1.

INTRODUCTION
1.1. Background
An active worm refers to a malicious software program that propagates itself on the
Internet to infect other computers. The propagation of the worm is based on exploiting
vulnerabilities of computers on the Internet. Many real-world worms have caused
notable damage on the Internet. These worms include Code-Red worm in 2001,
Slammer worm in 2003, and Witty/Sasser worms in 2004. Many active worms are
used to infect a large number of computers and recruit them as bots or zombies, which
are networked together to form botnets. These botnets can be used to: (a) launch
massive Distributed Denial-of-Service (DDoS) attacks that disrupt the Internet utilities,
(b) access confidential information that can be misused through large scale traffic
sniffing, key logging, identity theft etc, (c) destroy data that has a high monetary value,
and (d) distribute large-scale unsolicited advertisement emails (as spam) or software
(as malware). There is evidence showing that infected computers are being rented out
as Botnets for creating an entire black-market industry for renting, trading, and
managing owned computers, leading to economic incentives for attackers.
Researchers also showed possibility of super-botnets, networks of independent
botnets that can be coordinated for Due to the substantial damage caused by worms in
the past years, there have been significant efforts on developing detection and defense
mechanisms against worms. A network based worm detection system plays a major role
by monitoring, collecting, and analyzing the scan traffic (messages to identify
vulnerable computers) generated during worm attacks.
In this system, the detection is commonly based on the self propagating behavior of
worms that can be described as follows: after a worm-infected computer identifies and
infects a vulnerable computer on the Internet, this newly infected computer1 will
automatically and continuously scan several IP addresses to identify and infect other
vulnerable computers. As such, numerous existing detection schemes are based on a
1

tacit assumption that each worm-infected computer keeps scanning the Internet and
propagates itself at the highest possible speed. Furthermore, it has been shown that
the worm scan traffic volume and the number of worm-infected computers exhibit
exponentially increasing patterns. Nevertheless, the attackers are crafting attack
strategies that intend to defeat existing worm detection systems. In particular, stealth
is one attack strategy used by a recently-discovered active worm called Attack worm
and the self-stopping worm circumvent detection by hibernating (i.e., stop
propagating) with a pre-determined period. Worm might also use the evasive scan and
traffic morphing technique to hide the detection.
In this paper, we conduct a systematic study on a new class of such smart-worms
denoted as Camouflaging Worm (C-Worm in short).
The C-Worm has a self-propagating behavior similar to traditional worms, i.e., it intends
to rapidly infect as many vulnerable computers as possible. However, the C-Worm is
quite different from traditional worms in which it camouflages any noticeable trends in
the number of infected computers over time. The camouflage is achieved by
manipulating the scan traffic volume of worm-infected computers. Such a manipulation
of the scan traffic volume prevents exhibition of any exponentially increasing trends or
even crossing of thresholds that are tracked by existing detection schemes .
We note that the propagation controlling nature of the C-Worm (and similar smartworms, such as Atak) cause a slowdown in the propagation speed. However, by
carefully controlling its scan rate, the C-Worm can: (a) still achieve its ultimate goal of
infecting as many computers as possible before being detected, and (b) position itself
to launch subsequent attacks
Using a comprehensive set of detection metrics and real-world traces as background
traffic, we conduct extensive performance evaluations on our proposed spectrum-based
detection scheme. The performance data clearly demonstrates that our scheme can
effectively detect the C-Worm propagation.
2

1.2. Problem Definition:

Security vulnerabilities must be prevented to begin with, a problem which must
addressed by the programming language community. However, while vulnerabilities
exist and pose threats of large-scale damage, it is critical to also focus on networkbased detection, as this paper does, to detect wide spreading worms.

1.3. Existing system:

Existing detection schemes are based on a tacit assumption that each worminfected computer keeps scanning the Internet and propagates itself at the
highest possible speed. Furthermore, it has been shown that the worm scan
traffic volume and the number of worm-infected computers exhibit exponentially
increasing patterns.
Nevertheless, the attackers are crafting attack strategies that intend to defeat
existing worm detection systems. In particular, stealth is one attack strategy
used by a recently-discovered active worm called Attack worm and the selfstopping worm

circumvent detection by hibernating (i.e., stop propagating)

with a pre-determined period. Worm might also use the evasive scan and traffic
morphing technique to hide the detection.

1.4. Drawback in existing system:

Existing anti-worm detection systems fail to detect brand new worms
The detection time of existing detection schemes have relatively larger values.
Detection rate values for the existing detection schemes are relatively small
Existing worm detection systems are based on analyzing the propagation traffic
generated by worms.
3

2. OVERVIEW AND PLANNING

2.1. Proposed System Overview
Proposed Worm detection schemes that are based on the global scan traffic monitor by
detecting traffic anomalous behavior, there are other worm detection and defense
schemes such as sequential hypothesis testing for detecting worm-infected computers,
payload-based worm signature detection.
In presented both theoretical modeling and experimental results on a collaborative
worm signature generation system that employs distributed fingerprint filtering and
aggregation and multiple edge networks.
In presented a state-space feedback control model that detects and control the spread
of these viruses or worms by measuring the velocity of the number of new connections
an infected computer makes.
Despite the different approaches described above, we believe that detecting widely
scanning anomaly behavior continues to be a useful weapon against worms, and that in
practice multifaceted defense has advantages

Advantages in Proposed System:

Our evaluation data clearly demonstrate that our spectrum-based detection
scheme achieves much better detection performance against the C-Worm propagation
compared with existing detection schemes. Our evaluation also shows that our
spectrum-based detection scheme is general enough to be used for effective detection
of traditional worms as well.

2.2. Challenges
Existing detection schemes are based on a tacit assumption that each worm-infected
computer keeps scanning the Internet and propagates itself at the highest possible
speed. Furthermore, it has been shown that the worm scan traffic volume and the
number of worm-infected computers exhibit exponentially increasing patterns.
The Proposed System clearly demonstrate that our spectrum-based detection scheme
achieves much better detection performance against the C-Worm propagation
compared with existing detection schemes. Our evaluation also shows that our
spectrum-based detection scheme is general enough to be used for effective detection
of traditional worms as well.

2.3. Assumptions
Proposed Worm detection schemes that are based on the global scan traffic monitor by
detecting traffic anomalous behavior, there are other worm detection and defense
schemes such as sequential hypothesis testing for detecting worm-infected computers,
payload-based worm signature detection.
Despite the different approaches described above, we believe that detecting widely
scanning anomaly behavior continues to be a useful weapon against worms, and that in
practice multifaceted defense has advantages.

2.4. Feasibility Study:

The feasibility of the project is analyzed in this phase and business proposal is put forth
with a very general plan for the project and some cost estimates. During system
analysis the feasibility study of the proposed system is to be carried out. This is to
ensure that the proposed system is not a burden to the company.

For feasibility

analysis, some understanding of the major requirements for the system is essential.

Three key considerations involved in the feasibility analysis are

ECONOMICAL FEASIBILITY

TECHNICAL FEASIBILITY

SOCIAL FEASIBILITY

ECONOMICAL FEASIBILITY
This study is carried out to check the economic impact that the system will have
on the organization. The amount of fund that the company can pour into the research
and development of the system is limited. The expenditures must be justified. Thus the
developed system as well within the budget and this was achieved because most of the
technologies used are freely available. Only the customized products had to be
purchased.

TECHNICAL FEASIBILITY
This study is carried out to check the technical feasibility, that is, the technical
requirements of the system. Any system developed must not have a high demand on
the available technical resources. This will lead to high demands on the available
technical resources. This will lead to high demands being placed on the client. The
developed system must have a modest requirement, as only minimal or null changes
are required for implementing this system.
6

SOCIAL FEASIBILITY
The aspect of study is to check the level of acceptance of the system by the
user. This includes the process of training the user to use the system efficiently. The
user must not feel threatened by the system, instead must accept it as a necessity. The
level of acceptance by the users solely depends on the methods that are employed to
educate the user about the system and to make him familiar with it. His level of
confidence must be raised so that he is also able to make some constructive criticism,
which is welcomed, as he is the final user of the system.

2.5. System Requirements:

Minimum Hardware Requirements:

System

: Pentium IV 2.4 GHz.

Hard Disk

: 40 GB.

Floppy Drive

: 1.44 Mb.

Ram

: 256 Mb.

Software Requirements:

Operating system

: Windows XP Professional

Front End

: JAVA, Swing(JFC)

Coding Language

: JDK 1.6

Tools

: JCreator, Eclipse 3.3 or NetBeans

Functional Requirements:
Functional requirements specify which output file should be produced from the given
file they describe the relationship between the input and output of the system, for
each functional requirement a detailed description of all data inputs and their source
and the range of valid inputs must be specified.

Non Functional Requirements:

Describe user-visible aspects of the system that are not directly related with the
functional behavior of the system. Non-Functional requirements include quantitative
constraints, such as response time (i.e. how fast the system reacts to user
commands.) or accuracy ((.e. how precise are the systems numerical answers.)

Pseudo Requirements:
The client that restricts the implementation of the system imposes these
requirements. Typical pseudo requirements are the implementation language and the
platform on which the system is to be implemented. These have usually no direct
effect on the users view of the system.

2.6. GANNT CHART

Time

in

Months

1.2
1
0.8
0.6
Phases

0.4
0.2
0
Analysis

Design

Coding

Testing

Fig.No. 2.7.1
9

3. LITERATURE SURVEY & REVIEW

3.1. Literature Survey
Literature survey is the most important step in software development process. Before
developing the tool it is necessary to determine the time factor, economy n company
strength. Once these things r satisfied, ten next steps are to determine which operating
system and language can be used for developing the tool. Once the programmers start
building the tool the programmers need lot of external support. This support can be
obtained from senior programmers, from book or from websites. Before building the
system the above consideration are taken into account for developing the proposed
system.

Active Worms
Active worms are similar to biological viruses in terms of their infectious and selfpropagating nature. They identify vulnerable computers, infect them and the worminfected computers propagate the infection further to other vulnerable computers. In
order to understand worm behavior, we first need to model it. With this understanding,
effective detection and defense schemes could be developed to mitigate the impact of
the worms. For this reason, tremendous research effort has focused on this area.
Active worms use various scan mechanisms to propagate themselves efficiently. The
basic form of active worms can be categorized as having the Pure Random Scan (PRS)
nature. In the PRS form, a worm-infected computer continuously scans a set of random
Internet IP addresses to find new vulnerable computers. Other worms propagate
themselves more effectively than PRS worms using various methods, e.g., network port
scanning, email, file sharing, Peer-to-Peer (P2P) networks, and Instant Messaging (IM).
In addition, worms use different scan strategies during different stages of propagation.
10

In order to increase propagation efficiency, they use a local network or hit list to infect
previously identified vulnerable computers at the initial stage of propagation. They may
also use DNS, network topology and routing information to identify active computers
instead of randomly scanning IP addresses. They split the target IP address space
during propagation in order to avoid duplicate scans.

Studied a divide-conquer

scanning technique that could potentially spread faster and stealthier than a traditional
random-scanning worm. Ha formulated the problem of finding a fast and resilient
propagation topology and propagation schedule for Flash worms. Studied the worm
propagation over the sensor networks.
Worm (C-Worm) studied in this paper aims to elude the detection by the worm defense
system during worm propagation. Closely related, but orthogonal to our work, are the
evolved active worms that are polymorphic in nature. Polymorphic worms are able to
change their binary representation or signature as part of their propagation process.
This can be achieved with self-encryption mechanisms or semantics preserving code
manipulation techniques. The C-Worm also shares some similarity with stealthy portscan attacks. Such attacks try to find out available services in a target system, while
avoiding detection. It is accomplished by decreasing the port scan rate, hiding the
origin of attackers, etc. Due to the nature of self-propagation, the C-Worm must use
more complex mechanisms to manipulate the scan traffic volume over time in order to
avoid detection.

11

3.2. LITERATURE SUMMARY

Worm:
Self-replicating malware program
A payload is code designed to do more than spread the worm it might
delete files on a host system.

Camouflage:
A method of CRYPSIS - Avoidance of observation.

Anomaly Detection:
Refers to detecting patterns in a given data set that do not conform to an
established normal behavior.

12

4. SYSTEM DESIGN:
4.1. Data Flow Diagram / Use Case Diagram / Flow Diagram:

The DFD is also called as bubble chart. It is a simple graphical formalism that

can be used to represent a system in terms of the input data to the system,
various processing carried out on these data, and the output data is generated
by the system
The data flow diagram (DFD) is one of the most important modeling tools. It is
used to model the system components. These components are the system
process, the data used by the process, an external entity that interacts with the
system and the information flows in the system.
A DFD may be used to represent a system at any level of abstraction. DFD may
be partitioned into levels that represent increasing information flow and
functional detail.

UML DESIGN

Fig.No. 4.1.1
13

NOTATION:
SOURCE OR DESTINATION OF DATA:
External sources or destinations, which may be people or organizations or other
entities.

DATA SOURCE:
Here the data referenced by a process is stored and retrieved.

PROCESS:
People, procedures or devices that produce data. The physical component is not
identified.
DATA FLOW:
Data moves in a specific direction from an origin to a destination. The data flow is a
packet of data.

MODELING RULES:
There are several common modeling rules when creating DFDs:
1. All processes must have at least one data flow in and one data flow out.
2. All processes should modify the incoming data, producing new forms of outgoing
data.
3. Each data store must be involved with at least one data flow.
4. Each external entity must be involved with at least one data flow.
14

SEQUENCE DIAGRAM:

Fig.No. 4.1.2

15

SYSTEM FLOW DIAGRAM:

C_Worm Detection

Yes

Select System Volume

drive

No

Non propagation

Start C-Worm Scan

Infected file

Worm Scan File List

Detected Worm

Stored Log file

Worm detection Status

Worm Analysis

Fig.No. 4.1.3
16

4.2. DATAFLOW DIAGRAM:

Worm-Detection

Pure Random Scan

(PRS)

Select Drive
no

Scan Selected Drive

or Folder ,file

IF selected
Drive
yes

C-Worm Detection

Stored Worm scan details Log file

Traffic and non-worm traffic

View File Log

Check Status
Worm detection list
Worm Analysis

End

Fig.No. 4.2.1

17

5. SYSTEM IMPLEMENTATION
5.1. Description on the software used
5.1.1.

Netbeans

A free, open-source Integrated Development Environment for software developers. All

the tools needed to create professional desktop, enterprise, web, and mobile
applications with the Java platform, as well as with C/C++, PHP, JavaScript and Groovy.
NETBEANS Platform
The NetBeans Platform is a reusable framework for simplifying the development
of Java Swing desktop applications. The NetBeans IDE bundle for Java SE contains
what is needed to start developing NetBeans plugins and NetBeans Platform based
applications; no additional SDK is required.
Applications can install modules dynamically. Any application can include the Update
Center module to allow users of the application to download digitally-signed upgrades
and new features directly into the running application. Reinstalling an upgrade or a new
release does not force users to download the entire application again.
The platform offers reusable services common to desktop applications, allowing
developers to focus on the logic specific to their application. Among the features of the
platform are:

User interface management (e.g. menus and toolbars)

User settings management

Storage management (saving and loading any kind of data)

Window management

Wizard framework (supports step-by-step dialogs)

NetBeans Visual Library

Integrated Development Tools

18

5.1.2.

JCreator Editor

JCreator is a Java IDE created by Xinox Software. Its interface is similar to that
of Microsoft's Visual Studio. Because it is programmed entirely in C++, (except the first
version (0.1), which was Java-based ), Xinox Software has asserted that JCreator is
faster than competing Java-based Java IDEs.
Features:

Custom color schemes

Wrapping around of your existing projects

Different JDK profiles can be used

Quick code writing via project templates

Easy project viewing with the class browser

Debugging with an easy, intuitive interface. No command-line prompts necessary

Wizards help you cut to the chase writing your project, quickly and easily

Automatic Classpath configuration

UI customization (similar to Microsoft Visual Studio)

The run-time environment can run your application as an applet, in a JUnit

environment or in a command-line window

JCreator's IDE does not require a Java Runtime Environment to execute, which may
make it faster than Java-based IDE's.

19

5.2. Description on Methods/ functions used

JAVA TECHNOLOGY:
Java technology is both a programming language and a platform.
The Java Programming Language
The Java programming language is a high-level language that can be
characterized by all of the following buzzwords:

Simple

Architecture neutral

Object oriented

Portable

Distributed

High performance

Interpreted

Multithreaded

Robust

Dynamic

Secure

With most programming languages, you either compile or interpret a program so that
you can run it on your computer. The Java programming language is unusual in that a
program is both compiled and interpreted. With the compiler, first you translate a
program into an intermediate language called Java byte codes the platformindependent codes interpreted by the interpreter on the Java platform. The interpreter
parses and runs each Java byte code instruction on the computer. Compilation happens

20

just once; interpretation occurs each time the program is executed. The following figure
illustrates how this works.

You can think of Java byte codes as the machine code instructions for the Java Virtual

Machine (Java VM). Every Java interpreter, whether its a development tool or a Web
browser that can run applets, is an implementation of the Java VM. Java byte codes
help make write once, run anywhere possible. You can compile your program into
byte codes on any platform that has a Java compiler. The byte codes can then be run
on any implementation of the Java VM. That means that as long as a computer has a
Java VM, the same program written in the Java programming language can run on
Windows 2000, a Solaris workstation, or on an iMac.

21

WHY JAVA SWING?

Swing is part of the Java Foundation Classes (JFC). The JFC also include other features
important to a GUI program, such as the ability to add rich graphics functionality and
the ability to create a program that can work in different languages and by users with
different input devices.

Swing was developed to provide a more sophisticated set of GUI components than the
earlier Abstract Window Toolkit (AWT). Swing provides a native look and feel that
emulates the look and feel of several platforms, and also supports a pluggable look and
feel that allows applications to have a look and feel unrelated to the underlying
platform. It has more powerful and flexible components than AWT. In addition to
familiar components such as buttons, check box and labels, Swing provides several
advanced components such as tabbed panel, scroll panes, trees, tables and lists.
Unlike AWT components, Swing components are not implemented by platform-specific
code. Instead they are written entirely in Java and therefore are platform-independent.
The term "lightweight" is used to describe such an element.

Java Swing Features

Java Swing has many features which make it ideal for Graphical User Interface (GUI)
development. Few of those are:

Lightweight

Built-in controls like image buttons, tabbed panes, sliders, toolbars, color
choosers, tables, text areas

Customizable (change border, text alignment, visual appearance of almost

any control and can change)
22

Pluggable look and feel

New features like tool tips, tool bars, keyboard accelerators, custom cursors,
etc. are also available

Has arbitrary keyboard event binding

Debugging support is also available

23

5.3. IMPLEMENTATION MODULES

Implementation is the stage of the project when the theoretical design is turned
out into a working system. Thus it can be considered to be the most critical stage in
achieving a successful new system and in giving the user, confidence that the new
system will work and be effective.
The implementation stage involves careful planning, investigation of the existing
system and its constraints on implementation, designing of methods to achieve
changeover and evaluation of changeover methods.

MAIN MODULES
5.3.1.

C-Worm detection Module

Camouflaging Worm (C Worm). The C-Worm has a self-propagating behavior similar to

traditional worms, i.e., it intends to rapidly infect as many vulnerable computers as
possible. However, the CWorm is quite different from traditional worms in which it
camouflages any noticeable trends in the number of infected computers over time. The
camouflage is achieved by manipulating the scan traffic volume of worm-infected
computers. Such a manipulation of the scan traffic volume prevents exhibition of any
exponentially increasing trends or even crossing of thresholds that are tracked by
existing detection schemes.

24

5.3.2.

Malicious Detection Module OR Anomaly Detection

Worms are malicious programs that execute on these computers, analyzing the
behavior of worm executables plays an important role in host based detection systems.
Many detection schemes fall under this category. Ideally, security vulnerabilities must
be prevented to begin with, a problem which must addressed by the programming
language community. However, while vulnerabilities exist and pose threats of largescale damage, it is critical to also focus on network-based detection, as this paper does,
to detect wide spreading worms.

5.3.3.

Pure Random Scan (PRS) Module

C-Worm can be extended to defeat other newly developed detection schemes, such as
destination distribution-based detection. In the following, Recall that the attack target
distribution based schemes analyze the distribution of attack targets (the scanned
destination IP addresses) as basic detection data to capture the fundamental features
of worm propagation, i.e., they continuously scan different targets.

5.3.4.

Worm propagation Module

Worm scan traffic volume in the open-loop control system will expose a much higher
probability to show an increasing trend with the progress of worm propagation. As
more and more computers get infected, they, in turn, take part in scanning other
computers. Hence, we consider the Cworm as a worst case attacking scenario that uses
a closed loop control for regulating the propagation speed based on the feedback
propagation status.

25

5.4.

SAMPLE CODE

CHART:
import java.awt.Color;
import java.awt.GradientPaint;
import org.jfree.chart.ChartFactory;
import org.jfree.chart.ChartPanel;
import org.jfree.chart.JFreeChart;
import org.jfree.chart.axis.NumberAxis;
import org.jfree.chart.plot.CategoryPlot;
import org.jfree.chart.plot.PlotOrientation;
public class chart extends ApplicationFrame {
public chart(final String title) {
super(title);
System.out.println("Inside the chart module");
final CategoryDataset dataset = createDataset();
final JFreeChart chart = createChart(dataset);
// add the chart to a panel...
final ChartPanel chartPanel = new ChartPanel(chart);
chartPanel.setPreferredSize(new java.awt.Dimension(500, 270));
setContentPane(chartPanel);
setSize(500,400);
setVisible(true);
}
private JFreeChart createChart(final CategoryDataset dataset) {
// create the chart...
final JFreeChart chart = ChartFactory.createBarChart(
"Detection Time (DT) and Detection Rate (DR)-Chart",
"Category",
// domain axis label
"Time",
// range axis label
dataset,
// data
PlotOrientation.VERTICAL,
true,
// include legend
true,
// tooltips?
false
// URLs?
);

// chart title

26

chart.setBackgroundPaint(Color.blue);
final CategoryPlot plot = chart.getCategoryPlot();
final NumberAxis rangeAxis = (NumberAxis) plot.getRangeAxis();
rangeAxis.setStandardTickUnits(NumberAxis.createIntegerTickUnits());
// disable bar outlines...
final BarRenderer renderer = (BarRenderer) plot.getRenderer();
renderer.setDrawBarOutline(false);
renderer.setMaximumBarWidth(0.10);
// set up gradient paints for series...
final GradientPaint gp0 = new GradientPaint(
0.0f, 0.0f, Color.blue,
0.0f, 0.0f, Color.lightGray
);
final GradientPaint gp1 = new GradientPaint(
0.0f, 0.0f, Color.green,
0.0f, 0.0f, Color.lightGray
);
renderer.setSeriesPaint(0, gp0);
renderer.setSeriesPaint(1, gp1);
return chart;
}

27

VIEW:
import
import
import
import

java.io.*;
java.awt.*;
java.awt.event.*;
javax.swing.*;

import java.util.*;
public class view extends JFrame
{
private TextArea txtArea = null;
public view()
{
super("Worn File Scan Details");
Container pane = this.getContentPane();
txtArea = new TextArea();
txtArea.setBackground(new Color(100, 151, 104));
pane.add(txtArea);
setSize(500,500);
setVisible(true);
String s="";
try
{
FileReader fr = new FileReader("Scan.log");
BufferedReader br = new BufferedReader(fr);
String val=new String();
while((val=br.readLine())!=null)
s=s+val+"\n";
}catch(Exception e){}
txtArea.setText(s);
}
public static void main(String arg[])
{
new view();
}
}

28

SWINGPROGESSBAR:
import
import
import
import

java.awt.*;
java.awt.event.*;
javax.swing.*;
javax.swing.text.html.*;

public class SwingProgressBar{

final static int interval = 1000;
int i;
JLabel label;
JProgressBar pb;
Timer timer;
JButton button;
public SwingProgressBar() {
JFrame frame = new JFrame("Analysis Chart on Progress");
button = new JButton("Start");
button.addActionListener(new ButtonListener());
pb = new JProgressBar(0, 20);
pb.setValue(0);
pb.setStringPainted(true);
label = new JLabel("Prakash Kumar");
JPanel panel = new JPanel();
panel.add(button);
panel.add(pb);
JPanel panel1 = new JPanel();
panel1.setLayout(new BorderLayout());
panel1.add(panel, BorderLayout.NORTH);
panel1.add(label, BorderLayout.CENTER);
panel1.setBorder(BorderFactory.createEmptyBorder(20, 20, 20, 20));
frame.setContentPane(panel1);
frame.pack();
frame.setVisible(true);
frame.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
//Create a timer.
timer = new Timer(interval, new ActionListener() {
public void actionPerformed(ActionEvent evt) {
29

if (i == 20){
Toolkit.getDefaultToolkit().beep();
timer.stop();
button.setEnabled(true);
pb.setValue(0);
chart demo = new chart("Worm Scan analysis");
//demo.setVisible(true);
String str = "<html>" + "<font color=\"#FF0000\">"
+ "<b>" + "Finished process......." + "</b>" + "</font>" + "</html>";
label.setText(str);
}
i = i + 1;
pb.setValue(i);
}
});
}
class ButtonListener implements ActionListener {
public void actionPerformed(ActionEvent ae) {
button.setEnabled(false);
i = 0;
String str = "<html>" + "<font color=\"#008000\">" + "<b>" +
"Analysis chart is in process......." + "</b>" + "</font>" + "</html>";
label.setText(str);
timer.start();
}
}
public static void main(String[] args) {
SwingProgressBar spb = new SwingProgressBar();
}
}

30

5.5.

TESTING
TYPE OF TESTING:

Black Box Testing

Black Box Testing is testing the software without any knowledge of the inner
workings, structure or language of the module being tested. Black box tests, as most
other kinds of tests, must be written from a definitive source document, such as
specification or requirements document, such as specification or requirements
document. It is a testing in which the software under test is treated, as a black box
.you cannot see into it. The test provides inputs and responds to outputs without
considering how the software works.

White Box Testing

White Box Testing is a testing in which in which the software tester has
knowledge of the inner workings, structure and language of the software, or at least its
purpose. It is purpose. It is used to test areas that cannot be reached from a black box
level.

5.6.

UNIT TESTING:

Unit testing is usually conducted as part of a combined code and unit test phase of the
software lifecycle, although it is not uncommon for coding and unit testing to be
conducted as two distinct phases.

31

Test strategy and approach

Field testing will be performed manually and functional tests will be written in
detail.

Test objectives

All field entries must work properly.

Pages must be activated from the identified link.

The entry screen, messages and responses must not be delayed.

Features to be tested

Verify that the entries are of the correct format

No duplicate entries should be allowed

All links should take the user to the correct page.

SYSTEM TESTING:
The purpose of testing is to discover errors. Testing is the process of trying to discover
every conceivable fault or weakness in a work product. It provides a way to check the
functionality of components, sub assemblies, assemblies and/or a finished product It is
the process of exercising software with the intent of ensuring that the Software system
meets its requirements and user expectations and does not fail in an unacceptable
manner. There are various types of test. Each test type addresses a specific testing
requirement.

32

5.7.

INTEGRATION TESTING:

Software integration testing is the incremental integration testing of two or more

integrated software components on a single platform to produce failures caused by
interface defects.
The task of the integration test is to check that components or software
applications, e.g. components in a software system or one step up software
applications at the company level interact without error.

5.8.

TEST RESULTS: All the test cases mentioned above passed successfully. No
defects encountered.

FUNCTIONAL TESTING:
Functional tests provide systematic demonstrations that functions tested are available
as specified by the business and technical requirements, system documentation, and
user manuals.
Functional testing is centered on the following items:
Valid Input

: identified classes of valid input must be accepted.

Invalid Input

: identified classes of invalid input must be rejected.

Functions

: identified functions must be exercised.

Output

: identified classes must be exercised.

Systems/Procedures

: interfacing systems or procedures must be invoked.

33

Organization and preparation of functional tests is focused on requirements, key

functions, or special test cases. In addition, systematic coverage pertaining to identify
Business process flows; data fields, predefined processes, and successive processes
must be considered for testing. Before functional testing is complete, additional tests
are identified and the effective value of current tests is determined.
TEST CASE TABLE:
TABLE:
A database is a collection of data about a specific topic.
VIEWS OF TABLE:
We can work with a table in two types,
1. Design View
2. Datasheet View
Design View
To build or modify the structure of a table we work in the table design view. We
can specify what kind of data will be hold.
Datasheet View
To add, edit or analyses the data itself we work in tables datasheet view mode.
QUERY:
A query is a question that has to be asked the data. Access gathers data that answers
the question from one or more table. The data that make up the answer is either
dynast (if you edit it) or a snapshot (it cannot be edited).Each time we run query, we
get latest information in the dynast. Access either displays the dynast or snapshot for
us to view or perform an action on it, such as deleting or updating.
34

6. RESULTS AND DISCUSSION

6.1. Output / Results

SNAPSHOTS

Fig.No. 6.1.1

35

Fig.No. 6.1.2

Fig.No. 6.1.3
36

Fig.No. 6.1.4

Fig.No. 6.1.5

37

Fig.No. 6.1.6

Fig.No. 6.1.7
38

Fig.No. 6.1.8

Fig.No. 6.1.9
39

Fig.No. 6.1.10

Fig.No. 6.1.11
40

7.

CONCLUSION & FUTURE WORK

7.1.

Conclusion:

We have successfully modeled the propagation characteristics of different varieties of

permutation-scanning worms. We first derive the precise propagation model for 0-jump
worms, and then extend it for the general jump worms.
We are also able to derive the closed-form solution for the 0-jump worms. To verify the
correctness of the model, we compare the results from our model with those obtained
from actual worm simulations and show that they perfectly match. We analyze the
model to demonstrate how each worm/network parameter will affect the worms
propagation behavior.
Finally, although our analytical model was originally conceived by assuming ideal
network conditions, we show that it can very well be extended to real-life scenarios
with the consideration of variable host bandwidth, network congestion, Internet delay,
host crash, and patching.

7.2.

Limitations & Future Enhancements :

C-Worm successfully camouflages its propagation in the time domain, its camouflaging
nature inevitably manifests as a distinct pattern in the frequency domain. Based on
observation, we developed a novel spectrum-based detection scheme to detect the CWorm. Our evaluation data showed that our scheme achieved superior detection
performance against the C-Worm in comparison with existing representative detection
schemes. This paper lays the foundation for ongoing studies of smart worms that
intelligently adapt their propagation patterns to reduce the effectiveness of
countermeasures.

41

8.

REFERENCE & BIBLIOGRAPHY:

Good Teachers are worth more than thousand books, we have them in Our Department.
[1] D. Moore, C. Shannon, and J. Brown, Code-red: a case study on the spread and
victims of an internet worm, in Proceedings of the 2-th Internet Measurement

Workshop (IMW), Marseille, France, November 2002.

[2] D. Moore, V. Paxson, and S. Savage, Inside the slammer worm, in IEEE Magazine

of Security and Privacy, July 2003.

[3] CERT, CERT/CC advisories, http://www.cert.org/advisories/.
[4]

P.

R.

Roberts,

Zotob

Arrest

Breaks

Credit

Card

Fraud

Ring,

http:

//www.eweek.com/article2/0,1895,1854162,00.asp.
[5] W32/MyDoom.B Virus, http://www.us-cert.gov/cas/techalerts/ TA04-028A.html.
[6]

W32.Sircam.Worm@mm,

http://www.symantec.com/avcenter/venc/data/

w32.sircam.worm@mm.html.
[7] Worm.ExploreZip, http://www.symantec.com/avcenter/venc/data/worm.
explore.zip.html.
[8] R. Naraine, Botnet Hunters Search for Command and Control Servers,
http://www.eweek.com/article2/0,1759,1829347,00.asp.
[9] T. Sanders, Botnet operation controlled 1.5m PCs Largest zombie army ever

created, http://www.vnunet.com/vnunet/news/2144375/ botnet-operation-ruled-million,

2005.

42

[10] R. Vogt, J. Aycock, and M. Jacobson, Quorum sensing and selfstopping worms, in

Proceedings of 5th ACM Workshop on Recurring

References Made From:
1. Professional Java Network Programming
2. Java Complete Reference
4. Data Communications and Networking, by Behrouz A Forouzan.
5. Computer Networking: A Top-Down Approach, by James F. Kurose.
6. Operating System Concepts, by Abraham Silberschatz.

Sites Referred:
http://java.sun.com
http://www.sourcefordgde.com
http://www.networkcomputing.com/

43