EXPERIMENT NO.

1
Problem Identification /Project Title

1.1 Introduction
1.2 Background
1.3 Motivation
1.4 Problem Statement
1.5 Objective and Scope
1.1 INTRODUCTION: AN OVERVIEW OF THE SYSTEM

Security Monitoring System sometimes referred to as "security information monitoring

(SIM)" or "security event monitoring (SEM)," involves collecting and analysing
information to detect suspicious behaviour or unauthorised system changes on your
network, defining which types of behaviour should trigger alerts, and taking action on
alerts as needed.
The means for security personnel to investigate and prosecute an unfolding incident or
simply to review logs to improve alerting mechanisms or to manually identify security
incidents.

1.2 BACKGROUND: EXISTING SYSTEM

• Freemium Version
• Monitor your devices and interfaces using our free network monitoring software.
• Full-stack Monitoring
• Full-fledged Server Monitoring with more than 60 performance metrics for your
physical, virtual, and cloud servers
• Abuse of account privileges.
• From honest mistakes to misuse of account privileges and intentional leaks, to
identity theft, or any other engineering attack to compromise the security of user
account data; individuals inside your premises are among your major security
problems.
• Insufficient IT security management
• Even with the most reliable cyber-security solutions, most organizations may
still face threats since they lack enough skilled workforce to manage the
resources well. As a result, you may miss crucial security alerts, and any
successful attack may not be countered early enough to minimize the damage.
1.2 MOTIVATION

The seamless operation of the Internet requires being able to monitor and to visualize
the actual behaviour of the network. Today, IP network operators usually collect
network flow statistics from critical points of their network infrastructure. Whereas
network problems or attacks that significantly change traffic patterns are relatively easy
to identify, it tends to be much more challenging to identify creeping changes or attacks
and faults that manifest themselves only by very careful analysis of initially seemingly
unrelated traffic patterns and their changes. There are currently no deployable good
network visualization solutions supporting this kind of network analysis, and research
in this area is just starting. In addition, the large volume of flow data on high-capacity
networks and exchange points requires moving to probabilistic sampling techniques,
which require new analysis techniques to calculate and also to visualize the uncertainty
attached to data sets

1.3 PROBLEM STATEMENT

1. Real Time Monitoring: -

• Employers to observe employees' computer activities;
• Device owners to track possible unauthorized activity on their devices.
2. User management: -
• User management describes the ability for administrators to manage devices,
systems, applications, storage systems, networks and user access to other various
IT resources.
3. Key Logger: -
• Key loggers also known as keystroke loggers, may be defined as the recording
of the key pressed on a system and saved it to a file, and the that file is accessed
by the person using this malware.
1.5 OBJECTIVE AND SCOPE OF THE PROJECT
Security monitoring is a key cloud security strategy that has several important purposes
for CSPs and tenants, these include:

O Threat Detection Some exploits may not be preventable and some threats may not
be anticipated, and in this sense, monitoring is the last line of defence. But there is a
difference between detecting a security situation and doing something about it.

O Verification of Security Controls Although most security controls are oriented

toward enforcing security policy, monitoring is used to verify the correct operation of
other security controls. If events which indicate actions prohibited by policy appear in
the security event stream, this would indicate that policy is not being correctly enforced
by security controls.

O A Legal Record of Activity Security event data can form a legal record of actions
that users or processes performed. To be used in a legal proceeding, this data must have
verifiable integrity (records have not been altered and they comprise a complete record)
and the organization must be able to demonstrate chain of custody over the data.
 EXPERIMENT NO. 2

LITERATURE SURVEY FOR

PROBLEM IDENTIFICATION AND SPECIFICATION

2.1 Introduction

2.2 Research Papers

2.1 INTRODUCTION

Security Monitoring System sometimes referred to as "security information monitoring

(SIM)" or "security event monitoring (SEM)," involves collecting and analysing
information to detect suspicious behaviour or unauthorized system changes on your
network, defining which types of behaviour should trigger alerts, and taking action on
alerts as needed.

The means for security personnel to investigate and prosecute an unfolding incident or
simply to review logs to improve alerting mechanisms or to manually identify security
incidents.

2.2 Objectives

✓ Gaining an understanding on the fundamentals and state-of-the art of the area.

✓ Learning the definitions of the concepts.
✓ Access to latest approaches, methods and theories.
✓ Discovering research topics based on the existing research
✓ Concentrate on your own field of expertise: Even if another field uses the same
words, they usually mean
✓ completely different thing.
✓ It improves the quality of the literature survey to exclude side-tracks– Remember
to explicate what is exclude
2.2 RESEARCH PAPER
1. Network Security and Technology Research
Abstract:
The rapid development of computer network system brings both a great convenience
and new security threats for users. Network security problem generally includes
network system security and data security. Specifically, it refers to the reliability of
network system, confidentiality, integrity and availability of data information in the
system. Network security problem exists through all the layers of the computer network,
and the network security objective is to maintain the confidentiality, authenticity,
integrity, dependability, availability and audit-ability of the network. This paper
introduces the network security technologies mainly in detail, including authentication,
data encryption technology, firewall technology, intrusion detection system (IDS),
antivirus technology and virtual private network (VPN). Network security problem is
related to every network user, so we should put a high value upon network security, try
to prevent hostile attacks and ensure the network security.
Published in: 2015 Seventh International Conference on Measuring Technology and
Mechatronics Automation
Publisher: IEEE

2. A Formal Model for Network-Wide Security Analysis

Abstract:
Network designers perform challenging tasks with so many configuration options that
it is often hard or even impossible for a human to predict all potentially dangerous
situations. In this paper, we introduce a formal method approach for verification of
security constraints on networks with dynamic routing protocols in use. A unifying
model based on packet-filters is employed for modelling of network behaviour. Over
this graph model augmented with filtering rules over edges verification of reach ability
properties can be made. In our approach we also consider topology changes caused by
dynamic routing protocols.
Published in: 15th Annual IEEE International Conference and Workshop on the
Engineering of Computer Based Systems (ecbs 2008)
Publisher: IEEE
3. Enabling Cyber Security Data Sharing for Large-scale
Enterprises Using Managed Security Services
Abstract:
Large enterprises and organizations from both private and public sectors typically
outsource a platform solution, as part of the Managed Security Services (MSSs), from
3rd party providers (MSSPs) to monitor and analyse their data containing cyber security
information. Sharing such data among these large entities is believed to improve their
effectiveness and efficiency at tackling cybercrimes, via improved analytics and
insights. However, MSS platform customers currently are not able or not willing to
share data among themselves because of multiple reasons, including privacy any
proposed mechanism or technique to address such a challenge need to ensure that
sharing is achieved in a secure and controlled way. In this paper, we propose a new
architecture and use case driven designs to enable confidential, flexible and
collaborative data sharing among such organizations using the same MSS platform.
MSS platform is a complex environment where different stakeholders, including
authorized MSSP personnel and customers' own users, have access to the same platform
but with different types of rights and tasks.
Published in: 2018 IEEE Conference on Communications and Network Security
(CNS)
Publisher: IEEE

4. Security-aware Software Development Life Cycle (SaSDLC) -

Processes and tools
Abstract:
Today an application is secured using invitro perimeter security. In Next Generation
Internet (NGI), where all applications will be networked, security needs to be in-vivo;
security must be functions within the application. Applications running on any device,
be it on a mobile or on a fixed platform - need to be security-aware using Security aware
Software Development Life Cycle (SaSDLC), which is the focus of this paper. We also
present a tool called Suraksha that comprises of Security Designers' Workbench and
Security Testers' Workbench that helps a developer to build Security-aware
applications.
Published in: 2009 IFIP International Conference on Wireless and Optical
Communications Networks
Publisher: IEEE
5. Information Security Monitoring System Based on Data Mining
Abstract:
Some heterogeneous security equipment’s such as firewalls, intrusion detection
systems, and anti-virus gateways, can produce massive security events which are
difficult to manage efficiently. So, a log-based mining, distributed, and multi-protocol
supported framework of security monitoring system is proposed. Security event
correlation based on data mining analysis can automatically extract association rules,
analyse alarming and found new invasion model, so it is a highly intelligent solution.
Published in: 2009 Fifth International Conference on Information Assurance and
Security
Publisher: IEEE

6. Study on data acquisition solution of network security

monitoring system
Abstract:
With the demands for network security, some heterogeneous security equipment’s such
as firewalls, intrusion detection systems, and anti-virus gateways are widely deployed
in network, and produce massive security events which need to be merged and analysed.
Therefore, a distributed and multi-protocol supported network security monitoring
system is proposed. The paper describes the architecture of the network security
monitoring system. Focusing on the system acquisition layer, two methods are designed
for monitoring data collection: syslog-based collection and real-time traffic-based
collection. The ActiveMQ which based on the JMS specification was adopted for data
transmission…
Published in: 2010 IEEE International Conference on Information Theory and
Information Security
Publisher: IEE

7. Network Security Monitoring

Chapter Abstract:
Network security monitoring remains a vital component for incident response, threat
hunting, and network security in general. This chapter focuses on network activity and
explores the Elastic Stack and ways to integrate host‐based data to provide enhanced
visibility across the network. It examines the architecture for deployment of Security
Onion in an enterprise and each of the major tools integrated into the platform. The
chapter outlines basic skills to facilitate effective incident response for those situations
where the critical data that reader need has not been conveniently placed into Elastic
Stack or another analysis platform. The Elastic Stack provides an amazing platform to
support incident response, but readers occasionally will need to access other data
sources directly on a host or that otherwise have not been ingested into a centralized
analysis platform. Web servers, nix systems, and other applications store many of their
logs in a text‐based format.
Publisher: Wiley Data and Cyber security
Publisher: IEEE

8. Integrated workstations for reliable, site-independent security

monitoring and control
Abstract:
The Security Console Project at Lawrence Livermore National Laboratory has designed
and implemented a series of security communications command centres for monitoring
and controlling its physical security systems. The author discusses the important aspects
of this project that address reliable, site-independent operation. Major concepts
presented include the use of operator workstations, map-based alarm displays, rule-
based incident assessment, and computer-aided configuration management.
Published in: Proceedings Institute of Electrical and Electronics Engineers 1988
International Carnahan Conference on Security Technology, Crime Countermeasures
Publisher: IEEE

9. Design of security integrated monitoring system

Abstract:
The development of Internet of things technology has brought about changes in the
monitoring industry. The integration of video monitoring and defence monitoring
system based on video technology and sensor technology becomes possible. In this
paper, combined with the widely used video monitoring equipment and defence
monitoring equipment in the current market, as well as the corresponding software
interface, a set of integrated security monitoring software system with defence
monitoring and video monitoring functions is designed, which can quickly make video
response in the defence alarm. At the same time, this paper discusses the key technical
problems that need to be solved in the practical application of the system.
Published in: 2021 IEEE 4th International Conference on Information Systems and
Computer Aided Education (ICISCAE)
Publisher: IEEE

10. The research on data flow technology in computer network

security monitoring
Abstract:
With the rapid development of computer technology and application of Internet is
becoming more and more widely, the Internet plays a more and more important role in
people's life. At the same time, all kinds of network security events emerge in endlessly,
seriously threaten the application and development of the Internet. With the purpose of
safety, network monitoring, have more and more important significance in the
maintenance of normal efficiently network run, key facilities, information system
security, etc., How to realize effective network transmission and efficient online
analysis to a huge number of distributed network security monitoring data so as to
provide further support for a variety of applications become a major challenge in the
field of network security and data processing.
Published in: 2014 IEEE Workshop on Advanced Research and Technology in
Industry Applications (WARTIA)
Publisher: IEEE

11.Component Based Security Control for Information Network

Abstract:
It is a complex engineering to protect the security of information network (info-net), so
it is necessary to study out a new security control architecture and model in the view of
systemic control. According to the characteristics and security demands of info-net, a
new security control viewpoint and its architecture based on components is proposed,
the security control system is built, and details about the structure of control framework,
its various types, and functions and propagation modes of security control components
are introduced, then the features of the control system are summarized in the end

Published in: The Proceedings of the Multiconference on "Computational Engineering

in Systems Applications"
Publisher: IEEE(Yu Wang; Jun Lu; Zhongwang Wu; Yu Lu)
12. Construction of Network Security Perception System Using
Elman Neural Network
Abstract:
the purpose of the study is to improve the security of the network, and make the state
of network security predicted in advance. First, the theory of neural networks is studied,
and its shortcomings are analysed by the standard Elman neural network. Second, the
layers of the feedback nodes of the Elman neural network are improved according to
the problems that need to be solved. Then, a network security perception system based
on GA-Elman (Genetic Algorithm-Elman) neural network is proposed to train the
network by global search method. Finally, the perception ability is compared and
analysed through the model. The results show that the model can accurately predict
network security based on the experimental charts and corresponding evaluation
indexes. The comparative experiments show that the GA-Elman neural network
security perception system has a better prediction ability. Therefore, the model
proposed can be used to predict the state of network security and provide early warnings
for network security administrators.
Published in: 2021 2nd International Conference on Computer Communication and
Network Security (CCNS)
Publisher: Yun; Huang Qiang; Ma Yixuan

13. Network Security Situation Prediction in Software Defined

Networking Data Plane
Abstract:
Software-Defined Networking (SDN) simplifies network management by separating
the control plane from the data forwarding plane. However, the plane separation
technology introduces many new loopholes in the SDN data plane. In order to facilitate
taking proactive measures to reduce the damage degree of network security events, this
paper proposes a security situation prediction method based on particle swarm
optimization algorithm and long-short-term memory neural network for network
security events on the SDN data plane. According to the statistical information of the
security incident, the analytic hierarchy process is used to calculate the SDN data plane
security situation risk value. Then use the historical data of the security situation risk
value to build an artificial neural network prediction model. Finally, a prediction model
is used to predict the future security situation risk value. Experiments show that this
method has good prediction accuracy and stability.
Published in: 2020 IEEE International Conference on Advances in Electrical
Engineering and Computer Applications ( AEECA)
Publisher: Mingren Sheng; Hongri Liu; Xu Yang; Wei Wang; Junheng
Huang; Bailing Wang

14. Research on the Application of Intelligent Learning Algorithms

in Network Security Situation Awareness and Prediction Methods
Abstract:
As the core hotspot of network information security, network security situational
awareness has received more and more attention. In order to explore the application
effect of intelligent learning algorithm, this study takes Radial Basis Function (RBF) as
the main research object, optimizes RBF by Simulated Annealing (SA) algorithm and
Hybrid Hierarchy Genetic Algorithm (HHGA), constructs RBF neural network
prediction model based on SA-HHGA optimization, and carries out relevant
experiments. The results show that the predicted situation value of the optimized RBF
in 15 samples is very close to the realistic situation value. RBF has good prediction
effect and can provide assistance for the maintenance of network security.
Published in: 2021 5th Asian Conference on Artificial Intelligence Technology
(ACAIT)
Publisher: Zhihua Chen

15. Research on Network Security Situation Prediction-Oriented

Adaptive Learning Neuron
Abstract:
Network security situation perception is to predict the probability of attacks, may occur
in the future, by a variety of predicting methods, by recent network attacking data
obtained from IDS (Intrusion Detection System). Neural Network model has many
features, high degree of fault tolerance, associability, self-organizing and self-learning
ability, and strong nonlinear mapping and generalization for a complex system, for
example. Therefore, Neural Network was applied to the field of network security
situation prediction. Adaptive Learning of neuron was introduced. It will be more
flexibility to meet changing security environment of such a complex system
requirement. The design and achievement of the adaptive learning neuron was stated in
detail.
Published in: 2010 Second International Conference on Networks Security, Wireless
Communications and Trusted Computing
Publisher: Jing Li; Chunbo Dong

16. Security Model Based on Network Business Security

Abstract:
Enterprise Network Information System is not only the platform for information sharing
and information exchanging, but also the platform for Enterprise Production
Automation System and Enterprise Management System working together. As a result,
the security defence of Enterprise Network Information System does not only include
information system network security and data security, but also include the security of
network business running on information system network, which is the confidentiality,
integrity, continuity and real-time of network business. According to the security
defence of Enterprise Network Information System, this paper proposes the "network
business security" concept. In this paper, the object of information security is defined
in three parts - - data security, network system security and network business security,
and the network business security model is described. The proposal of the concept
"network business security" provides theoretical basis for security defence of enterprise
automatic production system and enterprise management information system.
Published in: 2009 International Conference on Computer Technology and
Development
Publisher: Wu Kehe; Zhang Tong; Li Wei; Ma Gang

17. Network Security Risk Assessment and Situation Analysis

Abstract:
With the development of computer networks, the spread of malicious network activities
poses great risks to the operational integrity of many organizations and imposes heavy
economic burdens on life and health. Therefore, risk assessment is very important in
network security management and analysis. Network security situation analysis not
only can describe the current state but also project the next behaviour of the network.
Alerts coming from IDS, Firewall, and other security tools are currently growing at a
rapid pace. In this paper, we described cyberspace situational awareness from formal
and visual methods. Next, to make security administrator comprehend security situation
and project the next behaviours of the whole network, we present using parallel axes
view to give expression clearly of security events correlations.
Published in: 2007 International Workshop on Anti-Counterfeiting, Security and
Identification (ASID)
Publisher: Liu Mixia; Yu Dongmei; Zhang Qiuyu; Zhu Honglei
18. Network management security
Abstract:
A review is given of network management security issues and the authors explain how
ISO's SC21/WG4 is currently addressing these. Aspects covered include: what network
management security is, why it needs to be considered and what issues need to be
resolved to achieve this. Within this overall structure, specific details covered include:
management as a means of attack on managed system security; management of security
services; current trends that increase the need for network management security;
implementation difficulties arising from technical characteristics and operational
requirements; and ISO standards view. < >
Published in: [1990] Proceedings of the Sixth Annual Computer Security Applications
Conference
Publisher: R. Ward; P. Skeffington

19. Analysis of Computer Network Security Technology and

Preventive Measures under the Information Environment
Abstract:
This paper first summarizes what informatization is, and then analyses the service of
informatization computer network security management system in detail. Then, it
analyses the specific application and problems of informatization in computer network
security management system, including hash function to protect network information
transmission security, symmetric encryption strategy to protect computer network
information security and establishment of computer network security protection system
in information environment. Finally, it expounds the relevant countermeasures to solve
the network security threats under the information environment, including
comprehensively strengthening the computer network security management under the
information environment, establishing and perfecting the computer network security
protection system under the information environment, and strengthening the research
on the black and evil prevention mechanism under the information environment to
protect the computer network information security. In this paper, under the background
of Informa ionization, people pay more attention to the security technology of computer
network and related preventive measures.
Published in: 2020 5th International Conference on Mechanical, Control and
Computer Engineering (ICMCCE)
Publisher: Bin Ge; Jin Xu
20.Research on enterprise network security system
Abstract:
With the development of openness, sharing and interconnection of computer network,
the architecture of enterprise network becomes more and more complex, and various
network security problems appear. Threat Intelligence (TI) Analysis and situation
awareness (SA) are the prediction and analysis technology of enterprise security risk,
while intrusion detection technology belongs to active defence technology. In order to
ensure the safe operation of computer network system, we must establish a multi-level
and comprehensive security system. This paper analyses many security risks faced by
enterprise computer network and other technologies to build a comprehensive enterprise
security system to ensure the security of large enterprise network.
Published in: 2021 2nd International Conference on Computer Science and
Management Technology (ICCSMT)
Publisher: Jundan Hou; Xiang Jia

21. Research about solution for network security based on security

domain
Abstract:
The typical security solution can only ensure the security of the network boundary, but
not involve the internal security. According to different types of applications and secrets
that it provides, the network can be divided into a number of logical security domains.
Furthermore, the access control of the network could be realized by applying dynamical
VLAN technology, and the filtration and audit of the information exchange between
security domains is realized by mandatory access control policies, and the unified
identity authentication and access control is realized by applying SSL VPN technology.
Published in: 2010 International Conference on Computer Design and Applications
Publisher: Yan Hui; Han Weijie; Wang Yu
 EXPERIMENT NO. 3

Project
Proposal

3.1 System Planning

3.2 System Design
3.3 System Requirement
3.4 Implementation Tools
3.1 SYSTEM PLANNING

STEPS INVOLVED IN THE SYSTEM DEVELOPMENT LIFE

CYCLE:

Below are the steps involved in the System Development Life Cycle. Each phase
within the overall cycle may be made up of several steps.

Step 1: Software Concept

The first step is to identify a need for the new system. This will include determining
whether a business problem or opportunity exists, conducting a feasibility study to
determine if the proposed solution is cost effective, and developing a project plan.

This process may involve end users who come up with an idea for improving their
work. Ideally, the process occurs in tandem with a review of the organization's
strategic plan to ensure that IT is being used to help the organization achieve its
strategic objectives. Management may need to approve concept ideas before any
money is budgeted for its development
Step 2: Requirements Analysis:

Requirement’s analysis is the process of analyzing the information needs of the end
users, the organizational environment, and any system presently being used, developing
the functional requirements of a system that can meet the needs of the users. The
requirements documentation should be referred to throughout the rest of the system
development process to ensure the developing project aligns with user needs and
requirements.

Professionals must involve end users in this process to ensure that the new system will
function adequately and meets their needs and expectations.

Step 3: Architectural Design:

After the requirements have been determined, the necessary specifications for the
hardware, software, people, and data resources, and the information products that will
satisfy the functional requirements of the proposed system can be determined.

The design will serve as a blueprint for the system and helps detect problems before
these errors or problems are built into the final system. Professionals create the system
design, but must review their work with the users to ensure the design meets users’
needs.

Step 4: Coding and Debugging

Coding and debugging are the act of creating the final system. This step is done by
software developer.

Step 5: System Testing

The system must be tested to evaluate its actual functionality in relation to expected or
intended functionality. Some other issues to consider during this stage would be
converting old data into the new system and training employees to use the new system.
End users will be key in determining whether the developed system meets the intended
requirements, and the extent to which the system is used.
 Step 6: Maintenance

Inevitably the system will need maintenance. Software will definitely undergo change
once it is delivered to the customer. There are many reasons for the change. Change
could happen because of some unexpected input values into the system. In addition, the
changes in the system could directly affect the software operations. The software should
be developed to accommodate changes that could happen during the post
implementation period.

There are various software process models like

o Prototyping Model
o RAD Model
o The Spiral Model
o The Waterfall Model
o The Iterative Model

Of all these process models we’ve used the Iterative model (The Linear Sequential
Model) for the development of our project.

3.2 The Iterative model

Iterative process starts with a simple implementation of a subset of the software

requirements and iteratively enhances the evolving versions until the full system is
implemented. At each iteration, design modifications are made and new functional
capabilities are added. The basic idea behind this method is to develop a system through
repeated cycles (iterative) and in smaller portions at a time (incremental)

The model consists of six distinct stages, namely

1. In the requirements analysis phase

(a) The problem is specified along with the desired service objectives(goals)

(b) The constraints are identified

 2. In the specification phase the system specification is produced from the
detailed definitions of (a) and (b) above. In the system and software design phase,
the system specifications are translated into a software representation. The
software engineer at this stage is concerned with: Data structure, Software
architecture, Algorithm, ic detail, Interface, representations The hardware
requirements are also determined at this stage along with a picture of the overall
system architecture. By the end of this stage should the software engineer should
be able to identify the relationship between the hardware, software and the
associated interfaces. Any faults in the specification should ideally not be passed
down stream.

3. In the implementation and testing phase stage the designs are translated into the
software domain. Detailed documentation from the design phase can
significantly reduce the coding effort. Testing at this stage focuses on making
sure that any errors are identified and that the software meets its required
specification.
4. In the integration and system testing phase all the program units are integrated
and tested to ensure that the complete system meets the software requirements.
After this stage the software is delivered to the customer [Deliverable – The
software product is delivered to the client for acceptance testing.]
5. The maintenance phase the usually the longest stage of the software. In this phase
the software is updated to: Meet the changing customer needs, adapted to
accommodate changes in the external environment, Correct errors and oversights
previously undetected in the testing phases enhancing the efficiency of the
software
Observe that feedback loops allow for corrections to be incorporated into the model.
For example, a problem /update in the design phase requires a ‘revisit’ to the
specifications phase. When changes are made at any phase, the relevant documentation
should be updated to reflect that change.
 Advantages of the Iterative Model: -
Testing is inherent to every phase of the

Iterative model It is an enforced disciplined

approach It is documentation driven, that is,

documentation is produced at every stage

Disadvantages of the Iterative Model: -

The waterfall model is the oldest and the most widely used paradigm.
However, many projects rarely follow its sequential flow. This is due to the inherent
problems associated with its rigid format. Namely:

It only incorporates iteration indirectly, thus changes may cause

considerable confusion as the project progresses

3.3 SYSTEM DESIGN

There are two models to collect data, push and pull. In monitoring system, I would

always go with pull model, and the reason is as below:

1. Scalability Concern. Our infrastructure will keep growing, and we many have
hundreds or thousands of services in the coming years. And our service usage, user
base will grow too. If we go with the push model, then all these services will keep
hitting our monitor service. If we have a service which processes 1M requests per
second, and this service push the metrics to our monitoring service upon every
request, then we will suffer from scalability issue frequently as we grow. So instead
of getting called to get metrics, I would prefer to actively pull the data from the
services.
 2. Automatic Upness Monitoring — By pulling the data proactively, we can directly
know if the service is alive or not. For example, if one service is not reachable, we
can be aware of it immediately.

3. Easier Horizontal Monitoring — If we have two independent systems A and B,

but one day we need to monitor some service in system B from system A. We can
pull metrics from system B directly, no need to configure system B to push to
system A.

4. Easier for Testing — We can simply spin up testing env, and copy the
configuration from production, then you can pull the same metrics as prod and do
testing.

5. Simpler High Availability — just spin up two servers with the same configuration
to pull the same data to achieve HA.

6. Less configuration, no need to configure every service.

Base on the analysis above, my design for the pull model is below:

1. Our service will pull the data from the services regularly (for example every
second). We need a real time monitoring system, but a lag of a couple of seconds is
totally fine.

2. Exporters — The services should not call our monitor service to send the data.
Instead, they can save the metrics to an exporter, and the data can be stored there to
get pulled. So that, our monitor service will not be exhausted from getting called,
and it will be more scalable. Also, our monitoring system may need the data in a
specific format, and the services may be designed in different technologies, and
have data in different formats. So, we require an exporter attached to each service,
 which reformats the data into the correct format for our monitor services. And our
monitor will pull the data from the exporters.

3. Push Gateway — For cron jobs, they are not service based, but we may need to
monitor the metrics from them too. So, we can have a push gateway, which lives
behind all the cron jobs, and the monitor can just pull the data from the gateway
directly.

Exporter Design

Since we discussed the components for the Pull model, i.e., Exporter, and Push Gateway.

Some interview may question why not have multiple services hooked to one exporter.

And I would always prefer one service per exporter, and the argument is below:

1. Operational bottleneck — the exporter will become a bottleneck if we have too

many services behind it

2. Single point of failure, and one service pushes too much will block others

3. If I am only interested in the metrics of one service, I cannot get that only, I have to
read all

4. No upness monitoring — if one service is not reachable, we will not be able to

know.

5. Hard to get service metadata — we can store the service metadata in the exporter
Clustering?
Our monitoring system has to be very stable, so I would not go with the network
clustering approach for the monitoring service. The reason is, clustering is very
complicated, and easier to break. So it would be better to have on single solid node that
does not depend on network.

Also, for the monitoring data, we usually care more about recent data. We usually do not
care about metrics days or weeks ago. So we only need to store recent data instead of all
historical data. Then there is no reason for us to go with the clustering approach.

And we can simply run 2 servers in parallel, which will be sufficient enough for HA.

Design
Since we only care about more recent data in the monitoring. The data usage pattern for
monitor is like below:

1. recent data is very frequently accessed

2. historical data may be accessed occasionally

So, we can store the recent data in memory for faster reads, and older data in disk. If we
have 1M metrics to monitor, and for each metrics, there is a data point for every second,
which is 16 bytes (key-value pair). Then for a server with 128GB memory, we can save
around 2 hours of data. Which is good enough.

For the data in memory, we can save them in chunks, and once an older chunk is filled,
we can simply compress it and save it on to a disk. For these data, querying on them will
be slower, as we need to read from disk and decompress them. But I think slowness on
querying old data is acceptable.
For much older data, like data months ago, we can store the compress data into a cheaper
data storage offsite.

Since the recent monitored data are in memory, we will need a recovery system for them.
If the server crashes, in order not to lose all the data, we need to create snapshots of the
memory maybe every few minutes.

Also, we need to keep a monitor on the memory usage on the monitor service, in case
our server is running out of memory during peak usages. When the memory usage is
high, we may need to speed up the compress and save to disk process.

The DB we need to use for monitoring service would be time series DB.

Base on the discussion above, this is a high-level design for a monitor service.

• Exporter — Pulls metrics from targets and convert them to correct format

• Push Gateway — Kron jobs to push metrics to at exit, then we can pull metrics from
it.

• Data retrieval workers — pull data

• Time series storage — Local SSD / Remote Storage

• Query Service — visualize data

• Alert manager — to send alerts to different channels

• Service Discovery — Configuration for the targets to pull metrics from

3.4 TIMELINE CHART

A timeline chart is an effective way to visualize a process using chronological order.

Since details are displayed graphically, important points in time can be easy seen and
understood.
Often used for managing a project’s schedule, timeline charts function as a sort of
calendar of events within a specific period of time.
A Timeline chart is constructed with a horizontal axis representing the total time span
of the project, broken down into increments (for example, days, weeks, or months) and
a vertical axis representing the tasks that make up the project (for example, if the project
is outfitting your computer with new software, the major tasks involved might be:
conduct research, choose software, install software). Horizontal bars of varying lengths
represent the sequences, timing, and time span for each task. Using the same example,
you would put conduct research" at the top of the vertical axis and draw a bar on the
graph that represents the amount of time you expect to spend on the research, and then
enter the other tasks below the first one and representative bars at the points in time
when you expect to undertake them.
The bar spans may overlap, as, for example, you may conduct research and choose
software during the same time span. As the project progresses, secondary bars,
arrowheads, or darkened bars may be added to indicate completed tasks, or the portions
of tasks that have been completed. A vertical line is used to represent the report date.
3.5 BLOCK DIAGRAM
Introduction: It is a process of collecting and interpreting facts, identifying the
problems, and decomposition of a system into its component. System analysis is
conducted for the purpose of studying a system or its parts in order to identify its
objectives. It is a problem-solving technique that improves the system and ensures that
all the components of the system work efficiently to accomplish their purpose. Analysis
specifies what the system should do. It is a process of planning a new business system
or replacing an existing system by defining its components or modules to satisfy the
specific requirements. Before planning, you need to understand the old system
thoroughly and determine how computers can best be used in order to operate
efficiently. System Design focuses on how to accomplish the objective of the system.
3.6 SYSTEM REQUIREMENT
Hardware Requirement

❖ Ram: At Least128MB
❖ Processor: 300 MHz or higher processor (Pentium processor recommended)
❖ HDD: 20 GB or more

Software Requirement

❖ Docker
❖ MySqlServer

Languages used

❖ HTML
❖ CSS
❖ JavaScript
❖ Python

REFERENCES AND BIBLIOGRAPHY

https:/gongybable.medium.com/system-design-design-a-monitoring-
systemf0f0cbafc895
i) Google for problem-solving
ii) http://www.javaworld.com/javaworld/jw-01-1998/jw-01-Credentialreview.html
iii) Database Programming with JDBC and Java by O’Reilly
iv) Head First Java 2NdEdition
v) http://www.jdbc-tutorial.com/
vi) Java andhttps://www.javapoint.com/java-tutorial
vii) Software Design Concept byApress
viii)https://www.tutorialpoint.com/java/
ix) https://docs.oracle.com/javase/tutorial/
x) https://www.wampserver.com/en/
xi) https://www.JSP.net/
xii) https://www.tutorialspoint.com/mysql/
xiii)httpd.apache.org/docs/2.0/misc/tutorials.ht
 EXPERIMENT NO- 4

Anjuman-i-Islam’s
M.H. SABOO SIDDIK POLYTECHNIC
8, Saboo Siddik Polytechnic Road, Byculla
Mumbai- 400008
******

INFORMATION TECGNOLOGY

PROJECT DIARY
 Academic Session 2022-23

Programme DIPLOMA IN INFORMATION TECHNOLOGY

Course Code & Course IF-5I

Student Name MOHAMMED MUSAB

Student Roll no 20817

Guide Name Ms. KHAN SAMEERA

Project Title NETWORK SECURITY MONITORING SYSTEM

PROGRESSIVE ASSESSMENT (PA) SHEET

Marks
Sr. No Criteria Max Marks
Obtained

1 Problem Identification / Project Title

2 Industrial Survey / Literature Review

10
3 Project Proposal

4 Project Diary

5 Report Writing including documentation 10

6 Presentation 05

TOTAL 25

Name and Signature of the Project Guide:

 PROJECT DIARY FORMAT

Week No :
1/2

Activities Planned:
Decided the number of members in the group and finalised the group members and submitted
it to our teacher

Activities Executed:
Discussions were done for deciding the group members and who will perform what kind of
role in the complete process of the CPP project development

Reason for delay if any:

-------------

Corrective Measured Adopted:

Earlier the number of group members werent appropriate, but then with the help of our teacher,
we finally came to conclusion and corrected the number of members in our group

Remark and Signature of the Guide:

Week No :
3/4

Activities Planned:
Discussed and finalised the topic for our final year project with which all the members as well
our teacher agreed and as well were satisfied

Activities Executed:
Our teacher guided/assisted us about what and what kind of topics we can take and are eligible
for our final year projects and then looking at the difficulty, time constraint, and coordination
levels in our group, we finally came to a conclusion and made a clear decision on what topic
we must opt for

Reason for delay if any:

-------------

Corrective Measured Adopted:

Earlier we had finalised a topic which was compatible for our final year project, but then with
the help of our teacher, we finally corrected our fundamentals and chose a correct and eligible
topic

Remark and Signature of the Guide:

Week No :
5/6/7

Activities Planned:
Started finding about what all resources we will be requiring for our project and its successful
completion

Activities Executed:
We looked at the internet and even talked with our seniors and our teacher for seeking help
regarding our project or our topic and then after a lot research and listening to the experiences
of our seniors, we listed down number of resources which may help us out in our project
development

Reason for delay if any:

-------------

Corrective Measured Adopted:

Earlier our list of resources which we finalised had contained a lot of resources, in which some
of them even didn’t had much contribution in our project, so we again went through our list
and then shortlisted some of the resources which had complete connection and contribution
with our project and then finally revised our list of resources and made it checked and verified
from our teacher as well

Remark and Signature of the Guide:

Week No :
8/9/10

Activities Planned:
Divided our complete project in parts and started off with the first part of our project
development

Activities Executed:
After making sure what resources we need for our project devlopment, we then divided our
project in parts for easy and effective development of our project and even divided what all
and what kind of tasks are required to be performed by the members of our group

Reason for delay if any:

-------------

Corrective Measured Adopted:

While implementing ang going on with the first part of our project development, we had made
some small mistakes whuch were then resolved by us only because of having good
coordination between us members

Remark and Signature of the Guide:

Week No :
11/12/13

Activities Planned:
We started with the development of other parts of our project development as well after
successful completion of our previous parts or implementations

Activities Executed:
After completing and succesfully implementing our project in our previous parts, we finally
managed to get further with our development, and now we started of with the next part of our
project development and had managed to complete almost more than half portion of our project

Reason for delay if any:

-------------

Corrective Measured Adopted:

At some points, we did find some erros with our project with which we tried solving but were
unable to solve it, but then we took help of our seniors who made us understand with what
were we going wrong and even helped us in solving it in the correct way

Remark and Signature of the Guide:

Week No :
14/15/16

Activities Planned:
We almost completed our project and just a few minor touches in the UI and some other parts
were remaining including the testing of our project in various conditions as well

Activities Executed:
Till now we sucessfully completed our project and were omnly left with some minor changes
to our project in some parts like presentation, color scheme, etc which may enhance the look
and feel of our project to the user or anyone to whom our project may be presented to or used
by

Reason for delay if any:

-------------

Corrective Measured Adopted:

This time, we didn’t had any mistakes or errors to deal with, but just some minor confusions
regarding small things like colors which we made clear by taking help from other groups and
students of our class

Remark and Signature of the Guide:

 Experiment 5

Project Report

SR. NO. CHAPTER PAGE NO.

1. Certificate

2. Acknowledgement

3. Abstract

4. Content Page

Chapter 1:
5. Introduction and Background of the Industry or User Based
Problem
Chapter 2:
6.
Literature Survey for Problem Identification and Specification
Chapter 3:
7. Proposed Detail Methodology for Solving the identified
Problem with Action Plan

8. References and Bibliography

 CERTIFICATE

This is to certify that Mr. MOHAMMED MUSAB from M.H Saboo

Siddik Polytechnic College having Enrollment No: 2000020355 Has
Completed a Report on the Problem Definition/Semester V Project
Report / Final Project Report having Title Network Security
Monitoring System Individually in a group consisting of 4 Persons
under the Guidance of the Faculty Guide.

Name & Signature of Guide: Ms. Sameera Khan

________________

Name & Signature of HOD: Ms. Sameera Khan

________________
 ACKNOWLEDGMENT

The project title Network Security Monitoring System is a system where we provide
security to the network. The system provides Threat detection, Verification of Security
Controls, Legal record of Activity etc.

For the success of any project, they need hard work and dedication by every member of
that group. But it largely depends on the support and encouragement given to the team
members. We take this opportunity to express our gratitude to the people who have been
leading and guiding us in the completion of this project.

We are greatly thankful to our project guide Lecturer Ms. Sameera Khan for their kind
support and guidance involved in successful completion of this project. We have highly
benefited by this guidance and have found her suggestions helpful in various phases of
this project.

We are highly grateful to Dr. A.K. Kureshi, (Principal), Dr.Zaibunnisa Malik, (Principal
Of Un-Aided, H.O.D of Computer Dept.) and Ms.Sameera Khan (H.O.D of Information
Technology Dept, M.H Saboo Siddik Polytechnic, Byculla) for providing all the
necessary facilities and encouraging us during the course of work.

We would also like to thank the entire Teaching and Non-teaching staff of IT
Department for their constant assistance and cooperation.
 ABSTRACT

Main aim in developing this system is to monitor the network of other devices. The
system can monitor the users screen, it can know some of the actions performed by the
user or client. Our system can be used in many places for eg: Bank Security system,
Computer Lab system, Hospital security system etc.

Businesses rely on networks for all operations. Hence, network monitoring is very
crucial for any business. Today, networks span globally, having multiple links
established between geographically separated data centres, public and private clouds.
This creates multifield challenges in network management. Network admins need to be
more proactive and agile in monitoring network performance. However, this is easier
said than done.
 Content Page

Chapter 1: -Introduction & Background of Industry or User

based Problem
1.1 Introduction ………………………………...
1.2 Background ………………………………...
1.3 Motivation…………………………………..
1.4 Problem Statement …………………………
1.5 Objective and Scope ……………………….
Chapter 2: -Literature Survey for Problem Identification &
Specification
2.1 Introduction ……………………………......
2.2 Objectives ………………………………….
2.3 Research Papers ……………………………
Chapter 3: -Propose Detailed Methodology of Solving the
Identified Problem with Action Plan
3.1 System Planning …………………………….
3.2 System Design ………………………………
3.3 TimeLine Chart ……………………………..
3.4 Block Diagram ……………………………...
3. 5 System Requirement ……………………….
 CHAPTER 1
INTRODUCTION AND BACKGROUND OF INDUSTRY
OR
USER BASED PROBLEM

1.1 Introduction
1.2 Background
1.3 Motivation
1.4 Problem Statement
1.5 Objective and Scope
1.1 INTRODUCTION: AN OVERVIEW OF THE SYSTEM

Security Monitoring System sometimes referred to as "security information monitoring

(SIM)" or "security event monitoring (SEM)," involves collecting and analysing
information to detect suspicious behaviour or unauthorised system changes on your
network, defining which types of behaviour should trigger alerts, and taking action on
alerts as needed.
The means for security personnel to investigate and prosecute an unfolding incident or
simply to review logs to improve alerting mechanisms or to manually identify security
incidents.

1.2 BACKGROUND: EXISTING SYSTEM

• Freemium Version
• Monitor your devices and interfaces using our free network monitoring software.
• Full-stack Monitoring
• Full-fledged Server Monitoring with more than 60 performance metrics for your
physical, virtual, and cloud servers
• Abuse of account privileges.
• From honest mistakes to misuse of account privileges and intentional leaks, to
identity theft, or any other engineering attack to compromise the security of user
account data; individuals inside your premises are among your major security
problems.
• Insufficient IT security management
• Even with the most reliable cyber-security solutions, most organizations may
still face threats since they lack enough skilled workforce to manage the
resources well. As a result, you may miss crucial security alerts, and any
successful attack may not be countered early enough to minimize the damage.
 1.3 MOTIVATION

The seamless operation of the Internet requires being able to monitor and to visualize
the actual behaviour of the network. Today, IP network operators usually collect
network flow statistics from critical points of their network infrastructure. Whereas
network problems or attacks that significantly change traffic patterns are relatively easy
to identify, it tends to be much more challenging to identify creeping changes or attacks
and faults that manifest themselves only by very careful analysis of initially seemingly
unrelated traffic patterns and their changes. There are currently no deployable good
network visualization solutions supporting this kind of network analysis, and research
in this area is just starting. In addition, the large volume of flow data on high-capacity
networks and exchange points requires moving to probabilistic sampling techniques,
which require new analysis techniques to calculate and also to visualize the uncertainty
attached to data sets

1.4 PROBLEM STATEMENT

1. Real Time Monitoring: -

• Employers to observe employees' computer activities;
• Device owners to track possible unauthorized activity on their devices.
2. User management: -
• User management describes the ability for administrators to manage devices,
systems, applications, storage systems, networks and user access to other various
IT resources.
3. Key Logger: -
• Key loggers also known as keystroke loggers, may be defined as the recording
of the key pressed on a system and saved it to a file, and the that file is accessed
by the person using this malware.
1.5 OBJECTIVE AND SCOPE OF THE PROJECT
Security monitoring is a key cloud security strategy that has several important purposes
for CSPs and tenants, these include:

O Threat Detection Some exploits may not be preventable and some threats may not
be anticipated, and in this sense, monitoring is the last line of defence. But there is a
difference between detecting a security situation and doing something about it.

O Verification of Security Controls Although most security controls are oriented

toward enforcing security policy, monitoring is used to verify the correct operation of
other security controls. If events which indicate actions prohibited by policy appear in
the security event stream, this would indicate that policy is not being correctly enforced
by security controls.

O A Legal Record of Activity Security event data can form a legal record of actions
that users or processes performed. To be used in a legal proceeding, this data must have
verifiable integrity (records have not been altered and they comprise a complete record)
and the organization must be able to demonstrate chain of custody over the data.
 CHAPTER 2

LITERATURE SURVEY FOR

PROBLEM IDENTIFICATION AND SPECIFICATION

2.1 Introduction

2.2 Objectives

2.3 Research Papers

2.1 INTRODUCTION

Security Monitoring System sometimes referred to as "security information monitoring

(SIM)" or "security event monitoring (SEM)," involves collecting and analysing
information to detect suspicious behaviour or unauthorized system changes on your
network, defining which types of behaviour should trigger alerts, and taking action on
alerts as needed.

The means for security personnel to investigate and prosecute an unfolding incident or
simply to review logs to improve alerting mechanisms or to manually identify security
incidents.

2.2 Objectives

✓ Gaining an understanding on the fundamentals and state-of-the art of the area.

✓ Learning the definitions of the concepts.
✓ Access to latest approaches, methods and theories.
✓ Discovering research topics based on the existing research
✓ Concentrate on your own field of expertise: Even if another field uses the same
words, they usually mean
✓ completely different thing.
✓ It improves the quality of the literature survey to exclude side-tracks– Remember
to explicate what is exclude
2.3 RESEARCH PAPER
1. Network Security and Technology Research
Abstract:
The rapid development of computer network system brings both a great convenience
and new security threats for users. Network security problem generally includes
network system security and data security. Specifically, it refers to the reliability of
network system, confidentiality, integrity and availability of data information in the
system. Network security problem exists through all the layers of the computer network,
and the network security objective is to maintain the confidentiality, authenticity,
integrity, dependability, availability and audit-ability of the network. This paper
introduces the network security technologies mainly in detail, including authentication,
data encryption technology, firewall technology, intrusion detection system (IDS),
antivirus technology and virtual private network (VPN). Network security problem is
related to every network user, so we should put a high value upon network security, try
to prevent hostile attacks and ensure the network security.
Published in: 2015 Seventh International Conference on Measuring Technology and
Mechatronics Automation
Publisher: IEEE

2. A Formal Model for Network-Wide Security Analysis

Abstract:
Network designers perform challenging tasks with so many configuration options that
it is often hard or even impossible for a human to predict all potentially dangerous
situations. In this paper, we introduce a formal method approach for verification of
security constraints on networks with dynamic routing protocols in use. A unifying
model based on packet-filters is employed for modelling of network behaviour. Over
this graph model augmented with filtering rules over edges verification of reach ability
properties can be made. In our approach we also consider topology changes caused by
dynamic routing protocols.
Published in: 15th Annual IEEE International Conference and Workshop on the
Engineering of Computer Based Systems (ecbs 2008)
Publisher: IEEE
3. Enabling Cyber Security Data Sharing for Large-scale
Enterprises Using Managed Security Services
Abstract:
Large enterprises and organizations from both private and public sectors typically
outsource a platform solution, as part of the Managed Security Services (MSSs), from
3rd party providers (MSSPs) to monitor and analyse their data containing cyber security
information. Sharing such data among these large entities is believed to improve their
effectiveness and efficiency at tackling cybercrimes, via improved analytics and
insights. However, MSS platform customers currently are not able or not willing to
share data among themselves because of multiple reasons, including privacy any
proposed mechanism or technique to address such a challenge need to ensure that
sharing is achieved in a secure and controlled way. In this paper, we propose a new
architecture and use case driven designs to enable confidential, flexible and
collaborative data sharing among such organizations using the same MSS platform.
MSS platform is a complex environment where different stakeholders, including
authorized MSSP personnel and customers' own users, have access to the same platform
but with different types of rights and tasks.
Published in: 2018 IEEE Conference on Communications and Network Security
(CNS)
Publisher: IEEE

4. Security-aware Software Development Life Cycle (SaSDLC) -

Processes and tools
Abstract:
Today an application is secured using invitro perimeter security. In Next Generation
Internet (NGI), where all applications will be networked, security needs to be in-vivo;
security must be functions within the application. Applications running on any device,
be it on a mobile or on a fixed platform - need to be security-aware using Security aware
Software Development Life Cycle (SaSDLC), which is the focus of this paper. We also
present a tool called Suraksha that comprises of Security Designers' Workbench and
Security Testers' Workbench that helps a developer to build Security-aware
applications.
Published in: 2009 IFIP International Conference on Wireless and Optical
Communications Networks
Publisher: IEEE
5. Information Security Monitoring System Based on Data Mining
Abstract:
Some heterogeneous security equipment’s such as firewalls, intrusion detection
systems, and anti-virus gateways, can produce massive security events which are
difficult to manage efficiently. So, a log-based mining, distributed, and multi-protocol
supported framework of security monitoring system is proposed. Security event
correlation based on data mining analysis can automatically extract association rules,
analyse alarming and found new invasion model, so it is a highly intelligent solution.
Published in: 2009 Fifth International Conference on Information Assurance and
Security
Publisher: IEEE

6. Study on data acquisition solution of network security

monitoring system
Abstract:
With the demands for network security, some heterogeneous security equipment’s such
as firewalls, intrusion detection systems, and anti-virus gateways are widely deployed
in network, and produce massive security events which need to be merged and analysed.
Therefore, a distributed and multi-protocol supported network security monitoring
system is proposed. The paper describes the architecture of the network security
monitoring system. Focusing on the system acquisition layer, two methods are designed
for monitoring data collection: syslog-based collection and real-time traffic-based
collection. The ActiveMQ which based on the JMS specification was adopted for data
transmission…
Published in: 2010 IEEE International Conference on Information Theory and
Information Security
Publisher: IEE

7. Network Security Monitoring

Chapter Abstract:
Network security monitoring remains a vital component for incident response, threat
hunting, and network security in general. This chapter focuses on network activity and
explores the Elastic Stack and ways to integrate host‐based data to provide enhanced
visibility across the network. It examines the architecture for deployment of Security
Onion in an enterprise and each of the major tools integrated into the platform. The
chapter outlines basic skills to facilitate effective incident response for those situations
where the critical data that reader need has not been conveniently placed into Elastic
Stack or another analysis platform. The Elastic Stack provides an amazing platform to
support incident response, but readers occasionally will need to access other data
sources directly on a host or that otherwise have not been ingested into a centralized
analysis platform. Web servers, nix systems, and other applications store many of their
logs in a text‐based format.
Publisher: Wiley Data and Cyber security
Publisher: IEEE

8. Integrated workstations for reliable, site-independent security

monitoring and control
Abstract:
The Security Console Project at Lawrence Livermore National Laboratory has designed
and implemented a series of security communications command centres for monitoring
and controlling its physical security systems. The author discusses the important aspects
of this project that address reliable, site-independent operation. Major concepts
presented include the use of operator workstations, map-based alarm displays, rule-
based incident assessment, and computer-aided configuration management.
Published in: Proceedings Institute of Electrical and Electronics Engineers 1988
International Carnahan Conference on Security Technology, Crime Countermeasures
Publisher: IEEE

9. Design of security integrated monitoring system

Abstract:
The development of Internet of things technology has brought about changes in the
monitoring industry. The integration of video monitoring and defence monitoring
system based on video technology and sensor technology becomes possible. In this
paper, combined with the widely used video monitoring equipment and defence
monitoring equipment in the current market, as well as the corresponding software
interface, a set of integrated security monitoring software system with defence
monitoring and video monitoring functions is designed, which can quickly make video
response in the defence alarm. At the same time, this paper discusses the key technical
problems that need to be solved in the practical application of the system.
Published in: 2021 IEEE 4th International Conference on Information Systems and
Computer Aided Education (ICISCAE)
Publisher: IEEE

10. The research on data flow technology in computer network

security monitoring
Abstract:
With the rapid development of computer technology and application of Internet is
becoming more and more widely, the Internet plays a more and more important role in
people's life. At the same time, all kinds of network security events emerge in endlessly,
seriously threaten the application and development of the Internet. With the purpose of
safety, network monitoring, have more and more important significance in the
maintenance of normal efficiently network run, key facilities, information system
security, etc., How to realize effective network transmission and efficient online
analysis to a huge number of distributed network security monitoring data so as to
provide further support for a variety of applications become a major challenge in the
field of network security and data processing.
Published in: 2014 IEEE Workshop on Advanced Research and Technology in
Industry Applications (WARTIA)
Publisher: IEEE

11.Component Based Security Control for Information Network

Abstract:
It is a complex engineering to protect the security of information network (info-net), so
it is necessary to study out a new security control architecture and model in the view of
systemic control. According to the characteristics and security demands of info-net, a
new security control viewpoint and its architecture based on components is proposed,
the security control system is built, and details about the structure of control framework,
its various types, and functions and propagation modes of security control components
are introduced, then the features of the control system are summarized in the end

Published in: The Proceedings of the Multiconference on "Computational Engineering

in Systems Applications"
Publisher: IEEE(Yu Wang; Jun Lu; Zhongwang Wu; Yu Lu)
12. Construction of Network Security Perception System Using
Elman Neural Network
Abstract:
the purpose of the study is to improve the security of the network, and make the state
of network security predicted in advance. First, the theory of neural networks is studied,
and its shortcomings are analysed by the standard Elman neural network. Second, the
layers of the feedback nodes of the Elman neural network are improved according to
the problems that need to be solved. Then, a network security perception system based
on GA-Elman (Genetic Algorithm-Elman) neural network is proposed to train the
network by global search method. Finally, the perception ability is compared and
analysed through the model. The results show that the model can accurately predict
network security based on the experimental charts and corresponding evaluation
indexes. The comparative experiments show that the GA-Elman neural network
security perception system has a better prediction ability. Therefore, the model
proposed can be used to predict the state of network security and provide early warnings
for network security administrators.
Published in: 2021 2nd International Conference on Computer Communication and
Network Security (CCNS)
Publisher: Yun; Huang Qiang; Ma Yixuan

13. Network Security Situation Prediction in Software Defined

Networking Data Plane
Abstract:
Software-Defined Networking (SDN) simplifies network management by separating
the control plane from the data forwarding plane. However, the plane separation
technology introduces many new loopholes in the SDN data plane. In order to facilitate
taking proactive measures to reduce the damage degree of network security events, this
paper proposes a security situation prediction method based on particle swarm
optimization algorithm and long-short-term memory neural network for network
security events on the SDN data plane. According to the statistical information of the
security incident, the analytic hierarchy process is used to calculate the SDN data plane
security situation risk value. Then use the historical data of the security situation risk
value to build an artificial neural network prediction model. Finally, a prediction model
is used to predict the future security situation risk value. Experiments show that this
method has good prediction accuracy and stability.
Published in: 2020 IEEE International Conference on Advances in Electrical
Engineering and Computer Applications ( AEECA)
Publisher: Mingren Sheng; Hongri Liu; Xu Yang; Wei Wang; Junheng
Huang; Bailing Wang

14. Research on the Application of Intelligent Learning Algorithms

in Network Security Situation Awareness and Prediction Methods
Abstract:
As the core hotspot of network information security, network security situational
awareness has received more and more attention. In order to explore the application
effect of intelligent learning algorithm, this study takes Radial Basis Function (RBF) as
the main research object, optimizes RBF by Simulated Annealing (SA) algorithm and
Hybrid Hierarchy Genetic Algorithm (HHGA), constructs RBF neural network
prediction model based on SA-HHGA optimization, and carries out relevant
experiments. The results show that the predicted situation value of the optimized RBF
in 15 samples is very close to the realistic situation value. RBF has good prediction
effect and can provide assistance for the maintenance of network security.
Published in: 2021 5th Asian Conference on Artificial Intelligence Technology
(ACAIT)
Publisher: Zhihua Chen

15. Research on Network Security Situation Prediction-Oriented

Adaptive Learning Neuron
Abstract:
Network security situation perception is to predict the probability of attacks, may occur
in the future, by a variety of predicting methods, by recent network attacking data
obtained from IDS (Intrusion Detection System). Neural Network model has many
features, high degree of fault tolerance, associability, self-organizing and self-learning
ability, and strong nonlinear mapping and generalization for a complex system, for
example. Therefore, Neural Network was applied to the field of network security
situation prediction. Adaptive Learning of neuron was introduced. It will be more
flexibility to meet changing security environment of such a complex system
requirement. The design and achievement of the adaptive learning neuron was stated in
detail.
Published in: 2010 Second International Conference on Networks Security, Wireless
Communications and Trusted Computing
Publisher: Jing Li; Chunbo Dong
16. Security Model Based on Network Business Security
Abstract:
Enterprise Network Information System is not only the platform for information sharing
and information exchanging, but also the platform for Enterprise Production
Automation System and Enterprise Management System working together. As a result,
the security defence of Enterprise Network Information System does not only include
information system network security and data security, but also include the security of
network business running on information system network, which is the confidentiality,
integrity, continuity and real-time of network business. According to the security
defence of Enterprise Network Information System, this paper proposes the "network
business security" concept. In this paper, the object of information security is defined
in three parts - - data security, network system security and network business security,
and the network business security model is described. The proposal of the concept
"network business security" provides theoretical basis for security defence of enterprise
automatic production system and enterprise management information system.
Published in: 2009 International Conference on Computer Technology and
Development
Publisher: Wu Kehe; Zhang Tong; Li Wei; Ma Gang

17. Network Security Risk Assessment and Situation Analysis

Abstract:
With the development of computer networks, the spread of malicious network activities
poses great risks to the operational integrity of many organizations and imposes heavy
economic burdens on life and health. Therefore, risk assessment is very important in
network security management and analysis. Network security situation analysis not
only can describe the current state but also project the next behaviour of the network.
Alerts coming from IDS, Firewall, and other security tools are currently growing at a
rapid pace. In this paper, we described cyberspace situational awareness from formal
and visual methods. Next, to make security administrator comprehend security situation
and project the next behaviours of the whole network, we present using parallel axes
view to give expression clearly of security events correlations.
Published in: 2007 International Workshop on Anti-Counterfeiting, Security and
Identification (ASID)
Publisher: Liu Mixia; Yu Dongmei; Zhang Qiuyu; Zhu Honglei
18. Network management security
Abstract:
A review is given of network management security issues and the authors explain how
ISO's SC21/WG4 is currently addressing these. Aspects covered include: what network
management security is, why it needs to be considered and what issues need to be
resolved to achieve this. Within this overall structure, specific details covered include:
management as a means of attack on managed system security; management of security
services; current trends that increase the need for network management security;
implementation difficulties arising from technical characteristics and operational
requirements; and ISO standards view. < >
Published in: [1990] Proceedings of the Sixth Annual Computer Security Applications
Conference
Publisher: R. Ward; P. Skeffington

19. Analysis of Computer Network Security Technology and

Preventive Measures under the Information Environment
Abstract:
This paper first summarizes what informatization is, and then analyses the service of
informatization computer network security management system in detail. Then, it
analyses the specific application and problems of informatization in computer network
security management system, including hash function to protect network information
transmission security, symmetric encryption strategy to protect computer network
information security and establishment of computer network security protection system
in information environment. Finally, it expounds the relevant countermeasures to solve
the network security threats under the information environment, including
comprehensively strengthening the computer network security management under the
information environment, establishing and perfecting the computer network security
protection system under the information environment, and strengthening the research
on the black and evil prevention mechanism under the information environment to
protect the computer network information security. In this paper, under the background
of Informa ionization, people pay more attention to the security technology of computer
network and related preventive measures.
Published in: 2020 5th International Conference on Mechanical, Control and
Computer Engineering (ICMCCE)
Publisher: Bin Ge; Jin Xu
20.Research on enterprise network security system
Abstract:
With the development of openness, sharing and interconnection of computer network,
the architecture of enterprise network becomes more and more complex, and various
network security problems appear. Threat Intelligence (TI) Analysis and situation
awareness (SA) are the prediction and analysis technology of enterprise security risk,
while intrusion detection technology belongs to active defence technology. In order to
ensure the safe operation of computer network system, we must establish a multi-level
and comprehensive security system. This paper analyses many security risks faced by
enterprise computer network and other technologies to build a comprehensive enterprise
security system to ensure the security of large enterprise network.
Published in: 2021 2nd International Conference on Computer Science and
Management Technology (ICCSMT)
Publisher: Jundan Hou; Xiang Jia

21. Research about solution for network security based on security

domain
Abstract:
The typical security solution can only ensure the security of the network boundary, but
not involve the internal security. According to different types of applications and secrets
that it provides, the network can be divided into a number of logical security domains.
Furthermore, the access control of the network could be realized by applying dynamical
VLAN technology, and the filtration and audit of the information exchange between
security domains is realized by mandatory access control policies, and the unified
identity authentication and access control is realized by applying SSL VPN technology.
Published in: 2010 International Conference on Computer Design and Applications
Publisher: Yan Hui; Han Weijie; Wang Yu
 CHAPTER 3

PROPOSE DETAILED METHODOLOGY

OF
SOLVING THE IDENTIFIED PROBLEM WITH ACTION
PLAN

3.1 System Planning

3.2 System Design
3.3 System Requirement
3.4 Implementation Tools
3.1 SYSTEM PLANNING

STEPS INVOLVED IN THE SYSTEM DEVELOPMENT LIFE

CYCLE:

Below are the steps involved in the System Development Life Cycle. Each phase
within the overall cycle may be made up of several steps.

Step 1: Software Concept

The first step is to identify a need for the new system. This will include determining
whether a business problem or opportunity exists, conducting a feasibility study to
determine if the proposed solution is cost effective, and developing a project plan.

This process may involve end users who come up with an idea for improving their
work. Ideally, the process occurs in tandem with a review of the organization's
strategic plan to ensure that IT is being used to help the organization achieve its
strategic objectives. Management may need to approve concept ideas before any
money is budgeted for its development
Step 2: Requirements Analysis:

Requirement’s analysis is the process of analyzing the information needs of the end
users, the organizational environment, and any system presently being used, developing
the functional requirements of a system that can meet the needs of the users. The
requirements documentation should be referred to throughout the rest of the system
development process to ensure the developing project aligns with user needs and
requirements.

Professionals must involve end users in this process to ensure that the new system will
function adequately and meets their needs and expectations.

Step 3: Architectural Design:

After the requirements have been determined, the necessary specifications for the
hardware, software, people, and data resources, and the information products that will
satisfy the functional requirements of the proposed system can be determined.

The design will serve as a blueprint for the system and helps detect problems before
these errors or problems are built into the final system. Professionals create the system
design, but must review their work with the users to ensure the design meets users’
needs.

Step 4: Coding and Debugging

Coding and debugging are the act of creating the final system. This step is done by
software developer.

Step 5: System Testing

The system must be tested to evaluate its actual functionality in relation to expected or
intended functionality. Some other issues to consider during this stage would be
converting old data into the new system and training employees to use the new system.
End users will be key in determining whether the developed system meets the intended
requirements, and the extent to which the system is used.
 Step 6: Maintenance

Inevitably the system will need maintenance. Software will definitely undergo change
once it is delivered to the customer. There are many reasons for the change. Change
could happen because of some unexpected input values into the system. In addition, the
changes in the system could directly affect the software operations. The software should
be developed to accommodate changes that could happen during the post
implementation period.

There are various software process models like

o Prototyping Model
o RAD Model
o The Spiral Model
o The Waterfall Model
o The Iterative Model

Of all these process models we’ve used the Iterative model (The Linear Sequential
Model) for the development of our project.

3.2 The Iterative model

Iterative process starts with a simple implementation of a subset of the software

requirements and iteratively enhances the evolving versions until the full system is
implemented. At each iteration, design modifications are made and new functional
capabilities are added. The basic idea behind this method is to develop a system through
repeated cycles (iterative) and in smaller portions at a time (incremental)

The model consists of six distinct stages, namely

1. In the requirements analysis phase

(a) The problem is specified along with the desired service objectives(goals)

(b) The constraints are identified

2. In the specification phase the system specification is produced from the
detailed definitions of (a) and (b) above. In the system and software design phase,
the system specifications are translated into a software representation. The
software engineer at this stage is concerned with: Data structure, Software
architecture, Algorithm, ic detail, Interface, representations The hardware
requirements are also determined at this stage along with a picture of the overall
system architecture. By the end of this stage should the software engineer should
be able to identify the relationship between the hardware, software and the
associated interfaces. Any faults in the specification should ideally not be passed
down stream.

3. In the implementation and testing phase stage the designs are translated into the
software domain. Detailed documentation from the design phase can
significantly reduce the coding effort. Testing at this stage focuses on making
sure that any errors are identified and that the software meets its required
specification.
4. In the integration and system testing phase all the program units are integrated
and tested to ensure that the complete system meets the software requirements.
After this stage the software is delivered to the customer [Deliverable – The
software product is delivered to the client for acceptance testing.
5. The maintenance phase the usually the longest stage of the software. In this
phase the software is updated to: Meet the changing customer needs, adapted to
accommodate changes in the external environment, Correct errors and
oversights previously undetected in the testing phases enhancing the efficiency
of the software.
6. Observe that feedback loops allow for corrections to be incorporated into the
model. For example, a problem /update in the design phase requires a ‘revisit’
to the specifications phase. When changes are made at any phase, the relevant
documentation should be updated to reflect that change.
 Advantages of the Iterative Model: -
Testing is inherent to every phase of the

Iterative model It is an enforced disciplined

approach It is documentation driven, that is,

documentation is produced at every stage

Disadvantages of the Iterative Model: -

The waterfall model is the oldest and the most widely used paradigm. However,
many projects rarely follow its sequential flow. This is due to the inherent problems
associated with its rigid format. Namely:

It only incorporates iteration indirectly, thus changes may cause

considerable confusion as the project progresses

3.3 SYSTEM DESIGN

There are two models to collect data, push and pull. In monitoring system, I would

always go with pull model, and the reason is as below:

1. Scalability Concern. Our infrastructure will keep growing, and we many have
hundreds or thousands of services in the coming years. And our service usage,
user base will grow too. If we go with the push model, then all these services will
keep hitting our monitor service. If we have a service which processes 1M
requests per second, and this service push the metrics to our monitoring service
upon every request, then we will suffer from scalability issue frequently as we
grow. So instead of getting called to get metrics, I would prefer to actively pull
the data from the services.
 2. Automatic Upness Monitoring — By pulling the data proactively, we can
directly know if the service is alive or not. For example, if one service is not
reachable, we can be aware of it immediately.
3. Easier Horizontal Monitoring — If we have two independent systems A and B,
but one day we need to monitor some service in system B from system A. We can
pull metrics from system B directly, no need to configure system B to push to
system A.
4. Easier for Testing — We can simply spin up testing env, and copy the
configuration from production, then you can pull the same metrics as prod and do
testing.
5. Simpler High Availability — just spin up two servers with the same
configuration to pull the same data to achieve HA.
6. Less configuration, no need to configure every service.

Base on the analysis above, my design for the pull model is below:

1. Our service will pull the data from the services regularly (for example every
second). We need a real time monitoring system, but a lag of a couple of seconds
is totally fine.
2. Exporters — The services should not call our monitor service to send the data.
Instead, they can save the metrics to an exporter, and the data can be stored there
to get pulled. So that, our monitor service will not be exhausted from getting
called, and it will be more scalable. Also, our monitoring system may need the
data in a specific format, and the services may be designed in different
technologies, and have data in different formats. So, we require an exporter
attached to each service, which reformats the data into the correct format for our
monitor services. And our monitor will pull the data from the exporters.
 3. Push Gateway — For cron jobs, they are not service based, but we may need to
monitor the metrics from them too. So, we can have a push gateway, which lives
behind all the cron jobs, and the monitor can just pull the data from the gateway
directly.

Exporter Design

Since we discussed the components for the Pull model, i.e., Exporter, and Push Gateway.

Some interview may question why not have multiple services hooked to one exporter.

And I would always prefer one service per exporter, and the argument is below:

1. Operational bottleneck — the exporter will become a bottleneck if we have too

many services behind it
2. Single point of failure, and one service pushes too much will block others
3. If I am only interested in the metrics of one service, I cannot get that only, I have
to read all
4. No upness monitoring — if one service is not reachable, we will not be able to
know.
5. Hard to get service metadata — we can store the service metadata in the exporter
Clustering?

Our monitoring system has to be very stable, so I would not go with the network

clustering approach for the monitoring service. The reason is, clustering is very

complicated, and easier to break. So it would be better to have on single solid node that

does not depend on network.

Also, for the monitoring data, we usually care more about recent data. We usually do not

care about metrics days or weeks ago. So we only need to store recent data instead of all

historical data. Then there is no reason for us to go with the clustering approach.

And we can simply run 2 servers in parallel, which will be sufficient enough for HA.

Design

Since we only care about more recent data in the monitoring. The data usage pattern for

monitor is like below:

1. recent data is very frequently accessed

2. historical data may be accessed occasionally

So, we can store the recent data in memory for faster reads, and older data in disk. If we

have 1M metrics to monitor, and for each metrics, there is a data point for every second,

which is 16 bytes (key-value pair). Then for a server with 128GB memory, we can save

around 2 hours of data. Which is good enough.

For the data in memory, we can save them in chunks, and once an older chunk is filled,

we can simply compress it and save it on to a disk. For these data, querying on them will

be slower, as we need to read from disk and decompress them. But I think slowness on

querying old data is acceptable.

For much older data, like data months ago, we can store the compress data into a cheaper

data storage offsite.

Since the recent monitored data are in memory, we will need a recovery system for them.

If the server crashes, in order not to lose all the data, we need to create snapshots of the

memory maybe every few minutes.

Also, we need to keep a monitor on the memory usage on the monitor service, in case

our server is running out of memory during peak usages. When the memory usage is

high, we may need to speed up the compress and save to disk process.

The DB we need to use for monitoring service would be time series DB.
HIGH LEVEL DESIGN
Base on the discussion above, this is a high-level design for a monitor service.

• Exporter — Pulls metrics from targets and convert them to correct format

• Push Gateway — Kron jobs to push metrics to at exit, then we can pull metrics from
it.

• Data retrieval workers — pull data

• Time series storage — Local SSD / Remote Storage

• Query Service — visualize data

• Alert manager — to send alerts to different channels

• Service Discovery — Configuration for the targets to pull metrics from

3.4 TIMELINE CHART

A timeline chart is an effective way to visualize a process using chronological order.

Since details are displayed graphically, important points in time can be easy seen and
understood.
Often used for managing a project’s schedule, timeline charts function as a sort of
calendar of events within a specific period of time.
A Timeline chart is constructed with a horizontal axis representing the total time span
of the project, broken down into increments (for example, days, weeks, or months) and
a vertical axis representing the tasks that make up the project (for example, if the project
is outfitting your computer with new software, the major tasks involved might be:
conduct research, choose software, install software). Horizontal bars of varying lengths
represent the sequences, timing, and time span for each task. Using the same example,
you would put conduct research" at the top of the vertical axis and draw a bar on the
graph that represents the amount of time you expect to spend on the research, and then
enter the other tasks below the first one and representative bars at the points in time
when you expect to undertake them.
The bar spans may overlap, as, for example, you may conduct research and choose
software during the same time span. As the project progresses, secondary bars,
arrowheads, or darkened bars may be added to indicate completed tasks, or the portions
of tasks that have been completed. A vertical line is used to represent the report date.
3.5 BLOCK DIAGRAM
Introduction: It is a process of collecting and interpreting facts, identifying the
problems, and decomposition of a system into its component. System analysis is
conducted for the purpose of studying a system or its parts in order to identify its
objectives. It is a problem-solving technique that improves the system and ensures that
all the components of the system work efficiently to accomplish their purpose. Analysis
specifies what the system should do. It is a process of planning a new business system
or replacing an existing system by defining its components or modules to satisfy the
specific requirements. Before planning, you need to understand the old system
thoroughly and determine how computers can best be used in order to operate
efficiently. System Design focuses on how to accomplish the objective of the system.
3.6 SYSTEM REQUIREMENT
Hardware Requirement

❖ Ram: At Least128MB
❖ Processor: 300 MHz or higher processor (Pentium processor recommended)
❖ HDD: 20 GB or more

Software Requirement

❖ Docker
❖ MySqlServer

Languages used

❖ HTML
❖ CSS
❖ JavaScript
❖ Python

REFERENCES AND BIBLIOGRAPHY

https:/gongybable.medium.com/system-design-design-a-monitoring-
systemf0f0cbafc895
i. Google for problem-solving
ii. http://www.javaworld.com/javaworld/jw-01-1998/jw-01-Credentialreview.html
iii. Database Programming with JDBC and Java by O’Reilly
iv. Head First Java 2NdEdition
v. http://www.jdbc-tutorial.com/
vi. Java andhttps://www.javapoint.com/java-tutorial
vii. Software Design Concept byApress
viii. https://www.tutorialpoint.com/java/
ix. https://docs.oracle.com/javase/tutorial/
x. https://www.wampserver.com/en/
xi. https://www.JSP.net/
xii. https://www.tutorialspoint.com/mysql/
xiii. httpd.apache.org/docs/2.0/misc/tutorials.ht