Chapter 1 INTRODUCTION

1.1 INTRODUCTION TO PROJECT

The Internet is not a safe place. Unsecured hosts can expect to be compromised within minutes of connecting to the Internet and even well-protected hosts may be crippled with denial-of-service (DoS) attacks. However, while such threats to host systems are widely understood, it is less well appreciated that the network infrastructure itself is subject to constant attack as well. Indeed, through combinations of social engineering and weak passwords, attackers have seized control over thousands of Internet routers . Even more troubling is Mike Lynns controversial presentation at the 2005 Black Hat Briefings, which demonstrated how Cisco routers can be compromised via simple software vulnerabilities. Once a router has been compromised in such a fashion, an attacker may interpose on the traffic stream and manipulate it maliciously to attack othersselectively dropping, modifying, or rerouting packets. Several researchers have developed distributed protocols to detect such traffic manipulations, typically by validating that traffic transmitted by one router is received unmodified by another . However, all of these schemesincluding our ownstruggle in interpreting the absence of traffic. While a packet that has been modified in transit represents clear evidence of tampering, a missing packet is inherently ambiguous: it may have been explicitly blocked by a compromised router or it may have been dropped benignly due to network congestion. In fact, modern routers routinely drop packets due to bursts in traffic that exceed their buffering capacities, and the widely used Transmission Control Protocol (TCP) is designed to cause such losses as part of its normal congestion control behavior. Thus, existing traffic validation systems must inevitably produce false positives for benign events and/or produce false negatives by failing to report real malicious packet dropping. In this project, we develop a compromised router detection protocol that dynamically infers the precise number of congestive packet losses that will occur. Once the congestion ambiguity is removed, subsequent packet losses can be safely attributed to malicious actions. We believe our protocol is the first to automatically predict congestion in a systematic manner and that it is necessary for making any such network fault detection practical. In the remainder of this paper, we briefly survey the related background material, evaluate options for inferring congestion, and then present the assumptions, 1

specification, and a formal description of a protocol that achieves these goals. We have evaluated our protocol in a small experimental network and demonstrate that it is capable of accurately resolving extremely small and fine-grained attacks.

1.2 PROJECT OVERVIEW

we consider the problem of detecting whether a compromised router is maliciously manipulating its stream of packets. In particular, we are concerned with a simple yet effective attack in which a router selectively drops packets destined for some victim. Unfortunately, it is quite challenging to attribute a missing packet to a malicious action because normal network congestion can produce the same effect. Modern networks routinely drop packets when the load temporarily exceeds their buffering capacities. Previous detection protocols have tried to address this problem with a user-defined threshold: too many dropped packets imply malicious intent. However, this heuristic is fundamentally unsound; setting this threshold is, at best, an art and will certainly create unnecessary false positives or mask highly focused attacks. We have designed, developed, and implemented a compromised router detection protocol that dynamically infers, based on measured traffic rates and buffer sizes, the number of congestive packet losses that will occur. Once the ambiguity from congestion is removed, subsequent packet losses can be attributed to malicious actions. We have tested our protocol in Emulab and have studied its effectiveness in differentiating attacks from legitimate network behavior.

Chapter 2 SYSTEM ANALYSIS

2.1 Existing System
The earliest work on fault-tolerant forwarding is due to Perlman who developed a robust routing system based on source routing, digitally signed route-setup packets, and reserved buffers. While groundbreaking, Perlmans work required significant commitments of router resources and high levels of network participation to detect anomalies. Since then, a variety of researchers have proposed lighter weight protocols for actively probing the network to test whether packets are forwarded in a manner consistent with the advertised global topology Conversely, the1997 WATCHERS system detects disruptive routers passively via a distributed monitoring algorithm that detects deviations from a conservation of flow invariant . However, work on WATCHERS was abandoned, in part due to limitations in its distributed detection protocol, its overhead, and the problem of ambiguity stemming from congestion To perform all these processes manually is a very tedious process for a trained expert and, thus, an automated differential counting system that helps in saving time and money is highly desirable.

2.2 Proposed System

We have designed, developed, and implemented a compromised router detection protocol that dynamically infers, based on measured traffic rates and buffer sizes, the number of congestive packet losses that will occur. Once the ambiguity from congestion is removed, subsequent packet losses can be attributed to malicious actions. We have tested our protocol in Emulab and have studied its effectiveness in differentiating attacks from legitimate network behavior

2.3 OVERVIEW OF MODULES

Total project has divided into 5 Modules. They are 1. 2. 3. 4. 5. GUI Design Protocol Utilization Packet Transmission Details CLP Calculation using Bayesian Theorem Identifying Normal Packet using Threshold value. 3

Module 1: GUI Design Using swing concepts in Java, we allocate area for the statistical characterization for the transmitted packets. So that the design is consistent and efficient for the user to interact with the software. Module 2:Protocol Utilization Packets are transmitted through the use of networking protocols. So that ports are distinguished by different colors. I consider two types of protocols called TCP and UDP protocols. Here I use the acknowleged TCP protocol to transmit the packets. Module 3 :PTD (Packet Transmission Details) Packet scores are generated based on the protocol values, the size of the packet and the destination. Module 4: CLP Calculation using Bayesian Theorem The Scores of each packet is generated and the probability calculation is performed. The attribute value of each packet is compared with the base line profile value and sorting of packets occurred. Module 5: Identifying NP using Threshold Value

In this module, the threshold value is calculated and is compared with the attribute value of each packet. Discarding of packets takes place in comparison with the threshold value.

Chapter 3 ALGORITHM/TECHNIQUES USED

3.1 RED Algorithm Description
RED monitors the average queue size, based on an exponential weighted moving average: where the actual queue size and weight for a low-pass filter. RED uses three more parameters in minimum threshold, Maximum, Maximum threshold. Using, RED dynamically computes a dropping probability in two steps for each packet it receives. First, it computes an interim probability, Further; the RED algorithm tracks the number of packets, since the last dropped packet. The final dropping probability, p, is specified to increase slowly as increases.

3.2 Methodology And Specifications

There are inherently two threats posed by a compromised router. The attacker may subvert the network control plane (e.g., by manipulating the routing protocol into false route updates) or may subvert the network data plane and forward individual packets incorrectly. The first set of attacks have seen the widest interest and the most activity largely due to their catastrophic potential. By violating the routing protocol itself, an attacker may cause large portions of the network to become inoperable. Thus, there have been a variety of efforts to impart authenticity and consistency guarantees on route update messages with varying levels of cost and protection We do not consider this class of attacks in this paper. Instead, we have focused on the less well-appreciated threat of an attacker subverting the packet forwarding process on a compromised router. Such an attack presents a wide set of opportunities including DoS, surveillance, man-in-the-middle attacks, replay and insertion attacks, and so on. Moreover, most of these attacks can be trivially implemented via the existing command shell languages in commodity routers. The earliest work on fault-tolerant forwarding is due to Perlman who developed a robust routing system based on source routing, digitally signed route-setup packets, and reserved buffers. While groundbreaking, Perlmans work required significant commitments of router resources and high levels of network participation to detect anomalies. Since then, a variety of researchers have proposed lighter weight protocols for actively probing the network to test whether packets are forwarded in a manner consistent with the advertised 5

global topology Conversely, the 1997 WATCHERS system detects disruptive routers passively via a distributed monitoring algorithm that detects deviations from a conservation of flow invariant However, work on WATCHERS was abandoned, in part due to limitations in its distributed detection protocol, its overhead, and the problem of ambiguity stemming from congestion . Finally, our own work broke the problem into three pieces: a traffic validation mechanism, a distributed detection protocol, and a rerouting countermeasure. In we focused on the detection protocol, provided a formal framework for evaluating the accuracy and precision of any such protocol, and described several practical protocols that allow scalable implementations. However, we also assumed that the problem of congestion ambiguity could be solved, without providing a solution. This paper presents a protocol that removes this assumption. INFERRING CONGESTIVE LOSS In building a traffic validation protocol, it is necessary to explicitly resolve the ambiguity around packet losses. Should the absence of a given packet be seen as malicious or benign? In practice,

There are three approaches for Addressing this issue:

3.2.1 Static Threshold.: Low rates of packet loss are assumed to be congestive, while rates above some predefined threshold are deemed malicious. 3.2.2 Traffic modeling.: Packet loss rates are predicted as a function of traffic parameters and losses beyond the prediction are deemed malicious. 3.2.3 Traffic measurement: . Individual packet losses are predicted as a function of measured traffic load and router buffer capacity. Deviations from these predictions are deemed malicious. Most traffic validation protocols, including WATCHERS, Secure Traceroute, and our own work described in analyze aggregate traffic over some period of time in order to amortize monitoring overhead over many packets. For example, one validation protocol described in maintains packet counters in each router to detect if traffic flow is not conserved from source to destination. When a packet arrives at router r and is forwarded to a destination that will traverse a path segment ending at router x, r increments an outbound counter associated with router x. Conversely, when a packet arrives at router r, via a path segment beginning with router x, it increments its inbound counter associated with router x. 6

Periodically, router x sends a copy of its outbound counters to the associated routers for validation.Then, a given router r can compare the number of packets that x claims to have sent to r with the number of packets it counts as being received from x, and it can detect the number of packet losses. Thus, over some time window, a router simply knows that out of m packets sent, n were successfully received. To address congestion ambiguity, all of these systems employ a predefined threshold how does one choose the threshold? In order to avoid false positives, the threshold must be large enough to include the maximum number of possible congestive legitimate packet losses over a measurement interval. Thus, any compromised router can drop that many packets without being detected. Unfortunately, given the nature of the dominant TCP, even small numbers of losses can have significant impacts. Subtle attackers can selectively target the traffic flows of a single victim and within these flows only drop those packets that cause the most harm. For example, losing a TCP SYN packet used in connection establishment has a disproportionate impact on a host because the retransmission time-out must necessarily be very long (typically 3 seconds or more). Other seemingly minor attacks that cause TCP time-outs can have similar effects

Chapter 4 SYSTEM MODEL

Our work proceeds from an informed, yet abstracted, model of how the network is constructed, the capabilities of the attacker, and the complexities of the traffic validation problem. In this section, we briefly describe the assumptions underlying our model. We use the same system model as in our earlier work .

4.1 Network Model

We consider a network to consist of individual homogeneous routers interconnected via directional point-topoint links. This model is an intentional simplification of real networks (e.g., it does not include broadcast channels or independently failing network interfaces) but is sufficiently general to encompass such details if necessary.Unlike our earlier work, we assume that the bandwidth, the delay of each link, and the queue limit for each interface are all known publicly. Within a network, we presume that packets are forwarded in a hop-by-hop fashion, based on a local forwarding table. These forwarding tables are updated via a distributed link-state routing protocol such as OSPF or IS-IS. This is critical, as we depend on the routing protocol to provide each node with a global view of the current network topology. Finally, we assume the administrativeability to assign and distribute cryptographic keys to sets of nearby routers. This overall model is consistent with the typical construction of large enterprise IP networks or the internal structure of single ISP backbone networks but is not well suited for networks that are composed of multiple administrative domains using BGP. At this level of abstraction, we can assume a synchronous network model. We define a path to be a finite sequence hr1; r2; . . . rni of adjacent routers. Operationally, a path defines a sequence of routers a packet can follow. We call the first router of the path the source and the last router its sink; together, these are called terminal routers. A path might consist of only one router, in which case the source and sink are the same. Terminal routers are leaf routers: they are never in the middle of any path. An x-path segment is a consecutive sequence of x routers that is a subsequence of a path. A path segment is an xpath segment for some value of x > 0. For example, if a network consists of the single pth ha; b; c; di, then hc; di and hb; ci are both two-path segments, but ha; ci is not because a and c are not adjacent.

4.2 Threat Model

This project focuses solely on data plane attacks Moreover, for simplicity, we examine only attacks that involve packet dropping. However, our approach is easily extended to address other attackssuch as packet modification or reorderingsimilar to our previous work. Finally, as in TCP, the protocol we develop validates traffic whose source and sink routers are uncompromised. A router can be traffic faulty by maliciously dropping packets and protocol faulty by not following the rules of the detection protocol. drops or misroutes packets that flow through _. A router can drop packets without being faulty, as long as the packets are dropped because the corresponding output interface is congested. A compromised router r can also behave in an arbitrarily malicious way in terms of executing

4.3 Protocol Model

Protocol _ detects traffic faulty routers by validating the queue of each output interface for each router. Given the buffer size and the rate at which traffic enters and exits a queue, the behavior of the queue is deterministic. If the actual behavior deviates from the predicted behavior, then a failure has occurred. We present the failure detection protocol in terms of the solutions of the distinct sub problems: traffic validation, distributed detection, and response.

Chapter 5 Traffic Validation

The first problem we address is traffic validation: what information is collected about traffic and how it is used to determine that a router has been compromised.

5.1 Estimating Legitimate Traffic Distribution

The probability of a packets legitimacy can be calculated, by observing the probabilities of the attribute values in legitimate traffic (Pn) and in total traffic (Pm). However, it is practically impossible to know how many packets are legitimate during the attack period, let alone the number of legitimate packets bearing a particular attribute value. For that reason, utilize an estimate Pn in place of true Pn. The estimate Pn profile and is collected in advance during normal operations. A nominal traffic profile consists of single and joint distributions of various packet attributes that are considered unique for a site. Candidate packet attributes from IP headers are: packet size, Time-to-Live(TTL) values, protocol-type values, source IP prefixes, TCP flag patterns, server port numbers, etc., To increase the number of attributes, we can employ joint distribution of the fraction of packets having various combinations, such as <packet-size and protocol-type>, <server port number and protocol is called a nominal

5.2 Single Packet Loss Test

If a packet with fingerprint fp and size ps is dropped at time ts when the predicted queue length is qpredts, then we raise an alarm with a confidence value csingle, which is the probability of the packet being dropped maliciously. The mean _ and standard deviation _ of X can be determined by monitoring during a learning period. We do not expect _ and _ to change much over time, because they are in turn determined by values that themselves do not change much over time. Hence, the learning period need not be done very often.

5.3 Combined Packet Losses Test

The second test is useful when more than one packet is dropped during a round and the first test does not detect a malicious router. It is based on the well - known Z-test4 Let L be the set of n > 1 packets dropped during the last time interval. For the packets in L, let ps be the mean of the packet sizes, qpred be the mean of qpredts (the predicted queue length), and qact be the mean of qactts (the actual queue length) over the times the packets were dropped. We test the following hypothesis: The packets are lost 10

due to malicious attack: _ > qlimit _ qpred _ ps. The Z-test score is z1 q limit _ qpred _ ps _ _ For the standard normal distribution Z, the probability of ProbZ < z1 gives the confidence value ccombined for the hypothesis. A malicious router is detected if combined is at least as large as a target significance level slevel combined. One can question using a Z-test in this way because the set of dropped packets are not a simple random sample. But, this test is used when there are packets being dropped and the first test determined that they were consistent with congestion loss. Hence, the router is under load during the short period the measurement was taken and most of the points, both for dropped packets and for non dropped packets, should have a full Q.

11

Packet differentiation and overload control procedure architecture has shown below:-

5.4

PACKET COUNTING PROCEDURE

Start the process Trace the incoming packets using Jpcap (Java Component used to capture the packets) Assign scores to the packets based on the Log Conditional Legitimate Probability (CLP) Fix the threshold value which depends on the parameters like protocol type, packet size etc., Compare the Threshold value with the Packet Score 12

Step 1: Step 2: Step 3: Step 4 : Step 5:

Step 6: Step 7: Step 8:

If the Measured value is less than the Threshold value then the packet is attacked packet Other wise, the packet is normal packet Update the cumulative distribution function score and continue with the Step 3. Stop the process

Start

Capture packets using jpcap

Assigning packet score

Fixing a threshold value

Yes
Is packet score threshold value Discard packets

No

Update packet score

Stop

13

Chapter 6 SYSTEM DESIGN

6.1 UNIFIED MODELING LANGUAGE
The Unified Modeling Language is a language for specifying, constructing, visualizing and documenting the software system and its components. The UML is a graphical language with a set of rules and semantics.Main advantages of this modeling are Models make it easier to express complex ideas The cost of modeling analysis is much lower than the cost of similar experimentation conducting with the system Model: Manipulation of the models is much easier Models reduces the complexity by separating those aspects is unimportant from those that are important A model is an abstract representation of the system, constructed to understand the system prior to building or modifying it. Static Model: A static model can be viewed as a snapshot of a Systems parameter at rest or at a specific point in time. Static models are needed to represent the structural or static aspect of the system. Dynamic Model: A dynamic model can be viewed as a collection of procedures or

behaviors that taken together reflect the behavior of the system over time. Dynamic relationships show how the business objects interact to perform the task. 6.1.1 USE CASE DIAGRAM Use case diagrams are central to modeling the behavior of a system, a subsystem, or class. Each one shows a set of use cased and actors and their relationships.Use case diagrams are important for visualizing, specifying, and documenting the behavior of an element. They make systems, subsystems, and classes approachable and understandable by presenting on outside view of how those elements may be used in context. Use case diagrams are also important for testing executable systems through forward engineering and for comprehending executable systems through reverse engineering. 14

winpc ap

Client

P ac k et

S erver

G UI

CLP Calc ulation

protoc ol U tiliz ation

P ac k et Trans m is s ion Details

Identify ing pac k et

Use Case diagram of Packet Losses

15

6.1.2 CLASS DIAGRAM A class diagram show a set of classes, interfaces, and collaborations and their relationships. Class diagrams are used to model the static design view of a system. It involves modeling the vocabulary of the system, modeling collaborations, or modeling schemas. Class diagrams are also the foundation for a couple of related diagrams: component diagrams and deployment diagrams. Class diagrams are important not only for visualizing, specifying and documenting structural models, but also for constructing executable systems through forward and reverse engineering.

16

Class diagram of Packet Losses 6.1.3 SEQUENCE DIAGRAM A sequence diagram is an interaction diagram that emphasizes the time ordering of messages. A sequence diagram shows a set of objects and the messages sent and received by those objects. The objects are typically named or anonymous instances of classes, but may also represent instances of other things, such as collaborations, components and nodes.

W in P c a p

GUI

P P a c k e t T ra n s m i s s io rno t o c o l U t ili z a t i o n D e t a i ls

CLP Id e n t ifi c a t io n C a lc u l a t io n

1 : S e n t P a c k e ts 2 : S e n t P a c k e ts 3 : S e n t S n iffe d P a c k e t s

4 : S e n t t o S n iffe d P ro t o c o l s u s e d 5 : S e n t S n iffe d P a c k e t s 6 : S e n t P a c k e t s fo r C L P C a lu la t io n 7 : S e n t P a c k e t S c o re 8 : Id e n t ify a s N o r m a l o r A t t a c k

Sequence diagram of Packet Losses

17

6.1.4 COLLABORATION DIAGRAM A collaboration diagram is an interaction diagram that emphasized the structural organization of the objects that send and receive messages. A collaboration diagram shows a set of objects, links among those objects, and messages sent and received by those objects. The objects are typically named or anonymous instances of classes, but may also represent instances of other things, such as collaborations, components, and nodes. Collaboration diagrams are used to illustrate the dynamic view of a system.

1 : S e n t P a c k e ts W in P c a p GUI

2 : S e n t P a c k e ts P a c k e t T ra n s m is s io n D e t a ils

4 : S e n t t o S n iffe d P r o t o c o ls u s e d

3 : S e n t S n iffe d P a c k e t s

8 : Id e n t i fy a s N o rm a l o r A t t a c k 6 : S e n t P a c k e t s fo r C L P C a l u la t i o n 5 : S e n t S n iffe d P a c k e Id e n t ifi c a ts t io n P ro to c o l U t iliz a t io n 7 : S e n t P a c k e t S c ore CLP C a lc u la t io n

Collaboration diagram of Packet Losses 18

6.2 SYSTEM REQUIREMENTS

HARDWARE REQUIREMENTS MAIN PROCESSOR RAM MOTHER BOARD LAN HARD DISK MONITOR KEYBOARD MOUSE : : : : : : : : Pentium IV 512 MB SD-RAM 845GVM Intel Chipset On Board 10/100 Mbps SIS LAN 40GB HDD 17 Color Monitor 104 Keyboard Logitech

SOFTWARE REQUIREMENTS OPERATING SYSTEM SOFTWARE : : Windows/Linux JDK1_5_0_5

19

Chapter 7 JAVA
As most current Java developers know, the Java Application Programming Interface consists of pre developed code that you can use in your applications. This pre developed code is organized into packages filled with useful classes and methods designed to make it easy to program with Java. The core package for the Java programming language is called java.lang. Although the java.lang package provides the core functionality of the Java programming language, it is not the only package included in the official Java Developer's Kit from JavaSoft. The official developer's kit includes eight basic packages: java.applet, java.awt, java.awt.image, java.awt.peer, java.io, java.lang, java.net, and java.util. The JDK also includes an add-on package called sun.tools.debug. Together the basic and add-on packages provide everything you need to create and debug advanced Java applications. The API in the developer's kit is only the beginning for Java APIs. Currently, there are eight other APIs in development by JavaSoft. The Java Enterprise API provides almost everything you need to create applications that connect to databases. The Java Commerce API is the key to enabling electronic commerce. The Java Management API is a comprehensive tool for building applications that can manage networks. The Java Server API provides almost everything you need to develop Java-powered servers for the Internet and intranets. The Java Media API is an advanced toolkit for creating applications that use multi-media. The Java Beans API helps you create plug-ins and software modules that interact with existing architectures for object linking and embedding. The Java Embedded API defines a minimal set of core functionality that can be used in embedded devices. The great thing about standardized APIs is that all the packages they contain are thoroughly tested before the API is officially released. What this means is that you have millions of lines of code at your fingertips. You can use this code to develop Java applications without having to re-invent the wheel. The Internet helped catapult Java to the forefront of programming, and Java, in turn, has had a profound effect on the Internet. The reason for this is quite simple: Java expands the universe of objects that can move about freely in the cyberspace. In a network, two very broad categories of objects are transmitted between the server and our computer passive information and dynamic, active programs. 20

As desirable as dynamic, networked programs are, they also present serious problems in the areas of security and portability. Java achieves this security or protection by confining a Java program to the Java execution environment and not allowing it to access to other parts of the computer. Many types of the computers and operating systems are in use throughout the world and many are connected to the Internet. For programs to be dynamically download to all the various types of platforms connected to the Internet, some means of generating portable executable code is needed. Java was designed to be easy for the professional programmers to learn and use efficiently. The object model of Java is simple and easy to extend, while simple types, such as integers are kept as high-performance non-objects. BSNL System is implemented using the Java language so as to make the programmers and different users at different levels can make use of this system very affectively. The multiplatformed environment of the web places extraordinarily demands on a program, because the program must execute reliably in a variety of systems. Thus, the ability to create robust programs was given a high priority in the design of Java. At the same time, Java frees us from having to worry about many of the most common cause of programming errors. Because Java is strictly typed language, it checks our code at the compile time and also at run-time. Java was designed to meet the real world requirements of creating interactive,Networked programs. Java supports multithreaded programming, which allows us to write programs that do many things simultaneously. A central issue for the Java designers was that of code longevity and portability. Their goal was write once; run anywhere, any time , forever . Java enables the creation of the cross-platform programs by compiling into intermediate representation called Javabytecode. This code can be interpreted on any system that provides a java virtual machine. Java is designed for the distributed environment of the Internet, because it handles TCP/IP protocols. In fact, accessing a resource using a URL is not much different from accessing a file. The original version of Java (OAK) included features for intra-address-space messaging. Java programs carry with them substantial amounts of the run-time type information that is used to verify and resolve accesses to objects at run-time. This makes it possible to dynamically link code in a safe and expedient manner. 21

ABOUT SERVLETS Servlet is server side applet. It contains several advantages. They are: Performance is significantly better. Servlets execute within the address space of the web server. Creating a separate process to handle each client request isnt necessary. Servlets are platform-independent, because they are written in Java. Several web servers, from vendors such as sun, Netscape, and Microsoft, offer the servlet API Programs developed for this API can be moved to any of these environments without recompilation. The java security manager on the server enforces a set of restrictions to protect the resources on a server machine. The full functionality of the Java class libraries is available to a servlet. It can communicate with applets, databases, or other software via the sockets and RMI mechanisms. The Lifecycle of a servlet: Three methods are central to the lifecycle of a servlet: init (), service( ), and destroy( ). First, assume that a user enters a Uniform Resource Locator (URL) to the web browser. The web browser then generates an HTTP request for this URL and sends it to the appropriate server. Second the web server receives this HTTP request. The server maps this request to particular servlet. The servlet is dynamically retrieved and loaded into the address space of the server. Third, the server invokes the init( ) method of the servlet. This method is invoked only when the servlet is first loaded into the memory. Fourth, the server invokes the servlet service( ) method , which is called to process the HTTP request. The service( ) method is called for each HTTP request. Two packages are required to build the servlet they are javax.servlet and javax.srevlet.http. They constitute of servlet API. ServletRequest interface is used to read the data from a client0request and servletResponse is used to write data to the client response. The javax.srevlet.http package include interfaces like HttpServletRequest whish enables servlets to read data from HTTP request and HttpServletResponse which enables servlets to write data from HTTP response.

CREATION OF JAVA 22

Java was conceived by James Gosling, Patrick Naughton, Chris Warth, Ed Frank and Mike Sheridan at SUN Microsystems Incorporation in the year 1991.It took 18 months to develop the 1st working version. This language was initially called OAK, but was renamed JAVA in 1995, many more contributed to the design and evolution of the language. JAVA OVERVIEW Java is a powerful but lean object-oriented programming language. It has generated a lot of excitement because it makes it possible to program for Internet by creating Applets. Programs that can be embedded in web page. The context of an applet can be an animation with sound, an interactive game or a ticker tape. With constantly updated stock prices. Applets can be just little decorations to liven up web page, or they can be serious applications like Word processor or Spreadsheet. But Java is more than a programming language for writing Applets. It is being used more and more for writing standalone applications as well. It is becoming so popular that many people believe it will become standard language for both general purpose and Internet programming. There are many buzzwords associated with Java, but because of its spectacular growth in popularity, a new buzzword has appeared ubiquitous. Indeed, all indications are that it will soon be everywhere. Java builds on the strength of C++. It has taken the best features of C++ and discarded the more problematic and error prone parts. To this lean core, it has added garbage collection (automatic memory management), multithreading (the capacity for one program to do more than one thing at a time), security capabilities. This result is that Java is simple, elegant, and powerful and easy-to-use. Java is actually a platform consisting of 3 components: 1. Java Programming Language. 2. Java Library of Classes and Interfaces. 3. Java Virtual Machine The following sections will say more about these components.

JAVA IS PORTABLE: 23

One of the biggest advantages Java offers is that it is portable. An application written in Java will run on all the major platforms. Any computer with a Java-based browser can run the applications or Applets written in the Java-Programming-Language. A programmer no longer has to write one program to run on a Macintosh, another program to run on a Windows-machine still another to run on a UNIX-machine and so on. In other words, with Java developers write their programs only once. The Virtual Machine is what gives Java is cross platform capabilities. Rather being compiled into machine language, which is different for each OSs and computer architecture, Java code is compiled into Byte codes. With other languages, the program code is compiled into a language that the computer can understand. The problem is that other computers with different machine instruction set cannot understand that language. Java code on the other hand is compiled into Byte-Code rather than a machine language. These byte codes go to the JVM, which executes them directly or translates them into the language that is understood by the machine running it. In summary, these means that with the JDBC API extending Java, a programmer writing Java code can access all the major RDBMS on any platform that supports the JVM. JAVA IS OBJECT-ORIENTED The Java programming language is OBJECT-ORIENTED, which makes program design focus on what you are dealing with, rather than on how your are going to do something. This makes it more useful for programming in sophisticated projects, because one can break the things into understandable components. A big benefit is that these components can then be reused. Object-Oriented Languages use the paradigm of classes. In simplest term, a class includes both the data and the functions to operate on data. You can create an instance of a class, also called an object, which will have all the data members and functionality of its class. Because of this, you can think of a class as being like template, with each object being a specific instance of a particular type of class. The class paradigm allows one to encapsulate data so that specific data values are those using the data cannot see the function implementation. Encapsulation makes it possible to make the changes in code without breaking other programs that use that code.

24

If for example, the implementation of a function is changed, the change is invisible to any programmer who invokes that function, and does not affect his/her program, except hopefully to improve it. Java includes inheritance, or the ability to derive new classes from existing classes. The derived class, is also called as Sub-Class, inherits all the data in the functions of the existing class. JAVA DEVELOPMENT EVNIRONMENT To code, edit, debug and test the java programs, one needs to have a java development environment. At the minimum this will consists of a java compiler interpreter and applet viewer where applets can be tested. Suns java development kit (JDK) latest version is 2.2 can be freely downloaded from the Internet. Java compiler is available on DOS, Win95, WINNT, Solaris and MAC etc. INTRODUCTION TO JDBC JDBC (Java Database connectivity) is a front-end tool for connecting to a server to ODBC in that respect, however JDBC can connect only java client and it uses ODBC for the connectivity. JDBC is essentially a low-level API since any data manipulation, storage and retrieval has to be done by the program itself. Some tools, which provide a higherlevel abstraction, are expected shortly. The next question that needs to be answered is why we need JDBC, once we have ODBC on hand. We can use the same ODBC to connect the entire database and ODBC is a proven technology. Problem for doing this is ODBC gives a c language API, which uses pointers extensively. Since java does not have any pointes and is object-oriented sun Microsystems, inventor of java developed to suit its needs. Requirements to use JDBC: To use JDBC you need a basic knowledge of databases and SQL.A part from this you need the jdk1.1 (Java Development Kit1.1 available javasofts website) or a version of Java since jdk1.1 and above come bundled with JDBC software. After that you need to have a back-end database engine for which a JDBC driver is available. When JDBC drivers are not available JDBC-ODBC bridge drivers are used to access the database through ODBC. Back-end is not needed when JDBC driver is capable 25

of storing and retrieving the data itself, or if JDBC-ODBC Bridge and the ODBC driver can be used to store and retrieve the information. ABOUT JDBC (JAVA DATA BASE CONNECTION) It is a java data base connectivity having database as a back-end of java as front end. Database is a collectivity of related data. A data base management system (DBMS) controls the storage or retrieval of data in the database. The main use of this JDBC is the database connectivity. Using drivers we can get connection to the back-end: 1.which drive we are going to connect back-end. 2.create a data source name (dsn). 3.create a statement for connection. The package we use here is import java. Sql. * Interfaces of jdbc include driver, connection, and statement; prepare statement, callable statement, Result Set, Result Set Meta data. Classes of JDBC are driver manages, driver property information, date, time, and timestamp, type. The driver defined by the classJdbc odbc driver in package sun.jdbc.odbc. Class sun.jdbc.odbc.jdbc odbc driver represents the jdbc to odbc bridge driver. JDBC Driver Types: The JDBC drivers that we are aware of at this time fit into one of four categories: 1. JDBC-ODBC BRIDGE PLUS ODBC DRIVER The java soft bridge product provides JDBC access via ODBC drivers. Note that ODBC binary code end in many cases database client code must be loaded on each client machine that uses this driver. As a result, this kind of driver is most appropriate on a corporate network where client installations are not major problem, or for application server code written in java in a 3-tier architecture. 2. NATIVE API PARTLY-JAVA DRIVER This kind of driver converts JDBC calls into calls on the client API for oracle Sybase, Informix, DB2, or other DBMS. Note that, like the bridge driver, this style of driver requires that some binary code be loaded on each client machine. 26

3. JDBC-NET ALL-JAVA DRIVER This driver translates JDBC calls into a DBMS independent net protocol, which is then translated, to a DBMS protocol by a server. This net server middle-ware is able to connect its all java clients to many different databases. The Specific protocol used depends on the vendor. In general, this most flexible JDBC alternative. It is likely that all vendors of this solution will provide products suitable for intranet use. In order for these products to also support Internet access, they must handle the additional requirements for security, access through firewalls, etc that the web imposes. Several vendors are adding JDBC drivers to their existing database middleware products.

4.

NATIVE PROTOCOL ALL-JAVA DRIVER This kind of driver converts JDBC calls into the network protocol used by DBMS

directory. This allows a direct call from the client machine to the DBMS server that is practical solution for intranet access. Since many of these protocols are proprietary, the database vendors themselves will be the primary source. Several database vendors have these in progress. Eventually, we expect that driver categories 3 and 4 will be the preferred way to access databases from JDBC. Driver categories one and two are interim solutions where direct all java drivers are not yet available. Category 4 is in some sense the ideal; however, there are many cases where category 3 may be preferable: eg: -where a thin DBMS-independent client is desired, or if a DBMS independent protocol is standardized and implemented directly by many DBMS vendors. Configuring the Server: The real beauty of the java server is that it is extensible. But, before you can use a Servlet to add an extended functionality to the JavaServer.You have to use the Java Server administration applet to install the Servlet and specify the default parameters and arguments. Display the Administration Applet by connecting to: http://server_Host_Name:9090/index.html Are secure-even when downloading across the network, the servlets security model and the Servlet sandbox to protect your system from unfriendly behavior. The advantage of the Servlet API 27

One of the great advantages of the Servlet API is protocol independence. It assumes nothing about: The protocol being used to transmit on the net. How it is loaded. The server environment it will be running in. These qualities are important, because it allows the Servlet API to be embedded in many different kinds of Servers. There are other advantages to the servlet API as well. Servlet Features The Java Server provides several important Servlet features. These include: Loading & Invoking Servlets. Servlets can be loaded both locally and remotely. Filters and Servlets change. The Java Server uses MIME types to call Servlets sequentially. Server size includes: Servlets can be invoked from dynamic HTML documents using Server side include tags. Replacing the CGI Scripts. NETWORKING IN JAVA The Java Networking API (java.net) provides the interfaces/classes for the functions like Addressing, Making TCP connections, Sending/Receiving Datagram Packets via UDP, Locating/Identifying Network Resources, Security, Authentication and Permissions. In TCP environment, for simple connections between a client and a server, ServerSocket and Socket are all that you will probably need. ServerSocket represents the socket on a server that waits and listens for requests for service from a client. Socket represents the endpoints for communication between a server and a client. When a server gets a request for service, it creates a Socket for communication with the client and continues to listen for other requests on the ServerSocket. The client also creates a Socket for communication with the server. Once the connection is established, getInputStream() and getOutputSteam() may be used in communication between the sockets. In UDP environment DatagramPacket represents a datagram packet. Datagram packets are used for connectionless delivery and normally include destination address and 28

port information. DatagramSocket is a socket used for sending and receiving datagram packets over a network via UDP. A DatagramPacket is sent from a DatagramSocket by calling the send (...) method of DatagramSocket with DatagramPacket as the argument: send(DatagramPacket dp). Receive (DatagramPacket dp) is use for receiving a DatagramPacket. (The MulticastSocket class may be used for sending/receiving a DatagramPacket to a multicast group. It is a subclass of DatagramSocket that adds functionality for multicasting.)

29

Code: import java.awt.*; import javax.swing.*; import javax.swing.table.*; import javax.swing.border.*; import java.util.Vector; public class DestinationRouterUI extends JFrame { private JTable private JTable table statTable = null; = null; private RouterTableModel tableModel = null; private StatTableModel statTableModel = null; private JTabbedPane private JList list tab = null; = null; = null;

private RouterListModel listModel private Object colHeader[] = { "SourceIP", "TTL", "Packet Data", "Protocol Type", "Packet Size" }; private Object statHeader[] = {

"PacketScore", "ProtocolScore", "Score", "Thresold" }; 30

public DestinationRouterUI(String title) throws Exception { //container to add the components Container con = getContentPane(); con.setLayout(new BorderLayout()); //instantiating the tabbed pane tab = new JTabbedPane(); tab.addTab("Packet Staus",getTablePanel()); tab.addTab("Packet Log",getLogPanel()); // tab.addTab("Packet Statistics",getStatTablePanel()); //add components in the container con.add("North",getLabelPanel()); con.add("Center",tab); //set the parameters required for frame setTitle(title); setSize(800,400); setLocation(100,100); setVisible(true); } /* This method is used to return the Label to the frame */ public JPanel getLabelPanel() throws Exception { JPanel panel = new JPanel(); panel.setLayout(new GridLayout(1,1)); 31

Font font = new Font("TimesRoman",Font.PLAIN,25); JLabel label = new JLabel("Destination Router", JLabel.CENTER); Label.setForeground(Color.blue); panel.add(label); font = new Font("TimesRoman",Font.PLAIN,13); Border etched = BorderFactory.createEtchedBorder(); Border border = BorderFactory.createTitledBorder(etched,"Title", TitledBorder.LEFT,TitledBorder.DEFAULT_JUSTIFICATION,font,Color.red); panel.setBorder(border); return panel; }

/* This method is used to return the table to the frame */ public JPanel getTablePanel() throws Exception { JPanel panel = new JPanel(); panel.setLayout(new GridLayout(1,1)); table = new JTable(); tableModel = new RouterTableModel(); tableModel.setColumnIdentifiers(colHeader); table.setModel(tableModel); JScrollPane scrollPane = new JScrollPane(table); panel.add(scrollPane); 32

Font font = new Font("TimesRoman",Font.PLAIN,13); Border etched = BorderFactory.createEtchedBorder(); Border border = BorderFactory.createTitledBorder(etched,"Packet Status", TitledBorder.LEFT,TitledBorder.DEFAULT_JUSTIFICATION,font,Color.red); panel.setBorder(border); return panel; } public JPanel getStatTablePanel() throws Exception { JPanel panel = new JPanel(); panel.setLayout(new GridLayout(1,1)); statTable = new JTable(); statTableModel = new StatTableModel(); statTableModel.setColumnIdentifiers(statHeader); statTable.setModel(statTableModel); JScrollPane scrollPane = new JScrollPane(statTable); panel.add(scrollPane); Font font = new Font("TimesRoman",Font.PLAIN,13); Border etched = BorderFactory.createEtchedBorder(); Border border = BorderFactory.createTitledBorder(etched,"Packet Statistics", TitledBorder.LEFT,TitledBorder.DEFAULT_JUSTIFICATION,font,Color.red); panel.setBorder(border); return panel; }

33

/* This method is used to return the log panel to the frame */ public JPanel getLogPanel() { JPanel panel = new JPanel(); panel.setLayout(new GridLayout(1,1)); list = new JList(); listModel = new RouterListModel(); list.setModel(listModel); Font font = new Font("TimesRoman",Font.PLAIN,13); Border etched = BorderFactory.createEtchedBorder(); Border border = BorderFactory.createTitledBorder(etched,"Packet Log", TitledBorder.LEFT,TitledBorder.DEFAULT_JUSTIFICATION,font,Color.red); JScrollPane scrollPane = new JScrollPane(list); panel.add(scrollPane); panel.setBorder(border); return panel; }

/* This method is used to add data to the table */

34

public void addData(Vector data) { // System.out.println("Arrived data:"+data.toString()); tableModel.addRow(data); for(int i = 0; i < data.size(); i++){ listModel.addElement(data.elementAt(i)); } } public void addToLog(String data) { listModel.addElement(data); }

public void addStatData(Vector data) { statTableModel.addRow(data); } /* Inner and overriden class for table model */ class RouterTableModel extends DefaultTableModel { RouterTableModel() { } } class StatTableModel extends DefaultTableModel { StatTableModel() 35

{ } } /* Inner and overriden class for list model */ class RouterListModel extends DefaultListModel { RouterListModel() { } } }

36

public class PacketForwarder implements ReceiverConfigIF { private Socket private PrintStream private String /* Constructor */ public PacketForwarder(String packet) throws Exception { this.packet = packet; //api call for connecting connectToReceiver(); // api call to forward the packet sendPacket(packet); //api call to close the connection closeConnection(); } /* This method is used to connect the Router to the receiver */ public void connectToReceiver() throws Exception { socket = null;

private OutputStream outputStream = null; printStream = null; = null; packet

37

//connecting the socket to the Receiver socket = new Socket(RECEIVER_IP,RECEIVER_PORT);

//Initialize streams required for data transfer outputStream = socket.getOutputStream(); printStream = new PrintStream(outputStream); } /* This method is used to forward the packets to the Recevier */ public void sendPacket(String packet) throws Exception { if ( packet != null) { printStream.println(packet.trim()); printStream.flush(); } } /* This method is used to close the connection with the Receiver */ public void closeConnection() throws Exception { printStream.close(); outputStream.close(); socket.close(); 38

public class Sender implements ConfigIF, SourceConfigIF { // socket reference Socket socket = null;

//OutputStream Reference OutputStream os PrintStream Vector /* Constuctor for intialization */ public Sender() throws Exception { intializeSetup(); intializeStream(); /* packets = getInput(); sendPackets(packets); closeConnection(); */ } /* This method is used to connect to server and setup the client */ ps packets = null; = null; = null;

39

public void intializeSetup()throws Exception { //connects to server by providing // ip address and port number socket = new Socket(routerIP,routerPort); } /* This method is used to obtain the stream required for packets transfer */ public void intializeStream() throws Exception { //Obtain the output stream from the //socket created os = socket.getOutputStream(); //Wrap the output stream to the print stream ps = new PrintStream(os); } /* This Method is used to obtain the packets from user */ public Vector getInput() throws Exception { //Obtain the input from the user DataInputStream dis = new DataInputStream(System.in); System.out.println("Enter No Of Packets:"); //read the input String str = dis.readLine(); 40

//Calculate the total number of packets to be sent int packetCount = Integer.parseInt(str); System.out.println("Enter the Packets"); //Intialize the vector to hold packets packets = new Vector(); //Read the packets from the user for(int i = 0; i < packetCount; i++) { str = dis.readLine(); packets.addElement(str); } return packets; } /* This method is used to send packets to the server */ public void sendPackets(Vector packets) throws Exception { //calculate the start time of transfer long startTime = System.currentTimeMillis(); ps.println("START"); //send all packets to server for(int i = 0; i < packets.size(); i++) { StringBuffer buffer = new StringBuffer(); String str = (String) packets.elementAt(i); 41

buffer.append(sourceIP); buffer.append("&"); /* buffer.append(destIP); buffer.append("&"); */ buffer.append(String.valueOf(2)); buffer.append("&"); buffer.append(str); buffer.append("&"); buffer.append("TCP"); buffer.append("&"); buffer.append(buffer.length()); ps.println(buffer.toString()); // ps.println("END"); } ps.println("END"); //calculate the end time long endTime = System.currentTimeMillis(); //calculate the total time long totalTime = endTime - startTime; System.out.println("Start Time :"+ startTime); System.out.println("End Time :"+ endTime); System.out.println("Total Time :"+ totalTime); } /* This method is used to close the connection 42

with the server */ public void closeConnection() throws Exception { ps.close(); socket.close(); System.out.println("Client Connection Closed"); } public static void main(String[] args) throws Exception { Sender sender = new Sender(); } }

43

import java.io.*; import java.util.StringTokenizer; public class PasswordValidator { private File file = null; = null; = null; = false;

private FileInputStream fis private DataInputStream dis private boolean flag

private final static String FILE_NAME = "pass.db";

public PasswordValidator(String uname,String passwd) throws Exception { initialize(); validate(uname,passwd); closeFile(); } public void initialize() throws Exception { file = new File(FILE_NAME); fis = new FileInputStream(file); dis = new DataInputStream(fis); } public void validate(String uname,String passwd) throws Exception { String str = dis.readLine(); 44

while( str != null ) { StringTokenizer st = new StringTokenizer(str,"/"); String userName = st.nextToken().trim(); String password = st.nextToken().trim(); if ( userName.equals(uname.trim())) { if ( password.equals(passwd.trim())) { flag = true; } } if ( flag ) { break; } } }

public boolean isValid() throws Exception { if ( flag ) { return true; } else { return false; } } 45

public void closeFile() throws Exception { dis.close(); fis.close(); } import java.awt.*; import java.awt.event.*; import javax.swing.*; import javax.swing.border.*; import java.util.Vector; public class SenderUI extends JFrame implements ActionListener,ConfigIF { private Container private JButton private JButton private JList private Vector private Sender private JLabel container closeButton sendButton packetsList sender = null; = null; = null; = null; = null;

packetVector = null;

routerIPLabel = null;

public SenderUI() throws Exception { container = getContentPane(); //setLayout to the containet container.setLayout(new BorderLayout());

46

sender = new Sender(); Vector vector = getInput(); container.add("North",getLabelPanel()); container.add("Center",getListPanel(vector)); container.add("South",getButtonPanel()); setSize(350,400); setLocation(150,150); setVisible(true); }

public Vector getInput() throws Exception { //Get the no of packets from the user String input = JOptionPane.showInputDialog( "Enter the Number Of Packets"); int totalPackets = Integer.parseInt(input); packetVector = new Vector(); for(int i = 0; i < totalPackets; i++) { String packet = JOptionPane.showInputDialog( "Enter the Packet-"+(i+1)); packetVector.addElement(packet.trim()); } return packetVector; }

public JPanel getLabelPanel() throws Exception { 47

JPanel panel = new JPanel(); panel.setLayout(new GridLayout(2,1)); Font font = new Font("TimesRoman",Font.PLAIN,20); JLabel label = new JLabel(" label.setFont(font); label.setForeground(Color.blue); routerIPLabel = new JLabel(" routerIPLabel.setForeground(Color.red); Border etched = BorderFactory.createEtchedBorder(); font = new Font("TimesRoman",Font.PLAIN,13); Border border = BorderFactory.createTitledBorder(etched, "RSVP Sender",TitledBorder.LEFT, TitledBorder.DEFAULT_JUSTIFICATION,font,Color.gray); panel.setBorder(border); panel.add(label); panel.add(routerIPLabel); return panel; } public JPanel getListPanel(Vector vector) throws Exception { JPanel panel = new JPanel(); panel.setLayout(new GridLayout(1,1)); packetsList = new JList(vector); JScrollPane scrollPane = new JScrollPane(packetsList); Border etched = BorderFactory.createEtchedBorder(); Font font = new Font("TimesRoman",Font.PLAIN,13); Border border = BorderFactory.createTitledBorder(etched, "Generated Packets",TitledBorder.CENTER, 48 Source Router IP :"+routerIP); SENDER");

TitledBorder.DEFAULT_JUSTIFICATION,font,Color.red); panel.setBorder(border); panel.add(scrollPane); return panel; }

public JPanel getButtonPanel() throws Exception { JPanel panel = new JPanel(); panel.setLayout(new FlowLayout(FlowLayout.CENTER)); sendButton = new JButton("Send"); closeButton = new JButton("Exit"); Border etched = BorderFactory.createEtchedBorder(); Font font = new Font("TimesRoman",Font.PLAIN,13); Border border = BorderFactory.createTitledBorder(etched, "",TitledBorder.LEFT, TitledBorder.DEFAULT_JUSTIFICATION,font,Color.red); panel.setBorder(border); panel.add(sendButton); panel.add(closeButton); sendButton.addActionListener(this); closeButton.addActionListener(this); return panel; }

public void actionPerformed(ActionEvent event) { 49

try { if(event.getSource() == sendButton) { routerIPLabel.setForeground(Color.green); sender.sendPackets(packetVector); sender.closeConnection(); } else if(event.getSource() == closeButton) { System.exit(0); } }catch(Exception exception) { exception.printStackTrace();} }

public static void main(String[] args) throws Exception { SenderUI senderUI = new SenderUI(); senderUI.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE); }

50

Chapter 8 OUTPU T SCREENS

51

52

53

54

55

56

Chapter 9 TESTING AND IMPLEMENTATION

TESTING: Testing is a process of executing a program with a intent of finding an error. Testing presents an interesting anomaly for the software engineering. The goal of the software testing is to convince system developer and confidence in the software. Testing is a set of activities that can be planned in advance and conducted systematically. Testing is a set of activities that can be planned in advance and conducted systematically. Software testing is often referred to as verification & validation. TYPES OF TESTING: The various types of testing are 1)White Box Testing 2)Black Box Testing 3)Alpha Testing 4)Beta Testing 5)Win Runner And Load Runner 6)Load Runner 7)System Testing 8)Unit Testing customers that the software is good enough for operational use. Testing is a process intended to build

9.1 WHITE BOX TESTING

It is also called as glass-box testing. It is a test case design method that uses the control structure of the procedural design to derive test cases.Using white box testing methods, the software engineer can derive test cases that Guarantees that all independent parts within a module have been exercised at least once andExercise all logical decisions on their true and false sides.

57

9.2 BLACK BOX TESTING

Its also called as behavioral testing . It focuses on the functional requirements of the software. It is complementary approach that is likely to uncover a . different class of errors than white box errors. A black box testing enables a software engineering to derive a sets of input conditions that will fully exercise all functional requirements for a program.

9.3 ALPHA TESTING

Alpha testing is the software prototype stage when the software is first able to run. It will not have all the intended functionality, but it will have core functions and will be able to accept inputs and generate outputs. An alpha test usually takes place in the developer's offices on a separate system.

9.4 BETA TESTING

The beta test is a live application of the software in an environment that cannot be controlled by the developer. The beta test is conducted at one or more customer sites by the end user of the software.

9.5 WIN RUNNER & LOAD RUNNER

We use Win Runner as a load testing tool operating at the GUI layer as it allows us to record and playback user actions from a vast variety of user applications as if a real user had manually executed those actions.

9.6 LOAD RUNNER TESTING

With Load Runner , you can Obtain an accurate picture of end-to-end system performance. Verify that new or upgraded applications meet specified performance requirements.

9.7 SYSTEM TESTING

58

Testing of the debugging programs is one of the most critical aspects of the computer programming triggers, without programs that works, the system would never produce the output for which it was designed. Testing is best performed when user development are asked to assist in identifying all errors and bugs. The sample data are used for testing . It is not quantity but quality of the data used the matters of testing. Testing is aimed at ensuring that the system was accurately an efficiently before live operation commands.

9.8 UNIT TESTING

In this testing we test each module individually and integrate with the overall system. Unit testing focuses verification efforts on the smallest unit of software design in the module. This is also known as module testing. The module of the system is tested separately . This testing is carried out during programming stage itself . In this testing step each module is found to working satisfactorily as regard to the expected output from the module. There are some validation checks for fields also. It is very easy to find error debut in the system.

59

Chapter 10 CONCLUSION & FUTURE SCOPE

To the best of our knowledge, this paper is the first serious attempt to distinguish between a router dropping packets maliciously and a router dropping packets due to congestion. Previous work has approached this issue using a static user-defined threshold, which is fundamentally limiting. Using the same framework as our earlier work (which is based on a static user-defined threshold) we developed a compromised router detection protocol _ that dynamically infers, based on measured traffic rates and buffer sizes, the number of congestive packet losses that will occur. Subsequent packet losses can be attributed to malicious actions. Because of non determinism introduced by imperfectly synchronized clocks and scheduling delays, protocol _ uses user-defined significance levels, but these levels are independent of the properties of the traffic. Hence, protocol _ does not suffer from the limitations of static thresholds. We evaluated the effectiveness of protocol _ through an implementation and deployment in a small network. We show that even fine-grained attacks, such as stopping a host from opening a connection by discarding the SYN packet, can be detected.

60

Chapter 11 BIBLIOGRAPHY
[1] X. Ao, Report on DIMACS Workshop on Large-Scale Internet Attacks, http://dimacs.rutgers.edu/Workshops/Attacks/internet-attack9-03.pdf, Sept. 2003. [2] R. Thomas, ISP Security BOF, NANOG 28, http://www.nanog. org/mtg-0306/pdf/thomas.pdf, June 2003. [3] K.A. Bradley, S. Cheung, N. Puketza, B. Mukherjee, and R.A. Olsson, Detecting Disruptive Routers: A Distributed Network Monitoring Approach, Proc. IEEE Symp. Security and Privacy (S&P 98), pp. 115-124, May 1998. [4] A.T. Mizrak, Y.-C. Cheng, K. Marzullo, and S. Savage, Detecting and Isolating Malicious Routers, IEEE Trans. Dependable and Secure Computing, vol. 3, no. 3, pp. 230-244, July-Sept. 2006. [5] L. Subramanian, V. Roth, I. Stoica, S. Shenker, and R. Katz, Listen and Whisper: Security Mechanisms for BGP, Proc. First Symp. Networked Systems Design and Implementation (NSDI 04), Mar. 2004. [6] S. Kent, C. Lynn, J. Mikkelson, and K. Seo, Secure Border Gateway Protocol (Secure-BGP), IEEE J. Selected Areas in Comm., vol. 18, no. 4, pp. 582-592, Apr. 2000. [7] Y.-C. Hu, A. Perrig, and D.B. Johnson, Ariadne: A Secure OnDemand Routing Protocol for Ad Hoc Networks, Proc. ACM MobiCom 02, Sept. 2002. [8] B.R. Smith and J. Garcia-Luna-Aceves, Securing the Border Gateway Routing Protocol, Proc. IEEE Global Internet, Nov. 1996. [9] S. Cheung, An Efficient Message Authentication Scheme for Link State Routing, Proc. 13th Ann. Computer Security Applications Conf. (ACSAC 97), pp. 90-98, 1997. [10] M.T. Goodrich, Efficient and Secure Network Routing Algorithms, provisional patent filing, Jan. 2001. [11] R. Perlman, Network Layer Protocols with Byzantine Robustness, PhD dissertation, MIT LCS TR-429, Oct. 1988. 61

[12] V.N. Padmanabhan and D. Simon, Secure Traceroute to Detect Faulty or Malicious Routing, SIGCOMM Computer Comm. Rev., vol. 33, no. 1, pp. 77-82, 2003.

62