Honey Pot Systems

1.INTRODUCTION

1.1 OBJECTIVE OF PROJECT

IN the last several years, Internet malware attacks have evolved into better-

organized and more profit-centered endeavors. E-mail spam, extortion through denial-of-

service attacks, and click fraud represent a few examples of this emerging trend.

“Botnets” are a root cause of these problems.

A “botnet” consists of a network of compromised computers (“bots”) connected

to the Internet that is controlled by a remote attacker (“botmaster”). Since a botmaster

could scatter attack tasks over hundreds or even tens of thousands of computers

distributed across the Internet, the enormous cumulative bandwidth and large number of

attack sources make botnet-based attacks extremely dangerous and hard to defend

against. Compared to other Internet malware, the unique feature of a botnet lies in its

control communication network. Most botnets that have appeared until now have had a

common centralized architecture. That is, bots in the botnet connect directly to some

special hosts (called “command-and-control” servers, or “C&C” servers).

The C&C servers receive commands from their botmaster and forward them to

the other bots in the network. From now on, we will call a botnet with such a control

communication architecture a “C&C botnet.” the basic control communication

architecture for a typical C&C botnet (in reality, a C&C botnet usually has more than two

C&C servers). Arrows represent the directions of network connections. As botnet-based

attacks become popular and dangerous, security researchers have studied how to detect,

monitor, and defend against them. Most of the current research has focused upon the

C&Cbotnets that have appeared in the past, especially Internet Relay Chat (IRC)- based

botnets. It is necessary to conduct such research in order to deal with the threat we are

facing today.

However, it is equally important to conduct research on advanced botnet designs

that could be developed by attackers in the near future. Otherwise, we will remain

susceptible to the next generation of Internet malware attacks. From a botmaster’s

1

perspective, the C&C servers are the fundamental weak points in current botnet

architectures. First, a botmaster will lose control of her botnet once the limited number of

C&C servers are shut down by defenders. Second, defenders could easily obtain the

identities (e.g., IP addresses) of all C&C servers based on their service traffic to a large

number of bots, or simply from one single captured bot (which contains the list of C&C

servers). Third, an entire botnet may be exposed once a C&C server in the botnet is

hijacked or captured by defenders .

As network security practitioners put more resources and effort into defending

against botnet attacks, hackers will develop and deploy the next generation of botnets

with a different control architecture. Current P2P Botnets and Their Weaknesses

Considering the above weaknesses inherent to the centralized architecture of current

C&C botnets, it is a natural strategy for botmasters to design a peer-to-peer (P2P) control

mechanism into their botnets. In the last several years, botnets such as Slapper, Sinit ,

Phatbot, and Nugache have implemented different kinds of P2P control architectures.

They have shown several advanced designs. For example, some of them have removed

the “bootstrap” process used in common P2P protocols.1 Sinit uses public key

cryptography for update authentication . Nugache attempts to thwart detection by

implementing an encrypted/obsfucated control channel .

2

2. LITERATURE SURVEY

2.1 EXISTING SYSTEM

Compared to other Internet malware, the unique feature of a botnet lies in its

control communication network.That is,bots in the botnet connect directly to some

special hosts(called “command-and-control” servers,or “C&C” servers).These C&C

servers receive commands from their botmaster and forward them to the other bots in the

network.From a botmaster’s perspective,the C&C servers are the fundamental weak

poins.

DISADVANTAGES

1.A botmaster will lose control of her botnet once the limited number of C&C servers are

shutdown by defenders.

2.Defenders could easily obtain the identities(e.g.,IP addresses) of all C&C servers besed

on their service traffic to a large number of bots,or simply from one capured bot(which

contains the list of C&C servers).

3.An entire botnet may be exposed once a C&C server in the botnet is hijacked or

captured by defenders.

3

2.2 PROPOSED SYSTEM

Considering the above problems encountered by C&C botnets and previous P2P

botnets,the design of an advanced botnet,should consider the following practical

challenges faced by botmasters.

We generate a robust botnet capable of maintaining control of its remaining bots

even after a substantial portion of the botnet population has been removed by defenders.

We prevent significant exposure of the network topology when some bots are captured

by defenders.

We easily monitor and obtain the complete information of a botnet by its botmaster. We

prevent(or make it harder for) defenders from detecting bots via their communication

traffic patterns.

By considering all the challenges listed above in this project,we present our

research on the possible design of an advanced hybrid P2P botnet.The P2P botnet has the

following features

ADVANTAGES

1.The botnet communicates via the peer list contained in each bot.Each bot has a fixed

and limited size peer list and does not reveal its peer list to other bots.

2.A botmaster could easily monitor the entire botnet by issuing a report command.This

command instructs all bots to report to a compromised machine that is controlled by the

botmaster.

3.After collecting information about the botnet through the above report command,a

botmaster,if she thinks necessary,could issue a sensor host to update their peer list.This

effectively updates the botnet topology such that it has a balanced and robust

connectivity, and/or reconnects a broken botnet.

4

4.Only bots with static global IP addresses that are accessible from the Internet are

candidates for being in peer lists.

5.Each servent bot listens on a self-generated service port for incoming connections from

other bots and uses a self-generated symmetric encryption key for incoming connections.

5

3.ANALYSIS

3.1 INTRODUCTION

The software requirement specification is produced at the culmination of the

analysis task. The function and performance allocated to software as part of system

engineering are refined by establishing a complete information description as functional

representation, a representation of system behavior, an indication of performance

requirements and design constraints, appropriate validation criteria.

3.2 SYSTEM REQUIREMENTS AND SPECIFICATIONS

3.2.1 SOFTWARE REQUIREMENTS

Language : Java 1.5 or more

Front End Tool : Swing

Back End Tool : SQL Server 2000

Operating System : Windows Xp(Professional SP2)

3.2.2 HARDWARE REQUIREMENTS

Hard disk : 80 GB

RAM : 512 MB

6

3.3 FEASIBILITY STUDY

INTRODUCTION

A feasibility analysis involves a detailed assessment of the need, value and

practicality of a p systems development... Feasibility analysis n forms the transparent

decisions at crucial points during the developmental process as we determine whether it

is operationally, economically and technically realistic to proceed with a particular course

of action.

Feasibility analysis can be used in each of the steps to assess the financial,

technical and operational capacity to proceed with particular activities.

TYPES OF FEASIBILITY

A feasibility analysis usually involves a thorough assessment of the

financial (value), technical (practicality), and operational (need) aspects of a proposal. In

systems development projects, business managers are primarily responsible for assessing

the operational feasibility of the system, and information technology (IT) analysts are

responsible for assessing technical feasibility. Both then work together to prepare a cost–

benefit analysis of the proposed system to determine its economic feasibility.

OPERATIONAL FEASIBILITY

A systems development project is likely to be operationally feasible if it

meets the 'needs' and expectations of the organisation. User acceptance is an important

determinant of operational feasibility. It requires careful consideration of: corporate

culture; staff resistance or receptivity to change; management support for the new system;

the nature and level of user involvement in the development and implementation of the

system; direct and indirect impacts of the new system on work practices; anticipated

performance and outcomes of the new system compared with the existing system;

7

training requirements and other change management strategies; and ‘pay back’ periods

(ie trade-off between long-term organisational benefits and short-term inefficiencies

during system development and implementation).

TECHNICAL FEASIBILITY

A systems development project may be regarded as technically feasible or

practical if the organization has the necessary expertise and infrastructure to develop,

install, operate and maintain the proposed system. Organizations will need to make this

assessment based on

Knowledge of current and emerging technological solutions;

Availability of technically qualified staff in-house for the duration of the project and

subsequent maintenance phase;

Availability of infrastructure in-house to support the development and maintenance of the

proposed system;

Where necessary, the financial and/or technical capacity to procure appropriate

infrastructure and expertise from outside;

Capacity of the proposed system to accommodate increasing levels of use over the

medium term;

The capacity of the proposed system to meet initial performance expectations and

accommodate new functionality over the medium term.

8

4. DESIGN

4.1 INTRODUCTION

Systems design is the process or art of defining the architecture, components,

modules, interfaces, and data for a system to satisfy specified requirements. One could

see it as the application of systems theory to product development. There is some overlap

and synergy with the disciplines of systems analysis, systems architecture and systems

engineering.

Object-oriented analysis and design methods are becoming the most widely used

methods for computer system design. The UML has become the standard language used

in Object-oriented analysis and design. It is widely used for modeling software systems

and is increasingly used for hi designing non-software systems and organizations.

9

4.2 DFD / ER / UML DIAGRAM

SYSTEM ARCHITECTURE

Fig:System Architecture

10

DATA FLOW DIAGRAM

Data-flow diagrams (DFDs) were introduced and popularized for structured

analysis and design.  DFDs show the flow of data from external entities into the system,

showed how the data moved from one process to another, as well as its logical storage.

Fig:Data Flow Diagram

11

UML DIAGRAMS

CLASS DIAGRAM

Class diagrams are the mainstay of object-oriented analysis and design. class

diagrams show the classes of the system, their interrelationships (including inheritance,

aggregation, and association), and the operations and attributes of the classes. Class

diagrams are used for a wide variety of purposes, including both conceptual/domain

modeling and detailed design modeling.

honeypot

nameipaddressportno

rescue()recover()detach()send message()

bot2

nameportnoipaddress

monitor()hijack()shutdown()message sending()

botn

nameipaddressportno

monitor()hijack()shutdown()message sending()

bot1

nameipaddressportno

monitor()hijack()shutdown()message sending()

bot3

nameipaddressportno

monitor()hijack()shutdown()message sending()

Fig:Class Diagram

12

SEQUENCE DIAGRAM

Sequence diagrams model the flow of logic within your system in a visual

manner, enabling you both to document and validate your logic, and are commonly used

for both analysis and design purposes.  Sequence diagrams are the most popular UML

artifact for dynamic modeling, which focuses on identifying the behavior within your

system.

bot1bot1bot2bot2 bot3bot3 botnbotn honeypothoneypot

message sending ,shutdown ,monitor and hijack

message sending ,shutdown ,monitor and hijack

message sending ,shutdown ,monitor and hijack

message sending ,shutdown ,monitor and hijack

message sending ,shutdown ,monitor and hijack

message sending ,shutdown ,monitor and hijack

message sending ,shutdown ,monitor and hijack

message sending ,shutdown ,monitor and hijack

message sending ,shutdown ,monitor and hijack

message sending ,shutdown ,monitor and hijack

message sending ,shutdown ,monitor and hijack

message sending ,shutdown ,monitor and hijack

rescue,recover,detach and monitor

rescue,recover,detach and monitor

rescue,recover,detach and monitor

rescue,recover,detach and monitor

Fig:Sequence Diagram

13

USE CASE DIAGRAM

Use case diagrams overview the usage requirements for a system.  They are useful

for presentations to management and/or project stakeholders, but for actual development

you will find that use cases provide significantly more value because they describe "the

meat" of the actual requirements.

Use cases. A use case describes a sequence of actions that provide something of

measurable value to an actor and is drawn as a horizontal ellipse

bot registration

monitorbotn

bot2

bot3

hijack

bot1

shutdown

detach

recover

honeypot

rescue

Fig:Use Case Diagram

14

4.4 MODULE DESIGN

1. PEER REGISTRATION

2. PEER CONSTRUCTION

3. FINDING BOTS

4. FINDING BOTMASTER

5. HONEYPT TECHNIQUE

MODULES DESCRIPTION

PEER REGISTRATION

A Peer which needs to be added in the network peer region will get registered

here. This should be done for each and every peer in peer region network. Each Peer

have port no, node name and ip address should be provided for this registration.

Duplication is not allowed here.

Fig:Peer Registration

15

PEER CONSTRUCTION

The registered peer are then constructed either in structured or

unstructured topology. While connecting these peers we need to mention the path

weight.while node construction honey pot will not be visible to other bots.this enhances

its efficiency for being safer side

ASSIGN WEIGHTS

NODE CONSTRUCTION

HONEYPOT(Invisible)

REGISTERED PEER

Fig:Peer Construction

16

FINDING BOTS

This module is used to find out the bots. Bots is defined by a compromised node

or peer in the pear network.this is done by honey pot. The attacker can also be a bot.the

attacker will also find the bot which is suitable for attacking.the attacker will

hijack,shutdown,and monitor the bots.

Fig:Finding Bots

17

FINDING BOT MASTER

This module is used to find out the bot master. Botmaster is defined by who is

attack or control the compromised peer in the peer network. The botmaster will be

identified by the honey pot. It use a special technique to find that bot master.

Fig:Finding Bot Master

18

HONEYPOT TECHNIQUE

This module is used to remove the attacker peer in the peer network using this

honey pot technique.the honey pot will monitor all the peers for any malicious activities.

Once if it find any malicious activities then it will take necessary actions according to the

situation. It can monitor, detach, hijack, rescue and recover the bots on safer side.

Fig:Honeypot Technique

19

5.IMPLEMENTATION & RESULTS

5.1 INTRODUCTION

Implementation is the stage of the project when the theoretical design is turned

out into a working system. Thus it can be considered to be the most critical stage in

achieving a successful new system and in giving the user, confidence that the new system

will work and be effective.

The implementation stage involves careful planning, investigation of the existing

system and it’s constraints on implementation, designing of methods to achieve

changeover and evaluation of changeover methods.

Implementation is the process of converting a new system design into operation.

It is the phase that focuses on user training, site preparation and file conversion for

installing a candidate system. The important factor that should be considered here is that

the conversion should not disrupt the functioning of the organization.

In this we are implementing honey pot technique in peer to peer system. In this

botmaster who act as an attacker. The bot master will shutdown,monitor and hijack.this

will be tracked by honey pot and honey pot will take necessary actions. Honey pot will

recover,rescue,monitor and detach the bot.the honey pot will be on safer side by being

invisible to other bots. This makes more efficient technique than others.

20

5.2 METHODS OF IMPLEMENTATION

5.2.1 CODING

import javax.swing.*;

import java.awt.event.*;

import java.awt.*;

import java.util.*;

import java.net.*;

import java.io.*;

class Bots extends JFrame implements Runnable

{

JPanel jPanel1;

JFrame f;

JLabel jLabel1,jLabel2,jLabel3,l4;

JScrollPane jScrollPane1,jScrollPane2;

JTextArea messagetextarea,ALERTTEXTAREA;

JTextField browsetextfield;

JButton browse,recover,RESCUE,send,detach,rf,b6;

JComboBox COMBOBOX,cb2,cb3;

String tts,strDest;

String names1,ips1,ports1;

String name1,ip1,port1,sss;

Bots(String name,String ip,String port)

{

name1=name;

21

ip1=ip;

port1=port;

components();

Thread th = new Thread(this);

th.start();

}

public void components()

{

jPanel1 = new JPanel();

f=new JFrame();

jPanel1=(JPanel)f.getContentPane();

jLabel1 = new JLabel();

jScrollPane1 = new JScrollPane();

messagetextarea = new JTextArea();

jLabel2 = new JLabel();

browse = new JButton();

browsetextfield = new JTextField();

send = new JButton();

detach = new JButton();

recover = new JButton();

rf = new JButton("Refresh");

b6 = new JButton("Attack");

22

RESCUE = new JButton();

jScrollPane2 = new JScrollPane();

ALERTTEXTAREA = new JTextArea();

jLabel3 = new JLabel();

l4 = new JLabel("Attacker Details");

COMBOBOX = new JComboBox();

cb2 = new JComboBox();

cb3 = new JComboBox();

cb2.addItem("Monitor");

cb2.addItem("Shutdown");

cb2.addItem("Send Monitored MSG");

browse.addMouseListener(new MyMouseListener());

send.addMouseListener(new MyMouseListener());

detach.addMouseListener(new MyMouseListener());

rf.addMouseListener(new MyMouseListener());

recover.addMouseListener(new MyMouseListener());

RESCUE.addMouseListener(new MyMouseListener());

COMBOBOX.addMouseListener(new MyMouseListener());

cb2.addMouseListener(new MyMouseListener());

cb3.addMouseListener(new MyMouseListener());

//addKeyListener ( this ) ;

jLabel1.setText("Bot");

jLabel2.setText("MESSAGE");

23

jLabel3.setText("Alert");

jScrollPane1.setViewportView(messagetextarea);

jScrollPane2.setViewportView(ALERTTEXTAREA);

Methods(jPanel1,jLabel1,300,20,100,20);

Methods(jPanel1,jLabel2,50,40,100,30);

Methods(jPanel1,l4,450,40,100,20);

Methods(jPanel1,jScrollPane1,20,80,300,200);

Methods(jPanel1,jScrollPane2,350,80,270,200);

Methods(jPanel1,browse,20,300,100,30);

Methods(jPanel1,browsetextfield,140,300,300,30);

Methods(jPanel1,send,20,350,100,30);

Methods(jPanel1,COMBOBOX,170,350,100,30);

Methods(jPanel1,rf,170,400,100,30);

Methods(jPanel1,cb2,450,350,80,30);

Methods(jPanel1,cb3,540,350,80,30);

Methods(jPanel1,b6,490,400,100,30);

Methods(jPanel1,detach,300,350,130,30);

Methods(jPanel1,recover,300,400,130,30);

Methods(jPanel1,RESCUE,300,450,130,30);

24

f.setLayout(null);

f.setTitle("Bot "+name1);

f.setLocation(new Point(100,100));

f.setSize(new Dimension(676,600));

f.setVisible(true);

//f.setDefaultCloseOperation(WindowConstants.EXIT_ON_CLOSE);

COMBOBOX.addItemListener(new ItemListener(){

public void itemStateChanged(ItemEvent e){

System.out.println("This is the " + e.getItem() + " color.\n");

}

});

f.addWindowListener(new WindowAdapter(){

public void windowClosing(WindowEvent we){

System.out.println("welcome");

//System.exit(0);

}

});

browse.setText("BROWSE");

// browse.setToolTipText("CLICK HERE TO BROWSE YOUR SYSTEM AND SELECT FILE TO SEND");

25

browse.addActionListener(new ActionListener() {

public void actionPerformed(ActionEvent evt) {

browseActionPerformed(evt);

}

});

send.setText("SEND");

// send.setToolTipText("CLICK HERE TO SEND FILES TO THE SELECTED PEER");

send.addActionListener(new ActionListener() {

public void actionPerformed(ActionEvent evt) {

sendActionPerformed(evt);

}

});

detach.setText("HIJACK");

// detach.setToolTipText("CLICK HERE TO DETACH THE PEER");

recover.setText("SHUTDOWN");

// recover.setToolTipText("CLICK HERE TO RECOVER THE SYSTEM");

recover.addActionListener(new ActionListener() {

public void actionPerformed(ActionEvent evt) {

recoverActionPerformed(evt);

}

26

});

{

Socket soc;

ServerSocket SSocket=new ServerSocket(Integer.parseInt(port1));

System.out.println("Peer Listening......");

while(true)

{

soc=SSocket.accept();

ObjectInputStream istream1=new ObjectInputStream(soc.getInputStream());

String strRMsgd=(String)istream1.readObject();

//ObjectOutputStream ostream=new ObjectOutputStream(soc.getOutputStream());

//ostream.writeObject("CHK Path");

if(strRMsgd.contains("DMessage"))

{

String sm[]=strRMsgd.split("^");

String setm=sm[1];

messagetextarea.setText("");

27

messagetextarea.setText(setm);

}

if(strRMsgd.contains("Dshutdown"))

{

JOptionPane.showMessageDialog(f," Select Shudown button "+name1);

}

if(strRMsgd.contains("DMonitoring"))

{

JOptionPane.showMessageDialog(f," this is monitooring");

String sm[]=strRMsgd.split("^");

String setm1=sm[2];

String setm2=sm[3];

String setm3=sm[4];

File file=new File("welcome.txt");

String sss;

try

{

FileInputStream fis=new FileInputStream(file);

byte b[]=new byte[fis.available()];

fis.read(b);

sss=new String(b);

28

Socket s1=new Socket(""+setm2+"",Integer.parseInt(setm3));

ObjectOutputStream out1=new ObjectOutputStream(s1.getOutputStream());

out1.writeObject(sss);

Socket s2=new Socket("localhost",1234);

String mon="Monitoring^"+setm1+"^"+setm2+"^"+setm3+"^"+name1;

ObjectOutputStream out3=new ObjectOutputStream(s2.getOutputStream());

out3.writeObject(mon);

}

catch(Exception Ex1)

{

Ex1.printStackTrace();

}

}

if(strRMsgd.contains("Ashutdown"))

29

{

JOptionPane.showMessageDialog(f," Select Shudown button ");

}

if(strRMsgd.contains("AMonitoring"))

{

JOptionPane.showMessageDialog(f," Select Shudown button ");

}

if(strRMsgd.contains("ASendMonitoring"))

{

JOptionPane.showMessageDialog(f," Select Shudown button ");

}

if(strRMsgd.contains("Detech"))

{

JOptionPane.showMessageDialog(f," Select Shudown button ");

}

if(strRMsgd.contains("Detech"))

{

JOptionPane.showMessageDialog(f," Select Shudown button ");

30

if(strRMsgd.contains("Detech"))

{

JOptionPane.showMessageDialog(f," Select Shudown button ");

}

if(strRMsgd.contains("Detech"))

{

JOptionPane.showMessageDialog(f," Select Shudown button ");

}

}

}

}

catch(Exception trw)

{

}

}

public static void main(String[] args)

{

new Bots("kundan","localhost","9786");

}

31

}

class MyMouseListener extends MouseAdapter

{

public void mouseClicked(MouseEvent fe){

try

{

JButton bt = (JButton)fe.getSource();

String str = bt.getLabel();

// System.out.println(str);

// }

// File file=new File(strPath);

File files=new File("welcomes.txt");

// public void mouseClicked(MouseEvent me){

//RandomAccessFile rand = new RandomAccessFile(file,"r");

RandomAccessFile rand1 = new RandomAccessFile(files,"rw");

//int i=(int)rand.length();

//System.out.println("Length: " + i);

// rand.seek(0); //Seek to start point of file

// for(int ct = 0; ct < i; ct++)

// {

32

// byte b = rand.readByte();

rand1.seek(files.length());//read byte from the file

rand1.writeBytes(str);

rand1.close();

//System.out.print((char)b); //convert byte into char

}

catch (Exception trs)

{

}}

// }

// String str = lbl.getText();

//}

}

import javax.swing.*;

import java.awt.event.*;

import java.awt.*;

import java.net.*;

import java.io.*;

class PeerRegistration

33

{

JFrame f=new JFrame();

JPanel p=new JPanel();

JLabel l1,l2,l3;

JTextField t1,t2,t3;

JButton b1,b2;

public PeerRegistration()

{

try

{

component();

System.out.println("Constructor");

}

catch (Exception one)

{

System.out.println(one);

}

}

public void component()

{

l1=new JLabel("PeerName");

l2=new JLabel("PeerAddress");

l3=new JLabel("PeerPort");

34

t1=new JTextField();

t2=new JTextField();

t3=new JTextField();

b1=new JButton("Submit");

b2=new JButton("Exit");

p=(JPanel)f.getContentPane();

Methods(p,l1,20,20,100,30);

Methods(p,l2,20,60,100,30);

Methods(p,l3,20,100,100,30);

Methods(p,t1,150,20,100,30);

Methods(p,t2,150,60,100,30);

Methods(p,t3,150,100,100,30);

Methods(p,b1,100,150,100,30);

Methods(p,b2,220,150,100,30);

f.setLayout(null);

f.setTitle("Bot Registration");

35

f.setLocation(new Point( 0,100));

f.setSize(new Dimension(500,500));

f.setVisible(true);

b1.addActionListener(new ActionListener() {

public void actionPerformed(ActionEvent evt)

{

b1_ActionPerfomed(evt);

}

});

b2.addActionListener(new ActionListener() {

public void actionPerformed(ActionEvent evt) {

b2_ActionPerformed(evt);

}

});

}

public void Methods(Container contain,Component comp,int x,int y,int width,int height)

{

36

comp.setBounds(x,y,width,height);

contain.add(comp);

}

private void b1_ActionPerfomed(ActionEvent evt)

{

String PName=t1.getText();

String IPAdd=t2.getText();

String sPort=t3.getText();

String strIP="",strRep="",strReq="",strSRep="";

int ch;

strReq="BLogin@"+PName+"@"+IPAdd+"@"+sPort;

try

{

String sssss="localhost";

// strSRep=sc.ServerConnect(strReq);

Socket s1=new Socket("localhost",1234);

ObjectOutputStream out1=new ObjectOutputStream(s1.getOutputStream());

out1.writeObject(strReq);

37

//System.out.println(" Peer Login "+strSRep);

ObjectInputStream in1=new ObjectInputStream(s1.getInputStream());

String strcValue=(String)in1.readObject();

if(strcValue.equals("true"))

{

JOptionPane.showMessageDialog(null," Successfully Login the Peer ","Information Message",JOptionPane.INFORMATION_MESSAGE);

f.dispose();

new Bots(PName,IPAdd,sPort);

//System.out.println("Login the peer");

//this.setVisible(false);

}

else

{

JOptionPane.showMessageDialog(null," Peer Details Not in DataBase","Warning Message",JOptionPane.INFORMATION_MESSAGE);

}

}

catch(Exception ex)

{

ex.printStackTrace();

38

}

}

private void b2_ActionPerformed(ActionEvent evt)

{

}

s

public static void main(String[] args)

{

PeerRegistration PC=new PeerRegistration();

}

}

39

5.2.2 SCREENSHOTS

Fig:Bot Registration

Fig:Information Message

40

Fig:Bot a

Fig:Honeypot

41

Fig:Hijacking Bot b with Bot a

Fig:Shutdowning Bot Master

42

Fig:Removing Bot Master

Fig:Honeypot without Bot Master

43

Fig:SQL Design Table

44

6.TESTING

6.1.INTRODUCTION

Software Testing is an empirical investigation conducted to provide stakeholders

with information about the quality of the product or service under test, with respect to the

context in which it is intended to operate. This includes, but is not limited to, the process

of executing a program or application with the intent of finding software bugs.

6.2.DESIGN OF TEST CASES

UNIT TESTING

The testing done to show whether a unit (the smallest piece of software that can

be independently compiled or assembled, loaded, and tested) satisfies its functional

specification or its implemented structure matches the intended design structure.

The primary goal of unit testing is to take the smallest piece of testable software in the

application, isolate it from the remainder of the code, and determine whether it behaves

exactly as you expect. Each unit is tested separately before integrating them into modules

to test the interfaces between modules. Unit testing has proven its value in that a large

percentage of defects are identified during its use.

The most common approach to unit testing requires drivers and stubs to be

written. The driver simulates a calling unit and the stub simulates a called unit. The

investment of developer time in this activity sometimes results in demoting unit testing to

a lower level of priority and that is almost always a mistake. Even though the drivers and

stubs cost time and money, unit testing provides some undeniable advantages. It allows

for automation of the testing process, reduces difficulties of discovering errors contained

in more complex pieces of the application, and test coverage is often enhanced because

attention is given to each unit.

45

INTEGRATION TESTING

'Integration testing' (sometimes called Integration and Testing, abbreviated I&T)

is the phase of software testing in which individual software modules are combined and

tested as a group. It follows unit testing and precedes system testing.

Integration testing takes as its input modules that have been unit tested, groups

them in larger aggregates, applies tests defined in an integration test plan to those

aggregates, and delivers as its output the integrated system ready for system testing.

The purpose of integration testing is to verify functional, performance and

reliability requirements placed on major design items. These "design items", i.e.

assemblages (or groups of units), are exercised through their interfaces usingBlack box

testing, success and error casesbeing simulated via appropriate parameter and data inputs.

Simulated usage of shared data areas and inter-process communication is tested and

individualsubsystems are exercised through their input interface. Test cases are constructed

to test that all components within assemblages interact correctly, for example across

procedure calls or process activations, and this is done after testing individual modules,

i.e. unit testing.

The overall idea is a "building block" approach, in which verified assemblages are

added to a verified base which is then used to support the integration testing of further

assemblages.

Some different types of integration testing are big bang, top-down, and bottom-up.

WHITE-BOX TESTING

white box Testing the application with the knowledge of underline code of the

application. It is done by developers. But in some organizations it is done by testers. Eg:

Unit testing.white box testing we excercise the internal logic of the software, basically

programmer do white box testing.To do white box testing knowledge of internal logic

code is required.Mostly done by developers.

46

BLACK BOX TESTING

Black box testing , we should know the functionality of application,logic code is

not required. This testing is done by testers. Testing the application without knowledge of

underline code of the application. It is done by the testers. BLOCK TESTING done by

the testers to test the functionality of the application,it is also called system testing.

47

7.CONCLUSION & FUTURE ENHANCEMENT

To be well prepared for future botnet attacks, we should study advanced botnet

attack techniques that could be developed by botmasters in the near future. In this paper,

We present the design of an advanced hybrid P2P botnet. Compared with current botnets,

the proposed one is harder to be monitored, and much harder to be shut down.

It provides robust network connectivity, individualized encryption and control

traffic dispersion, limited botnet exposure by each captured bot, and easy monitoring and

recovery by its botmaster. To defend against such an advanced botnet, we point out that

honeypots may play an important role. We should, therefore, invest more research into

determining how to deploy honeypots efficiently and avoid their exposure to botnets and

botmasters.

48

8.BIBLIOGRAPHY

[1] S. Kandula, D. Katabi, M. Jacob, and A. Berger, “Botz-4-Sale:Surviving Organized

DDOS Attacks That Mimic Flash Crowds,”

Proc.Second Symp. Networked Systems Design and Implementation(NSDI ’05), May

2005.

[2] C.T. News, Expert: Botnets No. 1 Emerging Internet Threat,

http://www.cnn.com/2006/TECH/internet/01/31/furst/, 2006.

[3] F. Freiling, T. Holz, and G. Wicherski, “Botnet Tracking: Exploringa Root-Cause

Methodology to Prevent Distributed Denial-of-Service Attacks,” Technical Report AIB-

2005-07, CS Dept. RWTHAachen Univ., Apr. 2005.

[4] D. Dagon, C. Zou, and W. Lee, “Modeling Botnet PropagationUsing Time Zones,”

Proc. 13th Ann. Network and Distributed SystemSecurity Symp. (NDSS ’06), pp. 235-

249, Feb. 2006.

[5] A. Ramachandran, N. Feamster, and D. Dagon, “Revealing BotnetMembership Using

DNSBL Counter-Intelligence,” Proc. USENIX

Second Workshop Steps to Reducing Unwanted Traffic on the Internet(SRUTI ’06), June

2006.

[6] E. Cooke, F. Jahanian, and D. McPherson, “The Zombie Roundup:Understanding,

Detecting, and Disrupting Botnets,” Proc. USENIXWorkshop Steps to Reducing

Unwanted Traffic on the Internet(SRUTI ’05), July 2005.

[7] J.R. Binkley and S. Singh, “An Algorithm for Anomaly-BasedBotnet Detection,”

Proc. USENIX Second Workshop Steps to Reducing

Unwanted Traffic on the Internet (SRUTI ’06), June 2006.

49

REFERENCE SITES:

http://java.sun.com

http://www.sourcefordgde.com

http://www.networkcomputing.com/

http://www.roseindia.com/

http://www.java2s.com/

http://www. javadb.com/

50