Professional Documents
Culture Documents
1. ABSTRACT
S.NO TABLE OF CONTENTS PAGE.NO
1 ABSTRACT 1
2 INTRODUCTION 2
3 ANALYSIS
3.1 Introduction 5
3.1.1 Analysis Model 6
3.1.2 Problem analysis 7
3.1.3 System Requirement Specification 8
3.1.4 Feasibility Study 9
4 DESIGN
4.1 Software Design 23
4.2 System Architecture 24
4.3 Data Flow Chart 25
4.4 ER Digram 26
4.5 Uml Diagram 27
4.6 Use Case Diagram 29
4.7 Class Diagram 32
4.8 Sequence Diagram 33
4.9 Activity Diagram 34
5 OUTPUT SCREEN 36
6 TESTING 43
7 IMPLEMENTATION 49
8 CONCLUSION 50
9 FUTURE ENHANCEMENT 51
10 BIBLIOGRAPHY 52
Analyzing cyber incident data sets is an important method for deepening our understanding
of the evolution of the threat situation. This is a relatively new research topic, and many studies
remain to be done. In this paper, we report a statistical analysis of a breach incident data set
corresponding to 12 years (2005–2017) of cyber hacking activities that include malware attacks.
We show that, in contrast to the findings reported in the literature, both hacking breach incident
inter- arrival times and breach sizes should be modelled by stochastic processes, rather than by
1
distributions because they exhibit autocorrelations.
Then, we propose particular stochastic process models to, respectively, fit the inter-arrival
times and the breach sizes. We also show that these models can predict the inter-arrival times and
the breach sizes. In order to get deeper insights into the evolution of hacking breach incidents, we
conduct both qualitative and quantitative trend analyses on the data set. We draw a set of
cybersecurity insights, including that the threat of cyber hacks is indeed getting worse in terms of
their frequency, but not in terms of the magnitude of their damage.
2
2. INTRODUCTION
Hacking is the process of gaining unauthorized access into a computer system, or group
of computer systems. This is done through cracking of passwords and codes, which gives access to
the systems. Cracking is the term, which specifies the method by which the password or code is
obtained. The person who undertakes hacking is known as the hacker. The hacking can be done on
single systems, a group of systems, an entire LAN network, a website, a social media site, or an
email account. The hacker through password cracking algorithms programs obtains the access to a
password.
Existing System
The present study is motivated by several questions that have not been investigated until
now, such as: Are data breaches caused by cyber-attacks increasing, decreasing, or stabilizing. A
principled answer to this question will give us a clear insight into the overall situation of cyber
threats. This question was not answered by previous studies. Specifically, the dataset analyzed in
[7] only covered the time span from 2000 to 2008 and does not necessarily contain the breach
incidents that are caused by cyber-attacks; the dataset analyzed in [9] is more recent, but contains
two kinds of incidents: negligent breaches (i.e., incidents caused by lost, discarded, stolen devices
and other reasons) and malicious breaching.
Since negligent breaches represent more human errors than cyber-attacks, we do not
consider them in the present study. Because the malicious breaches studied in [9] contain four sub-
categories: hacking (including malware), insider, payment card fraud, and unknown, this study will
focus on the hacking sub-category (called hacking breach dataset thereafter), while noting that the
other three sub-categories are interesting on their own and should be analyzed separately.
Recently, researchers started modeling data breach incidents. Maillart and Sornette studied the
statistical properties of the personal identity losses in the United States between year 2000 and
2008.
They found that the number of breach incidents dramatically increases from 2000 to July
2006 but remains stable thereafter. Edwards et al. analyzed a dataset containing 2,253 breach
incidents that span over a decade (2005 to 2015). They found that neither the size nor the
frequency of data breaches has increased over the years. Wheatley et al., analyzed a dataset that is
combined from corresponds to organizational breach incidents between year 2000 and 2015. They
found that the frequency of large breach incidents (i.e., the ones that breach more than 50,000
records) occurring to US firms is independent of time, but the frequency of large breach incidents
occurring to non-US firms exhibits an increasing trend.
Drawbacks of Existing System:
2) Should we use a distribution or stochastic process to describe the breach incidents inter-
arrival times, and which distribution or process?
3) Are the breach sizes and the incidents inter-arrival times independent of each other?
Proposed System:
In this system , we make the following three contributions. First, we show that both the
hacking breach incident interarrival times (reflecting incident frequency) and breach sizes should be
modeled by stochastic processes, rather than by distributions.
We find that a particular point process can adequately describe the evolution of the hacking
breach incidents inter-arrival times and that a particular ARMA-GARCH model can adequately
describe the evolution of the hacking breach sizes, where ARMA is acronym for “AutoRegressive
and Moving Average” and GARCH is acronym for “Generalized AutoRegressive Conditional
Heteroscedasticity”. We show that these stochastic process models can predict the inter-arrival times
and the breach sizes.
To the best of our knowledge, this is the first paper showing that stochastic processes, rather
than distributions, should be used to model these cyber threat factors. Second, we discover a positive
dependence between the incidents inter-arrival times and the breach sizes, and show that this
dependence can be adequately described by a particular copula. We also show that when predicting
inter-arrival times and breach sizes, it is necessary to consider the dependence; otherwise, the
prediction results are not accurate. To the best of our knowledge, this is the first work showing the
existence of this dependence and the consequence of ignoring it. Third, we conduct both qualitative
and quantitative trend analyses of the cyber hacking breach incidents.
We find that the situation is indeed getting worse in terms of the incidents inter-arrival time
because hacking breach incidents become more and more frequent, but the situation is stabilizing in
terms of the incident breach size, indicating that the damage of individual hacking breach incidents
will not get much worse.
We hope the present study will inspire more investigations, which can offer deep insights
into alternate risk mitigation approaches. Such insights are useful to insurance companies,
government agencies, and regulators because they need to deeply understand the nature of data
breach risks.
Advantages Of Proposed System:
We find the sitiutation is needed getting worse in terms of the incidients inter arrival time . because
hacking breaches incident become more and more frequent ,but the sitituation is stabilizing in the
term of the incident breach size , indiicating the damage of individual hacking breach incident will
General the larger the margin the lower the generation earror of the classiier . where as the original
problem may be stned at finied dimensional space , it ofen happens ,that the setsv to descriminate are
1. UPLOAD DATA
The data resource to database can be uploaded by both administrator and authorized user.
The data can be uploaded with key in order to maintain the secrecy of the data that is not
released without knowledge of user. The users are authorized based on their details that are
shared to admin and admin can authorize each user. Only Authorized users are allowed to
access the system and upload or request for files.
2. ACCESS DETAILS
The access of data from the database can be given by administrators. Uploaded data are
managed by admin and admin is the only person to provide the rights to process the accessing
details and approve or unapproved users based on their details.
3. USER PERMISSIONS
The data from any resources are allowed to access the data with only permission from
administrator. Prior to access data, users are allowed by admin to share their data and verify the
details which are provided by user. If user is access the data with wrong attempts then, users are
blocked accordingly. If user is requested to unblock them, based on the requests and previous
activities admin is unblock users.
4. DATA ANALYSIS
Data analyses are done with the help of graph. The collected data are applied to graph in
order to get the best analysis and prediction of dataset and given data policies.The dataset can
be analyzed through this pictorial representation in order to better understand of the data details.
3.ANALYSIS
3.1 Introduction
After analyzing the requirements of the task to be performed,the next step is to analyze the
problem and understand its context,the first activity in the phase is studying the existing system
and other is to understand the requirements and domain of the new system. Both the activies are
equally important, but the first activity serves as a basis of giving the functional specifications
and the successful design of the proposed system. Understanding the properties and requirements
of anew system is more difficult,improper understanding of present system can lead diversion
from solution.
concurrent.Specification
for the instruction of the software. Analysis modeling focuses on three attributes of software:
The behaviour of the software (has a consequence of the external events must be
represented)
The models that depict information function and behaviour must be partitioned in a
The anlaysis task should move from essential information toward implementaion detail.
To provide flexibility to the users, the interface have been developed that are accessible
Throug a browser
This document play a vital role in the development of life cycle (SDLC) as it
describes the
complete requirement of the system. It means for use by developers and will be the
basic
during testing phase. Any changes made to the requirements in the future will have to
go
SPIRAL MODEL was defined by Barry Boehm in his 1988 article, “A spiral Model
of
Software Development and Enhancement. This model was not the first model to
discuss
iterative development, but it was the first model to explain why the iteration models.
The new system requirements are defined in as much details as possible. This
usually
A first prototype of the new system is constructed from the preliminary design.
This
final product.
1. Evaluating the first prototype in terms of its strengths, weakness, and risks.
The preceding steps are iterated until the customer is satisfied that the refined
The final system is thoroughly evaluated and tested. Routine maintenance is carried
on a continuing basis to prevent large scale failures and to minimize down time.
An organized and systematic office solution is essential for all universities and organizations.
There are many institutions maintaining the hostel information. They provide various records
regarding students. Most of these track records need to maintain information about the students.
This information could be the general details like student name, address,contact details etc . All
the modules in feedback administration are interdependent. They are maintained manually. So
they need to be automated and centralized as, Information from one module will be needed by
other modules.
3.1.3 System Reuirements Specification :
Hardware Requirements:
Software Requirements:
Front-End : Python.
The feasibility of the project is analyzed in this phase and business proposal is put forth with
a very general plan for the project and some cost estimates. During system analysis the feasibility
study of the proposed system is to be carried out. This is to ensure that the proposed system is not
a burden to the company. For feasibility analysis, some understanding of the major requirements
for the system is essential.
Economical feasibility
Technical feasibility
Social feasibility
Economical Feasibility
This study is carried out to check the economic impact that the system will have on the
organization. The amount of fund that the company can pour into the research and development
of the system is limited. The expenditures must be justified. Thus the developed system as well
within the budget and this was achieved because most of the technologies used are freely
available. Only the customized products had to be purchased.
Technical Feasibility
This study is carried out to check the technical feasibility, that is, the technical
requirements of the system. Any system developed must not have a high demand on the
available technical resources. This will lead to high demands on the available technical
resources. This will lead to high demands being placed on the client. The developed system
must have a modest requirement, as only minimal or null changes are required for
implementing this system.
Social Feasibility
The aspect of study is to check the level of acceptance of the system by the user. This
includes the process of training the user to use the system efficiently. The user must not feel
threatened by the system, instead must accept it as a necessity. The level of acceptance by the
users solely depends on the methods that are employed to educate the user about the system and
to make him familiar with it. His level of confidence must be raised so that he is also able to
make some constructive criticism, which is welcomed, as he is the final user of the system.
Features of the languages used
Python Technology
It provides constructs that enable clear programming on both small and large scales.
Python interpreters are available for many operating systems. CPython, the reference
implementation of Python, is open source software and has a community-based development
model, as do nearly all of its variant implementations. The non-profit Python Software
Foundation manages CPython. Python features a dynamic type system and automatic memory
management. It supports multiple programming paradigms, including object-
oriented, imperative, functional and procedural, and has a large and comprehensive standard
library.
What is Python?
Python is a popular programming language. It was created by Guido van Rossum, and released
in 1991.
It is used for:
Python works on different platforms (Windows, Mac, Linux, Raspberry Pi, etc.).
Python has a simple syntax similar to the English language.
Python has syntax that allows developers to write programs with fewer lines than some
other programming languages.
Python runs on an interpreter system, meaning that code can be executed as soon as it is
written. This means that prototyping can be very quick.
Python can be treated in a procedural way, an object-orientated way or a functional way.
DJANGO
Django is a high-level Python Web framework that encourages rapid development and
clean, pragmatic design. Built by experienced developers, it takes care of much of the hassle of
Web development, so you can focus on writing your app without needing to reinvent the wheel.
It’s free and open source.
As you already know, Django is a Python web framework. In addition, like most
modern framework, Django supports the MVC pattern. First let's see what is the Model-View-
Controller (MVC) pattern, and then we will look at Django’s specificity for the Model-View-
Template (MVT) pattern.
MVC Pattern
When talking about applications that provides UI (web or desktop), we usually talk
about MVC architecture. And as the name suggests, MVC pattern is based on three
components: Model, View, and Controller.
DJANGO MVC - MVT Pattern
The Model-View-Template (MVT) is slightly different from MVC. In fact the main
difference between the two patterns is that Django itself takes care of the Controller part
(Software Code that controls the interactions between the Model and View), leaving us with the
template. The template is a HTML file mixed with Django Template Language (DTL).
Django also provides an optional administrative create, read, update and delete interface
that is generated dynamically through introspection and configured via admin models
components of the MVT pattern. This interaction occurs in response to a user request.
Advantages of Django:
Django being more than merely a Python framework owns certain advantages over other
platforms.
Speedy
The framework helps the developer to create an application or website in the shortest possible
period of time. From the initial to the final step of the website building, the tool makes sure that
it keeps the process efficient and cost effective. In short, it is a perfect fit for those developers
who are battling against the ticking time.
Developers face a few of the common mistakes while developing a secure application, which
includes SQL injection, clickjacking, cross-site scripting, and cross-site request forgery. But
when you are using Django, the risks of all these mistakes lower down to a great extent. For the
proper management of users and its respective passwords, this tool uses the effective and
efficient feature of user authentication system.
Scalability
This Python framework is capable of handling heaviest of traffic demand. Thus, making it an
appropriate choice for the websites dealing with heavy traffic due to constantly emerging
demands.
Versatility
From content management to scientific computing, this platform is capable of managing your
every task efficiently.
Django development environment consists of installing and setting up Python, Django, and a
Database System. Since Django deals with web application, it's worth mentioning that you
would need a web server setup as well.
Django Environment and Installation
Step 1 – Installing Python
Django is written in 100% pure Python code, so you will need to install Python on your
system. Latest Django version requires Python 2.6.5 or higher
If you are on one of the latest Linux or Mac OS X distribution, you probably already have
Python installed. You can verify it by typing python command at a command prompt. If you
see something like this, then Python is installed.
$ Python
Python 2.7.5
Step 2 - Installing Django
Installing Django is very easy, but the steps required for its installation depends on your
operating system. Since Python is a platform-independent language, Django has one package
that works everywhere regardless of your operating system. You can download the latest
version of Django from the link http://www.djangoproject.com/download.
You have two ways of installing Django if you are running Linux or Mac OS system −
You can use the package manager of your OS, or use easy install or pip if installed.
We will cover the second option as the first one depends on your OS distribution. If you have
decided to follow the first option, just be careful about the version of Django you are
installing.
Let's say you got your archive from the link above, it should be something like Django-
x.xx.tar.gz:
$ django-admin.py --version
If you see the current version of Django printed on the screen, then everything is set.
Note − For some version of Django it will be django-admin the ".py" is removed.
Windows Installation
We assume you have your Django archive and python installed on your computer.
On some version of windows (windows 7) you might need to make sure the Path system
variable has the path the following C:\Python34\;C:\Python34\Lib\site-
packages\django\bin\ in it, of course depending on your Python version.
Next, install Django by running the following command for which you will need
administrative privileges in windows shell "cmd" −
c:\Django-x.xx>python setup.py install To test your installation, open a command prompt and
type the following command −
c:\>python -c "import django; print(django.get_version())"
If you see the current version of Django printed on screen, then everything is set. (OR)
Django supports several major database engines and you can set up any of them based on your
comfort.
MySQL (http://www.mysql.com/)
PostgreSQL (http://www.postgresql.org/)
SQLite 3 (http://www.sqlite.org/)
Oracle (http://www.oracle.com/)
MongoDb (https://django-mongodb-engine.readthedocs.org)
GoogleAppEngine Datastore (https://cloud.google.com/appengine/articles/django-
nonrel)
Step 4 – Web Server
Django comes with a lightweight web server for developing and testing applications. This
server is pre-configured to work with Django, and more importantly, it restarts whenever you
modify the code.
However, Django does support Apache and other popular web servers such as Lighted. We
will discuss both the approaches in coming chapters while working with different examples.
Model Layer
A model is the single, definitive source of information about your data. It contains the
essential fields and behaviors of the data you’re storing. Generally, each model maps to a
single database table.
The basics:
Using models
Once you have defined your models, you need to tell Django you’re going to use those
models. Do this by editing your settings file and changing the INSTALLED_APPS setting to
add the name of the module that contains your models.py. For example, if the models for
your application live in the module myapp.models (the package structure that is created for
an application by the manage.py startapp script), INSTALLED_APPS should read, in part:
INSTALLED_APPS = [
#...
'myapp',
#...
]
When you add new apps to INSTALLED_APPS, be sure to run manage.py migrate,
optionally making migrations for them first with manage.py makemigrations.
Field types
Each field in your model should be an instance of the appropriate Field class. Django uses
the field class types to determine a few things:
The column type, which tells the database what kind of data to store
(e.g. INTEGER, VARCHAR, TEXT).
Django ships with dozens of built-in field types; you can find the complete list in the model
field reference. You can easily write your own fields if Django’s built-in ones do not do the
trick.
Migrations
Migrations are Django’s way of propagating changes you make to your models (adding a
field, deleting a model, etc.) into your database schema. They’re designed to be mostly
automatic, but you’ll need to know when to make migrations, when to run them, and the
common problems you might run into.
There are several commands which you will use to interact with migrations and Django’s
handling of database schema:
You should think of migrations as a version control system for your database
schema. makemigrations is responsible for packaging up your model changes into individual
migration files - analogous to commits - and migrate is responsible for applying those to
your database.
The migration files for each app live in a “migrations” directory inside of that app, and are
designed to be committed to, and distributed as part of, its codebase. You should be making
them once on your development machine and then running the same migrations on your
colleagues’ machines, your staging machines, and eventually your production machines.
Migrations will run the same way on the same dataset and produce consistent results,
meaning that what you see in development and staging is, under the same circumstances,
exactly what will happen in production.
Django will make migrations for any change to your models or fields - even options that
don’t affect the database - as the only way it can reconstruct a field correctly is to have all the
changes in the history, and you might need those options in some data migrations later on.
Backend Support
Migrations are supported on all backends that Django ships with, as well as any third-party
backends if they have programmed in support for schema alteration (done via
the SchemaEditor class).
However, some databases are more capable than others when it comes to schema migrations;
some of the caveats are covered below.
PostgreSQL
PostgreSQL is the most capable of all the databases here in terms of schema support. The
only caveat is that prior to PostgreSQL 11, adding columns with default values causes a full
rewrite of the table, for a time proportional to its size. For this reason, it’s recommended you
always create new columns with null=True, as this way they will be added immediately.
MySQL
MySQL lacks support for transactions around schema alteration operations, meaning that if a
migration fails to apply you will have to manually unpick the changes in order to try again
(it’s impossible to roll back to an earlier point).
In addition, MySQL will fully rewrite tables for almost every schema operation and generally
takes a time proportional to the number of rows in the table to add or remove columns. On
slower hardware this can be worse than a minute per million rows - adding a few columns to
a table with just a few million rows could lock your site up for over ten minutes.
SQLite
SQLite has very little built-in schema alteration support, and so Django attempts to emulate it
by:
This process generally works well, but it can be slow and occasionally buggy. It is not
recommended that you run and migrate SQLite in a production environment unless you are
very aware of the risks and its limitations; the support Django ships with is designed to allow
developers to use SQLite on their local machines to develop less complex Django projects
without the need for a full database.
Django has the concept of “views” to encapsulate the logic responsible for processing a
user’s request and for returning the response.
To design URLs for an app, you create a Python module informally called a URLconf (URL
configuration). This module is pure Python code and is a mapping between URL path
expressions to Python functions (your views).
This mapping can be as short or as long as needed. It can reference other mappings. And,
because it’s pure Python code, it can be constructed dynamically.
How Django processes a request?
When a user requests a page from your Django-powered site, this is the algorithm the
system follows to determine which Python code to execute:
1. Django determines the root URLconf module to use. Ordinarily, this is the value of
the ROOT_URLCONF setting, but if the incoming HttpRequest object has
a urlconf attribute (set by middleware), its value will be used in place of
the ROOT_URLCONF setting.
2. Django loads that Python module and looks for the variable urlpatterns.
A sequence of django.urls.path() and/or django.urls.re_path() instances.
3. Django runs through each URL pattern, in order, and stops at the first one that
matches the requested URL, matching against path_info.
4. Once one of the URL patterns matches, Django imports and calls the given view,
which is a Python function (or a class-based view). The view gets passed the
following arguments:
Templates Layer
A Django project can be configured with one or several template engines (or even zero if you
don’t use templates). Django ships built-in backends for its own template system, creatively
called the Django template language (DTL), and for the popular alternative Jinja2. Backends
for other template languages may be available from third-parties.
Django defines a standard API for loading and rendering templates regardless of the backend.
Loading consists of finding the template for a given identifier and preprocessing it, usually
compiling it to an in-memory representation. Rendering means interpolating the template
with context data and returning the resulting string.
The Django template language is Django’s own template system. Until Django 1.8 it was the
only built-in option available. It’s a good template library even though it’s fairly opinionated
and sports a few idiosyncrasies. If you don’t have a pressing reason to choose another
backend, you should use the DTL, especially if you’re writing a pluggable application and
you intend to distribute templates. Django’s contrib apps that include templates, like
django.contrib.admin, use the DTL. For historical reasons, both the generic support for
template engines and the implementation of the Django template language live in the django.
Template namespace.
Configuration
Templates engines are configured with the TEMPLATES setting. It’s a list of
configurations, one for each engine. The default value is empty. The settings.py generated by
the startproject command defines a more useful value:
TEMPLATES = [
{
'BACKEND': 'django.template.backends.django.DjangoTemplates',
'DIRS': [],
'APP_DIRS': True,
'OPTIONS': {
# ... some options here ...
},
},
]
DIRS defines a list of directories where the engine should look for template source
APP_DIRS tells whether the engine should look for templates inside installed
applications. Each backend defines a conventional name for the subdirectory inside
applications where its templates should be stored.
While uncommon, it’s possible to configure several instances of the same backend with
different options. In that case you should define a unique NAME for each engine.
OPTIONS contains backend-specific settings.
A Django template is a text document or a Python string marked-up using the Django
template language. Some constructs are recognized and interpreted by the template engine.
The main ones are variables and tags.
A template is rendered with a context. Rendering replaces variables with their values, which
are looked up in the context, and executes tags. Everything else is output as is.
Variables
Variables associated with a context can be accessed by {{}} (double curly braces). For
example, a variable name value is rahul. Then the following statement will replace name with
its value.
My name is {{name}}.
My name is rahul
Tags
In a template, Tags provide arbitrary logic in the rendering process. For example, a tag can
output content, serve as a control structure e.g. an "if" statement or a "for" loop, grab content
from a database etc.
Tags are surrounded by {% %} braces. For example.
{% csrf_token %}
{% if user.is_authenticated %}
Hello, {{ user.username }}.
{% endif %}
4.1 Software Design
4. DESIGN
Software sits at the technical kernel of the software engineering process and is applied
regardless of the development paradigm and area of application. Design is the first step in the
development phase for any engineered product or system.
The designer’s goal is to produce a model or representation of an entity that will later be
built. Beginning, once system requirement have been specified and analyzed, system design
is the first of the three technical activities - design, code and test that is required to build and
verify software.
The importance can be stated with a single word “Quality”. Design is the place where
quality is fostered in software development. Design provides us with representations of
software that can assess for quality.
Design is the only way that we can accurately translate a customer’s view into a finished
software product or system. Software design serves as a foundation for all the software
engineering steps that follow. Without a strong design we risk building an unstable system –
one that will be difficult to test, one whose quality cannot be assessed until the last stage.
Design is the only way that we can accurately translate a customer’s view into a
finished software product or system. Software design serves as a foundation for all the
software engineering steps that follow. Without a strong design we risk building an unstable
system – one that will be difficult to test, one whose quality cannot be assessed until the last
stage.
4.2 System Architecture
System Architecture
4.3 Data Flow Chart
1. The DFD is also called as bubble chart. It is a simple graphical formalism that can be used
to represent a system in terms of input data to the system, various processing carried out on
this data, and the output data is generated by this system.
2. The data flow diagram (DFD) is one of the most important modeling tools. It is used to
model the system components. These components are the system process, the data used by
the process, an external entity that interacts with the system and the information flows in the
system.
3. DFD shows how the information moves through the system and how it is modified by a
series of transformations. It is a graphical technique that depicts information flow and the
transformations that are applied as data moves from input to output.
4.4 ER Diagram
User Uplo Data Store
ad
Acce Encry
Secured
Information
Admin
Pass Breached
Users
Notif
icati
Bloc
1.Provide users a ready-to-use, expressive visual modeling Language so that they can
develop
<<Actor
name>>
Actor
Who is using the system? Or, who is affected by the system? Or, which groups
need help from the system to perform a task?
Who affects the system? Or, which user groups are needed by the system to
perform its functions? These functions can be both main functions and secondary
functions such as administration.
Which external hardware or systems (if any) use the system to perform tasks?What
problems does this application solve (that is, for whom)?
And, finally, how do users use the system (use case)? What are they doing with
the system?
a. System Administrator
b. Customer
c. Customer Care
Use case: A use case can be described as a specific way of using the system from a user’s
(actor’s) perspective.
Graphical representation:
A more detailed description might characterize a use case as:
Pattern of behavior the system exhibits
A sequence of related transactions performed by an actor and the system
Delivering something of value to the actor
Flow of events are created as separate files or documents in your favorite text editor
and then attached or linked to a use case using the Files tab of a model element.
A use case diagram in the Unified Modeling Language (UML) is a type of behavioral
diagram defined by and created from a Use-case analysis.
The main purpose of a use case diagram is to show what system functions are
performed for which actor. Roles of the actors in the system can be depicted.
Login/Register
Upload Data
Access Data
Risk Alerts
Verify Details
Malware Analysis
Encrypt Data
View files
Logout
In software engineering, a class diagram in the Unified Modeling Language (UML) is a type
of static structure diagram that describes the structure of a system by showing the system's
classes, their attributes, operations (or methods), and the relationships among the classes. It
explains which class contains information.
Data Store
Upload multiple
data
User
Attributes
1 1 …...*
Attributes
Methods
1
Methods
0 …...*
1
Admin Block one Admin
user at a time encrypt
data
Access multiple
data 1
Admin
1…...*
Access info
Attributes 1
1 1
Attributes
Methods
Methods
4.8 SEQUENCE DIAGRAMS:
Analysis
Malware Data
UnMalware Data
Graphical Analysis
Spline chart
Logout
Admin Login
User Details
Admin Analysis
Breaches Analysis
6.TESTING
INTRODUCTION:
Testing is the debugging program is one of the most critical aspects of the computer
programming triggers, without programming that works, the system would never produce an
output of which it was designed. Testing is best performed when user development is asked
to assist in identifying all errors and bugs. The sample data are used for testing. It is not
quantity but quality of the data used the matters of testing. Testing is aimed at ensuring that
the system was accurately an efficiently before live operation commands.
Testing objectives:
The main objective of testing is to uncover a host of errors, systematically and with
minimum effort and time. Stating formally, we can say, testing is a process of executing a program
with intent of finding an error.
Levels of Testing:
Code testing:
This examines the logic of the program. For example, the logic for updating various
sample data and with the sample files and directories were tested and verified.
Specification Testing:
Executing this specification starting what the program should do and how it should
performed under various conditions. Test cases for various situation and combination of
conditions in all the modules are tested.
Unit testing:
In the unit testing we test each module individually and integrate with the overall
system. Unit testing focuses verification efforts on the smallest unit of software design in the
module. This is also known as module testing. The module of the system is tested separately.
This testing is carried out during programming stage itself. In the testing step each module is
found to work satisfactorily as regard to expected output from the module. There are some
validation checks for fields also. For example the validation check is done for varying the user
input given by the user which validity of the data entered. It is very easy to find error debut the
In Black Box Testing we just focus on inputs and output of the software system without
bothering about internal knowledge of the software program.
The above Black Box can be any software system you want to test. For example an operating
system like Windows, a website like Google ,a database like Oracle or even your own
custom application. Under Black Box Testing , you can test these applications by just
focusing on the inputs and outputs without knowing their internal code implementation.
Black box testing - Steps
Here are the generic steps followed to carry out any type of Black Box Testing.
There are many types of Black Box Testing but following are the prominent ones.
Functional testing – This black box testing type is related to functional requirements
of a system; it is done by software testers.
Non-functional testing – This type of black box testing is not related to testing of a
specific functionality, but non-functional requirements such as performance,
scalability, usability.
Regression testing – Regression testing is done after code fixes , upgrades or any
other system maintenance to check the new code has not affected the existing code.
White Box Testing is the testing of a software solution's internal coding and
infrastructure. It focuses primarily on strengthening security, the flow of inputs and outputs
through the application, and improving design and usability. White box testing is also known
as clear, open, structural, and glass box testing.It is one of two parts of the "box testing"
approach of software testing. Its counter-part, black box testing, involves testing from an
external or end-user type perspective. On the other hand, White box testing is based on the
inner workings of an application and revolves around
What do you verify in White Box Testing?
White box testing involves the testing of the software code for the following:
Expected output
The testing can be done at system, integration and unit levels of software development. One
of the basic goals of whitebox testing is to verify a working flow for an application. It
involves testing a series of predefined inputs against expected or desired outputs so that when
a specific input does not result in the expected output, you have encountered a bug.
To give you a simplified explanation of white box testing, we have divided it into two
basic steps. This is what testers do when testing an application using the white box testing
technique:
The first thing a tester will often do is learn and understand the source code of application.
Since white box testing involves the testing of the inner workings of an application, tester
must be very knowledgeable in the programming languages used in the applications they are
testing. Also, the testing person must be highly aware of secure coding practices. Security is
often one of the primary objectives of testing software. The tester should be able tofind
security issues and prevent attacks from hackers and naive users who might inject malicious
code into the application either knowingly or unknowingly.
Step 2) CREATE TEST CASES AND EXECUTE
The second basic step to white box testing involves testing the application’s source
code for proper flow and structure. One way is by writing more code to test the application’s
source code. The tester will develop little tests for each process or series of processes in the
application. This method requires that the tester must have intimate knowledge of the code
and is often done by the developer. Other methods include manual testing, trial and error
testing and the use of testing tools as we will explain further on in this article.
System testing:
Once the individual module testing is completed, modules are assembled and
integrated to perform as a system. The top down testing, which began from upper level to
lower level module, was carried out to check whether the entire system is performing
satisfactorily.
1 Alpha Testing
2 Beta Testing
3 Acceptance Testing
Alpha Testing:
This refers to the system testing that is carried out by the test team with the Organization.
Beta Testing:
This refers to the system testing that is performed by a selected group of friendly customers
Acceptance Testing:
This refers to the system testing that is performed by the customer to determine whether to accept
the delivery of the system.
Integration Testing:
Data can be lost across an interface, one module can have an adverse effort on the
other sub functions, when combined, may not produce the desired major functions. Integrated
testing is the systematic testing for constructing the uncover errors within the interface. The
testing
was done with sample data. The developed system has run successfully for this sample data.
The need for integrated test is to find the overall system performance.
Output testing
After performance of the validation testing, the next step is output testing. The output
displayed or generated by the system under consideration is tested by asking the user about
the format required by system. The output format on the screen is found to be correct as
format was designed in the system phase according to the user needs. Hence the output
testing does not result in any correction in the system.
Test plan:
The test-plan is a list of test cases that need to be run on the system. Some of the test cases
can be run independently for some components (report generation from the database, for
example, can be tested independently) and some of the test cases require the whole system to
be ready for their execution. It is better to test each component as and when it is ready before
integrating the components. It is important to note that the test cases cover all the aspects of
the system (i.e., all the requirements stated in the RS document).
7.IMPLEMENTATION
Windows Installation
We assume you have your Django archive and python installed on your computer.
On some version of windows (windows 7) you might need to make sure the Path system
variable has the path the following C:\Python34\;C:\Python34\Lib\site-packages\django\bin\ in it, of
course depending on your Python version. Then, extract and install Django.
c:\>cd c:\Django-x.xx
Next, install Django by running the following command for which you will need
administrative privileges in windows shell "cmd" - c:\Django-x.xx>python setup.py install
To test your installation, open a command prompt and type the following command −
If you see the current version of Django printed on screen, then everything is set. OR
>>c:\> python
>>> import django
>>> django.VERSION
After Python installation open wamp server, open Mysqlconsole window and run your
database in background using query select * from databasename;
Now cd to your project file and type python manage.py runserver command. Copy the URL
generated and paste it in browser.
8.CONCLUSION
We analyzed a hacking breach dataset from the points of view of the incidents inter-
arrival time and the breach size, and showed that they both should be modeled by stochastic
processes rather than distributions. The statistical models developed in this paper show
satisfactory fitting and prediction accuracies. In particular, we propose using a copula-based
approach to predict the joint probability that an incident with a certain magnitude of breach
size will occur during a future period of time. Statistical tests show that the methodologies
proposed in this paper are better than those which are presented in the literature, because the
latter ignored both the temporal correlations and the dependence between the incidents inter-
arrival times and the breach sizes. We conducted qualitative and quantitative analyses to draw
further insights. We drew a set of cybersecurity insights, including that the threat of cyber
hacking breach incidents is indeed getting worse in terms of their frequency, but not the
magnitude of their damage. The methodology presented in this paper can be adopted or
adapted to analyze datasets of a similar nature.
9. FUTURE ENHANCEMENT
Many open problems are left for future research. For example, it is both interesting
and challenging to investigate how to predict the extremely large values and how to deal with
missing data (i.e., breach incidents that are not reported). It is also worthwhile to estimate the
exact occurring times of breach incidents. Finally, more research needs to be conducted
towards understanding the predictability of breach incidents (i.e., the upper bound of
prediction accuracy).
10.BIBLIOGRAPHY