Professional Documents
Culture Documents
CHAPTER 1
INTRODUCTION
Spoofing is when an attacker pretends to be someone else in order gain access to
restricted resources or steal information. This type of attack can take a variety of different
forms; for instance, an attacker can impersonate the Internet Protocol (IP) address of a
legitimate user in order to get into their accounts. Also, an attacker may send fraudulent
emails and set up fake websites in order to capture users‘ login names, passwords, and
account information. Faking an email or website is sometimes called a phishing attack.
Another type of spoofing involves setting up a fake wireless access point and tricking victims
into connecting to them through the illegitimate connection.
Due to the openness of wireless and sensor networks, they are especially vulnerable to
spoofing attacks where an attacker forges its identity to masquerade as another device, or
even creates multiple illegitimate identities. Spoofing attacks are a serious threat as they
represent a form of identity compromise and can facilitate a variety of traffic injection
attacks, such as evil twin access point attacks. It is thus desirable to detect the presence of
spoofing and eliminate them from the network. In spite of existing 802.11 security techniques
including Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), or 802.11i
(WPA2), such methodology can only protect data frames – an attacker can still spoof
management or control frames to cause significant impact on networks. Wireless spoofing
attacks are easy to launch and can significantly impact the performance of networks. In a
large-scale wireless network, multiple adversaries may masquerade as the same identity and
collaborate to launch malicious attacks such as network resource utilization attack and denial-
of-service attack quickly. Therefore, the problem can be divided into three folds such as (1)
detect the presence of spoofing attacks, (2) determine the number of attackers, and (3)
localize multiple adversaries. To determine the number of attackers when multiple
adversaries use a same identity to launch attacks, this is the basis to further localize multiple
adversaries after attack detection. Moreover, in a large-scale network, multiple adversaries
may masquerade as the same identity and collaborate to launch malicious attacks such as
network resource utilization attack and denial-of-service attack quickly. Therefore, it is
important to
detect the presence of spoofing attacks,
determine the number of attackers, and
localize multiple adversaries and eliminate them.
prints for spoofing detection, [7] modeled the RSS readings using a Gaussian mixture model
and [9] used RSS and K-means cluster analysis to detect spoofing attacks.However, none of
these approaches have the ability to determine the number of attackers when multiple
adversaries use a same identity to launch attacks, which is the basis to further localize
multiple adversaries after attack detection.
CHAPTER 2
LITERATURE SURVEY
Recently, new approaches utilizing physical properties associated with wireless
transmission to combat attacks in wireless networks have been proposed. Based on the fact
that wireless channel response decorelates quite rapidly in space, a channel-based
authentication scheme was proposed to discriminate between transmitters at different
locations, and thus to detect spoofing attacks in wireless networks [11].Brik et al. [12]
focused on building fingerprints of 802.11bWLAN NICs by extracting radiometric
signatures, such as frequency magnitude, phase errors, and I/Q origin offset, to defend against
identity attacks. However, there is additional overhead associated with wireless channel
response and radiometric signature extraction in wireless networks. Li and Trappe [4]
introduced a security layer that used forge-resistant relationships based on the packet traffic,
including MAC sequence number and traffic pattern, to detect spoofing attacks.
The MAC sequence number has also been used in [13] to perform spoofing detection.
Both the sequence number and the traffic pattern can be manipulated by an adversary as long
as the adversary learns the traffic pattern under normal conditions. The works [3], [7], [14]
using RSS to defend against spoofing attacks are most closely related to us. Faria and
Cheriton [3] proposed the use of matching rules of signal prints for spoofing detection. Sheng
et al. [7] modelled the RSS readings using a Gaussian mixture model. Sang and Arora [14]
proposed to use the node‘s ―spatial signature,‖ including Received Signal Strength Indicator
(RSSI) and Link Quality Indicator (LQI) to authenticate messages in wireless networks.
However, none of these approaches are capable of determining the number of attackers when
there are multiple adversaries collaborating to use the same identity to launch malicious
attacks. Further, they do not have the ability to localize the positions of the adversaries after
attack detection.
been shown to be vulnerable to such attacks even when 802.11i/1X and other security
mechanisms are deployed. In this paper we show that a transmitting device can be robustly
identified by its signal print, a tuple of signal strength values reported by access points acting
as sensors. We show that, different from MAC addresses or other packet contents, attackers
do not have as much control regarding the signal prints they produce.
Moreover, using measurements in a test bed network, we demonstrate that signal
prints are strongly correlated with the physical location of clients, with similar values found
mostly in close proximity. By tagging suspicious packets with their corresponding signal
prints, the network is able to robustly identify each transmitter independently of packet
contents, allowing detection of a of a large class of identity-based attacks with high
probability.
Our framework authenticates incoming nodes, maintains trust relationships during topology
changes through an efficient handoff scheme, and provides data origin authentication for
sensor data. Further, our framework assigns authentication tasks to nodes according to their
computational resources, with resource-abundant access points performing digital signatures
and maintaining most of the security parameters. We conclude by providing an initial
performance evaluation and security analysis for our framework.
Three main problems that make wireless sensor networks difficult to protect and
secure against intrusions can be readily identified. First problem is the very nature of the
wireless communication medium, which makes wire-less communication inherently insecure.
Unlike wired networks, where a device has to be physically connected to the medium, the
wireless medium is open and accessible to anyone.
Moreover, the range in which the impact of an intruder can be felt primarily depends
on the characteristics of intruder's equipment; an intruder with a strong transmitter can easily
produce interference from a distance which makes any physical response infeasible or, in
some applications, plain impossible. The second problem is the absence of any infrastructure
{ in particular, there is no central or master controller to monitor the operation of the network
and analyze the data to detect intrusions.
While most such networks have a designated network sink, its role is typically
restricted to data collection and query distribution, and does not include any form of actual
control. As a result, any intrusion detection technique has to be implemented as a
cooperative, distributed effort of many among the nodes in the sensor network, or even all of
them together. An added difficulty stems from the unstable topology of the network, which
may be due to battery exhaustion or (in some cases) node mobility.
Yet other wireless networks exist that have both of these problems: wire- less ad hoc
networks. In those networks, wireless communication medium is used, and they operate with
little infrastructure or none at all. A number of intrusion prevention techniques has been
proposed for such networks [10], and also a few techniques for intrusion detection [5, 17, 28,
29]. Such techniques are a combination of several approaches, including use of cooperating
mobile agents [6, 15], possibly combined with the analysis of audit logs [13], a game-
theoretic approach [1], and a number of others. However, the main problem with wireless
sensor network lies elsewhere: in their limited computational and communication resources.
Namely, wire-less sensor networks need to operate autonomously for prolonged periods of
time, and they have to run on battery power.
To cater to those goals, the energy consumption of sensor nodes has to be minimized;
this necessitates both the power efficiency of the hardware (and its small size) and the
efficiency of communications protocols and the software that implements those protocols.
The processing subsystem is invariably implemented with a small microprocessor with
limited resources, which runs at low clock speeds, and thus offers only modest computational
and memory capabilities. As a result,
The processing power of such subsystems is generally insufficient to run a full-scale
software agent dedicated to intrusion detection.
Even if sufficient computational capability were available, the low data rate of typical
communication channels|250kbps for IEEE 802.15.4 networks operating in the ISM band at
2.4GHz, but only 20 or 40 kbps when operating in other bands [12]|simply does not source
for the rather intense communication that those agents need.
protocol or cooperate with them. The consequence is that the original architecture works
inefficiently or otherwise should be redesigned.
readings from neighboring nodes, aggregates them, and sends them to the base station or
another data processing node. The goal of secure data aggregation is to obtain a relatively
accurate estimate of the real-world quantity being measured, and to be able to detect and
reject a reported value that is significantly distorted by corrupted nodes.
Attacks on wireless sensor networks can occur in different networking layers such as
application, data link, network and physical layers, or in two or more of these layer
simultaneously. Attacks on the physical layer are, in fact, the easiest to launch. Since wireless
sensor networks can be deployed in hostile environment or densely populated areas, physical
access to individual nodes is possible. Even casual passers-by may be able to damage,
destroy, or tamper with sensor devices.
Destruction of the node could cause gaps in sensor or communication cover- age.
Better equipped attackers can interrogate a devices memory, stealing its data or cryptographic
keys. The code can be replaced with a malicious program which is potentially undetectable to
neighboring nodes. The capability process of the subverted node becomes a fully authorized
insider Attacks on program which is potentially undetectable to neighboring nodes. The
capability profile of the subverted node becomes a fully authorized insider Attacks on the
data link layer, including the media access control layer, are also comparatively simple. Many
data link protocols in wire- less sensor networks just consider the efficiency and fairness of
utilizing the common channel. In these protocols, all the nodes in the network follow the
same set of rules to access the media. For these reasons, many data link protocols are very
vulnerable. Currently known attacks on the data link layer are mainly focused on the channel
access. That's to say, the malicious node could randomly access to the link and transmit or
eavesdrop messages from the channel.
More seriously, this node may inject and alter transmitted data. These attacks can be
organized in three categories: collision attack, unfairness attack, and exhaustion attack.
Collision Attack: Each node could inform its neighbors that he has some data to send or
receive by exchanging RTS (Request To Send)/CTS(Clear To Send) control packets.
Neighbor nodes could detect that the public channel is busy, and they would back o® their
sending even if they have some data packets to send. Using this mechanism, the collision
only happens in the exchanging period of RTS and CTS pack-ets, which means the data
packet sending process is a non-collision process. In addition, each node will check whether
the channel is busy or idle before sending RTS and CTS packets.
That‘s why the probability of collision is very low. Under the condition, when there is
a packet transmitting on channel, adversaries can easily conduct attacks through sending out
some packets to disrupt it(such as data packs, control packets sent by normal nodes).
Unfairness Attack:
For most RTS/CTS-based data link protocols, each node has the same priority to get
the common channel. The rule is that the tried node gets hold of the channel. Besides, all
other nodes have to wait for a random length time before trying to transmit packets. This rule
could ensure that every node accesses common channel fairly. Adversaries could utilize these
characteristics to attack the network. They send out packets just waiting for a very short time
or without waiting. This causes the common channel used more by adversaries than by
normal nodes.
If authentication is introduced, another adversary which situated near the base station can
launch a wormhole and sinkhole attack.
Also, the adversary can use HELLO to make itself as a parent of other node in the
network. Attacks on Application Layer The most common kind of application level attack is
the Denial of Services (DoS) attack. A DoS attack is any event that diminishes or eliminates a
networks capability to perform its expected functions. It is the general result of any action
that prevents anypart of a WSN from functioning correctly or in a timely manner. Hardware
failures, software bugs, resource exhaustion, environmental conditions, or any complicated
interaction between these factors can cause a DoS.
routing will be used by other nodes. The generated trace data will then bear evidence of
normality or anomaly. High false positive rates are reported based on their simulation results.
Anomaly detection may be used to detect attacks against a network daemon or a SetUID
program by building a normal profile of the sys- tem calls made during program execution. If
the process execution deviates significantly from the established profile, an intrusion is
assumed. Okazaki et al. [19] have proposed a lightweight approach using profiles consisting
of the type of system call and its frequency occurrence, in which speech recognition methods
is used to calculate the optimal match between a normal profile and a sample profile.
Compared to the Misuse modeling, specification modeling takes the opposite approach; it
looks for specification of how a system or pro-gram executes and marks a sequence of
instructions as a potential intrusion if it violates the specification. This technique may provide
the capability to detect previously unknown attacks, while exhibiting a low false positive rate.
For example, Snort [23] is an open source network intrusion prevention and detection
system utilizing a rule-driven language, which combines the benefits of signature-based and
anomaly-based detection methods. Location of the Intrusion Detection System A second
distinction can be made in terms of the placement of the IDS. In this respect IDSs are usually
divided into host-based and network-based systems and once again, both systems offer the
advantages and disadvantages:
Host-based systems are present on each host that requires monitoring, and collect data
concerning the operation of this host, usually logles, network traffic to and from the host, or
information on processes running on the host. Host-based systems are able to determine if an
attempted attack was indeed successful, and can detect local attacks, privilege escalation
attacks and attacks which are encrypted. However, such systems can be difficult to deploy
and manage, especially when the number of hosts needing protection is large. Furthermore,
these systems are unable to detect attacks against multiple targets within the network.
Network-based IDSs monitor the network traffic on the network containing the hosts
to be protected, and are usually run on a separate machine termed a sensor. Network-based
systems are able to monitor a large number of hosts with relatively little deployment costs,
and are able to identify attacks to and from multiple hosts. However, they are unable to detect
whether an attempted attack was indeed successful, and are unable to deal with local or
encrypted attacks. Hybrid systems, which incorporate host- and network-based elements can
o®er the best protective capabilities and systems to protect against attacks from multiple
sources are also under development.
CHAPTER 3
SYSTEM ANALYSIS
3.1 Existing System
In spite of existing 802.11 security techniques including Wired Equivalent Privacy
(WEP), Wi-Fi Protected Access (WPA), or 802.11i (WPA2), such methodology can only
protect data frames—an attacker can still spoof management or control frames to cause
significant impact on networks. Spoofing attacks can further facilitate a variety of traffic
injection attacks [9],[10], such as attacks on access control lists, rogue access point (AP)
attacks, and eventually Denial of-Service (DoS) attacks. A broad survey of possible spoofing
attacks can be found in [6],[7]. Moreover, in a large-scale network, multiple adversaries may
masquerade as the same identity and collaborate to launch malicious attacks such as network
resource utilization attack and denial-of-service attack quickly. Therefore, it is important to
detect the presence of spoofing attacks,
determine the number of attackers, and
localize multiple adversaries and eliminate them.
Most existing approaches to address potential spoofing attacks employ cryptographic
schemes. However, the application of cryptographic schemes [8] requires reliable key
distribution, management, and maintenance mechanisms. It is not always desirable to apply
these cryptographic methods because of its infrastructural, computational, and management
overhead. Further, cryptographic methods are susceptible to node compromise, which is a
serious concern as most wireless nodes are easily accessible, and easily scanned.
3.1.1 Disadvantages of existing system
Among various types of attacks, identity-based spoofing attacks are especially easy to
launch and can cause significant damage to network performance.
For instance, in an 802.11 network, it is easy for an attacker to gather useful MAC
address information during passive monitoring and then modify its MAC address by
simply issuing an ifconfig command to masquerade as another device.
Effective only when implemented by large number of networks.
Deployment is costly, Incentive for an ISP is very low.
The proposed System used Inter domain Packet filters (IDPFs) architecture, a system
that can be constructed solely based on the locally exchanged BGP updates.
Each node only selects and propagates to neighbors based on two set of routing
policies. They are Import and Export Routing policies.
The IDPFs uses a feasible path from source node to the destination node, and a packet
can reach to the destination through one of its upstream neighbors.
The training data is available, we explore using Support Vector Machines (SVM)
method to further improve the accuracy of determining the number of attackers.
In localization results using a representative set of algorithms provide strong evidence
of high accuracy of localizing multiple adversaries.
The Cluster Based wireless Sensor Network data received signal strength (RSS) based
spatial correlation of network Strategy.
Use spoofing detection software: There are many programs available that help
organizations detect spoofing attacks, particularly ARP spoofing. These programs
work by inspecting and certifying data before it is transmitted and blocking data that
appears to be spoofed.
3.5 IP Spoofing:
Replacing the true IP address of the sender with a different address is known as IP
spoofing. This is a necessary operation in many attacks. The IP layer of the OS simply trusts
that the source address, as it appears in an IP packet is valid. It assumes that the packet it
received indeed was sent by the host officially assigned that source address. Because the IP
layer of the OS normally adds these IP addresses to a data packet, a spoofer must circumvent
the IP layer and talk directly to the raw network device. Note that the attacker‘s machine
cannot simply be assigned the IP address of another host X using ifconfig or a similar
configuration tool. Other hosts, as well as X, will discover that there are two machines with
the same IP address.
IP spoofing is an integral part of many attacks. For example, an attacker can silence a
host A from sending further packets to B by sending a spoofed packet announcing a window
the devices in between the sending computer and the receiving computer to get the data
where it is supposed to go properly.
This method of transmission does not provide any guarantee that the data you send
will ever reach its destination. On the other hand, this method of transmission has a very low
overhead and is therefore very popular to use for services that are not that important to work
on the first try.
A comparison you can use for this method is the plain old US Postal Service. You
place your mail in the mailbox and hope the Postal Service will get it to the proper location.
Most of the time they do, but sometimes it gets lost along the way.
Now that you understand what TCP and UDP are, we can start discussing TCP and
UDP ports in detail. Let‘s move on to the next section where we can describe the concept of
ports better.
As you know every computer or device on the Internet must have a unique number
assigned to it called the IP address. This IP address is used to recognize your particular
computer out of the millions of other computers connected to the Internet. When information
is sent over the Internet to your computer how does your computer accept that information? It
accepts that information by using TCP or UDP ports.
An easy way to understand ports is to imagine your IP address is a cable box and the
ports are the different channels on that cable box. The cable company knows how to send
cable to your cable box based upon a unique serial number associated with that box (IP
Address), and then you receive the individual shows on different channels (Ports).
Ports work the same way which is shown in the figure 2.2 . You have an IP address,
and then many ports on that IP address. When I say many, I mean many. You can have a total
of 65,535 TCP Ports and another 65,535 UDP ports.
If it uses the TCP protocol to send and receive the data then it will connect and bind
itself to a TCP port. If it uses the UDP protocol to send and receive data, it will use a UDP
port. Figure 1, below, is a representation of an IP address split into its many TCP and UDP
ports.
0 1 2 3 4 5 .. .. .. .. .. .. .. .. 65531 65532 65533 65534 65535
This all probably still feels confusing to you, and there is nothing wrong with that,
as this is a complicated concept to grasp. Therefore, I will give you an example of how
this works in real life so you can have a better understanding. We will use web servers in
our example as you all know that a web server is a computer running an application that
allows other computers to connect to it and retrieve the web pages stored there.
In order for a web server to accept connections from remote computers, such as
yourself, it must bind the web server application to a local port. It will then use this port
to listen for and accept connections from remote computers. Web servers typically bind to
the TCP port 80, which is what the http protocol uses by default, and then will wait and
listen for connections from remote devices. Once a device is connected, it will send the
requested web pages to the remote device, and when done disconnect the connection.
On the other hand, if you are the remote user connecting to a web server it would
work in reverse. Your web browser would pick a random TCP port from a certain range
of port numbers, and attempt to connect to port 80 on the IP address of the web server.
When the connection is established, the web browser will send the request for a particular
web page and receive it from the web server.
Then both computers will disconnect the connection. Now, what if you wanted to
run an FTP server, which is a server that allows you to transfer and receive files from
remote computers, on the same web server. FTP servers use TCP ports 20 and 21 to send
and receive information, so you won't have any conflicts with the web server running on
TCP port 80.
CHAPTER 4
SYSTEM REQUIREMENT AND SPECIFICATION
4.1 Functional Requirements:
The Functional Requirements Specification documents the operations and activities
that a system must be able to perform. a functional requirement defines a function of a
software system or its component. A function is described as a set of inputs, the behavior, and
outputs. Functional requirements may be calculations, technical details, data manipulation
and processing and other specific functionality that define what a system is supposed to
accomplish. Behavioral requirements describing all the cases where the system uses the
functional requirements are captured in use cases.
As defined in requirements engineering, functional requirements specify particular
results of a system. This should be contrasted with non-functional requirements which
specify overall characteristics such as cost and reliability. Functional requirements drive the
application architecture of a system, while non-functional requirements drive the technical
architecture of a system.
Functional requirements of system are
Wireless Network
Spoofing attack
Determine the attack
Calculating number of adversary
traditional runtimes as a light bulb is over a candle. A quick diagrammatic summary of the
major pieces of the CLR shown in the figure 8.2.
client application. The application will be able to start using it right away because of `the
self-describing nature of the assembly. This is possible because compilers in the .NET
framework embed identifiers or metadata into compiled modules, and the CLR uses this
information to load the appropriate version of the assemblies. The identifiers contain all the
information required to load and run modules and to locate all the other modules referenced
by the assembly.
An XCOPY deployment is also called a zero-impact install because the way you
configure the Registry entries and the component does not impact the machine. This zero-
impact installation also makes it possible to uninstall a component without affecting the
system in any manner.
4.9.1 Using Visual Studio .NET Installer for Deploying Applications:
Even though XCOPY deployment is very easy to use, it does not lend itself well to all
deployment requirements. For example, if your application has more robust setup and
deployment requirements, Visual Studio .NET Installer is a better option. Because Visual
Studio .NET Installer is built on top of Windows Installer technology, it takes advantage of
Windows Installer's features.
Float, Decimal, Char (including character strings), varchar (variable length character strings),
binary (for unstructured blobs of data), Text (for textual data) among others. The rounding of
floats to integers uses either Symmetric Arithmetic Rounding or Symmetric Round Down
(Fix) depending on arguments: SELECT Round(2.5,0) gives 3.
SQL Server Management Studio is a GUI tool included with SQL Server 2008 and
later for configuring, managing, and administering all components within Microsoft SQL
Server. The tool includes both script editors and graphical tools that work with objects and
features of the server. SQL Server Management Studio replaces Enterprise Manager as the
primary management interface for Microsoft SQL Server since SQL Server 2008. A version
of SQL Server Management Studio is also available for SQL Server Express Edition, for
which it is known as SQL Server Management Studio Express (SSMSE).
A central feature of SQL Server Management Studio is the Object Explorer, which
allows the user to browse, select, and act upon any of the objects within the server. It can be
used to visually observe and analyze query plans and optimize the database performance,
among others. SQL Server Management Studio can also be used to create a new database,
alter any existing database schema by adding or modifying tables and indexes, or analyze
performance. It includes the query windows which provide a GUI based interface to write
and execute queries
The advantages of SQL Server 2008
SQL Server 2008 has reduced application downtime, increased scalability and
performance, and tight yet flexible security controls.
SQL Server 2008 makes it simpler and easier to deploy, manage, and optimize
enterprise data and analytical applications.
It enables you to monitor, manage, and tune all of the databases in the effective way.
Failure of the primary system, applications can immediately reconnect to the database
on the secondary server using Database Mirroring.
SQL Server 2008 provides a new capability for the partitioning of tables across file
groups in a database.
CHAPTER 5
SYSTEM DESIGN
The design and implementation of a system basically deals with the system‘s control
flow and the interaction of the system with outside environment.
The External Entity symbol represents sources of data to the system or destinations of
data from the system.
The Data Flow symbol represents movement of data.
The Data Store symbol represents data that is not moving (delayed data at rest).
The Process symbol represents an activity that transforms or manipulates the data
(combines, reorders, converts, etc.).
Any system can be represented at any level of detail by these four symbols.
on receiving the request, it set the path of the requested file to the client. Meanwhile, the key
logger will be running in the client system and in will send the valid user name and password
to the spoofer account. Next, the client will view the server message and respond to it by
opening the connection between server and client through. Server will select the request and
send the requested file to the client through the established channel. During this transaction,
the spoofer will try to update the node IP address to his IP address. Spoofer will try to receive
a file through the established channel. But, at the same time analysis processing of the RSS
will alert the server. By sending the RSS values to GADE and idol the will detect the spoofer
and blocked those nodes. The file will sent to the client successfully through other nodes.
use cases are the set of action that client can perform with the system i.e. client can
register to the application, login to the application, send a request to the server, can
view requested data, can response to the server and finally will receive the requested
file.
CHAPTER 6
MODULES
The design process involves developing several models of the system at different levels
of abstraction. As design is decomposed, errors and omissions in earlier stages are discovered
and their feed backs help in earlier design models to be improved. Here we have divided this
project into three major module, they are
Server module
Client module
Spoofer module
requested file and send it to the client by clicking the transfer button.
6.3.1. Client Module:
Functionalities of client
Client can send a request to the server.
Client can view the requested data.
Client can view the response message sent by the server.
Client can also view the files & download the file which has sent by the server.
Client Receiver form plays important role in client module. Here client needs to connect
with server, once connected with server. Client need to set the path to receive a file (if server
not connected to the client, client will be in waiting state), after setting the path client will be
waiting to receive the file. Once Server successfully sent a file to the client through port,
automatically client will receive the file to the selected path and client gets the notification
message as ―Successfully file has been received‖. This process is shown in the figure 61.2.
6.3.2 Client Signup
Client will get registered into the application by providing the above details. If all the
provided information is valid by the client, then he/she will be registered successfully. Now,
client will be considered as a valid user. System name and ip address need to be entered by
the client
6.3.3 Client Login
After the successful registration process, client will get login to the application by
entering a valid user name and password as shown in the above figure. Now, client can use
the application to get the service from the server. If the user name and password is not valid
then client cannot login to the application and get the service from the server. If all the
information provided by him is proper then he will be considered as valid user by the server.
CHAPTER 7
Testing and Analysis
Importance of Testing:
Testing is the measurement of software quality hence, one of the most important stages
in software development. It involves executing an implementation of the software and its
operational behavior to check that it is performing as required. One of the main goals of
testing is to have a minimum number of test cases that will find a majority of the
implementation errors.
Some important types of testing are as follows:
UNIT TESTING
INTEGRATED TESTING
SYSTEM TESTING
BLACK BOX TESTING
WHITE BOX TESTING
7.1 Unit Testing:
In unit testing application developer tests the system. The whole application is made
up of different modules. Unit testing focuses on each sub module independent of one another,
to locate errors. This enables the programmer to detect errors. While testing the module the
concept of trace and breakpoints are applied at different stages of testing. The unit testing of
this project was done in which each and every module was tested with certain test data to
ensure that the program works accurately. The unit testing was carried out successfully.
7.2 Integrated Testing:
Integrated testing is to test the system as a whole. That is to test the system when all
the modules and its sub modules are integrated. This testing is done to ensure that all the
modules, which works correctly when independent, works without any discrepancies when
integrated. System testing ensures that the related modules work together to achieve the main
objective of the application.
The project was tested with all its modules integrated and ensured that there were no
errors. Samples of data were keyed into the application. It has been seen the application is
working perfectly, to the satisfactory of the user.
White box testing is an approach to testing where the tests are derived from
knowledge of the software structure and implementation. This testing technique is basically
applied to relatively small program units such as subroutines or operations associated with an
object. The tester can analyze the code and use the knowledge of a component to derive test
data. The analysis of the code can be used to find out how many test cases are needed to
guarantee a larger test coverage that is all of the statements in the program or component
must be executed at least once during the testing process.
CHAPTER 8
Test Cases, Suites, Scripts and Scenarios:
A test is a software testing document, which consists of event, action, input, output
expected results and actual result. Clinically defined (IEEE 829-1998) a test case is an input
and expected result. This can be as pragmatic as ‗for condition x your derived result is y‘,
whereas the other test cases described in more detail the input scenario and what results
might be expected. It can occasionally be a series of steps (but often steps are contained in a
separate test procedure that can be exercised against multiple test cases, as matter of
economy) but with one expected result or expected outcome.
The optional fields are the test case ID, test step or order of execution number, related
requirement (s), depth, test category, author, and check boxes for whether the test is
Automatable and has been automated. Larger test cases may also contain pre-requisite states
or steps, and descriptions. A test case should also contain a place for the actual result. These
steps can be stored in a word processor document, spread sheet, database or other common
repository. In a database system, you may also be able to see past test results and who
generated the results and the system configuration used to generate those results. These past
results would usually be stored in a separate table.
The term test script is the combination of a test case, test procedure and test data.
Initially the term was derived from the byproduct of work created by automated regression
test tools. Today, test scripts can be manual, automated or combination of both.
The most common term for a collection of test cases is a Test Suite. The test suite
often also contains more detailed instructions or goals for each collection of test cases. It
definitely contains a section where the tester identifies the system configuration used during
testing.
A group of test cases may also contain pre-requisite states or steps, and descriptions
of the following tests. Collections of test cases are sometimes incorrectly termed a test plan.
They might correctly be called a Test specification. If sequence is specified, it can be a test
script, scenario or procedure.
CHAPTER 9
Snapshots
page
Conclusion
In this system an approach is used to detect the presence of attacks as well as determine the
number of adversaries, spoofing the same node identity, so that we can localize any number
of attackers and eliminate them. Determining the number of adversaries is a particularly
challenging problem. To validate our approach, we conducted experiments found that our
detection mechanisms are highly effective in both detecting the presence of attacks with
detection rates over 98 percent and determining the number of adversaries, achieving over 90
percent hit rates and precision simultaneously. Further, based on the number of attackers
determined by our mechanisms, our integrated detection and localization system can localize
any number of adversaries even when attackers using different transmission power levels.
The performance of localizing adversaries achieves similar results as those under normal
conditions, thereby, providing strong evidence of the effectiveness of our approach in
detecting wireless spoofing attacks, determining the number of attackers and localizing
adversaries.
List of Publications
REFERENCES
[1] A. Agah, S. K. Das, K. Basu, and M. Asadi. A non-cooperative game approach for
intrusion detection in sensor networks. In Third IEEE In- ternational Symposium on Network
Computing and Applications, pages 343{346, 2004.
[3] F. Anjum, D. Subhadrabandhu, and S. Sarkar. Signature based intru- sion detection for
wireless ad-hoc networks: A comparative study of various routing protocols. In Vehicular
Technology Conference, Wire- less Security Symposium, Orlando, Florida, 2003.
[4] M. Bishop. Computer Security: Art and Science. Addison Wesley, Pearson Education,
Inc., Boston, 2004.
[5] P. Brutch and C. Ko. Challenges in intrusion detection for wireless ad- hoc networks. In
SAINT: Symposium on Applications and the Internet, pages 368{373, 2003.
[9] W. Du, L. Fang, and P. Ning. Lad: Localization anomaly detection for wireless sensor
networks. In IPDPS: 19th IEEE International Parallel and Distributed Processing
Symposium, 2005.
[11] Y. Huang and W. Lee. A cooperative intrusion detection system for ad hoc networks. In
SASN: Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks,
pages 135{147, 2003.
[12] IEEE. Standard for part 15.4: Wireless MAC and PHY speci¯cationsfor low rate WPAN.
IEEE Std 802.15.4, IEEE, New York, NY, Oct. 2003.
[13] O. Kachirski and R. K. Guha. E®ective intrusion detection using multi-ple sensors in
wireless ad hoc networks. In Proceedings of the 36th An-nual Hawaii International
Conference on System Sciences, pages 57{65,2003.
[14] C. Karlof and D. Wagner. Secure routing in wireless sensor networks: Attacks and
countermeasures. In First IEEE International Workshop on Sensor Network Protocols and
Applications, pages 113{127, May 2003.
[16] J. Mirkovic, S. Dietrich, D. Dittrich, and P. Reiher. Internet Denial ofService: Attack and
Defense Mechanisms. Prentice Hall, 2005.