Upload
vema-bharath
View
20
Download
0
Embed Size (px)
DESCRIPTION
based on the honey pot systems
Citation preview
1.INTRODUCTION
1.1 OBJECTIVE OF PROJECT
IN the last several years, Internet malware attacks have evolved into better-
organized and more profit-centered endeavors. E-mail spam, extortion through denial-of-
service attacks, and click fraud represent a few examples of this emerging trend.
“Botnets” are a root cause of these problems.
A “botnet” consists of a network of compromised computers (“bots”) connected
to the Internet that is controlled by a remote attacker (“botmaster”). Since a botmaster
could scatter attack tasks over hundreds or even tens of thousands of computers
distributed across the Internet, the enormous cumulative bandwidth and large number of
attack sources make botnet-based attacks extremely dangerous and hard to defend
against. Compared to other Internet malware, the unique feature of a botnet lies in its
control communication network. Most botnets that have appeared until now have had a
common centralized architecture. That is, bots in the botnet connect directly to some
special hosts (called “command-and-control” servers, or “C&C” servers).
The C&C servers receive commands from their botmaster and forward them to
the other bots in the network. From now on, we will call a botnet with such a control
communication architecture a “C&C botnet.” the basic control communication
architecture for a typical C&C botnet (in reality, a C&C botnet usually has more than two
C&C servers). Arrows represent the directions of network connections. As botnet-based
attacks become popular and dangerous, security researchers have studied how to detect,
monitor, and defend against them. Most of the current research has focused upon the
C&Cbotnets that have appeared in the past, especially Internet Relay Chat (IRC)- based
botnets. It is necessary to conduct such research in order to deal with the threat we are
facing today.
However, it is equally important to conduct research on advanced botnet designs
that could be developed by attackers in the near future. Otherwise, we will remain
susceptible to the next generation of Internet malware attacks. From a botmaster’s
1
perspective, the C&C servers are the fundamental weak points in current botnet
architectures. First, a botmaster will lose control of her botnet once the limited number of
C&C servers are shut down by defenders. Second, defenders could easily obtain the
identities (e.g., IP addresses) of all C&C servers based on their service traffic to a large
number of bots, or simply from one single captured bot (which contains the list of C&C
servers). Third, an entire botnet may be exposed once a C&C server in the botnet is
hijacked or captured by defenders .
As network security practitioners put more resources and effort into defending
against botnet attacks, hackers will develop and deploy the next generation of botnets
with a different control architecture. Current P2P Botnets and Their Weaknesses
Considering the above weaknesses inherent to the centralized architecture of current
C&C botnets, it is a natural strategy for botmasters to design a peer-to-peer (P2P) control
mechanism into their botnets. In the last several years, botnets such as Slapper, Sinit ,
Phatbot, and Nugache have implemented different kinds of P2P control architectures.
They have shown several advanced designs. For example, some of them have removed
the “bootstrap” process used in common P2P protocols.1 Sinit uses public key
cryptography for update authentication . Nugache attempts to thwart detection by
implementing an encrypted/obsfucated control channel .
2
2. LITERATURE SURVEY
2.1 EXISTING SYSTEM
Compared to other Internet malware, the unique feature of a botnet lies in its
control communication network.That is,bots in the botnet connect directly to some
special hosts(called “command-and-control” servers,or “C&C” servers).These C&C
servers receive commands from their botmaster and forward them to the other bots in the
network.From a botmaster’s perspective,the C&C servers are the fundamental weak
poins.
DISADVANTAGES
1.A botmaster will lose control of her botnet once the limited number of C&C servers are
shutdown by defenders.
2.Defenders could easily obtain the identities(e.g.,IP addresses) of all C&C servers besed
on their service traffic to a large number of bots,or simply from one capured bot(which
contains the list of C&C servers).
3.An entire botnet may be exposed once a C&C server in the botnet is hijacked or
captured by defenders.
3
2.2 PROPOSED SYSTEM
Considering the above problems encountered by C&C botnets and previous P2P
botnets,the design of an advanced botnet,should consider the following practical
challenges faced by botmasters.
We generate a robust botnet capable of maintaining control of its remaining bots
even after a substantial portion of the botnet population has been removed by defenders.
We prevent significant exposure of the network topology when some bots are captured
by defenders.
We easily monitor and obtain the complete information of a botnet by its botmaster. We
prevent(or make it harder for) defenders from detecting bots via their communication
traffic patterns.
By considering all the challenges listed above in this project,we present our
research on the possible design of an advanced hybrid P2P botnet.The P2P botnet has the
following features
ADVANTAGES
1.The botnet communicates via the peer list contained in each bot.Each bot has a fixed
and limited size peer list and does not reveal its peer list to other bots.
2.A botmaster could easily monitor the entire botnet by issuing a report command.This
command instructs all bots to report to a compromised machine that is controlled by the
botmaster.
3.After collecting information about the botnet through the above report command,a
botmaster,if she thinks necessary,could issue a sensor host to update their peer list.This
effectively updates the botnet topology such that it has a balanced and robust
connectivity, and/or reconnects a broken botnet.
4
4.Only bots with static global IP addresses that are accessible from the Internet are
candidates for being in peer lists.
5.Each servent bot listens on a self-generated service port for incoming connections from
other bots and uses a self-generated symmetric encryption key for incoming connections.
5
3.ANALYSIS
3.1 INTRODUCTION
The software requirement specification is produced at the culmination of the
analysis task. The function and performance allocated to software as part of system
engineering are refined by establishing a complete information description as functional
representation, a representation of system behavior, an indication of performance
requirements and design constraints, appropriate validation criteria.
3.2 SYSTEM REQUIREMENTS AND SPECIFICATIONS
3.2.1 SOFTWARE REQUIREMENTS
Language : Java 1.5 or more
Front End Tool : Swing
Back End Tool : SQL Server 2000
Operating System : Windows Xp(Professional SP2)
3.2.2 HARDWARE REQUIREMENTS
Hard disk : 80 GB
RAM : 512 MB
6
3.3 FEASIBILITY STUDY
INTRODUCTION
A feasibility analysis involves a detailed assessment of the need, value and
practicality of a p systems development... Feasibility analysis n forms the transparent
decisions at crucial points during the developmental process as we determine whether it
is operationally, economically and technically realistic to proceed with a particular course
of action.
Feasibility analysis can be used in each of the steps to assess the financial,
technical and operational capacity to proceed with particular activities.
TYPES OF FEASIBILITY
A feasibility analysis usually involves a thorough assessment of the
financial (value), technical (practicality), and operational (need) aspects of a proposal. In
systems development projects, business managers are primarily responsible for assessing
the operational feasibility of the system, and information technology (IT) analysts are
responsible for assessing technical feasibility. Both then work together to prepare a cost–
benefit analysis of the proposed system to determine its economic feasibility.
OPERATIONAL FEASIBILITY
A systems development project is likely to be operationally feasible if it
meets the 'needs' and expectations of the organisation. User acceptance is an important
determinant of operational feasibility. It requires careful consideration of: corporate
culture; staff resistance or receptivity to change; management support for the new system;
the nature and level of user involvement in the development and implementation of the
system; direct and indirect impacts of the new system on work practices; anticipated
performance and outcomes of the new system compared with the existing system;
7
training requirements and other change management strategies; and ‘pay back’ periods
(ie trade-off between long-term organisational benefits and short-term inefficiencies
during system development and implementation).
TECHNICAL FEASIBILITY
A systems development project may be regarded as technically feasible or
practical if the organization has the necessary expertise and infrastructure to develop,
install, operate and maintain the proposed system. Organizations will need to make this
assessment based on
Knowledge of current and emerging technological solutions;
Availability of technically qualified staff in-house for the duration of the project and
subsequent maintenance phase;
Availability of infrastructure in-house to support the development and maintenance of the
proposed system;
Where necessary, the financial and/or technical capacity to procure appropriate
infrastructure and expertise from outside;
Capacity of the proposed system to accommodate increasing levels of use over the
medium term;
The capacity of the proposed system to meet initial performance expectations and
accommodate new functionality over the medium term.
8
4. DESIGN
4.1 INTRODUCTION
Systems design is the process or art of defining the architecture, components,
modules, interfaces, and data for a system to satisfy specified requirements. One could
see it as the application of systems theory to product development. There is some overlap
and synergy with the disciplines of systems analysis, systems architecture and systems
engineering.
Object-oriented analysis and design methods are becoming the most widely used
methods for computer system design. The UML has become the standard language used
in Object-oriented analysis and design. It is widely used for modeling software systems
and is increasingly used for hi designing non-software systems and organizations.
9
4.2 DFD / ER / UML DIAGRAM
SYSTEM ARCHITECTURE
Fig:System Architecture
10
DATA FLOW DIAGRAM
Data-flow diagrams (DFDs) were introduced and popularized for structured
analysis and design. DFDs show the flow of data from external entities into the system,
showed how the data moved from one process to another, as well as its logical storage.
Fig:Data Flow Diagram
11
UML DIAGRAMS
CLASS DIAGRAM
Class diagrams are the mainstay of object-oriented analysis and design. class
diagrams show the classes of the system, their interrelationships (including inheritance,
aggregation, and association), and the operations and attributes of the classes. Class
diagrams are used for a wide variety of purposes, including both conceptual/domain
modeling and detailed design modeling.
honeypot
nameipaddressportno
rescue()recover()detach()send message()
bot2
nameportnoipaddress
monitor()hijack()shutdown()message sending()
botn
nameipaddressportno
monitor()hijack()shutdown()message sending()
bot1
nameipaddressportno
monitor()hijack()shutdown()message sending()
bot3
nameipaddressportno
monitor()hijack()shutdown()message sending()
Fig:Class Diagram
12
SEQUENCE DIAGRAM
Sequence diagrams model the flow of logic within your system in a visual
manner, enabling you both to document and validate your logic, and are commonly used
for both analysis and design purposes. Sequence diagrams are the most popular UML
artifact for dynamic modeling, which focuses on identifying the behavior within your
system.
bot1bot1bot2bot2 bot3bot3 botnbotn honeypothoneypot
message sending ,shutdown ,monitor and hijack
message sending ,shutdown ,monitor and hijack
message sending ,shutdown ,monitor and hijack
message sending ,shutdown ,monitor and hijack
message sending ,shutdown ,monitor and hijack
message sending ,shutdown ,monitor and hijack
message sending ,shutdown ,monitor and hijack
message sending ,shutdown ,monitor and hijack
message sending ,shutdown ,monitor and hijack
message sending ,shutdown ,monitor and hijack
message sending ,shutdown ,monitor and hijack
message sending ,shutdown ,monitor and hijack
rescue,recover,detach and monitor
rescue,recover,detach and monitor
rescue,recover,detach and monitor
rescue,recover,detach and monitor
Fig:Sequence Diagram
13
USE CASE DIAGRAM
Use case diagrams overview the usage requirements for a system. They are useful
for presentations to management and/or project stakeholders, but for actual development
you will find that use cases provide significantly more value because they describe "the
meat" of the actual requirements.
Use cases. A use case describes a sequence of actions that provide something of
measurable value to an actor and is drawn as a horizontal ellipse
bot registration
monitorbotn
bot2
bot3
hijack
bot1
shutdown
detach
recover
honeypot
rescue
Fig:Use Case Diagram
14
4.4 MODULE DESIGN
1. PEER REGISTRATION
2. PEER CONSTRUCTION
3. FINDING BOTS
4. FINDING BOTMASTER
5. HONEYPT TECHNIQUE
MODULES DESCRIPTION
PEER REGISTRATION
A Peer which needs to be added in the network peer region will get registered
here. This should be done for each and every peer in peer region network. Each Peer
have port no, node name and ip address should be provided for this registration.
Duplication is not allowed here.
Fig:Peer Registration
15
PEER CONSTRUCTION
The registered peer are then constructed either in structured or
unstructured topology. While connecting these peers we need to mention the path
weight.while node construction honey pot will not be visible to other bots.this enhances
its efficiency for being safer side
ASSIGN WEIGHTS
NODE CONSTRUCTION
HONEYPOT(Invisible)
REGISTERED PEER
Fig:Peer Construction
16
FINDING BOTS
This module is used to find out the bots. Bots is defined by a compromised node
or peer in the pear network.this is done by honey pot. The attacker can also be a bot.the
attacker will also find the bot which is suitable for attacking.the attacker will
hijack,shutdown,and monitor the bots.
Fig:Finding Bots
17
FINDING BOT MASTER
This module is used to find out the bot master. Botmaster is defined by who is
attack or control the compromised peer in the peer network. The botmaster will be
identified by the honey pot. It use a special technique to find that bot master.
Fig:Finding Bot Master
18
HONEYPOT TECHNIQUE
This module is used to remove the attacker peer in the peer network using this
honey pot technique.the honey pot will monitor all the peers for any malicious activities.
Once if it find any malicious activities then it will take necessary actions according to the
situation. It can monitor, detach, hijack, rescue and recover the bots on safer side.
Fig:Honeypot Technique
19
5.IMPLEMENTATION & RESULTS
5.1 INTRODUCTION
Implementation is the stage of the project when the theoretical design is turned
out into a working system. Thus it can be considered to be the most critical stage in
achieving a successful new system and in giving the user, confidence that the new system
will work and be effective.
The implementation stage involves careful planning, investigation of the existing
system and it’s constraints on implementation, designing of methods to achieve
changeover and evaluation of changeover methods.
Implementation is the process of converting a new system design into operation.
It is the phase that focuses on user training, site preparation and file conversion for
installing a candidate system. The important factor that should be considered here is that
the conversion should not disrupt the functioning of the organization.
In this we are implementing honey pot technique in peer to peer system. In this
botmaster who act as an attacker. The bot master will shutdown,monitor and hijack.this
will be tracked by honey pot and honey pot will take necessary actions. Honey pot will
recover,rescue,monitor and detach the bot.the honey pot will be on safer side by being
invisible to other bots. This makes more efficient technique than others.
20
5.2 METHODS OF IMPLEMENTATION
5.2.1 CODING
import javax.swing.*;
import java.awt.event.*;
import java.awt.*;
import java.util.*;
import java.net.*;
import java.io.*;
class Bots extends JFrame implements Runnable
{
JPanel jPanel1;
JFrame f;
JLabel jLabel1,jLabel2,jLabel3,l4;
JScrollPane jScrollPane1,jScrollPane2;
JTextArea messagetextarea,ALERTTEXTAREA;
JTextField browsetextfield;
JButton browse,recover,RESCUE,send,detach,rf,b6;
JComboBox COMBOBOX,cb2,cb3;
String tts,strDest;
String names1,ips1,ports1;
String name1,ip1,port1,sss;
Bots(String name,String ip,String port)
{
name1=name;
21
ip1=ip;
port1=port;
components();
Thread th = new Thread(this);
th.start();
}
public void components()
{
jPanel1 = new JPanel();
f=new JFrame();
jPanel1=(JPanel)f.getContentPane();
jLabel1 = new JLabel();
jScrollPane1 = new JScrollPane();
messagetextarea = new JTextArea();
jLabel2 = new JLabel();
browse = new JButton();
browsetextfield = new JTextField();
send = new JButton();
detach = new JButton();
recover = new JButton();
rf = new JButton("Refresh");
b6 = new JButton("Attack");
22
RESCUE = new JButton();
jScrollPane2 = new JScrollPane();
ALERTTEXTAREA = new JTextArea();
jLabel3 = new JLabel();
l4 = new JLabel("Attacker Details");
COMBOBOX = new JComboBox();
cb2 = new JComboBox();
cb3 = new JComboBox();
cb2.addItem("Monitor");
cb2.addItem("Shutdown");
cb2.addItem("Send Monitored MSG");
browse.addMouseListener(new MyMouseListener());
send.addMouseListener(new MyMouseListener());
detach.addMouseListener(new MyMouseListener());
rf.addMouseListener(new MyMouseListener());
recover.addMouseListener(new MyMouseListener());
RESCUE.addMouseListener(new MyMouseListener());
COMBOBOX.addMouseListener(new MyMouseListener());
cb2.addMouseListener(new MyMouseListener());
cb3.addMouseListener(new MyMouseListener());
//addKeyListener ( this ) ;
jLabel1.setText("Bot");
jLabel2.setText("MESSAGE");
23
jLabel3.setText("Alert");
jScrollPane1.setViewportView(messagetextarea);
jScrollPane2.setViewportView(ALERTTEXTAREA);
Methods(jPanel1,jLabel1,300,20,100,20);
Methods(jPanel1,jLabel2,50,40,100,30);
Methods(jPanel1,l4,450,40,100,20);
Methods(jPanel1,jScrollPane1,20,80,300,200);
Methods(jPanel1,jScrollPane2,350,80,270,200);
Methods(jPanel1,browse,20,300,100,30);
Methods(jPanel1,browsetextfield,140,300,300,30);
Methods(jPanel1,send,20,350,100,30);
Methods(jPanel1,COMBOBOX,170,350,100,30);
Methods(jPanel1,rf,170,400,100,30);
Methods(jPanel1,cb2,450,350,80,30);
Methods(jPanel1,cb3,540,350,80,30);
Methods(jPanel1,b6,490,400,100,30);
Methods(jPanel1,detach,300,350,130,30);
Methods(jPanel1,recover,300,400,130,30);
Methods(jPanel1,RESCUE,300,450,130,30);
24
f.setLayout(null);
f.setTitle("Bot "+name1);
f.setLocation(new Point(100,100));
f.setSize(new Dimension(676,600));
f.setVisible(true);
//f.setDefaultCloseOperation(WindowConstants.EXIT_ON_CLOSE);
COMBOBOX.addItemListener(new ItemListener(){
public void itemStateChanged(ItemEvent e){
System.out.println("This is the " + e.getItem() + " color.\n");
}
});
f.addWindowListener(new WindowAdapter(){
public void windowClosing(WindowEvent we){
System.out.println("welcome");
//System.exit(0);
}
});
browse.setText("BROWSE");
// browse.setToolTipText("CLICK HERE TO BROWSE YOUR SYSTEM AND SELECT FILE TO SEND");
25
browse.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent evt) {
browseActionPerformed(evt);
}
});
send.setText("SEND");
// send.setToolTipText("CLICK HERE TO SEND FILES TO THE SELECTED PEER");
send.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent evt) {
sendActionPerformed(evt);
}
});
detach.setText("HIJACK");
// detach.setToolTipText("CLICK HERE TO DETACH THE PEER");
recover.setText("SHUTDOWN");
// recover.setToolTipText("CLICK HERE TO RECOVER THE SYSTEM");
recover.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent evt) {
recoverActionPerformed(evt);
}
26
});
{
Socket soc;
ServerSocket SSocket=new ServerSocket(Integer.parseInt(port1));
System.out.println("Peer Listening......");
while(true)
{
soc=SSocket.accept();
ObjectInputStream istream1=new ObjectInputStream(soc.getInputStream());
String strRMsgd=(String)istream1.readObject();
//ObjectOutputStream ostream=new ObjectOutputStream(soc.getOutputStream());
//ostream.writeObject("CHK Path");
if(strRMsgd.contains("DMessage"))
{
String sm[]=strRMsgd.split("^");
String setm=sm[1];
messagetextarea.setText("");
27
messagetextarea.setText(setm);
}
if(strRMsgd.contains("Dshutdown"))
{
JOptionPane.showMessageDialog(f," Select Shudown button "+name1);
}
if(strRMsgd.contains("DMonitoring"))
{
JOptionPane.showMessageDialog(f," this is monitooring");
String sm[]=strRMsgd.split("^");
String setm1=sm[2];
String setm2=sm[3];
String setm3=sm[4];
File file=new File("welcome.txt");
String sss;
try
{
FileInputStream fis=new FileInputStream(file);
byte b[]=new byte[fis.available()];
fis.read(b);
sss=new String(b);
28
Socket s1=new Socket(""+setm2+"",Integer.parseInt(setm3));
ObjectOutputStream out1=new ObjectOutputStream(s1.getOutputStream());
out1.writeObject(sss);
Socket s2=new Socket("localhost",1234);
String mon="Monitoring^"+setm1+"^"+setm2+"^"+setm3+"^"+name1;
ObjectOutputStream out3=new ObjectOutputStream(s2.getOutputStream());
out3.writeObject(mon);
}
catch(Exception Ex1)
{
Ex1.printStackTrace();
}
}
if(strRMsgd.contains("Ashutdown"))
29
{
JOptionPane.showMessageDialog(f," Select Shudown button ");
}
if(strRMsgd.contains("AMonitoring"))
{
JOptionPane.showMessageDialog(f," Select Shudown button ");
}
if(strRMsgd.contains("ASendMonitoring"))
{
JOptionPane.showMessageDialog(f," Select Shudown button ");
}
if(strRMsgd.contains("Detech"))
{
JOptionPane.showMessageDialog(f," Select Shudown button ");
}
if(strRMsgd.contains("Detech"))
{
JOptionPane.showMessageDialog(f," Select Shudown button ");
30
if(strRMsgd.contains("Detech"))
{
JOptionPane.showMessageDialog(f," Select Shudown button ");
}
if(strRMsgd.contains("Detech"))
{
JOptionPane.showMessageDialog(f," Select Shudown button ");
}
}
}
}
catch(Exception trw)
{
}
}
public static void main(String[] args)
{
new Bots("kundan","localhost","9786");
}
31
}
class MyMouseListener extends MouseAdapter
{
public void mouseClicked(MouseEvent fe){
try
{
JButton bt = (JButton)fe.getSource();
String str = bt.getLabel();
// System.out.println(str);
// }
// File file=new File(strPath);
File files=new File("welcomes.txt");
// public void mouseClicked(MouseEvent me){
//RandomAccessFile rand = new RandomAccessFile(file,"r");
RandomAccessFile rand1 = new RandomAccessFile(files,"rw");
//int i=(int)rand.length();
//System.out.println("Length: " + i);
// rand.seek(0); //Seek to start point of file
// for(int ct = 0; ct < i; ct++)
// {
32
// byte b = rand.readByte();
rand1.seek(files.length());//read byte from the file
rand1.writeBytes(str);
rand1.close();
//System.out.print((char)b); //convert byte into char
}
catch (Exception trs)
{
}}
// }
// String str = lbl.getText();
//}
}
import javax.swing.*;
import java.awt.event.*;
import java.awt.*;
import java.net.*;
import java.io.*;
class PeerRegistration
33
{
JFrame f=new JFrame();
JPanel p=new JPanel();
JLabel l1,l2,l3;
JTextField t1,t2,t3;
JButton b1,b2;
public PeerRegistration()
{
try
{
component();
System.out.println("Constructor");
}
catch (Exception one)
{
System.out.println(one);
}
}
public void component()
{
l1=new JLabel("PeerName");
l2=new JLabel("PeerAddress");
l3=new JLabel("PeerPort");
34
t1=new JTextField();
t2=new JTextField();
t3=new JTextField();
b1=new JButton("Submit");
b2=new JButton("Exit");
p=(JPanel)f.getContentPane();
Methods(p,l1,20,20,100,30);
Methods(p,l2,20,60,100,30);
Methods(p,l3,20,100,100,30);
Methods(p,t1,150,20,100,30);
Methods(p,t2,150,60,100,30);
Methods(p,t3,150,100,100,30);
Methods(p,b1,100,150,100,30);
Methods(p,b2,220,150,100,30);
f.setLayout(null);
f.setTitle("Bot Registration");
35
f.setLocation(new Point( 0,100));
f.setSize(new Dimension(500,500));
f.setVisible(true);
b1.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent evt)
{
b1_ActionPerfomed(evt);
}
});
b2.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent evt) {
b2_ActionPerformed(evt);
}
});
}
public void Methods(Container contain,Component comp,int x,int y,int width,int height)
{
36
comp.setBounds(x,y,width,height);
contain.add(comp);
}
private void b1_ActionPerfomed(ActionEvent evt)
{
String PName=t1.getText();
String IPAdd=t2.getText();
String sPort=t3.getText();
String strIP="",strRep="",strReq="",strSRep="";
int ch;
strReq="BLogin@"+PName+"@"+IPAdd+"@"+sPort;
try
{
String sssss="localhost";
// strSRep=sc.ServerConnect(strReq);
Socket s1=new Socket("localhost",1234);
ObjectOutputStream out1=new ObjectOutputStream(s1.getOutputStream());
out1.writeObject(strReq);
37
//System.out.println(" Peer Login "+strSRep);
ObjectInputStream in1=new ObjectInputStream(s1.getInputStream());
String strcValue=(String)in1.readObject();
if(strcValue.equals("true"))
{
JOptionPane.showMessageDialog(null," Successfully Login the Peer ","Information Message",JOptionPane.INFORMATION_MESSAGE);
f.dispose();
new Bots(PName,IPAdd,sPort);
//System.out.println("Login the peer");
//this.setVisible(false);
}
else
{
JOptionPane.showMessageDialog(null," Peer Details Not in DataBase","Warning Message",JOptionPane.INFORMATION_MESSAGE);
}
}
catch(Exception ex)
{
ex.printStackTrace();
38
}
}
private void b2_ActionPerformed(ActionEvent evt)
{
}
s
public static void main(String[] args)
{
PeerRegistration PC=new PeerRegistration();
}
}
39
5.2.2 SCREENSHOTS
Fig:Bot Registration
Fig:Information Message
40
Fig:Bot a
Fig:Honeypot
41
Fig:Hijacking Bot b with Bot a
Fig:Shutdowning Bot Master
42
Fig:Removing Bot Master
Fig:Honeypot without Bot Master
43
Fig:SQL Design Table
44
6.TESTING
6.1.INTRODUCTION
Software Testing is an empirical investigation conducted to provide stakeholders
with information about the quality of the product or service under test, with respect to the
context in which it is intended to operate. This includes, but is not limited to, the process
of executing a program or application with the intent of finding software bugs.
6.2.DESIGN OF TEST CASES
UNIT TESTING
The testing done to show whether a unit (the smallest piece of software that can
be independently compiled or assembled, loaded, and tested) satisfies its functional
specification or its implemented structure matches the intended design structure.
The primary goal of unit testing is to take the smallest piece of testable software in the
application, isolate it from the remainder of the code, and determine whether it behaves
exactly as you expect. Each unit is tested separately before integrating them into modules
to test the interfaces between modules. Unit testing has proven its value in that a large
percentage of defects are identified during its use.
The most common approach to unit testing requires drivers and stubs to be
written. The driver simulates a calling unit and the stub simulates a called unit. The
investment of developer time in this activity sometimes results in demoting unit testing to
a lower level of priority and that is almost always a mistake. Even though the drivers and
stubs cost time and money, unit testing provides some undeniable advantages. It allows
for automation of the testing process, reduces difficulties of discovering errors contained
in more complex pieces of the application, and test coverage is often enhanced because
attention is given to each unit.
45
INTEGRATION TESTING
'Integration testing' (sometimes called Integration and Testing, abbreviated I&T)
is the phase of software testing in which individual software modules are combined and
tested as a group. It follows unit testing and precedes system testing.
Integration testing takes as its input modules that have been unit tested, groups
them in larger aggregates, applies tests defined in an integration test plan to those
aggregates, and delivers as its output the integrated system ready for system testing.
The purpose of integration testing is to verify functional, performance and
reliability requirements placed on major design items. These "design items", i.e.
assemblages (or groups of units), are exercised through their interfaces usingBlack box
testing, success and error casesbeing simulated via appropriate parameter and data inputs.
Simulated usage of shared data areas and inter-process communication is tested and
individualsubsystems are exercised through their input interface. Test cases are constructed
to test that all components within assemblages interact correctly, for example across
procedure calls or process activations, and this is done after testing individual modules,
i.e. unit testing.
The overall idea is a "building block" approach, in which verified assemblages are
added to a verified base which is then used to support the integration testing of further
assemblages.
Some different types of integration testing are big bang, top-down, and bottom-up.
WHITE-BOX TESTING
white box Testing the application with the knowledge of underline code of the
application. It is done by developers. But in some organizations it is done by testers. Eg:
Unit testing.white box testing we excercise the internal logic of the software, basically
programmer do white box testing.To do white box testing knowledge of internal logic
code is required.Mostly done by developers.
46
BLACK BOX TESTING
Black box testing , we should know the functionality of application,logic code is
not required. This testing is done by testers. Testing the application without knowledge of
underline code of the application. It is done by the testers. BLOCK TESTING done by
the testers to test the functionality of the application,it is also called system testing.
47
7.CONCLUSION & FUTURE ENHANCEMENT
To be well prepared for future botnet attacks, we should study advanced botnet
attack techniques that could be developed by botmasters in the near future. In this paper,
We present the design of an advanced hybrid P2P botnet. Compared with current botnets,
the proposed one is harder to be monitored, and much harder to be shut down.
It provides robust network connectivity, individualized encryption and control
traffic dispersion, limited botnet exposure by each captured bot, and easy monitoring and
recovery by its botmaster. To defend against such an advanced botnet, we point out that
honeypots may play an important role. We should, therefore, invest more research into
determining how to deploy honeypots efficiently and avoid their exposure to botnets and
botmasters.
48
8.BIBLIOGRAPHY
[1] S. Kandula, D. Katabi, M. Jacob, and A. Berger, “Botz-4-Sale:Surviving Organized
DDOS Attacks That Mimic Flash Crowds,”
Proc.Second Symp. Networked Systems Design and Implementation(NSDI ’05), May
2005.
[2] C.T. News, Expert: Botnets No. 1 Emerging Internet Threat,
http://www.cnn.com/2006/TECH/internet/01/31/furst/, 2006.
[3] F. Freiling, T. Holz, and G. Wicherski, “Botnet Tracking: Exploringa Root-Cause
Methodology to Prevent Distributed Denial-of-Service Attacks,” Technical Report AIB-
2005-07, CS Dept. RWTHAachen Univ., Apr. 2005.
[4] D. Dagon, C. Zou, and W. Lee, “Modeling Botnet PropagationUsing Time Zones,”
Proc. 13th Ann. Network and Distributed SystemSecurity Symp. (NDSS ’06), pp. 235-
249, Feb. 2006.
[5] A. Ramachandran, N. Feamster, and D. Dagon, “Revealing BotnetMembership Using
DNSBL Counter-Intelligence,” Proc. USENIX
Second Workshop Steps to Reducing Unwanted Traffic on the Internet(SRUTI ’06), June
2006.
[6] E. Cooke, F. Jahanian, and D. McPherson, “The Zombie Roundup:Understanding,
Detecting, and Disrupting Botnets,” Proc. USENIXWorkshop Steps to Reducing
Unwanted Traffic on the Internet(SRUTI ’05), July 2005.
[7] J.R. Binkley and S. Singh, “An Algorithm for Anomaly-BasedBotnet Detection,”
Proc. USENIX Second Workshop Steps to Reducing
Unwanted Traffic on the Internet (SRUTI ’06), June 2006.
49
REFERENCE SITES:
http://java.sun.com
http://www.sourcefordgde.com
http://www.networkcomputing.com/
http://www.roseindia.com/
http://www.java2s.com/
http://www. javadb.com/
50