You are on page 1of 51

CHAPTER 1

INTRODUCTION

1
1. INTRODUCTION

1.1 OBJECTIVE OF THE PROJECT


Availability of services in a networked system is a security concern that has
received enormous attention in recent years. Most researches in this area are on designing
and verifying defense mechanisms against denial-of-service (DoS) attacks. A DoS attack
is characterized by a malicious behavior, which prevents the legitimate users of a network
service from using that service. There are two principal classes of these attacks: flooding
attacks and logic attacks. A flooding attack such as SYN flood, Smurf, or TFN2K sends
an overwhelming number of requests for a service offered by the victim. These requests
deplete some key resources at the victim so that the legitimate users’ requests for the
same are denied. A resource may be the capacity of a buffer , CPU time to process
requests, the available band width of a communication channel, etc. This paper uses the
concept of Nash equilibrium not only in a descriptive way but also a prescriptive one. In
doing so , he difficulty level of puzzles, random number generators , and the other
parameters of a puzzle-based defense are so adjusted that the attacker’s optimum
strategy, prescribed by the Nash equilibrium, does not lead to the exhaustion of
defender’s resources. If the defender takes his part in the Nash equilibrium prescription as
his defense against flooding attacks, the best thing for the attacker to do is to be
inconformity with the prescription as well.

1.2 EXISTING SYSTEM


Defender produced simple puzzle.
Attack coalition cannot find by the defender.
1.2.1 DISADVANTAGES
o Application only in defeating the single-source

o Based on the assumption that the defender knows the size of the attack
coalition.

2
o The size of the attack coalition is assumed unknown.

1.3 PROPOSED SYSTEM


This paper utilizes game theory to propose a number of puzzle-based
defenses against flooding attacks. It is shown that the interactions between an attacker
who launches a flooding attack and a defender who counters the attack using a puzzle-
based defense can be modeled as an infinitely repeated game of discounted payoffs.
Then, the solutions concepts of this type of games are deployed to find the solutions.

1.3.1 ADVANTAGES
o Proposed puzzle using game theory, thus attacker cannot solve the
puzzles.

o Without solves the game theory puzzle attackers cannot performs an


intense attack.

1.4 LITERATURE SURVEY

1.4.1 TITLE:A Path Identification Mechanism to Defend against DDoS

Attacks by Abraham Yaar, Adrian Perrig, Dawn Song

In its simplest form, we propose an n-bit scheme where a router marks the last n
bits of its IP address in the IP Identification field of the packets it forwards .To determine
the location within the field to mark the bits, we break the field into 16/n different
marking sections, and use the value of t he packet’s TTL, modulo 16/n as an index into
-the section of t he field mark.Distributed Denial of Service (DDoS) attacks continue to
plague the Internet. Defense against these attacks is complicated by spoofed source IP
addresses,which make it difficult to determine a packet’s true origin.

1.4.2 TITLE:The Design and Implementation of Network Puzzles by


Wu-chang Feng, Ed Kaiser ,Wu-chi Feng

3
Our system implements The protocol using two modules: a puzzle issuing firewall
and a puzzle solving proxy. We found that for thin clients that do not possess the
computational power required to solve the puzzles, it is possible for an administrative
domain to set up a proxy machine to solve the puzzles without violating the protocol or
its intentions.

1.4.3 TITLE:Solving two-person zero-sum repeated games of


Incomplete information by Andrew Gilpin, Tuomas Sandholm

Our algorithm is closely related to uniform grid methods which are often used for solving
extremely difficult optimization problems when no other direct algorithms are available
The strategy of player 1 (the informed player) can be constructed explicitly from the
values of the variables in the linear program (P2) solved in our algorithm. Player 2 (the
uninformed player) does not have such an explicitly represented strategy.

1.4.4 TITLE:Moderately Hard, Memory-bound Functions byMartın


AbadiMike Burrows, Mark Manasse:

A resource may be abused if its users incur little or nocost. For example, e-mail abuse is
rampant because sending an e-mail has negligible cost for the sender. It has been
suggested that such abuse may be discouraged by introducing an artificial cost in the
form of a moderately expensive computation. Thus, the sender of an e-mail might be
required to pay by computing for a few seconds before the e-mail is accepted.
Unfortunately, because of sharp disparities across computer systems, this approach may
be ineffective against malicious users with high-end systems,prohibitively slow for
legitimate users with low-end systems, or both. Starting from this observation, we
research moderately hard functions that most recent systems will evaluate at about the
same speed. For this purpose,we rely on memory-bound computations. We describe and
analyze a family of moderately hard, memory-bound functions, and we explain how to
use them for protecting against abuses.

4
CHAPTER 2
SYSTEM SPECIFICATION

5
2.SYSTEM SPECIFICATION
2.1 HARDWARE REQUIREMENTS

Processor PENTIUM IV

RAM 256 MB

Hard Disk 80 GB

Mouse Logitech Serial Mouse

Keyboard Standard 104 Enhanced Keyboard

2.2 SOFTWARE REQUIREMENTS

Database MS-Sqlserver

Language Java 1.6, Swings.

2.3 SOFTWARE DESCRIPTIONS


2.3.1 THE JAVA LANGUAGE

What Is Java?
Java is two things: a programming language and a platform.

The Java Programming Language


Java is a high-level programming language that is all of the following:
Simple
• Object-oriented
• Distributed
• Interpreted
• Robust
6
• Secure
• Architecture-neutral
• Portable
• High-performance
• Multithreaded
• Dynamic

2.3.2 THE JAVA PLATFORM


A platform is the hardware or software environment in which a program runs. The
Java platform differs from most other platforms in that it's a software-only platform that
runs on top of other, hardware-based platforms. Most other platforms are described as a
combination of hardware and operating system.

The Java platform has two components:

• The Java Virtual Machine (Java VM)


• The Java Application Programming Interface (Java API)

The Java API is a large collection of ready-made software components that


provide many useful capabilities, such as graphical user interface (GUI) widgets. The
Java API is grouped into libraries (packages) of related components.

The following figure depicts a Java program, such as an application or applet,


that's running on the Java platform. As the figure shows, the Java API and Virtual
Machine insulates the Java program from hardware dependencies.

7
As a platform-independent environment, Java can be a bit slower than native
code. However, smart compilers, well-tuned interpreters, and just-in-time byte code
compilers can bring Java's performance close to that of native code without threatening
portability.

What Can Java Do?


Probably the most well-known Java programs are Java applets. An applet is a Java
program that adheres to certain conventions that allow it to run within a Java-enabled
browser.

However, Java is not just for writing cute, entertaining applets for the World
Wide Web ("Web"). Java is a general-purpose, high-level programming language and a
powerful software platform. Using the generous Java API, we can write many types of
programs.

The most common types of programs are probably applets and applications,
where a Java application is a standalone program that runs directly on the Java platform.

How does the Java API support all of these kinds of programs? With packages of
software components that provide a wide range of functionality. The core API is the API
included in every full implementation of the Java platform. The core API gives you the
following features:

• The Essentials: Objects, strings, threads, numbers, input and output, data
structures, system properties, date and time, and so on.
• Applets: The set of conventions used by Java applets.
• Networking: URLs, TCP and UDP sockets, and IP addresses.
• Internationalization: Help for writing programs that can be localized for users
worldwide. Programs can automatically adapt to specific locales and be displayed
in the appropriate language.
• Security: Both low-level and high-level, including electronic signatures,
public/private key management, access control, and certificates.

8
• Software components: Known as JavaBeans, can plug into existing component
architectures such as Microsoft's OLE/COM/Active-X architecture, OpenDoc,
and Netscape's Live Connect.
• Object serialization: Allows lightweight persistence and communication via
Remote Method Invocation (RMI).
• Java Database Connectivity (JDBC): Provides uniform access to a wide range of
relational databases.

Java not only has a core API, but also standard extensions. The standard
extensions define APIs for 3D, servers, collaboration, telephony, speech, animation, and
more.

How Will Java Change My Life?


Java is likely to make your programs better and requires less effort than other
languages. We believe that Java will help you do the following:

• Get started quickly: Although Java is a powerful object-oriented language, it's


easy to learn, especially for programmers already familiar with C or C++.
• Write less code: Comparisons of program metrics (class counts, method counts,
and so on) suggest that a program written in Java can be four times smaller than
the same program in C++.
• Write better code: The Java language encourages good coding practices, and its
garbage collection helps you avoid memory leaks. Java's object orientation, its
JavaBeans component architecture, and its wide-ranging, easily extendible API let
you reuse other people's tested code and introduce fewer bugs.
• Develop programs faster: Your development time may be as much as twice as fast
versus writing the same program in C++. Why? You write fewer lines of code
with Java and Java is a simpler programming language than C++.
• Avoid platform dependencies with 100% Pure Java: You can keep your program
portable by following the purity tips mentioned throughout this book and avoiding
the use of libraries written in other languages.

9
• Write once, run anywhere: Because 100% Pure Java programs are compiled into
machine-independent byte codes, they run consistently on any Java platform.

Distribute software more easily: You can upgrade applets easily from a central
server. Applets take advantage of the Java feature of allowing new classes to be loaded
"on the fly," without recompiling the entire program.
We explore the java.net package, which provides support for networking. Its
creators have called Java “programming for the Internet.” These networking classes
encapsulate the “socket” paradigm pioneered in the Berkeley Software Distribution
(BSD) from the University of California at Berkeley.

2.3.3 APPLETS

A Web page received from the Web tier can include an embedded applet. An
applet is a small client application written in the Java programming language that
executes in the Java virtual machine installed in the Web browser. However, client
systems will likely need the Java Plug-in and possibly a security policy file in order for
the applet to successfully execute in the Web browser.

Web components are the preferred API for creating a Web client program
because no plug-ins or security policy files are needed on the client systems. Also, Web
components enable cleaner and more modular application design because they provide a
way to separate applications programming from Web page design. Personnel involved
in Web page design thus do not need to understand Java programming language syntax
to do their jobs.

2.3.4 SWINGS

Swing is technologically more advanced than AWT. It has much more features
and functions. It has a richer set of components which can modify and change according
to the library. It uses MVC which is Model View Controller Paradigm thus offering a
more flexible GUI. Swing also has a built in double Buffering and at the same time is
lightweight. It is also one hundred percent java based. And therefore provides icons, and

10
also decorative and attractive borders for components and tool tips.

The only flaw is that not all swing might act like native component. Swing is
required to create a Java program. This tool kit is highly complex with its customizable
text package and its integrated accessibility support. Since swing is built on a 2D package
it can easily enhance all animations and images. And its undo framework thus supporting
innumerable editing. Thus swing definitely beats AWT in all ways.

2.3.5 APPLICATION CLIENTS

A J2EE application client runs on a client machine and provides a way for users
to handle tasks that require a richeFr user interface than can be provided by a markup
language. It typically has a graphical user interface (GUI) created from Swing or
Abstract Window Toolkit (AWT) APIs, but a command-line interface is certainly
possible.

Application clients directly access enterprise beans running in the business tier.
However, if application requirements warrant it, a J2EE application client can open an
HTTP connection to establish communication with a servlet running in the Web tier.

2.3.6 JAVABEANS COMPONENT ARCHITECTURE

The server and client tiers might also include components based on the
JavaBeans component architecture (JavaBeans component) to manage the data flow
between an application client or applet and components running on the J2EE server or
between server components and a database. JavaBeans components are not considered
J2EE components by the J2EE specification.

JavaBeans components have instance variables and get and set methods for
accessing the data in the instance variables. JavaBeans components used in this way are
typically simple in design and implementation, but should conform to the naming and
design conventions outlined in the JavaBeans component architecture.

11
2.3.7 INTRODUCTION TO JAVA RMI

Remote Method Invocation (RMI) facilitates object function calls between Java
Virtual Machines (JVMs). JVMs can be located on separate computers - yet one JVM can
invoke methods belonging to an object stored in another JVM. Methods can even pass
objects that a foreign virtual machine has never encountered before, allowing dynamic
loading of new classes as required. This is a powerful feature!

Consider the follow scenario :

• Developer A writes a service that performs some useful function. He regularly


updates this service, adding new features and improving existing ones.
• Developer B wishes to use the service provided by Developer A. However, it's
inconvenient for A to supply B with an update every time.

Java RMI provides a very easy solution! Since RMI can dynamically load new classes,
Developer B can let RMI handle updates automatically for him. Developer A places the
new classes in a web directory, where RMI can fetch the new updates as they are
required.

Figure 1 - Connections made when client uses RMI

Figure 1 shows the connections made by the client when using RMI. Firstly, the client
must contact an RMI registry, and request the name of the service. Developer B won't
know the exact location of the RMI service, but he knows enough to contact Developer
A's registry. This will point him in the direction of the service he wants to call..

12
Developer A's service changes regularly, so Developer B doesn't have a copy of the class.
Not to worry, because the client automatically fetches the new subclass from a webserver
where the two developers share classes. The new class is loaded into memory, and the
client is ready to use the new class. This happens transparently for Developer B - no extra
code need to be written to fetch the class.

2.3.8 DATABASE ACCESS

The relational database provides persistent storage for application data. A J2EE
implementation is not required to support a particular type of database, which means
that the database supported by different J2EE products can vary. See the Release Notes
included with the J2EE SDK download for a list of the databases currently supported by
the reference implementation.

2.3.9 JDBC API 2.0

The JDBC API lets you invoke SQL commands from Java programming
language methods. You use the JDBC API in an enterprise bean when you override the
default container-managed persistence or have a session bean access the database. With
container-managed persistence, database access operations are handled by the container,
and your enterprise bean implementation contains no JDBC code or SQL commands.
You can also use the JDBC API from a servlet or JSP page to access the database
directly without going through an enterprise bean.

The JDBC API has two parts: an application-level interface used by the
application components to access a database, and a service provider interface to attach a
JDBC driver to the J2EE platform.

2.3.10 JDBC AND ODBC IN JAVA

Most popular and widely accepted database connectivity called Open Database
Connectivity (ODBC) is used to access the relational databases. It offers the ability to
connect to almost all the databases on almost all platforms. Java applications can also use

13
this ODBC to communicate with a database. Then we need JDBC why? There are several
reasons:

ODBC API was completely written in C language and it makes an


extensive use of pointers. Calls from Java to native C code have a number of drawbacks in
the security, implementation, robustness and automatic portability of applications.

ODBC is hard to learn. It mixes simple and advanced features together, and it has
complex options even for simple queries.

ODBC drivers must be installed on client’s machine.

2.3.11 STRUCTURED QUERY LANGUAGE (SQL)


SQL (Pronounced Sequel) is the programming language that defines and
manipulates the database. SQL databases are relational databases; this means simply the
data is store in a set of simple relations. A database can have one or more table. You can
define and manipulate data in a table with SQL commands. You use the data definition
language (DDL) commands to creating and altering databases and tables.
You can update, delete or retrieve data in a table with data manipulation
commands (DML). DML commands include commands to alter and fetch data.
The most common SQL commands include commands is the SELECT
command, which allows you to retrieve data from the database.
In addition to SQL commands, the oracle server has a procedural language
called PL/SQL. PL/SQL enables the programmer to program SQL statement. It allows
you to control the flow of a SQL program, to use variables, and to write error-handling
procedures

14
CHAPTER 3
SYSTEM DESIGN

15
3.SYSTEM DESIGN
3.1 SYSTEM ARCHITECTURE

16
3.3 DATAFLOW DIAGRAM

17
3.2 MODULE DESCRIPTION
• CLIENT REQUEST
• FLOODING DENIAL OF SERVICE ATTACK
• SENDING PUZZLE TO CLIENT
• EFFICIENT SERVER RESPONSE
• FILE REQUEST
• EFFICIENT SERVER SENDS FILE

3.2.1 CLIENT REQUEST:


In this module A System has to ask the connection to the efficient server, the
server system has to make a connection with any one efficient server for a
communication. Then server process the request from the client.

3.2.2 FLOODING DENIAL OF SERVICE ATTACK:


In this module the attackers sends the n number of request to the server to slow
down the process of the server. Due to this process the server cant able to provide
response to the client request.

3.2.3 SENDING PUZZLE TO CLIENT:


In this module a system sends puzzle to the client, the client should solve the
puzzle in a particular time. The solved puzzle client should sends to efficient server or
(Defenders). The server repeat this process to every client.

3.2.4 EFFICIENT SERVER RESPONSE:


In this module after verification of puzzle solution, if the puzzle solution is
wrong server will reject the corresponding client. Efficient server provide response to
authenticated client.

18
3.2.5 FILE REQUEST:
In this module, the client asks the (word document file) to the main server i.e
(Efficient server). The Efficient server check the particular information file in the
efficient server database if found send their port number.

3.2.6 EFFICIENT SERVER SENDS FILE


In this module the efficient server sends the file to the authenticated client . The
efficient server create a mutual connection to the client. After an authenticated
connection the client can access the server in efficient way.

19
3.3 SEQUENCE DIAGRAM

20
EFFICIENT EFFICIENT ATTACKERS
CLIENT SERVER
REQUEST

REQUEST

SENDING PUZZLE

SENDING PUZZLE

ACCURATE SOLUTION

INCORRECT SOLUTION

AUTHENTICATED CONNECTION

FILE REQUEST

SEND FILE TO CLIENT

3.4 USE CASE DIAGRAM

21
REQUEST

EFFICIENT SERVER

PUZZLE ATTACKER

SENDING PUZZLE TO CLIENT

CLIENT

SOLUTION FROM CLIENT

SENDING REQUESTED FILE

22
3.4 CLASS DIAGRAM

EFFIEC SERVER
ATTACK THE
SERVER SECURITY
ServerDestruction
getRequest()
sendPuzzle()
sendRequest()
authenticatedConnection()
rejectRequest()

EFF CLIENT
RETRIVE FILE

sendRequest()
solvePuzzle()
authenticatedClient()

DATABASE
MAINTAINDATA

sendFile()
executeResponse()

23
3.5 STATE DIAGRAM

24
EFFICIENT
CLIENT

EFFICIENT
SERVER

SENDING
PUZZLE

AUTHENTICATION
CONNECTION

SENDING FILE
TO CLIENT

3.6 COLLABORATION DIAGRAM

25
3: SENDING PUZZLE
7: AUTHENTICATED CONNECTION EFFICIENT
9: SEND FILE TO CLIENT CLIENT

EFFICIENT 1: REQUEST
5: ACCURATE SOLUTION
SERVER
8: FILE REQUEST

4: SENDING PUZZLE

2: REQUEST
6: INCORRECT SOLUTION

ATTACK
ERS

26
CHAPTER 4
IMPLEMENTATION AND TESTING

1. IMPLEMENTATION AND TESTING


1.1 CODING:

27
SERVER CODE:
import DBConn.DBClass;
import DBConn.DBIpaddress;
import java.awt.Button;
import javax.swing.JOptionPane;

public class server extends javax.swing.JFrame implements Runnable {

/** Creates new form server */


//collection value
jButton2.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jButton2ActionPerformed(evt);
}
});

public void run() {


try {

/*
ss4=new ServerSocket(666);
sck4=ss4.accept();

28
OutputStream os=sck4.getOutputStream();
bye=new byte[1000];
String sgt=Integer.toString(portnum);
bye=sgt.getBytes();
os.write(bye);*/

ds1 = new DatagramSocket(2000);


ds2 = new DatagramSocket(700);
ds4 = new DatagramSocket(8000);
ss = new ServerSocket(701);
ss1 = new ServerSocket(9000);
while (true)
{

File f = new File("D:\\AllJavaSample\\1_Intro");


File fil[] = f.listFiles();
jList1.setListData(fil);
byte b4[] = new byte[1000];
dp4 = new DatagramPacket(b4, b4.length);
ds4.receive(dp4);
String s4 = new String(b4).trim();
System.out.println(s4);
sub = s4.substring(0, 4).trim();
System.out.println("i am in port");
System.out.println(sub);
29
sub1 = s4.substring(4, s4.length()).trim();
System.out.println("port number:"+sub1);
//int toclient=Integer.parseInt(sub);
if (sub.trim().equals("5012"))
{
for (i = 0; i <= 20; i++)
{
JOptionPane.showMessageDialog(rootPane, "request :" +
i);
if (i >= 20)
{

JOptionPane.showMessageDialog(rootPane, "BUFFER SIZE


EXCEEDS:"+i);
JOptionPane.showMessageDialog(rootPane, "attacker
identified");
System.out.println("i am in file method");
String st = new String(b);
System.out.println(st);
System.out.println("connected jagan");
JOptionPane.showMessageDialog(rootPane, "client
send the request");
puzzle1();
System.out.println("puzzle is created");
sck2 = ss1.accept();
os1 = sck2.getOutputStream();

30
ByteArrayOutputStream bs = new
ByteArrayOutputStream();
DataOutputStream dos = new DataOutputStream(bs);
dos.writeInt(ii);
dos.writeInt(jj);
for (int i = 0; i < 9; i++)
{
for (int j = 0; j < 9; j++)
{
dos.writeInt(model[i][j]);
os.write(bs.toByteArray());
System.out.println("cccccccccccccccccjjjjjjjjjjjjjjjjjjjjjjjjjjjj");
b2 = new byte[1000];
dp1 = new DatagramPacket(b2, b2.length);
ds1.receive(dp1);
JOptionPane.showMessageDialog(rootPane, "connection
created");
FileInputStream fis = new FileInputStream(st);
fis.read(b);
String si = new String(b, 0, b.length);
System.out.println(si);
byte b4[] = si.getBytes();
ss3=new ServerSocket(250);
sck3=ss3.accept();
os2=sck3.getOutputStream();
DataOutputStream d=new DataOutputStream(os2);
d.write(b4);
31
public void puzzle1()
{
model=new int[9][9];
Random r=new Random();
ii=9;
jj=9;
for(int i=0;i<=5;i++)
{
int one=samprandom(0,8,r);
int two=samprandom(0,8,r);
int result=samprandom(1,9,r);

if(checkRow(one,result)&&checkCol(two,result))
{

model[one][two]=result;

}
}

}
32
public int samprandom(int as,int ae,Random ran)
{
long range = (long)ae - (long)as + 1;
long fraction = (long)(range * ran.nextDouble());
int randomNumber = (int)(fraction + as);
return randomNumber;
}

protected boolean checkRow( int row, int num )


{
for( int col = 0; col < 9; col++ )
if( model[row][col] == num )
return false ;

return true ;
}

protected boolean checkCol( int col, int num )


{
for( int row = 0; row < 9; row++ )
if( model[row][col] == num )
return false ;

33
return true ;
}

CLIENT CODE:
import java.awt.GridLayout;
import java.awt.event.ActionEvent;
import java.awt.event.ActionListener;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.DataInputStream;

public class client1 extends javax.swing.JFrame implements Runnable


{

/** Creates new form client1 */

DatagramSocket ds,s,ds1;
DatagramPacket dp,p,dp1;
String str,port,str1;
int por;
InetAddress ip;
byte b[]=new byte[1000];
byte by[]=new byte[1000];
34
Thread t=new Thread();

byte[] bn=new byte[1000];


InputStream is;

public client1() throws SocketException, UnknownHostException


{
initComponents();

file();

connection c=new connection();


timer t=new timer();

Thread ty=new Thread(this);


ty.start();
// send();

}
35
});
}

for(int i=0;i<ii;i++)
{
for(int j=0;j<jj;j++)
{

mod[i][j]=disr.readInt();

grid[i][j]=new JButton();
grid[i][j].setLabel(String.valueOf(mod[i][j]));

pan.add(grid[i][j]);
//

pan.setSize(400,400);
pan.setVisible(true);
frame.add(pan);

frame.setSize(500,500);
frame.setVisible(true);

36
class timer extends Thread
{

public timer()
{
Thread th=new Thread(this);
th.start();
}

public void run()


{

try
{
for(int k=0;k<=1;k++)
{
for(int j=0;j<=59;j++)
{
int i=0;
if(j<=9)
{
Thread.sleep(1000);
text.setText("0"+k+":"+i+j);
}
else
37
{
a1="0"+k+":"+j;
Thread.sleep(1000);
text.setText("0"+k+":"+j);
if(a1.trim().equals("00:55"))
{
frame.setVisible(false);
}
}
}
}
}

catch(Exception e)
{
e.printStackTrace();
}

/* class serverport
{
38
byte []bte=new byte[1000];

void sockconnection()
{
try
{
Socket skt=new Socket(ip,666);
System.out.println("hhhhhhhhhhhhhh");
InputStream is=skt.getInputStream();
System.out.println("iiiiiiiiiiiiiii");
is.read(bte);
System.out.println("00000000000000000000");
sp=Integer.parseInt(bte.toString());
}
catch(Exception e)
{

}
}
}*/

}
4.2 SYSTEM TESTING
The purpose of testing is to discover errors. Testing is the process of trying to
discover every conceivable fault or weakness in a work product. It provides a way to
check the functionality of components, sub assemblies, assemblies and/or a finished
product It is the process of exercising software with the intent of ensuring that the

39
Software system meets its requirements and user expectations and does not fail in an
unacceptable manner. There are various types of test. Each test type addresses a specific
testing requirement.

UNIT TESTING
Unit testing involves the design of test cases that validate that the internal program
logic is functioning properly, and that program input produces valid outputs. All decision
branches and internal code flow should be validated. It is the testing of individual
software units of the application .it is done after the completion of an individual unit
before integration. This is a structural testing, that relies on knowledge of its construction
and is invasive. Unit tests perform basic tests at component level and test a specific
business process, application, and/or system configuration. Unit tests ensure that each
unique path of a business process performs accurately to the documented specifications
and contains clearly defined inputs and expected results.

INTEGRATION TESTING
Integration tests are designed to test integrated software components to determine
if they actually run as one program. Testing is event driven and is more concerned with
the basic outcome of screens or fields. Integration tests demonstrate that although the
components were individually satisfaction, as shown by successfully unit testing, the
combination of components is correct and consistent. Integration testing is specifically
aimed at exposing the problems that arise from the combination of components.

FUNCTIONAL TEST

40
Functional tests provide a systematic demonstration that functions tested are
available as specified by the business and technical requirements, system documentation,
and user manuals.
Functional testing is centered on the following items:
Valid Input : identified classes of valid input must be accepted.
Invalid Input : identified classes of invalid input must be rejected.
Functions : identified functions must be exercised.
Output : identified classes of application outputs must be exercised.
Systems/Procedures : interfacing systems or procedures must be invoked.

Organization and preparation of functional tests is focused on requirements, key


functions, or special test cases. In addition, systematic coverage pertaining to identify
Business process flows; data fields, predefined processes, and successive processes must
be considered for testing. Before functional testing is complete, additional tests are
identified and the effective value of current tests is determined

SYSTEM TEST
System testing ensures that the entire integrated software system meets
requirements. It tests a configuration to ensure known and predictable results. An
example of system testing is the configuration oriented system integration test. System
testing is based on process descriptions and flows, emphasizing pre-driven process links
and integration points.

WHITE BOX TESTING


White Box Testing is a testing in which in which the software tester has
knowledge of the inner workings, structure and language of the software, or at least its
purpose. It is purpose. It is used to test areas that cannot be reached from a black box
level.

41
BLACK BOX TESTING
Black Box Testing is testing the software without any knowledge of the inner
workings, structure or language of the module being tested. Black box tests, as most other
kinds of tests, must be written from a definitive source document, such as specification or
requirements document, such as specification or requirements document. It is a testing in
which the software under test is treated, as a black box .you cannot “see” into it. The test
provides inputs and responds to outputs without considering how the software works.

UNIT TESTING
Unit testing is usually conducted as part of a combined code and unit test phase of
the software lifecycle, although it is not uncommon for coding and unit testing to be
conducted as two distinct phases.

TEST STRATEGY AND APPROACH


Field testing will be performed manually and functional tests will be written in
detail.

INTEGRATION TESTING
Software integration testing is the incremental integration testing of two or more
integrated software components on a single platform to produce failures caused by
interface defects.
The task of the integration test is to check that components or software
applications, e.g. components in a software system or – one step up – software
applications at the company level – interact without error.

Test Results: All the test cases mentioned above passed successfully. No defects
encountered.

42
CHAPTER 5
CONCLUSION AND FUTURE ENHANCEMENT

43
5. CONCLUSION AND FUTURE ENHANCEMENT

5.1 CONCLUSION
This paper utilizes game theory to propose a number of puzzle-based defenses against
flooding attacks. It is shown that the Interactions between an attacker who launches a
flooding attack and a defender who counters the attack using a puzzle-based defense can
be modeled as an infinitely repeated game of discounted payoffs. Then, the solution
concepts of this type of games are deployed to find the solutions, i.e., the best strategy a
rational defender can adopt in the face of a rational attacker. In this way, the optimal
puzzle-based defense strategies are developed.

44
APPENDICES

SERVER:

45
46
47
CLIENT:

48
49
50
REFERENCES

1. D. Moore, C. Shannon, D.J. Brown, G.M. Voelker, and S. Savage, “Inferring


Internet Denial-of-Service Activity,” ACM Trans.Computer Systems, vol. 24, no.
2, pp. 115-139, May 2006.

2. A. Hussain, J. Heidemann, and C. Papadopoulos, “A Framework for Classifying


Denial of Service Attacks,” Proc. ACM SIGCOMM ’03, pp. 99-110, 2003.

3. A.R. Sharafat and M.S. Fallah, “A Framework for the Analysis of Denial of
Service Attacks,” The Computer J., vol. 47, no. 2, pp. 179-192, Mar. 2004.

4. C.L. Schuba, I.V. Krsul, M.G. Kuhn, E.H. Spafford, A. Sundaram, and D.
Zamboni, “Analysis of a Denial of Service Attack on TCP,” Proc. 18th IEEE
Symp. Security and Privacy, pp. 208-223, 1997.

5. Smurf IP Denial-of-Service Attacks. CERT Coordination Center, Carnegie


Mellon Univ., 1998.

51