a new
solution to the problem of determining the path a packet traversed over the Internet
(called the trace back problem) during a denial of service attack. This paper reframes the
trace back problem as a polynomial reconstruction problem and uses algebraic techniques
from coding theory and learning theory to provide robust methods of transmission and
reconstruction.
Advanced and Authenticated Marking Schemes for IP Traceback
(2001), this paper describes Defending against distributed denial-of-service attacks is
one of the hardest security problems on the Internet today. One difficulty to thwart these
attacks is to trace the source of the attacks because they often use incorrect, or spoofed IP
source addresses to disguise the true origin. In this paper, we present two new schemes,
the Advanced Marking Scheme and the Authenticated Marking Scheme, which allow the
victim to traceback the approximate origin of spoofed IP packets. Our techniques feature
low network and router overhead, and support incremental deployment. In contrast to
previous work, our techniques have significantly higher precision (lower false positiverate) and lower computation overhead for the victim to reconstruct the attack paths under
large scale distributed denialof-service attacks. Furthermore the Authenticated Marking
Scheme provides efficient authentication of routers markings such that even a
compromised router cannot forge or tamper markings from other uncompromised routers.
-
8/12/2019 PACKET TRACEBACK SYSTEM
6/50
6
SYSTEM ANALYSIS
3.1 FEASIBLITY STUDY
The feasibility of the project is analyzed in this phase and business proposal is put
forth with a very general plan for the project and some cost estimates. During system analysis
the feasibility study of the proposed system is to be carried out. This is to ensure that the
proposed system is not a burden to the company. For feasibility analysis, some
understanding of the major requirements for the system is essential.
Three key considerations involved in the feasibility analysis are
ECONOMICAL FEASIBILITY TECHNICAL FEASIBILITY SOCIAL FEASIBILITY
3.2 ECONOMICAL FEASIBILITY:
This study is carried out to check the economic impact that the system will have
on the organization. The amount of fund that the company can pour into the research and
development of the system is limited. The expenditures must be justified. Thus the developed
system as well within the budget and this was achieved because most of the technologies used
are freely available. Only the customized products had to be purchased.
3.3 TECHNICAL FEASIBILITY
This study is carried out to check the technical feasibility, that is, the technical
requirements of the system. Any system developed must not have a high demand on the available
technical resources. This will lead to high demands on the available technical resources. This
will lead to high demands being placed on the client. The developed system must have a modest
requirement, as only minimal or null changes are required for implementing this system.
-
8/12/2019 PACKET TRACEBACK SYSTEM
7/50
7
3.4 SOCIAL FEASIBILITY
The aspect of study is to check the level of acceptance of the system by the user.This includes the process of training the user to use the system efficiently. The user must not feel
threatened by the system, instead must accept it as a necessity. The level of acceptance by the
users solely depends on the methods that are employed to educate the user about the system and
to make him familiar with it. His level of confidence must be raised so that he is also able to
make some constructive criticism, which is welcomed, as he is the final user of the system.
3.5 EXISTING SYSTEM
In the existing system PPM algorithm is not perfect, as its termination condition is notwell defined.
. Without proper termination condition the attack graph constructed by the PPM algorithm
would be wrong.
It supports only single attacker environment
3.6 PROPOSED SYSTEM
In this system we proposed the RPPM Algorithm to encode the packet in the router todetect the attacked packets.
The RPPM algorithm is free to determine the correctness of the constructed graph. It supports multiple attacker environment.
The constructed graph is the same as the attack graph, where an attack graph is the set of paths the attack packets traversed.
In this algorithm, the termination condition is well defined using TPN calculation.
-
8/12/2019 PACKET TRACEBACK SYSTEM
8/50
8
SYSTEM SPECIFICATION
4.1 SOFTWARE REQUIREMENTS:
Operating System : Windows XP professional Front End : Java 1.4 Language : Java Back End : Oracle 8i
4.2 HARDWARE REQUIREMENTS:
Processor : Dual Core or Latest Core I Processors Hard Disk : 80 GB Ram : 1 GB Monitor : 1024x768 Resolution monitor Input : Standard Mouse and Keyboard
-
8/12/2019 PACKET TRACEBACK SYSTEM
9/50
9
SOFTWARE DESCRIPTION
Java Technology
Initially the language was called as oak but it was renamed as Java in 1995. The
primary motivation of this language was the need for a platform-independent (i.e., architecture
neutral) language that could be used to create software to be embedded in various consumer
electronic devices.
Java is a programmers language. Java is cohesive and consistent.
Except for those constraints imposed by the Internet environment, Java gives the programmer, full control.
Finally, Java is to Internet programming where C was to system programming.
Importance of Java to the Internet
Java has had a profound effect on the Internet. This is because; Java expands the
Universe of objects that can move about freely in Cyberspace. In a network, two categories of
objects are transmitted between the Server and the Personal computer. They are: Passive
information and Dynamic active programs. The Dynamic, Self-executing programs cause serious
problems in the areas of Security and probability. But, Java addresses those concerns and by
doing so, has opened the door to an exciting new form of program called the Applet.
Java can be used to create two types of programs
Applications and Applets :An application is a program that runs on our Computer under the operating system of that
computer. It is more or less like one creating using C or C++. Javas ability to create Applets
makes it important. An Applet is an application designed to be transmitted over the Internet and
executed by a Java compatible web browser. An applet is actually a tiny Java program,
dynamically downloaded across the network, just like an image. But the difference is, it is an
intelligent program, not just a media file. It can react to the user input and dynamically change.
-
8/12/2019 PACKET TRACEBACK SYSTEM
10/50
10
5.1 Features of Java Security
Every time you that you download a normal program, you are risking a viral infection.Prior to Java, most users did not download executable programs frequently, and those who did
scan them for viruses prior to execution. Most users still worried about the possibility of
infecting their systems with a virus. In addition, another type of malicious program exists that
must be guarded against. This type of program can gather private information, such as credit card
numbers, bank account balances, and passwords. Java answers both these concerns by providing
a firewall between a network application and your computer.
When you use a Java-compatible Web browser, you can safely download Java applets
without fear of virus infection or malicious intent.
5.2 Java Virtual Machine (JVM)
Beyond the language, there is the Java virtual machine. The Java virtual machine is an
important element of the Java technology. The virtual machine can be embedded within a web
browser or an operating system. Once a piece of Java code is loaded onto a machine, it is
verified. As part of the loading process, a class loader is invoked and does byte code verification
makes sure that the code thats has been generated by the compiler will not corrupt the machine
that its loaded on. Byte code verification take s place at the end of the compilation process to
make sure that is all accurate and correct. So byte code verification is integral to the compiling
and executing of Java code.
Overall Description:
Java
Source Java byte code Java V
M
Java .Class
-
8/12/2019 PACKET TRACEBACK SYSTEM
11/50
11
Picture showing the development process of JAVA Program
Java programming uses to produce byte codes and executes them. First Java source code
is located in a. Java file that is processed with a Java compiler called javac. The Java compiler produces a file called a. class file, which contains the byte code. The .Class file is then loaded
across the network, which interprets and executes the byte code.
Java Architecture
Java architecture provides a portable, robust, high performing environment for
development. Java provides portability by compiling the byte codes for the Java Virtual
Machine, which is then interpreted on each platform by the run-time environment. Java is a
dynamic system, able to load code when needed from a machine in the same room or across the
planet.
Compilation of code
When you compile the code, the Java compiler creates machine code (called byte code)
for a hypothetical machine called Java Virtual Machine (JVM). The JVM is supposed to execute
the byte code. The JVM is created for overcoming the issue of portability. The code is written
and compiled for one machine and interpreted on all machines. This machine is called Java
Virtual Machine.
Java Virtual Machine
-
8/12/2019 PACKET TRACEBACK SYSTEM
12/50
12
5.3TECHNOLOGY INFRASTRUCTURE:
CORE JAVA:
Java can be used to create two types of programs: application and applet. An application
is a program that runs on your computer, under the operating system of that computer. That is, anapplication created by java is more or less like one created using C or C++. When used to create
application, java is not much different from any other computer language. Rather, it is javas
ability to create applets that makes it important. An applet is an application designed to be
transmitted over the internet and executed by a java-compatible Web Browser. An applet is
actually a tiny java program, dynamically downloaded across the network, just like an image,
sound file, or video clip. The important difference is that an applet is an intelligent program, not
just an animation or media file. In other words, an applet is a program that can react to user input
and dynamically change-not just run the same animation or sound over and over.
SECURITY
As you are likely aware, every time that you download a normal program , yo u are
risking viral infection. Prior to java, most users did not download executable programs
frequently, and those who did scanned them for viruses prior to execution. Even so, most users
still worried about the possibility of infecting their system with a virus. When you use a java-
compatible web browser, you can safely download java applets without fear of viral infection or
malicious intent. Java achieves this protection by confining a java program to the java execution
environment and not allowing it access to other parts of computer.
THE THREE-OOP PRINCIPLE:
ENCAPSULATION:
Encapsulation is the mechanism that binds together code and the data it manipulates,
and keeps both safe from outside interference and misuse. One way to think about encapsulation
is as a protective wrapper that prevents the code and data from begin arbitrarily accessed by
other code defined outside of the wrapper.
-
8/12/2019 PACKET TRACEBACK SYSTEM
13/50
13
INHERITANCE:
Inheritance is the process by which one object acquires the properties of another
object. This is important because it supports the concept of hierarchical classification. If agiven class encapsulates some attributes, then subclass will have the same attributes plus any
that it adds as part of its specialization. Java supports two type of inheritance. They are,
1) SINGLE INHERITANCE:The derived class is inherited from one super class.
2) MULTILEVEL INHERITANCE:This contains the hierarchical of classes.
POLYMORPHISM:
Polymorphism (from the Greek, meaning many forms ) is a feature that allows one
interface to be used for a general class of actions. The concept of polymorphism is often
expressed by the phrase one interface, multiple methods.
SWING:
The Swing toolkit includes a rich set of components for building GUIs and adding
interactivity to Java applications. Swing includes all the components you would expect from a
modern toolkit: table controls, list controls, tree controls, buttons, and labels. Swing is far from a
simple component toolkit, however. It includes rich undo support, a highly customizable text
package, integrated internationalization and accessibility support. To truly leverage the cross-
platform capabilities of the Java platform, Swing supports numerous look and feels, includingthe ability to create your own look and feel. The ability to create a custom look and feel is made
easier with Synth, a look and feel specifically designed to be customized.
Swing is part of the Java Foundation Classes (JFC). Swing components facilitate
efficient graphical user interface (GUI) development. These components are a collection of light
weight visual components. Swing components contain a replacement for the heavyweight AWT
-
8/12/2019 PACKET TRACEBACK SYSTEM
14/50
14
components as well as complex user-interface components such as trees and tables. The Swing
architecture is shown in the figure given blow:
ADVANTAGES OF SWINGS:
Wide variety of Components Pluggable Look and Feel
MVC Architecture Keystroke Handling Action Objects Nested containers Customized Dialogs Compound Borders Standard Dialog Classes Structured Table and Tree Components
Application Code
JFC Java 2D
Drag & Drop
Accessibility
Swing
AWT
-
8/12/2019 PACKET TRACEBACK SYSTEM
15/50
-
8/12/2019 PACKET TRACEBACK SYSTEM
16/50
16
The four most common types of organizations are the hierarchical, network, relational
and object models. Inverted lists and other methods are also used.
The dominant model in use today is the ad hoc one embedded in SQL, despite the
objections of purists who believe this model is a corruption of the relational model,
since it violates several of its fundamental principles for the sake of practicality and
performance. Data structures (fields, records, files and objects) optimized to deal with very large
amounts of data stored on a permanent data storage device (which implies relatively slow
access compared to volatile main memory).
A database query language and report writer to allow users to interactively interrogate the
database, analyze its data and update it according to the users privileges on data. It also controls the security of the database.
A transaction mechanism, that ideally would guarantee the ACID properties, in order to
ensure data integrity, despite concurrent user accesses (concurrency control), and faults
(fault tolerance).
It also maintains the integrity of the data in the database.
5.4OVERVIEW OF JAVA RMI
DISTRIBUTED COMPUTING
In the present modern Internet World, Distributed Computing is one of the key
areas that play an important role. Distributed systems require that computations running in
different address spaces, potentially on different hosts, be able to communicate with each other.
.
An alternative to sockets used in java is Remote Procedure Call (RPC), which abstracts
the communication interface to the level of a procedure call. Instead of working directly with
sockets, the programmer has the illusion of calling a local procedure, when in fact the arguments
of the call are packaged up and shipped off to the remote target of the call.
-
8/12/2019 PACKET TRACEBACK SYSTEM
17/50
17
RMI provides the mechanism by which the server and the client communicate and pass
information back and forth. Distributed object systems finds its applications to locate remote
objects.
The Java programming language's RMI system assumes the homogeneous environment
of the Java virtual machine (JVM), and the system can therefore take advantage of the Java
platform's object model whenever possible.
REMOTE METHOD INVOCATION
RMI provides the mechanism by which the server and the client communicate and pass
information back and forth. Server creates a number of remote objects, makes references to those
remote objects. The client gets a remote reference to one or more remote objects in the server
and then invokes methods on them.
ARCHITECTURE OF RMI
JAVA VIRTUAL MACHINE JAVA VIRTUAL MACHINE
7
CLIENT
STUB
Application Layer
Proxy Layer
Remote Reference Layer
Transport Layer
SERVER
SKELETON
Proxy Layer
Application Layer
Remote Reference Layer
Transport LayerTCP
Figure 5.4.1 Architecture of RMI
-
8/12/2019 PACKET TRACEBACK SYSTEM
18/50
18
APPLICATION LAYER
The application layer is the actual implementation of the client and the server
application. It contains the actual object definition. The client can access the remote method
through the interface that extends java.rmi.Remote. This can be done implicitly if the object
extends the UnicastRemoteObject class of the java.rmi.Server package.
PROXY LAYER
The proxy layer consists of two parts namely Stub and Skeleton. They are created
using the RMI compiler (RMIC). These are class files that represent the client and server side of
a remote object. The Stub and Skeleton are used for marshaling and unmarshaling the data that is
transferred through the network.
REMOTE REFERENCE LAYER
The remote reference layer is effective between the stub and skeleton classes and
the transport layer thereby handling the actual communication protocols. It gets the stream of
bytes from the transport layer and sends it to the proxy layer and vice versa.
TRANSPORT LAYERThe transport layer is responsible for handling the actual machine-to-machine
communication; the default communication will take place through a standard TCP/IP. It creates
a stream that is accessed by the remote reference layer to send and receive data to and from other
machines.
RMI REGISTRY
RMI registry is a simple server that enables an application to lookup objects that
are exported for remote method invocation. It is also called as bootstrap registry. The registry
keeps track of the addresses of remote objects that are being exported by their application. All
the objects are assigned unique names that are used to identify the object. The methods can be
called from the rmi.registry.Registry interface or from the rmi.Naming class.
-
8/12/2019 PACKET TRACEBACK SYSTEM
19/50
19
STUB AND SKELETON
RMI uses a standard mechanism employed in RPC systems for communicating
with remote objects: stubs and skeletons. A stub for a remote object acts as a client's local
representative or proxy for the remote object. The caller invokes a method on the local stub,
which is responsible for carrying out the method call on the remote object. When a stub's method
is invoked, it initiates a connection with the remote JVM.
RMI INTERFACES
A remote object is an instance of a class that implements a Remote interface. The
remote interface will declare each of the methods that can be called from other Java virtual
machines. Remote interfaces have the following characteristics:
The remote interface must be declared public.
The remote interface extends the java.rmi.Remote interface.
The data type of any remote object that is passed, as an argument or return value must be
declared as the remote interface type not the implementation class.
REMOTE EXCEPTION CLASS
The java.rmi.RemoteException class is the super class of exception thrown by the RMI
runtime during a remote method invocation. To ensure the robustness of applications using the
RMI system, each remote method declared in a remote interface must specify
java.rmi.RemoteException in its throws clause.
PACKAGES
Package objects contain version information about the implementation and specification
of a Java package. This versioning information is retrieved and made available by the Class
Loader instance that loaded the classes. Typically, it is stored in the manifest that is distributed
with the classes.
java.lang : Provides classes that are fundamental to the design of the Java programming
language.
-
8/12/2019 PACKET TRACEBACK SYSTEM
20/50
20
java.io : Provides for system input and output through data streams, serialization and the file
system.
java.net: Provides the classes for implementing networking applications.
java.rmi: Provides the classes and interfaces required for RMI application.
javax.swing: Provides a set of "lightweight components that, to the maximum degree possible,
work the same on all platforms.
5.5 SOCKETS
Sockets In Java:
Definition : A Socket is one end-points of a two-way communicate link between two
programs running on the network.The java.net package in the java development environment provides a class-socket-that
represents one end of a two-way connection between your java program and another program on
the network. The Socket class implements the client side of two-way link. If you are writing
server software, you will also be interested in the Server Socket class which implementing the
server side of the two-way link.
Server Socket:
Java.lang.object
+----------------------java.net. Server Socket
Public class ServerSocket Extends Object
This class implements serversockets. A server socket waits for requests to come in over
the network. It performs some operation based on that request, and then possibly returns a result
to the requester. An application can change the socket to configure itself to create appropriate to
the local firewall.
Socket:
Java.lang.Object
+-------java.net.Socket
Public class Socket extends Object.
This class implements client sockets (also called just sockets ). A socket is an endpoint for
communication between two machines.
-
8/12/2019 PACKET TRACEBACK SYSTEM
21/50
21
PROJECT DESCRIPTION
6.1 Modules
1. Path Construction2. Packet Marking Procedure
3. Router maintenance
4. Termination Packet Number (Tpn) generation.
5. Re-Construction Path.
6.2 Module Description
6.2.1 Path Construction
In this module the path will be constructed which the data packets should traverse. This
path should be dynamically changed in case of traffic and failure in router. The path will be
allocated based on the destination address. This constructed path will compared with the
reconstructed path. The reconstruction procedure created at the destination.
DynamicRoutingpath
Figure 6.2.1 Path construction diagram
Sender
PathConstruction
-
8/12/2019 PACKET TRACEBACK SYSTEM
22/50
22
6.2.2 Packet marking procedure
In this module, each packet will be marked with random values. These marking process
held at the router side depends upon the marking probability. The user defined the markingvalues at any range depends upon the marking value Pm will be allocated. The values are
selected at the random position then its checked with the Pm value. These values are encoded
and its appended in the start or in the edge of the packets.
Figure 6.2.2 Packet marking procedure
6.2.3 Router maintenance
In this module the router availability will be checked depends upon the router availability
the path will be constructed. Here we maintaining the centralized routing table depends upon the
source and destination the path will be allocated. The router will check the availability of the
next router and then its forward to the next router. The routing table will be changed
dynamically.
SourceMarkingValue(x)
Encoding
Packet Marking
File transmissionGenerateRandom Values Packet
MarkingProbability
-
8/12/2019 PACKET TRACEBACK SYSTEM
23/50
23
Figure 6.2.3 Router maintenance diagram
6.2.4 TPN Generation
In this module the encoded values in the packet are retrieved and its checked with the
generated code. This TPN will be generated at the destination side. The tpn will checks total
received packets and it retrieves the attack graph and it will generate the re-construction path.Then it receives the encoded values and it decodes that values then it checks with the packet
marked value.
Figure 6.2.4 TPN generation
Retrieve FieldAddress ConnectedEdges PathReconstruction
PacketsCollection
Collecting HeaderField Values
Router AvailabilityTotal Routers
Check
Update DB Update DB
Yes No
Global Routing
Controller Check Router Traffic
-
8/12/2019 PACKET TRACEBACK SYSTEM
24/50
24
6.2.5 Re-Construction Path
This module the path will be re-constructed with the received packets its validated with
the constructed path. The attack graph will received and then it generates the re-constructed path.
Then it forward the request for the constructed path and it compared with the re-constructed path.
Here we will find the packets are hacked or delivered properly. By this we will hackers host id if
its hacked.
Figure 6.2.5 Re-construction path diagram
Attack Graph Retrieve Path Verify
Data TraversingPath
Check withrouter address
-
8/12/2019 PACKET TRACEBACK SYSTEM
25/50
-
8/12/2019 PACKET TRACEBACK SYSTEM
26/50
26
6.4 Use Case Diagram
Figure 6.4 Use case diagram
Marking ProbabilityRouter
Transition Router
Attack GraphLeaf Router
Source File
Constructed PathSource
TPN
Destination
-
8/12/2019 PACKET TRACEBACK SYSTEM
27/50
27
Source
Start
PacketGeneration
Router
Destination
TPNGeneration
6.5 State Diagram
Figure 6.5 State Diagram
-
8/12/2019 PACKET TRACEBACK SYSTEM
28/50
28
6.6 Activity Diagram
Figure 6.6 Activity Diagram
PPM Source
Marking Condition
Start Field
True
End Field
False
RouterManagement
PPMDestination
-
8/12/2019 PACKET TRACEBACK SYSTEM
29/50
29
6.7 Component Diagram
Figure 6.7 Component Diagram
PPM Source PacketMarking
Router
Destination
TPN
-
8/12/2019 PACKET TRACEBACK SYSTEM
30/50
30
SYSTEM TESTING AND MAINTENANCE
7.1 TESTING
Software Testing is the process used to help identify the correctness, completeness,
security, and quality of developed computer software. Testing is a process of technical
investigation, performed on behalf of stakeholders, that is intended to reveal quality-related
information about the product with respect to the context in which it is intended to operate. This
includes, but is not limited to, the process of executing a program or application with the intent
of finding errors. Quality is not an absolute; it is value to some person. With that in mind, testingcan never completely establish the correctness of arbitrary computer software; testing furnishes a
criticism or comparison that compares the state and behavior of the product against a
specification. An important point is that software testing should be distinguished from the
separate discipline of Software Quality Assurance (SQA), which encompasses all business
process areas, not just testing.
There are many approaches to software testing, but effective testing of complex products
is essentially a process of investigation, not merely a matter of creating and following routine
procedure. One definition of testing is "the process of questioning a product in order to evaluate
it", where the "questions" are operations the tester attempts to execute with the product, and the
product answers with its behavior in reaction to the probing of the tester[citation needed].
Although most of the intellectual processes of testing are nearly identical to that of review or
inspection, the word testing is connoted to mean the dynamic analysis of the product putting
the product through its paces. Some of the common quality attributes include capability,
reliability, efficiency, portability, maintainability, compatibility and usability. A good test is
sometimes described as one which reveals an error; however, more recent thinking suggests that
a good test is one which reveals information of interest to someone who matters within the
project community.
-
8/12/2019 PACKET TRACEBACK SYSTEM
31/50
-
8/12/2019 PACKET TRACEBACK SYSTEM
32/50
32
At SDEI, 3 levels of software testing is done at various SDLC phases
Unit Testing: in which each unit (basic component) of the software is tested to
verify that the detailed design for the unit has been correctly implemented
Integration testing: in which progressively larger groups of tested software
components corresponding to elements of the architectural design are integrated and
tested until the software works as a whole.
System testing: in which the software is integrated to the overall product and
tested to show that all requirements are met
A further level of testing is also done, in accordance with requirements:
Acceptance testing: upon which the acceptance of the complete software is based.
The clients often do this. Regression testing: is used to refer the repetition of the earlier successful tests to
ensure that changes made in the software have not introduced new bugs/side effects.
In recent years the term grey box testing has come into common usage. The typical grey
box tester is permitted to set up or manipulate the testing environment, like seeding a database,
and can view the state of the product after his actions, like performing a SQL query on the
database to be certain of the values of columns. It is used almost exclusively of client-server
testers or others who use a database as a repository of information, but can also apply to a tester
who has to manipulate XML files (DTD or an actual XML file) or configuration files directly.
7.3 TEST LEVELS
Unit testing tests the minimal software component and sub-component or modules
by the programmers.
Integration testing exposes defects in the interfaces and interaction between
integrated components (modules).
Functional testing tests the product according to programmable work.
System testing tests an integrated system to verify/validate that it meets its
requirements.
Acceptance testing testing can be conducted by the client.
-
8/12/2019 PACKET TRACEBACK SYSTEM
33/50
33
o Alpha testing is simulated or actual operational testing by potential
users/customers or an independent test team at the developers' site. Alpha testing
is often employed for off-the-shelf software as a form of internal acceptance
testing, before the software goes to beta testing.
o Beta testing comes after alpha testing. Versions of the software, known as
beta versions, are released to a limited audience outside of the company. The
software is released to groups of people so that further testing can ensure the
product has few faults or bugs. Sometimes, beta versions are made available to
the open public to increase the feedback field to a maximal number of future
users.
It should be noted that although both Alpha and Beta are referred to as testing it is in factuse emersion. The rigors that are applied are often unsystematic and many of the basic tenets of
testing process are not used. The Alpha and Beta period provides insight into environmental and
utilization conditions that can impact the software.
After modifying software, either for a change in functionality or to fix defects, a
regression test re-runs previously passing tests on the modified software to ensure that the
modifications haven't unintentionally caused a regression of previous functionality. Regression
testing can be performed at any or all of the above test levels.
TEST CASES, SUITES, SCRIPTS AND SCENARIOS
A test case is a software testing document, which consists of event, action, input, output,
expected result and actual result. Clinically defined (IEEE 829-1998) a test case is an input and
an expected result. This can be as pragmatic as 'for condition x your derived result is y', whereas
other test cases described in more detail the input scenario and what results might be expected. It
can occasionally be a series of steps (but often steps are contained in a separate test procedure
that can be exercised against multiple test cases, as a matter of economy) but with one expected
result or expected outcome. The optional fields are a test case ID, test step or order of execution
number, related requirement(s), depth, test category, author, and check boxes for whether the test
is automatable and has been automated. Larger test cases may also contain prerequisite states or
steps, and descriptions. A test case should also contain a place for the actual result. These steps
can be stored in a word processor document, spreadsheet, database or other common repository.
-
8/12/2019 PACKET TRACEBACK SYSTEM
34/50
34
SYSTEM IMPLEMENTATION
8.1 IMPLEMENTATION
Implementation is the most crucial stage in achieving a successful system and giving the
users confidence that the new system is workable and effective. Implementation of a modified
application to replace an existing one. This type of conversation is relatively easy to handle,
provide there are no major changes in the system.
Each program is tested individually at the time of development using the data and has
verified that this program linked together in the way specified in the programs specification, thecomputer system and its environment is tested to the satisfaction of the user. The system that has
been developed is accepted and proved to be satisfactory for the user. And so the system is going
to be implemented very soon.
A simple operating procedure is included so that the user can understand the different
functions clearly and quickly.
Initially as a first step the executable form of the application is to be created and loaded
in the common server machine which is accessible to all the user and the server is to be
connected to a network. The final stage is to document the entire system which provides
components and the operating procedures of the system.
-
8/12/2019 PACKET TRACEBACK SYSTEM
35/50
35
SOURCE CODE
Sample Code :
import javax.swing.*;import java.awt.*;import java.io.*;import java.net.*;import java.rmi.server.*;import java.rmi.*;
public class Source extends JFrame {/** Creates new form Source */int i=0;char c;String str="";String s[];String ss[]=new String[1];// ServerSocket serversocket;Socket socket;JLabel l1,l2,l3;JTextField t1,t2,t3;// String s[];
public Source() {initComponents();//Container con=getContentPane();
setLocation(350,300);setSize(650,500);setTitle("Packet Marking Source");}/** This method is called from within the constructor to* initialize the form.* WARNING: Do NOT modify this code. The content of this method is* always regenerated by the Form Editor.*//* public void serverStart()
{try{//serversocket=new ServerSocket(9001);//while(true)//{// }}catch(Exception e){e.printStackTrace();}
-
8/12/2019 PACKET TRACEBACK SYSTEM
36/50
36
}*/
// //GEN-BEGIN:initComponents private void initComponents() {
jLabel1 = new JLabel(" Packet Marking Source"); jTextField1 = new javax.swing.JTextField(); jButton1 = new javax.swing.JButton("Browse"); jTabbedPane1 = new javax.swing.JTabbedPane(); jPanel1 = new JPanel(); jTabbedPane1.addTab("Client - Machine",jPanel1) ; jLabel2 = new JLabel("Source ID"); jLabel3 = new JLabel("Destination ID"); jTextField2 = new JTextField(); jTextField3 = new JTextField(); jScrollPane1 = new JScrollPane();
jTextArea1 = new JTextArea(); jButton2 = new JButton("Send"); jButton3 = new JButton("Exit"); jPanel2 = new JPanel(); jTabbedPane1.addTab("Leaf - Router",jPanel2); jScrollPane2 =new JScrollPane(); jTextArea2 = new JTextArea(); jLabel4 = new JLabel("Marking - Probability"); jLabel5 = new JLabel("Leaf - Router"); jTextField4 = new JTextField(); jLabel6 = new JLabel("Predefined Value"); jTextField5 = new JTextField(); jButton4 = new JButton("Packet-Marking"); jButton5 = new JButton("Close");l1=new JLabel("Constructed Path-1");l2=new JLabel("Constructed Path-2");l3=new JLabel("Constructed Path-3");t1=new JTextField(10);t2=new JTextField(10);t3=new JTextField(10);setDefaultCloseOperation(javax.swing.WindowConstants.EXIT_ON_CLOSE);setName("Form"); // NOI18NgetContentPane().setLayout(null);
jLabel1.setName("jLabel1"); // NOI18NgetContentPane().add(jLabel1);
jLabel1.setBounds(150, 10, 410, 40); jTextField1.setName("jTextField1"); // NOI18N jTextField1.addActionListener(new java.awt.event.ActionListener() { public void actionPerformed(java.awt.event.ActionEvent evt) { jTextField1ActionPerformed(evt);}});getContentPane().add(jTextField1);
-
8/12/2019 PACKET TRACEBACK SYSTEM
37/50
37
jTextField1.setBounds(10, 80, 170, 20); jButton1.setName("jButton1"); // NOI18N jButton1.addActionListener(new java.awt.event.ActionListener() { public void actionPerformed(java.awt.event.ActionEvent evt) { jButton1ActionPerformed(evt);
}});getContentPane().add(jButton1);
jButton1.setBounds(190, 80, 100, 23);
jTabbedPane1.setName("jTabbedPane1"); // NOI18N
jPanel1.setName("Leaf-Router");//jPanel1.setText("Leaf-Router"); // NOI18N
jPanel1.setLayout(null); jLabel2.setName("jLabel2"); // NOI18N
jPanel1.add(jLabel2); jLabel2.setBounds(10, 30, 100, 20); jLabel3.setName("jLabel3"); // NOI18N jPanel1.add(jLabel3); jLabel3.setBounds(10, 70, 90, 20); jPanel1.add(l1); jPanel1.add(t3); jPanel1.add(t2); jPanel1.add(t1);l1.setBounds(10,110,110,20);t1.setBounds(130,110,100,20);t2.setBounds(130,140,100,20);t3.setBounds(130,170,100,20);
jPanel1.add(l2);l2.setBounds(10,140,110,20);
jPanel1.add(l3);l3.setBounds(10,170,110,20);
jTextField2.setName("jTextField2"); // NOI18N jPanel1.add(jTextField2); jTextField2.setBounds(130, 30, 100, 20); jTextField3.setName("jTextField3"); // NOI18N jPanel1.add(jTextField3); jTextField3.setBounds(130, 70, 100, 20); jTextField3.addFocusListener(new java.awt.event.FocusAdapter() { public void focusLost(java.awt.event.FocusEvent evt) { jTextField3FocusLost(evt);}});
jScrollPane1.setName("jScrollPane1"); // NOI18N
jTextArea1.setColumns(20); jTextArea1.setRows(5); jTextArea1.setName("jTextArea1"); // NOI18N
-
8/12/2019 PACKET TRACEBACK SYSTEM
38/50
38
jScrollPane1.setViewportView(jTextArea1); jPanel1.add(jScrollPane1); jScrollPane1.setBounds(280, 20, 180, 230); jButton2.setName("jButton2"); // NOI18N jButton2.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) { jButton2ActionPerformed(evt);}
jPanel2.setName("Client-Machine");//jPanel2.setText("Client-Machine");// NOI18N
jPanel2.setLayout(null); jScrollPane2.setName("jScrollPane2"); // NOI18N jTextArea2.setColumns(20); jTextArea2.setRows(5); jTextArea2.setName("jTextArea2"); // NOI18N jScrollPane2.setViewportView(jTextArea2);
jPanel2.add(jScrollPane2); jScrollPane2.setBounds(230, 30, 250, 280); jLabel4.setName("jLabel4"); // NOI18N jPanel2.add(jLabel4); jLabel4.setBounds(10, 40, 110, 20); jLabel5.setName("jLabel5"); // NOI18N jPanel2.add(jLabel5);double assign= (Math.random()*9)+xx;int ch=(int)(assign);if(ch
-
8/12/2019 PACKET TRACEBACK SYSTEM
39/50
39
jTextArea2.append(a);}if(ch1
-
8/12/2019 PACKET TRACEBACK SYSTEM
40/50
40
SCREEN SHOTS
Router Maintenance Screenshot
-
8/12/2019 PACKET TRACEBACK SYSTEM
41/50
41
PACKET MARKING PROCEDURE (A)
-
8/12/2019 PACKET TRACEBACK SYSTEM
42/50
42
PACKET MARKING PROCEDURE (B)
-
8/12/2019 PACKET TRACEBACK SYSTEM
43/50
43
ROUTER MAINTENANCE
-
8/12/2019 PACKET TRACEBACK SYSTEM
44/50
44
HACKER ZONE
-
8/12/2019 PACKET TRACEBACK SYSTEM
45/50
45
Transition Router Screenshot
-
8/12/2019 PACKET TRACEBACK SYSTEM
46/50
46
Packet Marking Destination Screenshot 1
-
8/12/2019 PACKET TRACEBACK SYSTEM
47/50
47
Packet Marking Destination Screenshot 2
-
8/12/2019 PACKET TRACEBACK SYSTEM
48/50
48
Packet Marking Destination Screenshot 3
-
8/12/2019 PACKET TRACEBACK SYSTEM
49/50
49
CONCLUSION AND FUTURE ENHANCEMENT
10.1 CONCLUSION
In this paper, we have studied the problem of combating Internet worms. To that end, we
have developed a branching process model to characterize the propagation of Internet worms.
Unlike deterministic epidemic models studied in the literature, this model allows us to
characterize the early phase of worm propagation. Using the branching process model, we are
able to provide a precise bound M on the total number of scans that ensure that the worm will
eventually die out. Further, from our model, we also obtain the probability that the total number
of hosts that the worm infects is below a certain level, as a function of the scan limit. Theinsights gained from analyzing this model also allow us to develop an effective and automatic
worm containment strategy that does not let the worm propagate beyond the early stages of
infection. Our strategy can effectively contain both fast scan worms and slow scan worms
without knowing the worm signature in advance or needing to explicitly detect the worm. We
show via simulations and real trace data that the containment strategy is both effective and non-
intrusive.
10.2 SCOPE FOR FUTURE DEVELOPMENT
Every application has its own merits and demerits. The project has covered almost all the
requirements. Further requirements and improvements can easily be done since the coding is
mainly structured or modular in nature. Changing the existing modules or adding new modules
can append improvements. Further enhancements can be made to the application, so that the web
site functions very attractive and useful manner than the present one.
-
8/12/2019 PACKET TRACEBACK SYSTEM
50/50
50
BIBLIOGRAPHY
PAPERS REFERRED
Implementing Pushback:Router -Based Defense against DDOS attack
Implementing Pushback:Router -Based Defense against DDOS attack
John Ioannidis, Steven M.Bellovin
ICMP Traceback Messages Steve Bellovin, Marcus Leech, Tom Taylor
Practical Network Support for IP Traceback Stefan Savage, Tom Andreson
M. Adler, Trade -Offs in Probabilistic Packet Marking for IP Traceback, J. AM, vol. 52,
pp. 217-244, Mar. 2005.
An Algebraic Approach to IP Traceback Drew Dean , Matt Franklin.