INDEX

1. ABSTRACT
S.NO TABLE OF CONTENTS PAGE.NO
1 ABSTRACT 1
2 INTRODUCTION 2
3 ANALYSIS
3.1 Introduction 5
3.1.1 Analysis Model 6
3.1.2 Problem analysis 7
3.1.3 System Requirement Specification 8
3.1.4 Feasibility Study 9
4 DESIGN
4.1 Software Design 23
4.2 System Architecture 24
4.3 Data Flow Chart 25
4.4 ER Digram 26
4.5 Uml Diagram 27
4.6 Use Case Diagram 29
4.7 Class Diagram 32
4.8 Sequence Diagram 33
4.9 Activity Diagram 34
5 OUTPUT SCREEN 36
6 TESTING 43
7 IMPLEMENTATION 49
8 CONCLUSION 50
9 FUTURE ENHANCEMENT 51
10 BIBLIOGRAPHY 52

Analyzing cyber incident data sets is an important method for deepening our understanding
of the evolution of the threat situation. This is a relatively new research topic, and many studies
remain to be done. In this paper, we report a statistical analysis of a breach incident data set
corresponding to 12 years (2005–2017) of cyber hacking activities that include malware attacks.
We show that, in contrast to the findings reported in the literature, both hacking breach incident
inter- arrival times and breach sizes should be modelled by stochastic processes, rather than by
1
distributions because they exhibit autocorrelations.
Then, we propose particular stochastic process models to, respectively, fit the inter-arrival
times and the breach sizes. We also show that these models can predict the inter-arrival times and
the breach sizes. In order to get deeper insights into the evolution of hacking breach incidents, we
conduct both qualitative and quantitative trend analyses on the data set. We draw a set of
cybersecurity insights, including that the threat of cyber hacks is indeed getting worse in terms of
their frequency, but not in terms of the magnitude of their damage.

2
 2. INTRODUCTION

Hacking is the process of gaining unauthorized access into a computer system, or group
of computer systems. This is done through cracking of passwords and codes, which gives access to
the systems. Cracking is the term, which specifies the method by which the password or code is
obtained. The person who undertakes hacking is known as the hacker. The hacking can be done on
single systems, a group of systems, an entire LAN network, a website, a social media site, or an
email account. The hacker through password cracking algorithms programs obtains the access to a
password.
Existing System
The present study is motivated by several questions that have not been investigated until
now, such as: Are data breaches caused by cyber-attacks increasing, decreasing, or stabilizing. A
principled answer to this question will give us a clear insight into the overall situation of cyber
threats. This question was not answered by previous studies. Specifically, the dataset analyzed in
[7] only covered the time span from 2000 to 2008 and does not necessarily contain the breach
incidents that are caused by cyber-attacks; the dataset analyzed in [9] is more recent, but contains
two kinds of incidents: negligent breaches (i.e., incidents caused by lost, discarded, stolen devices
and other reasons) and malicious breaching.

Since negligent breaches represent more human errors than cyber-attacks, we do not
consider them in the present study. Because the malicious breaches studied in [9] contain four sub-
categories: hacking (including malware), insider, payment card fraud, and unknown, this study will
focus on the hacking sub-category (called hacking breach dataset thereafter), while noting that the
other three sub-categories are interesting on their own and should be analyzed separately.
Recently, researchers started modeling data breach incidents. Maillart and Sornette studied the
statistical properties of the personal identity losses in the United States between year 2000 and
2008.
They found that the number of breach incidents dramatically increases from 2000 to July
2006 but remains stable thereafter. Edwards et al. analyzed a dataset containing 2,253 breach
incidents that span over a decade (2005 to 2015). They found that neither the size nor the
frequency of data breaches has increased over the years. Wheatley et al., analyzed a dataset that is
combined from corresponds to organizational breach incidents between year 2000 and 2015. They
found that the frequency of large breach incidents (i.e., the ones that breach more than 50,000
records) occurring to US firms is independent of time, but the frequency of large breach incidents
occurring to non-US firms exhibits an increasing trend.
Drawbacks of Existing System:

1) Do data breaches caused by cyber- attacks increasing, decreasing, or stabilizing.

2) Should we use a distribution or stochastic process to describe the breach incidents inter-
arrival times, and which distribution or process?

3) Are the breach sizes and the incidents inter-arrival times independent of each other?

Proposed System:

In this system , we make the following three contributions. First, we show that both the
hacking breach incident interarrival times (reflecting incident frequency) and breach sizes should be
modeled by stochastic processes, rather than by distributions.

We find that a particular point process can adequately describe the evolution of the hacking
breach incidents inter-arrival times and that a particular ARMA-GARCH model can adequately
describe the evolution of the hacking breach sizes, where ARMA is acronym for “AutoRegressive
and Moving Average” and GARCH is acronym for “Generalized AutoRegressive Conditional
Heteroscedasticity”. We show that these stochastic process models can predict the inter-arrival times
and the breach sizes.
To the best of our knowledge, this is the first paper showing that stochastic processes, rather
than distributions, should be used to model these cyber threat factors. Second, we discover a positive

dependence between the incidents inter-arrival times and the breach sizes, and show that this
dependence can be adequately described by a particular copula. We also show that when predicting
inter-arrival times and breach sizes, it is necessary to consider the dependence; otherwise, the
prediction results are not accurate. To the best of our knowledge, this is the first work showing the
existence of this dependence and the consequence of ignoring it. Third, we conduct both qualitative
and quantitative trend analyses of the cyber hacking breach incidents.
We find that the situation is indeed getting worse in terms of the incidents inter-arrival time
because hacking breach incidents become more and more frequent, but the situation is stabilizing in
terms of the incident breach size, indicating that the damage of individual hacking breach incidents
will not get much worse.
We hope the present study will inspire more investigations, which can offer deep insights
into alternate risk mitigation approaches. Such insights are useful to insurance companies,
government agencies, and regulators because they need to deeply understand the nature of data
breach risks.
Advantages Of Proposed System:

We find the sitiutation is needed getting worse in terms of the incidients inter arrival time . because

hacking breaches incident become more and more frequent ,but the sitituation is stabilizing in the

term of the incident breach size , indiicating the damage of individual hacking breach incident will

not get much worse.

General the larger the margin the lower the generation earror of the classiier . where as the original

problem may be stned at finied dimensional space , it ofen happens ,that the setsv to descriminate are

not linarly separable in the space

1. UPLOAD DATA

The data resource to database can be uploaded by both administrator and authorized user.
The data can be uploaded with key in order to maintain the secrecy of the data that is not
released without knowledge of user. The users are authorized based on their details that are
shared to admin and admin can authorize each user. Only Authorized users are allowed to
access the system and upload or request for files.
2. ACCESS DETAILS

The access of data from the database can be given by administrators. Uploaded data are
managed by admin and admin is the only person to provide the rights to process the accessing
details and approve or unapproved users based on their details.
3. USER PERMISSIONS

The data from any resources are allowed to access the data with only permission from
administrator. Prior to access data, users are allowed by admin to share their data and verify the
details which are provided by user. If user is access the data with wrong attempts then, users are
blocked accordingly. If user is requested to unblock them, based on the requests and previous
activities admin is unblock users.
4. DATA ANALYSIS

Data analyses are done with the help of graph. The collected data are applied to graph in
order to get the best analysis and prediction of dataset and given data policies.The dataset can
be analyzed through this pictorial representation in order to better understand of the data details.
 3.ANALYSIS

3.1 Introduction

After analyzing the requirements of the task to be performed,the next step is to analyze the

problem and understand its context,the first activity in the phase is studying the existing system

and other is to understand the requirements and domain of the new system. Both the activies are

equally important, but the first activity serves as a basis of giving the functional specifications

and the successful design of the proposed system. Understanding the properties and requirements

of anew system is more difficult,improper understanding of present system can lead diversion

from solution.

Analysis models represent customer requirements. Design models provide a

concurrent.Specification

for the instruction of the software. Analysis modeling focuses on three attributes of software:

information to be processed, function to be delivered and behaviour to be

The following are the principles of the good Analysis

The information domain of a problem must be represented understood.

Thefunctions that the software performs must be defined.

The behaviour of the software (has a consequence of the external events must be

represented)

The models that depict information function and behaviour must be partitioned in a

manner that uncovers detail in a layer.

The anlaysis task should move from essential information toward implementaion detail.

To provide flexibility to the users, the interface have been developed that are accessible

Throug a browser

.The information domain of a problem must be represented understood.

Thefunctions that the software performs must be defined.

3.1.1 Analysis Model

This document play a vital role in the development of life cycle (SDLC) as it
describes the

complete requirement of the system. It means for use by developers and will be the
basic

during testing phase. Any changes made to the requirements in the future will have to
go

through formal change approval process.

SPIRAL MODEL was defined by Barry Boehm in his 1988 article, “A spiral Model
of

Software Development and Enhancement. This model was not the first model to
discuss

iterative development, but it was the first model to explain why the iteration models.

The steps for Spiral Model can be generalized as follows:

The new system requirements are defined in as much details as possible. This
usually

involves interviewing a number of users representing all the external or internal

users

and other aspects of the existing system.

A preliminary design is created for the new system.

A first prototype of the new system is constructed from the preliminary design.
This

is usually a scaled-down system, and represents an approximation of the

characteristics of the

final product.

1. Evaluating the first prototype in terms of its strengths, weakness, and risks.

2. Defining the requirements of the second prototype.

3. Planning an designing the second prototype.

4. Constructing and testing the second prototype.

 The existing prototype is evaluated in the same manner as was the previous
prototype,

and if necessary, another prototype is developed from it according to the fourfold

procedure outlined above.

The preceding steps are iterated until the customer is satisfied that the refined

prototype represents the final product desired.

The final system is constructed, based on the refined prototype.

The final system is thoroughly evaluated and tested. Routine maintenance is carried

on a continuing basis to prevent large scale failures and to minimize down time.

3.1.2 Problem Analysis

An organized and systematic office solution is essential for all universities and organizations.

There are many institutions maintaining the hostel information. They provide various records

regarding students. Most of these track records need to maintain information about the students.

This information could be the general details like student name, address,contact details etc . All

the modules in feedback administration are interdependent. They are maintained manually. So

they need to be automated and centralized as, Information from one module will be needed by

other modules.
 3.1.3 System Reuirements Specification :

Hardware Requirements:

System : Pentium IV 2.4 GHz.

Hard Disk : 40 GB.

Floppy Drive : 1.44 Mb.

Monitor : 14’ Colour Monitor.

Mouse : Optical Mouse.

Ram : 512 Mb.

Software Requirements:

Operating system : Windows 7 Ultimate.

Coding Language : Python.

Front-End : Python.

Designing : Html, CSS, javascript.

Data Base : MySQL.

 3.1.4 Feasibility Study

The feasibility of the project is analyzed in this phase and business proposal is put forth with
a very general plan for the project and some cost estimates. During system analysis the feasibility
study of the proposed system is to be carried out. This is to ensure that the proposed system is not
a burden to the company. For feasibility analysis, some understanding of the major requirements
for the system is essential.

Three key considerations involved in the feasibility analysis are,

 Economical feasibility
 Technical feasibility
 Social feasibility

Economical Feasibility

This study is carried out to check the economic impact that the system will have on the
organization. The amount of fund that the company can pour into the research and development
of the system is limited. The expenditures must be justified. Thus the developed system as well
within the budget and this was achieved because most of the technologies used are freely
available. Only the customized products had to be purchased.

Technical Feasibility

This study is carried out to check the technical feasibility, that is, the technical
requirements of the system. Any system developed must not have a high demand on the
available technical resources. This will lead to high demands on the available technical
resources. This will lead to high demands being placed on the client. The developed system
must have a modest requirement, as only minimal or null changes are required for
implementing this system.

Social Feasibility

The aspect of study is to check the level of acceptance of the system by the user. This
includes the process of training the user to use the system efficiently. The user must not feel
threatened by the system, instead must accept it as a necessity. The level of acceptance by the
users solely depends on the methods that are employed to educate the user about the system and
to make him familiar with it. His level of confidence must be raised so that he is also able to
make some constructive criticism, which is welcomed, as he is the final user of the system.
Features of the languages used

Python Technology

Python is a general-purpose interpreted, interactive, object-oriented, and high-level

programming language. An interpreted language, Python has a design philosophy that
emphasizes code readability and a syntax that allows programmers to express concepts in
fewer lines of code than might be used in languages such as C++or Java.

It provides constructs that enable clear programming on both small and large scales.
Python interpreters are available for many operating systems. CPython, the reference
implementation of Python, is open source software and has a community-based development
model, as do nearly all of its variant implementations. The non-profit Python Software
Foundation manages CPython. Python features a dynamic type system and automatic memory
management. It supports multiple programming paradigms, including object-
oriented, imperative, functional and procedural, and has a large and comprehensive standard
library.

What is Python?

Python is a popular programming language. It was created by Guido van Rossum, and released
in 1991.

It is used for:

 Web development (server-side),

 Software development,
 Mathematics,
 System scripting.

What can Python do?

 Python can be used on a server to create web applications.

 Python can be used alongside software to create workflows.
 Python can connect to database systems. It can also read and modify files.
Why Python?

 Python works on different platforms (Windows, Mac, Linux, Raspberry Pi, etc.).
 Python has a simple syntax similar to the English language.
 Python has syntax that allows developers to write programs with fewer lines than some
other programming languages.
 Python runs on an interpreter system, meaning that code can be executed as soon as it is
written. This means that prototyping can be very quick.
 Python can be treated in a procedural way, an object-orientated way or a functional way.

DJANGO

Django is a high-level Python Web framework that encourages rapid development and
clean, pragmatic design. Built by experienced developers, it takes care of much of the hassle of
Web development, so you can focus on writing your app without needing to reinvent the wheel.
It’s free and open source.

Django's primary goal is to ease the creation of complex, database-driven websites.

Django emphasizes reusability and "plug ability" of components, rapid development, and the
principle of do not repeat yourself. Python is used throughout, even for settings files and data
models.

Django is a highly popular, free open-source high-level Python web framework. It

follows the MVT (Model-View-Template) architecture and helps in the development and
maintenance of high quality web applications. The primary reason for its popularity is its
encouragement for rapid development with the help of pragmatic design. This fully featured
server-side web framework eases the web development process and eventually helps in the
saving you a lot of time. It also involves less coding which is another benefit for the developers.

As you already know, Django is a Python web framework. In addition, like most
modern framework, Django supports the MVC pattern. First let's see what is the Model-View-
Controller (MVC) pattern, and then we will look at Django’s specificity for the Model-View-
Template (MVT) pattern.
MVC Pattern

When talking about applications that provides UI (web or desktop), we usually talk
about MVC architecture. And as the name suggests, MVC pattern is based on three
components: Model, View, and Controller.
DJANGO MVC - MVT Pattern

The Model-View-Template (MVT) is slightly different from MVC. In fact the main
difference between the two patterns is that Django itself takes care of the Controller part
(Software Code that controls the interactions between the Model and View), leaving us with the
template. The template is a HTML file mixed with Django Template Language (DTL).

Figure 1MVT Architecture

Django also provides an optional administrative create, read, update and delete interface
that is generated dynamically through introspection and configured via admin models
components of the MVT pattern. This interaction occurs in response to a user request.

Figure 2MVT Flow Diagram

The task of a developer is to provide a model, a view, and a template. After this, it has to be
mapped to a URL. The rest of the process is to be taken care of Django itself.

Advantages of Django:

Django being more than merely a Python framework owns certain advantages over other
platforms.

Speedy

The framework helps the developer to create an application or website in the shortest possible
period of time. From the initial to the final step of the website building, the tool makes sure that
it keeps the process efficient and cost effective. In short, it is a perfect fit for those developers
who are battling against the ticking time.

Security and Protection

Developers face a few of the common mistakes while developing a secure application, which
includes SQL injection, clickjacking, cross-site scripting, and cross-site request forgery. But
when you are using Django, the risks of all these mistakes lower down to a great extent. For the
proper management of users and its respective passwords, this tool uses the effective and
efficient feature of user authentication system.

Scalability

This Python framework is capable of handling heaviest of traffic demand. Thus, making it an
appropriate choice for the websites dealing with heavy traffic due to constantly emerging
demands.
Versatility

From content management to scientific computing, this platform is capable of managing your
every task efficiently.
Django development environment consists of installing and setting up Python, Django, and a
Database System. Since Django deals with web application, it's worth mentioning that you
would need a web server setup as well.
Django Environment and Installation
Step 1 – Installing Python

Django is written in 100% pure Python code, so you will need to install Python on your
system. Latest Django version requires Python 2.6.5 or higher

If you are on one of the latest Linux or Mac OS X distribution, you probably already have
Python installed. You can verify it by typing python command at a command prompt. If you
see something like this, then Python is installed.

$ Python
Python 2.7.5
Step 2 - Installing Django

Installing Django is very easy, but the steps required for its installation depends on your
operating system. Since Python is a platform-independent language, Django has one package
that works everywhere regardless of your operating system. You can download the latest
version of Django from the link http://www.djangoproject.com/download.

UNIX/Linux and Mac OS X Installation

You have two ways of installing Django if you are running Linux or Mac OS system −

 You can use the package manager of your OS, or use easy install or pip if installed.

 Install it manually using the official archive you downloaded before.

We will cover the second option as the first one depends on your OS distribution. If you have
decided to follow the first option, just be careful about the version of Django you are
installing.

Let's say you got your archive from the link above, it should be something like Django-
x.xx.tar.gz:

Extract and install.

$ tar xzvf Django-x.xx.tar.gz

$ cd Django-x.xx
$ sudo python setup.py install

You can test your installation by running this command −

$ django-admin.py --version
If you see the current version of Django printed on the screen, then everything is set.
Note − For some version of Django it will be django-admin the ".py" is removed.

Windows Installation

We assume you have your Django archive and python installed on your computer.

First, PATH verification.

On some version of windows (windows 7) you might need to make sure the Path system
variable has the path the following C:\Python34\;C:\Python34\Lib\site-
packages\django\bin\ in it, of course depending on your Python version.

Then, extract and install

Django. c:\>cd c:\Django-x.xx

Next, install Django by running the following command for which you will need
administrative privileges in windows shell "cmd" −

c:\Django-x.xx>python setup.py install To test your installation, open a command prompt and
type the following command −
c:\>python -c "import django; print(django.get_version())"

If you see the current version of Django printed on screen, then everything is set. (OR)

Launch a "cmd" prompt and type python then

>> c:\> python

>>> import django
>>> django.VERSION
Step 3 – Database Setup

Django supports several major database engines and you can set up any of them based on your
comfort.

 MySQL (http://www.mysql.com/)
 PostgreSQL (http://www.postgresql.org/)
 SQLite 3 (http://www.sqlite.org/)
 Oracle (http://www.oracle.com/)
 MongoDb (https://django-mongodb-engine.readthedocs.org)
 GoogleAppEngine Datastore (https://cloud.google.com/appengine/articles/django-
nonrel)
Step 4 – Web Server

Django comes with a lightweight web server for developing and testing applications. This
server is pre-configured to work with Django, and more importantly, it restarts whenever you
modify the code.

However, Django does support Apache and other popular web servers such as Lighted. We
will discuss both the approaches in coming chapters while working with different examples.

Model Layer

A model is the single, definitive source of information about your data. It contains the
essential fields and behaviors of the data you’re storing. Generally, each model maps to a
single database table.

The basics:

 Each model is a Python class that subclasses django.db.models.Model.

 Each attribute of the model represents a database field.

 With all of this, Django gives you an automatically-generated database-access API;

see Making queries

Using models

Once you have defined your models, you need to tell Django you’re going to use those
models. Do this by editing your settings file and changing the INSTALLED_APPS setting to
add the name of the module that contains your models.py. For example, if the models for
your application live in the module myapp.models (the package structure that is created for
an application by the manage.py startapp script), INSTALLED_APPS should read, in part:

INSTALLED_APPS = [
#...
'myapp',
#...
]
When you add new apps to INSTALLED_APPS, be sure to run manage.py migrate,
optionally making migrations for them first with manage.py makemigrations.
Field types

Each field in your model should be an instance of the appropriate Field class. Django uses
the field class types to determine a few things:

 The column type, which tells the database what kind of data to store
(e.g. INTEGER, VARCHAR, TEXT).

 The default HTML widget to use when rendering a form field

(e.g. <input type="text">, <select>).

 The minimal validation requirements, used in Django’s admin and in automatically

generated forms.

Django ships with dozens of built-in field types; you can find the complete list in the model
field reference. You can easily write your own fields if Django’s built-in ones do not do the
trick.

Migrations

Migrations are Django’s way of propagating changes you make to your models (adding a
field, deleting a model, etc.) into your database schema. They’re designed to be mostly
automatic, but you’ll need to know when to make migrations, when to run them, and the
common problems you might run into.

There are several commands which you will use to interact with migrations and Django’s
handling of database schema:

 migrate, which is responsible for applying and unapplying migrations.

 makemigrations, which is responsible for creating new migrations based on the

changes you have made to your models.

 sqlmigrate, which displays the SQL statements for a migration.

 showmigrations, which lists a project’s migrations and their status.

You should think of migrations as a version control system for your database
schema. makemigrations is responsible for packaging up your model changes into individual
migration files - analogous to commits - and migrate is responsible for applying those to
your database.

The migration files for each app live in a “migrations” directory inside of that app, and are
designed to be committed to, and distributed as part of, its codebase. You should be making
them once on your development machine and then running the same migrations on your
colleagues’ machines, your staging machines, and eventually your production machines.

Migrations will run the same way on the same dataset and produce consistent results,
meaning that what you see in development and staging is, under the same circumstances,
exactly what will happen in production.

Django will make migrations for any change to your models or fields - even options that
don’t affect the database - as the only way it can reconstruct a field correctly is to have all the
changes in the history, and you might need those options in some data migrations later on.

Backend Support

Migrations are supported on all backends that Django ships with, as well as any third-party
backends if they have programmed in support for schema alteration (done via
the SchemaEditor class).

However, some databases are more capable than others when it comes to schema migrations;
some of the caveats are covered below.

PostgreSQL

PostgreSQL is the most capable of all the databases here in terms of schema support. The
only caveat is that prior to PostgreSQL 11, adding columns with default values causes a full
rewrite of the table, for a time proportional to its size. For this reason, it’s recommended you
always create new columns with null=True, as this way they will be added immediately.

MySQL

MySQL lacks support for transactions around schema alteration operations, meaning that if a
migration fails to apply you will have to manually unpick the changes in order to try again
(it’s impossible to roll back to an earlier point).
In addition, MySQL will fully rewrite tables for almost every schema operation and generally
takes a time proportional to the number of rows in the table to add or remove columns. On
slower hardware this can be worse than a minute per million rows - adding a few columns to
a table with just a few million rows could lock your site up for over ten minutes.

SQLite

SQLite has very little built-in schema alteration support, and so Django attempts to emulate it
by:

 Creating a new table with the new schema

 Copying the data across

 Dropping the old table

 Renaming the new table to match the original name

This process generally works well, but it can be slow and occasionally buggy. It is not
recommended that you run and migrate SQLite in a production environment unless you are
very aware of the risks and its limitations; the support Django ships with is designed to allow
developers to use SQLite on their local machines to develop less complex Django projects
without the need for a full database.

The view layer

Django has the concept of “views” to encapsulate the logic responsible for processing a
user’s request and for returning the response.

A clean, elegant URL scheme is an important detail in a high-quality Web application.

Django lets you design URLs however you want, with no framework limitations.

To design URLs for an app, you create a Python module informally called a URLconf (URL
configuration). This module is pure Python code and is a mapping between URL path
expressions to Python functions (your views).

This mapping can be as short or as long as needed. It can reference other mappings. And,
because it’s pure Python code, it can be constructed dynamically.
How Django processes a request?

When a user requests a page from your Django-powered site, this is the algorithm the
system follows to determine which Python code to execute:

1. Django determines the root URLconf module to use. Ordinarily, this is the value of
the ROOT_URLCONF setting, but if the incoming HttpRequest object has
a urlconf attribute (set by middleware), its value will be used in place of
the ROOT_URLCONF setting.

2. Django loads that Python module and looks for the variable urlpatterns.
A sequence of django.urls.path() and/or django.urls.re_path() instances.

3. Django runs through each URL pattern, in order, and stops at the first one that
matches the requested URL, matching against path_info.

4. Once one of the URL patterns matches, Django imports and calls the given view,
which is a Python function (or a class-based view). The view gets passed the
following arguments:

5. If no URL pattern matches, or if an exception is raised during any point in this

process, Django invokes an appropriate error-handling view.

Templates Layer

Being a web framework, Django needs a convenient way to generate HTML

dynamically. The most common approach relies on templates. A template contains the static
parts of the desired HTML output as well as some special syntax describing how dynamic
content will be inserted. For a hands-on example of creating HTML pages with templates,
see Tutorial 3.

A Django project can be configured with one or several template engines (or even zero if you
don’t use templates). Django ships built-in backends for its own template system, creatively
called the Django template language (DTL), and for the popular alternative Jinja2. Backends
for other template languages may be available from third-parties.

Django defines a standard API for loading and rendering templates regardless of the backend.
Loading consists of finding the template for a given identifier and preprocessing it, usually
compiling it to an in-memory representation. Rendering means interpolating the template
with context data and returning the resulting string.

The Django template language is Django’s own template system. Until Django 1.8 it was the
only built-in option available. It’s a good template library even though it’s fairly opinionated
and sports a few idiosyncrasies. If you don’t have a pressing reason to choose another
backend, you should use the DTL, especially if you’re writing a pluggable application and
you intend to distribute templates. Django’s contrib apps that include templates, like
django.contrib.admin, use the DTL. For historical reasons, both the generic support for
template engines and the implementation of the Django template language live in the django.
Template namespace.

Configuration

Templates engines are configured with the TEMPLATES setting. It’s a list of
configurations, one for each engine. The default value is empty. The settings.py generated by
the startproject command defines a more useful value:

TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
# ... some options here ...
},
},
]

BACKEND is a dotted Python path to a template engine class implementing

Django’s template backend API. The built-in backends
are django.template.backends.django.DjangoTemplates and django.template.backends.j
inja2.Jinja2. Since most engines load templates from files, the top-level configuration for
each engine contains two common settings:

 DIRS defines a list of directories where the engine should look for template source
 APP_DIRS tells whether the engine should look for templates inside installed
applications. Each backend defines a conventional name for the subdirectory inside
applications where its templates should be stored.

While uncommon, it’s possible to configure several instances of the same backend with
different options. In that case you should define a unique NAME for each engine.
OPTIONS contains backend-specific settings.

The Django template language

A Django template is a text document or a Python string marked-up using the Django
template language. Some constructs are recognized and interpreted by the template engine.
The main ones are variables and tags.

A template is rendered with a context. Rendering replaces variables with their values, which
are looked up in the context, and executes tags. Everything else is output as is.

The syntax of the Django template language involves four constructs.

Variables

Variables associated with a context can be accessed by {{}} (double curly braces). For
example, a variable name value is rahul. Then the following statement will replace name with
its value.
My name is {{name}}.
My name is rahul
Tags

In a template, Tags provide arbitrary logic in the rendering process. For example, a tag can
output content, serve as a control structure e.g. an "if" statement or a "for" loop, grab content
from a database etc.
Tags are surrounded by {% %} braces. For example.

{% csrf_token %}
{% if user.is_authenticated %}
Hello, {{ user.username }}.
{% endif %}
4.1 Software Design
4. DESIGN
Software sits at the technical kernel of the software engineering process and is applied
regardless of the development paradigm and area of application. Design is the first step in the
development phase for any engineered product or system.

The designer’s goal is to produce a model or representation of an entity that will later be
built. Beginning, once system requirement have been specified and analyzed, system design
is the first of the three technical activities - design, code and test that is required to build and
verify software.

The importance can be stated with a single word “Quality”. Design is the place where
quality is fostered in software development. Design provides us with representations of
software that can assess for quality.

Design is the only way that we can accurately translate a customer’s view into a finished
software product or system. Software design serves as a foundation for all the software
engineering steps that follow. Without a strong design we risk building an unstable system –
one that will be difficult to test, one whose quality cannot be assessed until the last stage.

During design, progressive refinement of data structure, program structure, and

procedural details are developed reviewed and documented. System design can be viewed
from either technical or project management perspective. From the technical point of view,
design is comprised of four activities – architectural design, data structure design, interface
design and procedural design.

Design is the only way that we can accurately translate a customer’s view into a
finished software product or system. Software design serves as a foundation for all the
software engineering steps that follow. Without a strong design we risk building an unstable
system – one that will be difficult to test, one whose quality cannot be assessed until the last
stage.
4.2 System Architecture

System Architecture
4.3 Data Flow Chart

1. The DFD is also called as bubble chart. It is a simple graphical formalism that can be used
to represent a system in terms of input data to the system, various processing carried out on
this data, and the output data is generated by this system.
2. The data flow diagram (DFD) is one of the most important modeling tools. It is used to
model the system components. These components are the system process, the data used by
the process, an external entity that interacts with the system and the information flows in the
system.
3. DFD shows how the information moves through the system and how it is modified by a
series of transformations. It is a graphical technique that depicts information flow and the
transformations that are applied as data moves from input to output.
4.4 ER Diagram
 User Uplo Data Store
ad

Acce Encry

Secured
Information
Admin

Pass Breached
Users

Notif
icati

Bloc

4.5 UML Diagram

UML stands for Unified Modeling Language. UML is a standardized general-purpose

modeling language in the field of object-oriented software engineering. The standard is
managed, and was created by, the Object Management Group.The goal is for UML to become a
common language for creating models of object oriented computer software. In its current form
UML is comprised of two major components: a Meta-model and a notation. In the future, some
form of method or process may also be added to; or associated with, UML.The Unified
Modeling Language is a standard language for specifying, Visualization, Constructing and
documenting the artifacts of software system, as well as for business modeling and other non-
software systems.
GOALS:The Primary goals in the design of the UML are as follows:

1.Provide users a ready-to-use, expressive visual modeling Language so that they can
develop

and exchange meaningful models.

2.Provide extendibility and specialization mechanisms to extend the core concepts.

3.Be independent of particular programming languages and development process.

4.Provide a formal basis for understanding the modeling language.

5.Encourage the growth of OO tools market.

6.Support higher level development concepts such as collaborations, frameworks, patterns

components.
7.Integrate best practices.
Graphical representation:

<<Actor
name>>

Actor

An actor is someone or something that:

Interacts with or uses the system.

 Provides input to and receives information from the system.
  Is external to the system and has no control over the use cases.
Actors are discovered by examining:

 Who directly uses the system?

 Who is responsible for maintaining the system?
 External hardware used by the system.
 Other systems that need to interact with the system.

 Questions to identify actors:

 Who is using the system? Or, who is affected by the system? Or, which groups
need help from the system to perform a task?
 Who affects the system? Or, which user groups are needed by the system to
perform its functions? These functions can be both main functions and secondary
functions such as administration.

 Which external hardware or systems (if any) use the system to perform tasks?What
problems does this application solve (that is, for whom)?
 And, finally, how do users use the system (use case)? What are they doing with
the system?

The actors identified in this system are:

a. System Administrator
b. Customer
c. Customer Care

4.6 USE CASE DIAGRAM:

Use case: A use case can be described as a specific way of using the system from a user’s
(actor’s) perspective.
Graphical representation:
A more detailed description might characterize a use case as:
 Pattern of behavior the system exhibits
 A sequence of related transactions performed by an actor and the system
 Delivering something of value to the actor

Use cases provide a means to:

 capture system requirements

 communicate with the end users and domain experts
 test the system
Use cases are best discovered by examining the actors and defining what the actor will be
able to do with the system.
Guide lines for identifying use cases:
 For each actor, find the tasks and functions that the actor should be able to
perform or that the system needs the actor to perform. The use case should
represent a course of events that leads to clear goal
 Name the use cases.
 Describe the use cases briefly by applying terms with which the user is familiar.
This makes the description less ambiguous
Questions to identify use cases:
 What are the tasks of each actor?
 Will any actor create, store, change, remove or read information in the system?
 What use case will store, change, remove or read this information?
 Will any actor need to inform the system about sudden external changes?
 Does any actor need to inform about certain occurrences in the system?
 What use cases will support and maintains the system?
Flow of Events

A flow of events is a sequence of transactions (or events) performed by the system.

They typically contain very detailed information, written in terms of what the system should
do, not how the system accomplishes the task.

Flow of events are created as separate files or documents in your favorite text editor
and then attached or linked to a use case using the Files tab of a model element.

A flow of events should include:

 When and how the use case starts and ends

 Use case/actor interactions

 Data needed by the use case

 Normal sequence of events for the use case

 Alternate or exceptional flows

Construction of Use case diagrams:

A use case diagram in the Unified Modeling Language (UML) is a type of behavioral
diagram defined by and created from a Use-case analysis.

Its purpose is to present a graphical overview of the functionality provided by a

system in terms of actors, their goals (represented as use cases), and any dependencies
between those use cases.

The main purpose of a use case diagram is to show what system functions are
performed for which actor. Roles of the actors in the system can be depicted.
 Login/Register

Upload Data

Access Data

Risk Alerts

Verify Details

User Block Users

Admin

Malware Analysis

Encrypt Data

View files

Logout

Use case diagram

 4.7 CLASS DIAGRAM

In software engineering, a class diagram in the Unified Modeling Language (UML) is a type
of static structure diagram that describes the structure of a system by showing the system's
classes, their attributes, operations (or methods), and the relationships among the classes. It
explains which class contains information.

Data Store
Upload multiple
data
User
Attributes
1 1 …...*
Attributes

Methods
1
Methods
0 …...*

1
Admin Block one Admin
user at a time encrypt
data

Access multiple
data 1
Admin
1…...*
Access info
Attributes 1

1 1
Attributes
Methods
Methods
4.8 SEQUENCE DIAGRAMS:

A sequence diagram in Unified Modeling Language (UML) is a kind of interaction

diagram that shows how processes operate with one another and in what order. It is a
construct of a Message Sequence Chart. Sequence diagrams are sometimes called event
diagrams, event scenarios, and timing diagrams.

Sequence Diagrams User

Sequence Diagrams Admin

4.9 ACTIVITY DIAGRAM:

Activity diagrams are graphical representations of workflows of stepwise activities and

actions with support for choice, iteration and concurrency. In the Unified Modeling
Language, activity diagrams can be used to describe the business and operational step-by-step
workflows of components in a system. An activity diagram shows the overall flow of control.

Activity Diagram User

Activity Diagram Admin
 5.OUTPUT SCREEN SHOTS
User Register Page

User Login Page

Upload Data

Analysis
Malware Data

UnMalware Data
Graphical Analysis

Spline chart
Logout
Admin Login

User Details
Admin Analysis

Breaches Analysis
 6.TESTING

INTRODUCTION:

Testing is the debugging program is one of the most critical aspects of the computer
programming triggers, without programming that works, the system would never produce an
output of which it was designed. Testing is best performed when user development is asked
to assist in identifying all errors and bugs. The sample data are used for testing. It is not
quantity but quality of the data used the matters of testing. Testing is aimed at ensuring that
the system was accurately an efficiently before live operation commands.

Testing objectives:
The main objective of testing is to uncover a host of errors, systematically and with
minimum effort and time. Stating formally, we can say, testing is a process of executing a program
with intent of finding an error.

1 A successful test is one that uncovers an as yet undiscovered error.

2 A good test case is one that has probability of finding an error, if it exists.
3 The test is inadequate to detect possibly present errors.
4 The software more or less confirms to the quality and reliable standards.

Levels of Testing:

Code testing:
This examines the logic of the program. For example, the logic for updating various
sample data and with the sample files and directories were tested and verified.
Specification Testing:
Executing this specification starting what the program should do and how it should
performed under various conditions. Test cases for various situation and combination of
conditions in all the modules are tested.
Unit testing:
In the unit testing we test each module individually and integrate with the overall
system. Unit testing focuses verification efforts on the smallest unit of software design in the
module. This is also known as module testing. The module of the system is tested separately.
This testing is carried out during programming stage itself. In the testing step each module is

found to work satisfactorily as regard to expected output from the module. There are some

validation checks for fields also. For example the validation check is done for varying the user

input given by the user which validity of the data entered. It is very easy to find error debut the

system.Each Module can be tested using the following two Strategies:

1. Black Box Testing

2. White Box Testing

BLACK BOX TESTING

What is Black Box Testing?

Black box testing is a software testing techniques in which functionality of the

software under test (SUT) is tested without looking at the internal code structure,
implementation details and knowledge of internal paths of the software. This type of testing
is based entirely on the software requirements and specifications.

In Black Box Testing we just focus on inputs and output of the software system without
bothering about internal knowledge of the software program.

The above Black Box can be any software system you want to test. For example an operating
system like Windows, a website like Google ,a database like Oracle or even your own
custom application. Under Black Box Testing , you can test these applications by just
focusing on the inputs and outputs without knowing their internal code implementation.
 Black box testing - Steps

Here are the generic steps followed to carry out any type of Black Box Testing.

 Initially requirements and specifications of the system are examined.

 Tester chooses valid inputs (positive test scenario) to check whether SUT processes
them correctly. Also some invalid inputs (negative test scenario) are chosen to verify
that the SUT is able to detect them.
 Tester determines expected outputs for all those inputs.
 Software tester constructs test cases with the selected inputs.
 The test cases are executed.
 Software tester compares the actual outputs with the expected outputs.
 Defects if any are fixed and re-tested.

Types of Black Box Testing

There are many types of Black Box Testing but following are the prominent ones.

 Functional testing – This black box testing type is related to functional requirements
of a system; it is done by software testers.
 Non-functional testing – This type of black box testing is not related to testing of a
specific functionality, but non-functional requirements such as performance,
scalability, usability.
 Regression testing – Regression testing is done after code fixes , upgrades or any
other system maintenance to check the new code has not affected the existing code.

WHITE BOX TESTING

White Box Testing is the testing of a software solution's internal coding and
infrastructure. It focuses primarily on strengthening security, the flow of inputs and outputs
through the application, and improving design and usability. White box testing is also known
as clear, open, structural, and glass box testing.It is one of two parts of the "box testing"
approach of software testing. Its counter-part, black box testing, involves testing from an
external or end-user type perspective. On the other hand, White box testing is based on the
inner workings of an application and revolves around
What do you verify in White Box Testing?

White box testing involves the testing of the software code for the following:

 Internal security holes

 Broken or poorly structured paths in the coding processes

 The flow of specific inputs through the code

 Expected output

 The functionality of conditional loops

 Testing of each statement, object and function on an individual basis

The testing can be done at system, integration and unit levels of software development. One
of the basic goals of whitebox testing is to verify a working flow for an application. It
involves testing a series of predefined inputs against expected or desired outputs so that when
a specific input does not result in the expected output, you have encountered a bug.

How do you perform White Box Testing?

To give you a simplified explanation of white box testing, we have divided it into two
basic steps. This is what testers do when testing an application using the white box testing
technique:

STEP 1) UNDERSTAND THE SOURCE CODE

The first thing a tester will often do is learn and understand the source code of application.
Since white box testing involves the testing of the inner workings of an application, tester
must be very knowledgeable in the programming languages used in the applications they are
testing. Also, the testing person must be highly aware of secure coding practices. Security is
often one of the primary objectives of testing software. The tester should be able tofind
security issues and prevent attacks from hackers and naive users who might inject malicious
code into the application either knowingly or unknowingly.
Step 2) CREATE TEST CASES AND EXECUTE

The second basic step to white box testing involves testing the application’s source
code for proper flow and structure. One way is by writing more code to test the application’s
source code. The tester will develop little tests for each process or series of processes in the
application. This method requires that the tester must have intimate knowledge of the code
and is often done by the developer. Other methods include manual testing, trial and error
testing and the use of testing tools as we will explain further on in this article.

System testing:

Once the individual module testing is completed, modules are assembled and
integrated to perform as a system. The top down testing, which began from upper level to
lower level module, was carried out to check whether the entire system is performing
satisfactorily.

There are three main kinds of System testing:

1 Alpha Testing
2 Beta Testing
3 Acceptance Testing

Alpha Testing:

This refers to the system testing that is carried out by the test team with the Organization.
Beta Testing:

This refers to the system testing that is performed by a selected group of friendly customers
Acceptance Testing:

This refers to the system testing that is performed by the customer to determine whether to accept
the delivery of the system.

Integration Testing:

Data can be lost across an interface, one module can have an adverse effort on the
other sub functions, when combined, may not produce the desired major functions. Integrated
testing is the systematic testing for constructing the uncover errors within the interface. The
testing
was done with sample data. The developed system has run successfully for this sample data.
The need for integrated test is to find the overall system performance.
Output testing

After performance of the validation testing, the next step is output testing. The output
displayed or generated by the system under consideration is tested by asking the user about
the format required by system. The output format on the screen is found to be correct as
format was designed in the system phase according to the user needs. Hence the output
testing does not result in any correction in the system.

Test plan:

The test-plan is a list of test cases that need to be run on the system. Some of the test cases
can be run independently for some components (report generation from the database, for
example, can be tested independently) and some of the test cases require the whole system to
be ready for their execution. It is better to test each component as and when it is ready before
integrating the components. It is important to note that the test cases cover all the aspects of
the system (i.e., all the requirements stated in the RS document).

7.IMPLEMENTATION

Download python IDE

You can download the latest version of Django from the

link http://www.djangoproject.com/download.

Windows Installation

We assume you have your Django archive and python installed on your computer.

First, PATH verification.

On some version of windows (windows 7) you might need to make sure the Path system
variable has the path the following C:\Python34\;C:\Python34\Lib\site-packages\django\bin\ in it, of
course depending on your Python version. Then, extract and install Django.

c:\>cd c:\Django-x.xx
Next, install Django by running the following command for which you will need
administrative privileges in windows shell "cmd" - c:\Django-x.xx>python setup.py install

To test your installation, open a command prompt and type the following command −

c:\>python -c "import django; print(django.get_version())"

If you see the current version of Django printed on screen, then everything is set. OR

Launch a "cmd" prompt and type python then −

>>c:\> python
>>> import django
>>> django.VERSION
After Python installation open wamp server, open Mysqlconsole window and run your
database in background using query select * from databasename;
Now cd to your project file and type python manage.py runserver command. Copy the URL
generated and paste it in browser.
 8.CONCLUSION

We analyzed a hacking breach dataset from the points of view of the incidents inter-
arrival time and the breach size, and showed that they both should be modeled by stochastic
processes rather than distributions. The statistical models developed in this paper show
satisfactory fitting and prediction accuracies. In particular, we propose using a copula-based
approach to predict the joint probability that an incident with a certain magnitude of breach
size will occur during a future period of time. Statistical tests show that the methodologies
proposed in this paper are better than those which are presented in the literature, because the
latter ignored both the temporal correlations and the dependence between the incidents inter-
arrival times and the breach sizes. We conducted qualitative and quantitative analyses to draw
further insights. We drew a set of cybersecurity insights, including that the threat of cyber
hacking breach incidents is indeed getting worse in terms of their frequency, but not the
magnitude of their damage. The methodology presented in this paper can be adopted or
adapted to analyze datasets of a similar nature.
 9. FUTURE ENHANCEMENT

Many open problems are left for future research. For example, it is both interesting
and challenging to investigate how to predict the extremely large values and how to deal with
missing data (i.e., breach incidents that are not reported). It is also worthwhile to estimate the
exact occurring times of breach incidents. Finally, more research needs to be conducted
towards understanding the predictability of breach incidents (i.e., the upper bound of
prediction accuracy).
 10.BIBLIOGRAPHY

[1] P. R. Clearinghouse. Privacy Rights Clearinghouse’s Chronology of Data Breaches.

Accessed: Nov. 2017. [Online]. Available: https://www.privacyrights.org/data-breaches
[2] ITR Center. Data Breaches Increase 40 Percent in 2016, Finds New Report From Identity
Theft Resource Center and CyberScout. Accessed: Nov. 2017. [Online]. Available:
http://www.idtheftcenter.org/2016databreaches.html
[3] C. R. Center. Cybersecurity Incidents. Accessed: Nov. 2017. [Online]. Available:
https://www.opm.gov/cybersecurity/cybersecurity-incidents [4] IBM Security. Accessed: Nov.
2017. [Online]. Available: https://www.ibm.com/security/data-breach/index.html
[5] NetDiligence. The 2016 Cyber Claims Study. Accessed: Nov. 2017. [Online]. Available:
https://netdiligence.com/wp-content/uploads/2016/10/P02_NetDiligence-2016-Cyber-laims-
Study-ONLINE.pdf
[6] M. Eling and W. Schnell, “What do we know about cyber risk and cyber risk insurance?”
J. Risk Finance, vol. 17, no. 5, pp. 474–491, 2016.
[7] T. Maillart and D. Sornette, “Heavy-tailed distribution of cyber-risks,” Eur. Phys. J. B,
vol. 75, no. 3, pp. 357–364, 2010.
[8] R. B. Security. Datalossdb. Accessed: Nov. 2017. [Online]. Available:
https://blog.datalossdb.org
[9] B. Edwards, S. Hofmeyr, and S. Forrest, “Hype and heavy tails: A closer look at data
breaches,” J. Cybersecur., vol. 2, no. 1, pp. 3–14, 2016.
[10] S. Wheatley, T. Maillart, and D. Sornette, “The extreme risk of personal data breaches
and the erosion of privacy,” Eur. Phys. J. B, vol. 89, no. 1, p. 7, 2016.
[11] P. Embrechts, C. Klüppelberg, and T. Mikosch, Modelling Extremal Events: For
Insurance and Finance, vol. 33. Berlin, Germany:Springer-Verlag, 2013.
[12] R. Böhme and G. Kataria, “Models and measures for correlation in cyber-insurance,” in
Proc. Workshop Econ. Inf. Secur. (WEIS), 2006, pp. 1–26.
[13] H. Herath and T. Herath, “Copula-based actuarial model for pricing cyber-insurance
policies,” Insurance Markets Companies: Anal. Actuarial Comput., vol. 2, no. 1, pp. 7–20,
2011.
[14] A. Mukhopadhyay, S. Chatterjee, D. Saha, A. Mahanti, and S. K. Sadhukhan, “Cyber-
risk decision models: To insure it or not?” Decision Support Syst., vol. 56, pp. 11–26, Dec.
2013.
[15] M. Xu and L. Hua. (2017). Cybersecurity Insurance: Modeling and Pricing. [Online].
Available: https://www.soa.org/research-reports/2017/cybersecurity-insurance
[16] M. Xu, L. Hua, and S. Xu, “A vine copula model for predicting the effectiveness of
cyber defense early-warning,” Technometrics, vol. 59, no. 4, pp. 508–520, 2017.
[17] C. Peng, M. Xu, S. Xu, and T. Hu, “Modeling multivariate cybersecurityrisks,” J. Appl.
Stat., pp. 1–23, 2018.
[18] M. Eling and N. Loperfido, “Data breaches: Goodness of fit, pricing, and risk
measurement,” Insurance, Math. Econ., vol. 75, pp. 126–136, Jul. 2017.
[19] K. K. Bagchi and G. Udo, “An analysis of the growth of computer and Internet security
breaches,” Commun. Assoc. Inf. Syst., vol. 12, no. 1, p. 46, 2003.
[20] E. Condon, A. He, and M. Cukier, “Analysis of computer security incident data using
time series models,” in Proc. 19th Int. Symp. Softw. Rel. Eng. (ISSRE), Nov. 2008, pp. 77–
86.