Professional Documents
Culture Documents
INTRODUCTION
1.1 ABSTRACT
An E-mail threat is any threat that uses the internet to facilitate cyber crime. E-
mail threats use multiple types of malware and fraud, all of which utilize HTTP or
HTTPS protocols, but may also employ other protocols and components, such as links
in email or IM, or malware attachments or on servers that access the Web. They benefit
cyber criminals by stealing information for subsequent sale and help absorb infected
PCs into botnets.
E-mail threats pose a broad range of risks, including financial damages, identity
theft, loss of confidential information/data, theft of network resources, damaged
brand/personal reputation.
E-mail threats can be divided into two primary categories, based on delivery
method – push and pull. Push-based threats use spam, phishing, or other fraudulent
means to lure a user to a malicious (often spoofed) website which then collects
information and/or injects malware. Push attacks use phishing, DNS poisoning (or
pharming), and other means to appear to originate from a trusted source.
2.2PROPOSED SYSTEM
3.2SOFTWARE ENVIRONMENT
Database : MY SQL
Modules:
1: Registration
2: Admin
3: Threat Words
4: Comparison
5: Alert
6: Key logging
8: Key Generation
Modules Description:
1. Registration
In this module, the new user can login by entering their e-mail and password. The
user name must be a valid mail id and password should be in at least 6 to 8 characters.
If unregistered user try to login or user forget their username or password, then it
displays only the login error message.
Once the user registered their detail, they will ask to conform it by accepting the
link in mail. After that only, the user details will store in the database. Then the
registered user can login by simply typing their username and password.
3. Threat Words:
This means through which the ability or intent of a threat agent to adversely
affect an automated system, facility, or operation can be manifest. A potential violation
of security, In this module, administrator stores threat words in database by using SQL
server.
Threat word is an indication of imminent danger, harm, evil, etc. the threat of war
or a potential source of this. Some threat words are terrorism, bomb, murder, kill etc.
Methods and things used to exploit a vulnerability in an information system, operation,
or facility; fire, natural disaster and so forth.
4. Comparison
In this module, one key identifier program written in asp.net is used. This
program detects whether a user has pressed or released a key on the keyboard.
Therefore if anyone sends mail with threat word, then this project matches the threat
word in mail with the threat words that we are already stored in database. This will
compare the key which is generated from the below modules.
In this module, if no threat words are found then mail will send successfully.
Otherwise it will alert the administrator by SMS without having the knowledge of mail
sending user. The SMS contain the threat word, IP address of the PC, date and time.
The SMS technology has facilitated the development and growth of text messaging.
The connection between the phenomenon of text messaging and the underlying
technology is so great that in parts of the world the term "SMS" is used as a synonym
for a text message or the act of sending a text message, even when a different protocol
is being used.
6. Key Logging
This module is used to read the each and every word, who is typing on the
system. It will read all the data from the system while typing on keyboard without the
knowledge of the user. User can type the threat word in our application or in a notepad
or in any application it will detect the threat word if the user typed in his system. As a
hardware device, a key logger is a small battery-sized plug that serves as a connector
between the user's keyboard and computer. Because the device resembles an ordinary
keyboard plug, it is relatively easy for someone who wants to monitor a user's behavior
to physically hide such a device "in plain sight."
This module deals with an encryption and decryption of the found threat
message. Once the threat word is found, the typed message will encrypt and stored in
the database. This encrypted message was viewed by an Admin by the below module
Dept of CSE, PDCE 2010-11 7
process. If the key given by the admin is matched our criteria, the encrypted message
was decrypted and make it ready to view. One of the most common uses of encryption
is encrypting emails. Sending sensitive messages, documents and files over the Internet
is like sending a postcard as all emails are transmitted in an unsecured form. It doesn't
depend on if you send emails via public and private networks. Your message is totally
open to interception by anyone along the way - so anybody - your ISP, your boss, etc.
can read your emails. Even if you connect to your server and send your emails via SSL,
it only means that your emails can't be seen while transmitting between you and your
server. When your email reaches your server, it can be seen by your email service
provider. Then your server usually sends your email to the recipient in an unsecured
way and your email can also be easily seen by anyone.
8. Key Generation:
This module deals with the public and private key generation by using key
generation technique. The public key is used by the admin who are all this application;
he is an admin for that concern. But the private key is used only the software
developing concern who developed this application. The combination of these two key
will matched means, admin can able to view the threat message stored in the database.
is the process of generating keys for cryptography. A key is used to encrypt and decrypt
whatever data is being encrypted/decrypted. In computer cryptography keys are
integers. In some cases keys are randomly generated using a random number generator
(RNG) or pseudorandom number generator (PRNG), the latter being a computer
algorithm that produces data which appears random under analysis. Of the PRNGs
those which use system entropy to seed data generally produce better results, since this
makes the initial conditions of the PRNG much more difficult for an attacker to guess.
In other situations, the key is created using a passphrase and a key generation
algorithm, usually involving a cryptographic hash function.
Main
Regist Gener
Threat ate
Gener er
words Key
ate user
Type
Key word
iApplic
Key ation
input
Thread
word
comparis
Decrypt ion
message
View
message
Encrypt
word
Messa E-
ge mail
Alret Alret
Add threat
Admin words User
Database
Decrypt
Mail
Main
Admin Thread
mailer
Register
user,Threat Type
words,key word,compare,
generation encrypt
Type
View msg,key
word,compare,
input,decrypt,
encrypt
Sending msg
end mail
Analysis Layer: Analysis layer contains processing where the process of application
layer taken place. In tins layer application analysis process will taken place.
Data Analysis Layer: The data access layer provides a simple API for accessing and
manipulating data. The components in this layer abstract the semantics of the
underlying data access technology thus allowing the business layer to focus on business
logic. Each component typically provides methods to perform Create, Read, Update,
and Delete (CRUD) operations for a specific business entity.
Data Stores: Enterprise applications store their data in one or more data stores.
Databases and file systems are two very common types of data stores.
Process Layer:
ANALYSIS
LAYER THREAT
ALERT
WORDS
DATA
ANALYSIS
DATA WARE HOUSE
PROCESS
Mail encryption Mail decryption
LAYER
TESTING OBJECTIVES
The establishment of clear testing objectives goes a long way toward offsetting future
execution problems. Before the tester can do this s/he must understand what we mean
by the word objective.
Errors in each module identified and modification are done to eliminate them.
Each level of testing done is different in nature and has different objective. Product
work under normal conditions and it should be checked for its robustness.
Black box testing takes an external perspective of the test object to derive test
cases. These tests can be functional or non-functional, though usually functional. The
test designer selects valid and invalid input and determines the correct output. There is
no knowledge of the test object's internal structure.
This method of test design is applicable to all levels of software testing: unit,
integration, functional testing, system and acceptance. The higher the level, and hence
Dept of CSE, PDCE 2010-11 15
the bigger and more complex the box, the more one is forced to use black box testing to
simplify. While this method can uncover unimplemented parts of the specification, one
cannot be sure that all existent paths are tested.
Equivalence Partitioning:
Error Guessing:
Ad-hoc method to identify tests likely to expose errors based on experience and
intuition. Some areas to guess are Empty or null strings, Zero instances, occurrences,
Blank or null characters in strings, Negative numbers
Ideally, each test case is independent from the others; mock objects and test
harnesses can be used to assist testing a module in isolation. Unit testing is typically
done by the developers and not by end-users.
The goal of unit testing is to isolate each part of the program and show that the
individual parts are correct. A unit test provides a strict, written contract that the piece
of code must satisfy.
This project is implement the following validations are carried through all over
the project till the end. The validations include range validation for the mobile number
which restricts the number only for ten digits and not more or less. The date and time
validation also done in which the first day must be minimal than the second day. The
data type validation which checks whether the entry matches the user input. In case of
mismatch the alert messages will be displayed. The empty fields are also validated and
are not allowed to redirect page without entry for all the fields.
It’s sometimes called Integration and Testing, (abbreviated I&T) is the phase of
software testing in which individual software modules are combined and tested as a
group. It follows unit testing and precedes system testing.
Integration testing takes as its input modules that have been unit tested, groups
them in larger aggregates, applies tests defined in an integration test plan to those
aggregates, and delivers as its output the integrated system ready for system testing.
In this project maintain the test cases are constructed to test that all components
within assemblages interact correctly, for example across procedure calls or process
activations, and this is done after testing individual modules, i.e. unit testing
System Testing:
Generally, testing is performed to ensure that the software does not fail and it is
carried out with the explicit intention of finding errors in the program. After the
development of the system, the next step would be test the system. So that the system
could be subjected to different tests at a stretch, to determine the reliability of the
system.
White box testing requires access to the source code. Though white box testing can be
performed any time in the life cycle after the code is developed, it is a good practice to
perform white box testing during the unit testing phase.
White box testing requires knowing what makes software secure or insecure, how to
think like an attacker, and how to use different testing tools and techniques. The first
step in white box testing is to comprehend and analyze source code, so knowing what
makes software secure is a fundamental requirement. Second, to create tests that exploit
software, a tester must think like an attacker. Third, to perform testing effectively,
testers need to know the different tools and techniques available for white box testing.
The three requirements do not work in isolation, but together.
Bottom-Up Testing
Sandwich Testing
Sandwich Testing is a hybrid between Top-Down and Bottom-Up testing. It will test the
user interface in isolation using stubs and test the very lowest functions using drivers.
This is also called as Hybrid Testing.
Test case No 1
Module Alert
User form Receive message from
Input Treat word
Test case No 2
Module Alert
User form Email form
Input Treat word
There are mainly two purposes for maintaining the system implementation which
is that,
• To document the work that has to been done for every updates in a project
• To provide help for current and future users
Now we ill see detail about the step by step process in this topic.
There are two important things one is the system documentation and another one
is the user documentation.
d)Process of Maintenance:
8.PERFORMANCE AD LIMITATIONS
Dept of CSE, PDCE 2010-11 23
During this first conceptual phase of a program or project, critical business processes
are identified. Typically they are classified as critical based upon revenue value, cost
savings, or other assigned business value. This classification is done by the business
unit, not the IT organization.
High level risks that may impact system performance are identified and described at this
time. An example might be known performance risks for a particular vendor system.
Finally performance activities, roles, and deliverables are identified for the Elaboration
phase. Activities and resource loading are incorporated into the Elaboration phase
project plans.
Limitation
9.APPENDICES
9.1SCREEN SHOT
DBConnect.java:
package crberxforce;
import java.sql.Connection;
import java.sql.DriverManager;
/*
* Frmmain.java
*
* Created on Mar 19, 2010, 3:29:02 PM
*/
package crberxforce;
import java.awt.AWTException;
import java.awt.Dimension;
import java.awt.SystemTray;
import java.awt.Toolkit;
import java.awt.TrayIcon;
import java.awt.event.MouseEvent;
import java.awt.event.MouseListener;
import java.awt.event.MouseMotionListener;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStreamReader;
import java.net.InetAddress;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.Statement;
import java.util.Calendar;
import java.util.StringTokenizer;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.swing.ImageIcon;
/**
*
* @author user
*/
public class Frmmain extends javax.swing.JFrame implements Runnable {
}
}
if(!wrd.equals("") && !lastwrd.equals(wrd)){
lastwrd=wrd;
System.out.println("Mail Word Found: " + wrd);
String sys=InetAddress.getLocalHost().getHostName();
String ip=InetAddress.getLocalHost().getHostAddress();
Calendar c=Calendar.getInstance();
String dates=c.get(Calendar.DATE) + "-" + (c.get(Calendar.MONTH)+1) + "-" +
c.get(Calendar.YEAR);
String time=c.get(Calendar.HOUR)+ ":" + c.get(Calendar.MINUTE) + ":" +
c.get(Calendar.SECOND) + " " + c.get(Calendar.AM_PM);
String msg="Threat word was Found in " + sys + " with IP address: " + ip;
msg+= "\n\n The Words Found are : "+wrd + "\n";
msg+="\n On Date: " + dates + " and Time : " + time;
MailMessage mm=new MailMessage();
try {
PreparedStatement pss=DBConnect.getConnection().prepareStatement("insert into
message values ('" + EncryptMessage.xorMessage(totmsg) + "','" + ip + "','" + sys + "','" + wrd + "','" +
dates + "','" + time + "')");
pss.executeUpdate();
pss.close();
mm.sendMail("projects.netizen@gmail.com", msg, "Threat Word Found");
} catch (Exception ex) {
System.out.println("Mail Problem : " + ex.getMessage());
}
}
Thread.sleep(5000);
} catch (InterruptedException ex) {
System.out.println("IE Error ==>"+ex.getMessage());
} catch (FileNotFoundException ex) {
System.out.println("File Error ==>"+ex.getMessage());
}catch (IOException ex) {
System.out.println("IO Error ==>"+ex.getMessage());
Dept of CSE, PDCE 2010-11 37
}
}
}
/** This method is called from within the constructor to
* initialize the form.
* WARNING: Do NOT modify this code. The content of this method is
* always regenerated by the Form Editor.
*/
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated Code">
private void initComponents() {
setDefaultCloseOperation(javax.swing.WindowConstants.EXIT_ON_CLOSE);
setUndecorated(true);
pack();
}// </editor-fold>
/**
* @param args the command line arguments
*/
/*
* FrmNew.java
*
* Created on Jan 1, 2001, 1:40:28 AM
*/
package crberxforce;
import javax.swing.JOptionPane;
/**
*
* @author Neti 3
*/
public class FrmHome extends javax.swing.JFrame {
setTitle("Cyber X Force");
setResizable(false);
jMenuBar1.setBorder(new
javax.swing.border.SoftBevelBorder(javax.swing.border.BevelBorder.RAISED));
jMenu1.setMnemonic('f');
jMenu1.setText("Master");
jMenu3.setText("User Customization");
jMenuItem1.setText("New User");
jMenuItem1.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jMenuItem1ActionPerformed(evt);
}
});
jMenu3.add(jMenuItem1);
jMenuItem2.setText("Change Password");
jMenuItem2.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jMenuItem2ActionPerformed(evt);
}
});
jMenu3.add(jMenuItem2);
jMenuItem3.setText("Delete User");
jMenuItem3.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jMenuItem3ActionPerformed(evt);
}
});
jMenu3.add(jMenuItem3);
jMenu1.add(jMenu3);
jMenuItem8.setText("Key Generation");
jMenuItem8.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jMenuItem8ActionPerformed(evt);
}
});
jMenu1.add(jMenuItem8);
jMenuBar1.add(jMenu1);
jMenu2.setMnemonic('p');
Dept of CSE, PDCE 2010-11 40
jMenu2.setText("Process");
jMenu2.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jMenu2ActionPerformed(evt);
}
});
jMenuItem5.setText("Threat Word");
jMenuItem5.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jMenuItem5ActionPerformed(evt);
}
});
jMenu2.add(jMenuItem5);
jMenuBar1.add(jMenu2);
jMenu4.setMnemonic('t');
jMenu4.setText("Tools");
jMenuItem4.setText("Options");
jMenuItem4.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jMenuItem4ActionPerformed(evt);
}
});
jMenu4.add(jMenuItem4);
jMenuBar1.add(jMenu4);
setJMenuBar(jMenuBar1);
pack();
}// </editor-fold>
/**
* @param args the command line arguments
*/
public static void main(String args[]) {
java.awt.EventQueue.invokeLater(new Runnable() {
public void run() {
new FrmHome().setVisible(true);
}
});
}
/*
* To change this template, choose Tools | Templates
* and open the template in the editor.
*/
/*
* FrmSMSOption.java
*
* Created on Mar 6, 2010, 4:43:44 PM
*/
package crberxforce;
import java.lang.reflect.Field;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Statement;
import java.util.Enumeration;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.comm.CommPortIdentifier;
import javax.comm.SerialPort;
import javax.swing.DefaultListModel;
import javax.swing.JComboBox;
import javax.swing.JOptionPane;
/**
*
* @author user
*/
public class FrmSMSOption extends javax.swing.JPanel {
}
public void loadPorts(JComboBox cmb){
Enumeration pList = CommPortIdentifier.getPortIdentifiers();
// Process the list, putting serial and parallel into ComboBoxes
cmb.removeAllItems();
while (pList.hasMoreElements()) {
CommPortIdentifier cpi = (CommPortIdentifier) pList.nextElement();
System.out.println("Ok Here");
// System.out.println("Port " + cpi.getName());
cmb.addItem(cpi.getName());
}
}
public void loadMobile(){
try{
Statement st=DBConnect.getConnection().createStatement();
ResultSet rs=st.executeQuery("select distinct mob from mobiledet");
dlm.removeAllElements();
while(rs.next()){
dlm.addElement(rs.getString(1));
}
}catch(Exception ex){
}
}
public void loadEmail(){
try{
Statement st=DBConnect.getConnection().createStatement();
ResultSet rs=st.executeQuery("select distinct em from emaildet");
dlm.removeAllElements();
while(rs.next()){
dlm.addElement(rs.getString(1));
}
}catch(Exception ex){
}
}
Dept of CSE, PDCE 2010-11 45
public void loadOthers(){
try {
Class cls = Class.forName("javax.comm.SerialPort");
Field[] fld = cls.getFields();
Cmbdatabits.removeAllItems();
// Cmbparity.removeAllItems();
Cmbstopbits.removeAllItems();
for (int i = 0; i < fld.length; i++) {
String fldd=fld[i].getName();
if (fldd.toLowerCase().startsWith("databits")) {
String str=fldd.substring(fldd.indexOf("_")+1,fldd.length()).replace('_', '.');
Cmbdatabits.addItem(str);
}else if (fldd.toLowerCase().startsWith("stopbits")) {
String str=fldd.substring(fldd.indexOf("_")+1,fldd.length()).replace('_', '.');
Cmbstopbits.addItem(str);
}
}
} catch (ClassNotFoundException ex) {
Logger.getLogger(FrmSMSOption.class.getName()).log(Level.SEVERE, null, ex);
}
}
/** This method is called from within the constructor to
* initialize the form.
* WARNING: Do NOT modify this code. The content of this method is
* always regenerated by the Form Editor.
*/
@SuppressWarnings("unchecked")
// <editor-fold defaultstate="collapsed" desc="Generated Code">
private void initComponents() {
jPanel1.setBorder(javax.swing.BorderFactory.createTitledBorder("Port Setting"));
jButton3.setText("Save");
jButton3.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jButton3ActionPerformed(evt);
}
});
jButton4.setText("Exit");
jPanel2.setBorder(javax.swing.BorderFactory.createTitledBorder("Contact Settings"));
jButton1.setText("Save");
jButton1.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jButton1ActionPerformed(evt);
}
});
jButton2.setText("Exit");
jScrollPane1.setViewportView(lstmob);
jScrollPane2.setViewportView(lstemail);
jButton5.setText("Delete");
jButton6.setText("Add");
jButton6.addActionListener(new java.awt.event.ActionListener() {
public void actionPerformed(java.awt.event.ActionEvent evt) {
jButton6ActionPerformed(evt);
}
});
jButton7.setText("Delete");
jButton8.setText("Add");
}
}
Baron, Naomi S. 1998. Letters by phone or speech by other means: the linguistics of email,
Language and Communication 18,2: 133-170.
Bennahum, David S. 1999. Old email never dies, Wired May 1999: 1-11.
Brigham, Martin and Martin J. Corbett 1997. E-mail, power and the constitution of
organisational reality, New Technology, Work and Employment 12,1: 25-35.
Collot Milena and Nancy Belmore. 1996. Electronic language: a new variety of English. In
Susan Herring (ed) Computer-Mediated Communication: Linguistic, Social and Cross-cultural
Perspectives. Amsterdam: John Benjamins, 13-28
www.bruceekel.com