Professional Documents
Culture Documents
INTRODUCTION
1
1. INTRODUCTION
o Based on the assumption that the defender knows the size of the attack
coalition.
2
o The size of the attack coalition is assumed unknown.
1.3.1 ADVANTAGES
o Proposed puzzle using game theory, thus attacker cannot solve the
puzzles.
In its simplest form, we propose an n-bit scheme where a router marks the last n
bits of its IP address in the IP Identification field of the packets it forwards .To determine
the location within the field to mark the bits, we break the field into 16/n different
marking sections, and use the value of t he packet’s TTL, modulo 16/n as an index into
-the section of t he field mark.Distributed Denial of Service (DDoS) attacks continue to
plague the Internet. Defense against these attacks is complicated by spoofed source IP
addresses,which make it difficult to determine a packet’s true origin.
3
Our system implements The protocol using two modules: a puzzle issuing firewall
and a puzzle solving proxy. We found that for thin clients that do not possess the
computational power required to solve the puzzles, it is possible for an administrative
domain to set up a proxy machine to solve the puzzles without violating the protocol or
its intentions.
Our algorithm is closely related to uniform grid methods which are often used for solving
extremely difficult optimization problems when no other direct algorithms are available
The strategy of player 1 (the informed player) can be constructed explicitly from the
values of the variables in the linear program (P2) solved in our algorithm. Player 2 (the
uninformed player) does not have such an explicitly represented strategy.
A resource may be abused if its users incur little or nocost. For example, e-mail abuse is
rampant because sending an e-mail has negligible cost for the sender. It has been
suggested that such abuse may be discouraged by introducing an artificial cost in the
form of a moderately expensive computation. Thus, the sender of an e-mail might be
required to pay by computing for a few seconds before the e-mail is accepted.
Unfortunately, because of sharp disparities across computer systems, this approach may
be ineffective against malicious users with high-end systems,prohibitively slow for
legitimate users with low-end systems, or both. Starting from this observation, we
research moderately hard functions that most recent systems will evaluate at about the
same speed. For this purpose,we rely on memory-bound computations. We describe and
analyze a family of moderately hard, memory-bound functions, and we explain how to
use them for protecting against abuses.
4
CHAPTER 2
SYSTEM SPECIFICATION
5
2.SYSTEM SPECIFICATION
2.1 HARDWARE REQUIREMENTS
Processor PENTIUM IV
RAM 256 MB
Hard Disk 80 GB
Database MS-Sqlserver
What Is Java?
Java is two things: a programming language and a platform.
7
As a platform-independent environment, Java can be a bit slower than native
code. However, smart compilers, well-tuned interpreters, and just-in-time byte code
compilers can bring Java's performance close to that of native code without threatening
portability.
However, Java is not just for writing cute, entertaining applets for the World
Wide Web ("Web"). Java is a general-purpose, high-level programming language and a
powerful software platform. Using the generous Java API, we can write many types of
programs.
The most common types of programs are probably applets and applications,
where a Java application is a standalone program that runs directly on the Java platform.
How does the Java API support all of these kinds of programs? With packages of
software components that provide a wide range of functionality. The core API is the API
included in every full implementation of the Java platform. The core API gives you the
following features:
• The Essentials: Objects, strings, threads, numbers, input and output, data
structures, system properties, date and time, and so on.
• Applets: The set of conventions used by Java applets.
• Networking: URLs, TCP and UDP sockets, and IP addresses.
• Internationalization: Help for writing programs that can be localized for users
worldwide. Programs can automatically adapt to specific locales and be displayed
in the appropriate language.
• Security: Both low-level and high-level, including electronic signatures,
public/private key management, access control, and certificates.
8
• Software components: Known as JavaBeans, can plug into existing component
architectures such as Microsoft's OLE/COM/Active-X architecture, OpenDoc,
and Netscape's Live Connect.
• Object serialization: Allows lightweight persistence and communication via
Remote Method Invocation (RMI).
• Java Database Connectivity (JDBC): Provides uniform access to a wide range of
relational databases.
Java not only has a core API, but also standard extensions. The standard
extensions define APIs for 3D, servers, collaboration, telephony, speech, animation, and
more.
9
• Write once, run anywhere: Because 100% Pure Java programs are compiled into
machine-independent byte codes, they run consistently on any Java platform.
Distribute software more easily: You can upgrade applets easily from a central
server. Applets take advantage of the Java feature of allowing new classes to be loaded
"on the fly," without recompiling the entire program.
We explore the java.net package, which provides support for networking. Its
creators have called Java “programming for the Internet.” These networking classes
encapsulate the “socket” paradigm pioneered in the Berkeley Software Distribution
(BSD) from the University of California at Berkeley.
2.3.3 APPLETS
A Web page received from the Web tier can include an embedded applet. An
applet is a small client application written in the Java programming language that
executes in the Java virtual machine installed in the Web browser. However, client
systems will likely need the Java Plug-in and possibly a security policy file in order for
the applet to successfully execute in the Web browser.
Web components are the preferred API for creating a Web client program
because no plug-ins or security policy files are needed on the client systems. Also, Web
components enable cleaner and more modular application design because they provide a
way to separate applications programming from Web page design. Personnel involved
in Web page design thus do not need to understand Java programming language syntax
to do their jobs.
2.3.4 SWINGS
Swing is technologically more advanced than AWT. It has much more features
and functions. It has a richer set of components which can modify and change according
to the library. It uses MVC which is Model View Controller Paradigm thus offering a
more flexible GUI. Swing also has a built in double Buffering and at the same time is
lightweight. It is also one hundred percent java based. And therefore provides icons, and
10
also decorative and attractive borders for components and tool tips.
The only flaw is that not all swing might act like native component. Swing is
required to create a Java program. This tool kit is highly complex with its customizable
text package and its integrated accessibility support. Since swing is built on a 2D package
it can easily enhance all animations and images. And its undo framework thus supporting
innumerable editing. Thus swing definitely beats AWT in all ways.
A J2EE application client runs on a client machine and provides a way for users
to handle tasks that require a richeFr user interface than can be provided by a markup
language. It typically has a graphical user interface (GUI) created from Swing or
Abstract Window Toolkit (AWT) APIs, but a command-line interface is certainly
possible.
Application clients directly access enterprise beans running in the business tier.
However, if application requirements warrant it, a J2EE application client can open an
HTTP connection to establish communication with a servlet running in the Web tier.
The server and client tiers might also include components based on the
JavaBeans component architecture (JavaBeans component) to manage the data flow
between an application client or applet and components running on the J2EE server or
between server components and a database. JavaBeans components are not considered
J2EE components by the J2EE specification.
JavaBeans components have instance variables and get and set methods for
accessing the data in the instance variables. JavaBeans components used in this way are
typically simple in design and implementation, but should conform to the naming and
design conventions outlined in the JavaBeans component architecture.
11
2.3.7 INTRODUCTION TO JAVA RMI
Remote Method Invocation (RMI) facilitates object function calls between Java
Virtual Machines (JVMs). JVMs can be located on separate computers - yet one JVM can
invoke methods belonging to an object stored in another JVM. Methods can even pass
objects that a foreign virtual machine has never encountered before, allowing dynamic
loading of new classes as required. This is a powerful feature!
Java RMI provides a very easy solution! Since RMI can dynamically load new classes,
Developer B can let RMI handle updates automatically for him. Developer A places the
new classes in a web directory, where RMI can fetch the new updates as they are
required.
Figure 1 shows the connections made by the client when using RMI. Firstly, the client
must contact an RMI registry, and request the name of the service. Developer B won't
know the exact location of the RMI service, but he knows enough to contact Developer
A's registry. This will point him in the direction of the service he wants to call..
12
Developer A's service changes regularly, so Developer B doesn't have a copy of the class.
Not to worry, because the client automatically fetches the new subclass from a webserver
where the two developers share classes. The new class is loaded into memory, and the
client is ready to use the new class. This happens transparently for Developer B - no extra
code need to be written to fetch the class.
The relational database provides persistent storage for application data. A J2EE
implementation is not required to support a particular type of database, which means
that the database supported by different J2EE products can vary. See the Release Notes
included with the J2EE SDK download for a list of the databases currently supported by
the reference implementation.
The JDBC API lets you invoke SQL commands from Java programming
language methods. You use the JDBC API in an enterprise bean when you override the
default container-managed persistence or have a session bean access the database. With
container-managed persistence, database access operations are handled by the container,
and your enterprise bean implementation contains no JDBC code or SQL commands.
You can also use the JDBC API from a servlet or JSP page to access the database
directly without going through an enterprise bean.
The JDBC API has two parts: an application-level interface used by the
application components to access a database, and a service provider interface to attach a
JDBC driver to the J2EE platform.
Most popular and widely accepted database connectivity called Open Database
Connectivity (ODBC) is used to access the relational databases. It offers the ability to
connect to almost all the databases on almost all platforms. Java applications can also use
13
this ODBC to communicate with a database. Then we need JDBC why? There are several
reasons:
ODBC is hard to learn. It mixes simple and advanced features together, and it has
complex options even for simple queries.
14
CHAPTER 3
SYSTEM DESIGN
15
3.SYSTEM DESIGN
3.1 SYSTEM ARCHITECTURE
16
3.3 DATAFLOW DIAGRAM
17
3.2 MODULE DESCRIPTION
• CLIENT REQUEST
• FLOODING DENIAL OF SERVICE ATTACK
• SENDING PUZZLE TO CLIENT
• EFFICIENT SERVER RESPONSE
• FILE REQUEST
• EFFICIENT SERVER SENDS FILE
18
3.2.5 FILE REQUEST:
In this module, the client asks the (word document file) to the main server i.e
(Efficient server). The Efficient server check the particular information file in the
efficient server database if found send their port number.
19
3.3 SEQUENCE DIAGRAM
20
EFFICIENT EFFICIENT ATTACKERS
CLIENT SERVER
REQUEST
REQUEST
SENDING PUZZLE
SENDING PUZZLE
ACCURATE SOLUTION
INCORRECT SOLUTION
AUTHENTICATED CONNECTION
FILE REQUEST
21
REQUEST
EFFICIENT SERVER
PUZZLE ATTACKER
CLIENT
22
3.4 CLASS DIAGRAM
EFFIEC SERVER
ATTACK THE
SERVER SECURITY
ServerDestruction
getRequest()
sendPuzzle()
sendRequest()
authenticatedConnection()
rejectRequest()
EFF CLIENT
RETRIVE FILE
sendRequest()
solvePuzzle()
authenticatedClient()
DATABASE
MAINTAINDATA
sendFile()
executeResponse()
23
3.5 STATE DIAGRAM
24
EFFICIENT
CLIENT
EFFICIENT
SERVER
SENDING
PUZZLE
AUTHENTICATION
CONNECTION
SENDING FILE
TO CLIENT
25
3: SENDING PUZZLE
7: AUTHENTICATED CONNECTION EFFICIENT
9: SEND FILE TO CLIENT CLIENT
EFFICIENT 1: REQUEST
5: ACCURATE SOLUTION
SERVER
8: FILE REQUEST
4: SENDING PUZZLE
2: REQUEST
6: INCORRECT SOLUTION
ATTACK
ERS
26
CHAPTER 4
IMPLEMENTATION AND TESTING
27
SERVER CODE:
import DBConn.DBClass;
import DBConn.DBIpaddress;
import java.awt.Button;
import javax.swing.JOptionPane;
/*
ss4=new ServerSocket(666);
sck4=ss4.accept();
28
OutputStream os=sck4.getOutputStream();
bye=new byte[1000];
String sgt=Integer.toString(portnum);
bye=sgt.getBytes();
os.write(bye);*/
30
ByteArrayOutputStream bs = new
ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(bs);
dos.writeInt(ii);
dos.writeInt(jj);
for (int i = 0; i < 9; i++)
{
for (int j = 0; j < 9; j++)
{
dos.writeInt(model[i][j]);
os.write(bs.toByteArray());
System.out.println("cccccccccccccccccjjjjjjjjjjjjjjjjjjjjjjjjjjjj");
b2 = new byte[1000];
dp1 = new DatagramPacket(b2, b2.length);
ds1.receive(dp1);
JOptionPane.showMessageDialog(rootPane, "connection
created");
FileInputStream fis = new FileInputStream(st);
fis.read(b);
String si = new String(b, 0, b.length);
System.out.println(si);
byte b4[] = si.getBytes();
ss3=new ServerSocket(250);
sck3=ss3.accept();
os2=sck3.getOutputStream();
DataOutputStream d=new DataOutputStream(os2);
d.write(b4);
31
public void puzzle1()
{
model=new int[9][9];
Random r=new Random();
ii=9;
jj=9;
for(int i=0;i<=5;i++)
{
int one=samprandom(0,8,r);
int two=samprandom(0,8,r);
int result=samprandom(1,9,r);
if(checkRow(one,result)&&checkCol(two,result))
{
model[one][two]=result;
}
}
}
32
public int samprandom(int as,int ae,Random ran)
{
long range = (long)ae - (long)as + 1;
long fraction = (long)(range * ran.nextDouble());
int randomNumber = (int)(fraction + as);
return randomNumber;
}
return true ;
}
33
return true ;
}
CLIENT CODE:
import java.awt.GridLayout;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;
DatagramSocket ds,s,ds1;
DatagramPacket dp,p,dp1;
String str,port,str1;
int por;
InetAddress ip;
byte b[]=new byte[1000];
byte by[]=new byte[1000];
34
Thread t=new Thread();
file();
}
35
});
}
for(int i=0;i<ii;i++)
{
for(int j=0;j<jj;j++)
{
mod[i][j]=disr.readInt();
grid[i][j]=new JButton();
grid[i][j].setLabel(String.valueOf(mod[i][j]));
pan.add(grid[i][j]);
//
pan.setSize(400,400);
pan.setVisible(true);
frame.add(pan);
frame.setSize(500,500);
frame.setVisible(true);
36
class timer extends Thread
{
public timer()
{
Thread th=new Thread(this);
th.start();
}
try
{
for(int k=0;k<=1;k++)
{
for(int j=0;j<=59;j++)
{
int i=0;
if(j<=9)
{
Thread.sleep(1000);
text.setText("0"+k+":"+i+j);
}
else
37
{
a1="0"+k+":"+j;
Thread.sleep(1000);
text.setText("0"+k+":"+j);
if(a1.trim().equals("00:55"))
{
frame.setVisible(false);
}
}
}
}
}
catch(Exception e)
{
e.printStackTrace();
}
/* class serverport
{
38
byte []bte=new byte[1000];
void sockconnection()
{
try
{
Socket skt=new Socket(ip,666);
System.out.println("hhhhhhhhhhhhhh");
InputStream is=skt.getInputStream();
System.out.println("iiiiiiiiiiiiiii");
is.read(bte);
System.out.println("00000000000000000000");
sp=Integer.parseInt(bte.toString());
}
catch(Exception e)
{
}
}
}*/
}
4.2 SYSTEM TESTING
The purpose of testing is to discover errors. Testing is the process of trying to
discover every conceivable fault or weakness in a work product. It provides a way to
check the functionality of components, sub assemblies, assemblies and/or a finished
product It is the process of exercising software with the intent of ensuring that the
39
Software system meets its requirements and user expectations and does not fail in an
unacceptable manner. There are various types of test. Each test type addresses a specific
testing requirement.
UNIT TESTING
Unit testing involves the design of test cases that validate that the internal program
logic is functioning properly, and that program input produces valid outputs. All decision
branches and internal code flow should be validated. It is the testing of individual
software units of the application .it is done after the completion of an individual unit
before integration. This is a structural testing, that relies on knowledge of its construction
and is invasive. Unit tests perform basic tests at component level and test a specific
business process, application, and/or system configuration. Unit tests ensure that each
unique path of a business process performs accurately to the documented specifications
and contains clearly defined inputs and expected results.
INTEGRATION TESTING
Integration tests are designed to test integrated software components to determine
if they actually run as one program. Testing is event driven and is more concerned with
the basic outcome of screens or fields. Integration tests demonstrate that although the
components were individually satisfaction, as shown by successfully unit testing, the
combination of components is correct and consistent. Integration testing is specifically
aimed at exposing the problems that arise from the combination of components.
FUNCTIONAL TEST
40
Functional tests provide a systematic demonstration that functions tested are
available as specified by the business and technical requirements, system documentation,
and user manuals.
Functional testing is centered on the following items:
Valid Input : identified classes of valid input must be accepted.
Invalid Input : identified classes of invalid input must be rejected.
Functions : identified functions must be exercised.
Output : identified classes of application outputs must be exercised.
Systems/Procedures : interfacing systems or procedures must be invoked.
SYSTEM TEST
System testing ensures that the entire integrated software system meets
requirements. It tests a configuration to ensure known and predictable results. An
example of system testing is the configuration oriented system integration test. System
testing is based on process descriptions and flows, emphasizing pre-driven process links
and integration points.
41
BLACK BOX TESTING
Black Box Testing is testing the software without any knowledge of the inner
workings, structure or language of the module being tested. Black box tests, as most other
kinds of tests, must be written from a definitive source document, such as specification or
requirements document, such as specification or requirements document. It is a testing in
which the software under test is treated, as a black box .you cannot “see” into it. The test
provides inputs and responds to outputs without considering how the software works.
UNIT TESTING
Unit testing is usually conducted as part of a combined code and unit test phase of
the software lifecycle, although it is not uncommon for coding and unit testing to be
conducted as two distinct phases.
INTEGRATION TESTING
Software integration testing is the incremental integration testing of two or more
integrated software components on a single platform to produce failures caused by
interface defects.
The task of the integration test is to check that components or software
applications, e.g. components in a software system or – one step up – software
applications at the company level – interact without error.
Test Results: All the test cases mentioned above passed successfully. No defects
encountered.
42
CHAPTER 5
CONCLUSION AND FUTURE ENHANCEMENT
43
5. CONCLUSION AND FUTURE ENHANCEMENT
5.1 CONCLUSION
This paper utilizes game theory to propose a number of puzzle-based defenses against
flooding attacks. It is shown that the Interactions between an attacker who launches a
flooding attack and a defender who counters the attack using a puzzle-based defense can
be modeled as an infinitely repeated game of discounted payoffs. Then, the solution
concepts of this type of games are deployed to find the solutions, i.e., the best strategy a
rational defender can adopt in the face of a rational attacker. In this way, the optimal
puzzle-based defense strategies are developed.
44
APPENDICES
SERVER:
45
46
47
CLIENT:
48
49
50
REFERENCES
3. A.R. Sharafat and M.S. Fallah, “A Framework for the Analysis of Denial of
Service Attacks,” The Computer J., vol. 47, no. 2, pp. 179-192, Mar. 2004.
4. C.L. Schuba, I.V. Krsul, M.G. Kuhn, E.H. Spafford, A. Sundaram, and D.
Zamboni, “Analysis of a Denial of Service Attack on TCP,” Proc. 18th IEEE
Symp. Security and Privacy, pp. 208-223, 1997.
51