Intrusion Detection for Grid and Cloud

computing

A PROJECT REPORT

in the partial fulfillment for the award of the degree

of

BACHELOR OF TECHNOLOGY

in

INFORMATION TECHNOLOGY

MAY 2011

8
BONAFIDE CERTIFICATE

9
 ABSTRACT

Grid and cloud computing environments are easy targets for intruders looking for

possible vulnerabilities to exploit. By impersonating legitimate users, the

intruders can use a service’s abundant resources maliciously. To combat attackers,

intrusion-detection systems can offer additional security measures for these

environments by investigating configurations, logs, network traffic, and user

actions to identify typical attack behavior. However, IDS must be distributed to

work in a grid and cloud computing environment. It must monitor each node and,

when an attack occurs, alert other nodes in the environment. This kind of

communication requires compatibility between heterogeneous hosts, various

communication mechanisms, and permission control over system maintenance

and updates typical features in grid and cloud environments. Cloud middleware

usually provides these features, so we propose an IDS service offered at the

middleware layer An attack against a cloud computing system can be silent for a

network-based IDS deployed in its environment, because node communication is

usually encrypted. Attacks can also be invisible to host-based IDS, because cloud-

specific attacks don’t necessarily leave traces in a node’s operating system, where

the host-based IDS reside.

This paper proposes the Grid and Cloud Computing Intrusion Detection System

(GCCIDS) integrates knowledge and behaviour analysis to detect specific intrusions.

10
 TABLE OF CONTENTS

CHAPTER TITLE PAGE NO.

LIST OF FIGURES ii

LIST OF ABBREVATIONS iii

1 INTRODUCTION

1.1 About the Project 08

2 SYSTEM ANALYSIS

2.1 Existing system 09

2.2 Proposed system 09

2.3 System Design 10

3 REQUIREMENTS SPECIFICATION

3.1 Introduction 12

3.2 Hard
ware and Software specification 12

3.3 Technologies Used 13

3.4 Technologies Used 13

3.4.1 Java 13

3.4.1.1 Introduction to java 13

11
 3.4.1.2 Working of java 15

4 SYSTEM DESIGN

3.5 Block Diagram

5 SYSTEM DESIGN – DETAILED

5.1 Modules 26

5.2 Module explanation 26

6 CODING AND TESTING

6.1 Coding 31

6.2 Coding standards 31

6.3 Test procedure 34

6.4 Test data and output 35

REFERENCES 78

SNAP SHOTS

12
 LIST OF FIGURES

4 System Design

5.2 Patterns of the peer-peer edges

5.2 Patterns of the service-provider edges

5.2 Discovering missing links in internet

13
 LIST OF ABBREVATIONS

JSP Java Server Pages

JVM Java Virtual Machine
JMX Java Mail Extension
HTML Hypertext Markup Language
HTTP Hypertext Transfer Protocol

14
 CHAPTER 1

INTRODUCTION

Aim:

The mainstay of this project to detect the intrusions for Grid and Cloud computing
based on Knowledge and behaviour analysis.

Synopsis:

Grid and cloud computing environments are easy targets for intruders
looking for possible vulnerabilities to exploit. By impersonating legitimate users, the
intruders can use a service’s abundant resources maliciously. To combat attackers,
intrusion-detection systems can offer additional security measures for these environments
by investigating configurations, logs, network traffic, and user actions to identify typical
attack behavior. However, IDS must be distributed to work in a grid and cloud computing
environment. It must monitor each node and, when an attack occurs, alert other nodes in
the environment. This kind of communication requires compatibility between
heterogeneous hosts, various communication mechanisms, and permission control over
system maintenance and updates typical features in grid and cloud environments. Cloud
middleware usually provides these features, so we propose an IDS service offered at the
middleware layer An attack against a cloud computing system can be silent for a
network-based IDS deployed in its environment, because node communication is usually
encrypted. Attacks can also be invisible to host-based IDS, because cloud-specific attacks
don’t necessarily leave traces in a node’s operating system, where the host-based IDS
reside.

15
 CHAPTER 2

SYSTEM ANALYSIS

Existing System

The Existing Grid and Cloud Computing systems can’t be detect the
Intrusion attacks.

Proposed System

We propose the Grid and Cloud Computing Intrusion Detection System

(GCCIDS) integrates knowledge and behavior analysis to detect specific intrusions.

CHAPTER 3

REQUIREMENT SPECIFICATIONS

3.1 INTRODUCTION

The requirements specification is a technical specification of requirements for

the software products. It is the first step in the requirements analysis process it lists the

requirements of a particular software system including functional, performance and

security requirements. The requirements also provide usage scenarios from a user, an

operational and an administrative perspective. The purpose of software requirements

specification is to provide a detailed overview of the software project, its parameters and

goals. This describes the project target audience and its user interface, hardware and

16
software requirements. It defines how the client, team and audience see the project and its

functionality.

3.2 HARDWARE AND SOFTWARE SPECIFICATION

3.2.1 HARDWARE REQUIREMENTS

 Hard Disk : 80GB and Above

 RAM : 1GB and Above

 Processor : Pentium IV and Above

3.2.2 SOFTWARE REQUIREMENTS

 Windows Operating System 7

 JDK 1.6
 XAMPP
 MySQL 5.0

3.3 TECHNOLOGIES USED

 Java 1.6

3.5 TECHNOLOGIES USED

3.5.1 JAVA

It is a Platform Independent. Java is an object-oriented programming language developed

initially by James Gosling and colleagues at Sun Microsystems. The language, initially

called Oak (named after the oak trees outside Gosling's office), was intended to replace

C++, although the feature set better resembles that of Objective C.

17
3.5.1.1 INTRODUCTION TO JAVA

Java has been around since 1991, developed by a small team of Sun Microsystems

developers in a project originally called the Green project. The intent of the project was

to develop a platform-independent software technology that would be used in the

consumer electronics industry. The language that the team created was originally called

Oak.

The first implementation of Oak was in a PDA-type device called Star Seven (*7)

that consisted of the Oak language, an operating system called GreenOS, a user interface,

and hardware. The name *7 was derived from the telephone sequence that was used in

the team's office and that was dialed in order to answer any ringing telephone from any

other phone in the office.

Around the time the First Person project was floundering in consumer

electronics, a new craze was gaining momentum in America; the craze was called "Web

surfing." The World Wide Web, a name applied to the Internet's millions of linked

HTML documents was suddenly becoming popular for use by the masses. The reason for

this was the introduction of a graphical Web browser called Mosaic, developed by ncSA.

The browser simplified Web browsing by combining text and graphics into a single

interface to eliminate the need for users to learn many confusing UNIX and DOS

commands. Navigating around the Web was much easier using Mosaic.

It has only been since 1994 that Oak technology has been applied to the Web.

In 1994, two Sun developers created the first version of Hot Java, and then called Web

Runner, which is a graphical browser for the Web that exists today. The browser was

18
coded entirely in the Oak language, by this time called Java. Soon after, the Java

compiler was rewritten in the Java language from its original C code, thus proving that

Java could be used effectively as an application language. Sun introduced Java in May

1995 at the Sun World 95 convention.

Web surfing has become an enormously popular practice among

millions of computer users. Until Java, however, the content of information on the

Internet has been a bland series of HTML documents. Web users are hungry for

applications that are interactive, that users can execute no matter what hardware or

software platform they are using, and that travel across heterogeneous networks and do

not spread viruses to their computers. Java can create such applications.

3.3.1.1 WORKING OF JAVA

For those who are new to object-oriented programming, the concept of a class will

be new to you. Simplistically, a class is the definition for a segment of code that can

contain both data (called attributes) and functions (called methods).

When the interpreter executes a class, it looks for a particular method by the

name of main, which will sound familiar to C programmers. The main method is

passed as a parameter an array of strings (similar to the argv[] of C), and is declared

as a static method.

To output text from the program, we execute the println method of System.out,

which is java’s output stream. UNIX users will appreciate the thoery behind such a

19
stream, as it is actually standard output. For those who are instead used to the Wintel

platform, it will write the string passed to it to the user’s program.

Java consists of two things :

 Programming language

 platform

3.3.1.2 THE JAVA PROGRAMMING LANGUAGE

Java is a high-level programming language that is all of the following:

 Simple

 Object-oriented

 Distributed

Interpreted

Robust

Secure

Architecture-neutral

Portable

High-performance

Multithreaded

Dynamic

20
 The code and can bring about changes whenever felt necessary. Some of the standard

needed to achieve the above-mentioned objectives are as follows:

Java is unusual in that each Java program is both co implied and interpreted. With a

compiler, you translate a Java program into an intermediate language called Java byte

codes – the platform independent codes interpreted by the Java interpreter. With an

interpreter, each Java byte code instruction is parsed and run on the computer.

Compilation happens just once; interpretation occurs each time the program is executed.

This figure illustrates how it works :

Fig.3.1

You can think of Java byte codes as the machine code instructions for the Java

Virtual Machine (JVM). Every Java interpreter, whether it’s a Java development tool

or a Web browser that can run Java applets, is an implementation of JVM. That JVM can

also be implemented in hardware. Java byte codes help make “write once, run anywhere”

possible.

You can compile your Java program into byte codes on any platform

that has a Java compiler. The byte codes can then be run on any

21
implementation of the JVm. For example, that same Java program can e run

on Windows NT, Solaris and Macintos

complier
Java program

interpreter interpreter interpreter

PC-Compatible Sun Ultra Solaris Power

macintosh

Windows NT
System 8

22
 Fig.3.2

3.3.1.3 THE JAVA PLATFORM

A platform is the hardware or software environment in which a program runs. The

Java platform differs from most other platforms in that it’s a software-only platform that

runs on top of other, hardware-based platforms. Most other platforms are described as a

combination of hardware and operating system.

The Java platform has two components :

 The Java Virtual Machine (JVM)

 The Java Application Programming Interface (Java API)

You’ve already been introduced to the JVM. It’s the base for the Java platform

and is ported onto various hardware-based platforms.

The Java API is a large collection of ready-made software components that

provide many useful capabilities, such as graphical user interface (GUI) widgets. The

Java API is grouped into libraries (packages) of related components. The following

figure depicts a Java program, such as an application or applet, that’s running on the Java

platform. As the figure shows, the Java API and Virtual Machine insulates the Java

program from hardware dependencies.

23
 Fig.3.3

As a platform-independent environment, Java can be a bit slower than native

code. However, smart compliers, weel-tuned interpreters, and just-in-time byte

complilers can bring Java’s performance close to that of native code without threatening

protability.

3.5.1.2 WORKING OF JAVA

For those who are new to object-oriented programming, the concept of a

class will be new to you. Simplistically, a class is the definition for a segment of code

that can contain both data and functions.

When the interpreter executes a class, it looks for a particular method by the

name of main, which will sound familiar to C programmers. The main method is passed

as a parameter an array of strings (similar to the argv[] of C), and is declared as a static

method.

To output text from the program, we execute the println method of

System.out, which is java’s output stream. UNIX users will appreciate the theory behind

24
such a stream, as it is actually standard output. For those who are instead used to the

Wintel platform, it will write the string passed to it to the user’s program.

Introduction for MySQL

MySQL is a relational database management system (RDBMS) that runs as a server

providing multi-user access to a number of databases. MySQL is officially pronounced
“My Sequel”. It is named after developer Michael Widenius' daughter, My. The SQL
phrase stands for Structured Query Language.

The MySQL development project has made its source code available under the terms of
the GNU General Public License, as well as under a variety of proprietary agreements.
MySQL was owned and sponsored by a single for-profit firm, the Swedish company
MySQL AB, now owned by Oracle Corporation.

Free-software projects that require a full-featured database management system often use
MySQL. Where the project may lead to something in commercial use, the license terms
need careful study. Some free software project examples: Joomla, WordPress, phpBB,
Drupal and other software built on the LAMP software stack. MySQL is also used in
many high-profile, large-scale World Wide Web products, including Wikipedia, Google
and Facebook.

Platforms and interfaces

MySQL is written in C and C++. Its SQL parser is written in yacc, and a home-brewed
lexical analyzer named sql_lex.cc.MySQL works on many different system platforms,
including AIX, BSDi, FreeBSD, HP-UX, eComStation, i5/OS, IRIX, Linux, Mac OS X,
Microsoft Windows, NetBSD.

Many programming languages with language-specific APIs include libraries for

accessing MySQL databases. These include MySQL Connector/Net for integration with
Microsoft's Visual Studio (languages such as C# and VB are most commonly used) and

25
the ODBC driver for Java. In addition, an ODBC interface called MyODBC allows
additional programming languages that support the ODBC interface to communicate with
a MySQL database, such as ASP or ColdFusion. The HTSQL - URL based query method
also ships with a MySQL adapter, allowing direct interaction between a MySQL database
and any web client via structured URLs. The MySQL server and official libraries are
mostly implemented in ANSI C/ANSI C++.

MySQL is primarily an RDBMS and therefore ships with no GUI tools to administer
MySQL databases or manage data contained within. Users may use the included
command-line tools, or download MySQL frontends from various parties that have
developed desktop software and web applications to manage MySQL databases, build
database structure, and work with data records.

MySQL can be built and installed manually from source code, but this can be tedious so
it is more commonly installed from a binary package unless special customizations are
required. On most Linux distributions the package management system can download
and install MySQL with minimal effort, though further configuration is often required to
adjust security and optimization settings.Though MySQL began as a low-end alternative
to more powerful proprietary databases, it has gradually evolved to support higher-scale
needs as well.

It is still most commonly used in small to medium scale single-server deployments, either
as a component in a LAMP based web application or as a standalone database server.
Much of MySQL's appeal originates in its relative simplicity and ease of use, which is
enabled by an ecosystem of open source tools such as phpMyAdmin.

26
Uses

MySQL is a popular choice of database for use in web applications, and is a central
component of the widely used LAMP web application software stack—LAMP is an
acronym for "Linux, Apache, MySQL, PHP". Its popularity is closely tied to the
popularity of PHP. MySQL is used in some of the most frequently visited web sites on
the Internet, including Flickr, Nokia.com, YouTube and as previously mentioned;
Wikipedia, Google and Facebook.

Grid Computing

Grid computing offers a model for solving massive computational problems by

making use of the unused CPU cycles of large numbers of disparate, often desktop,
computers treated as a virtual cluster embedded in a distributed telecommunications
infrastructure. Grid computing's focus on the ability to support computation across
administrative domains sets it apart from traditional computer clusters or traditional
distributed computing.

Grid computing has the design goal of solving problems too big for any single
supercomputer, whilst retaining the flexibility to work on multiple smaller problems.
Thus grid computing provides a multi-user environment. Its secondary aims are: better
exploitation of the available computing power, and catering for the intermittent demands
of large computational exercises.

This implies the use of secure authorization techniques to allow remote users to
control computing resources.

27
 Grid computing involves sharing heterogenous resources (based on different
platforms, hardware/software architectures, and computer languages), located in different
places belonging to different administrative domains over a network using open
standards. In short, it involves vitalizing computing resources.

Grid computing is often confused with cluster computing. The key differences are that
clusters are homogenous while grids are heterogeneous; also, grids spread out and
encompass user desktops while clusters are generally confined to data centers.

Cloud Computing

Cloud computing is a general term for anything that involves delivering hosted
services over the Internet. These services are broadly divided into three categories:
Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-
Service (SaaS). The name cloud computing was inspired by the cloud symbol that's often
used to represent the Internet in flow charts and diagrams.

A cloud can be private or public. A public cloud sells services to anyone on the
Internet. (Currently, Amazon Web Services is the largest public cloud provider.) A
private cloud is a proprietary network or a data center that supplies hosted services to a
limited number of people. When a service provider uses public cloud resources to create
their private cloud, the result is called a virtual private cloud. Private or public, the goal
of cloud computing is to provide easy, scalable access to computing resources and IT
services.

Cloud computing is location-independent computing, whereby shared servers

provide resources, software, and data to computers and other devices on demand, as with
the electricity grid. Cloud computing is a natural evolution of the widespread adoption of

28
virtualization, service-oriented architecture and utility computing. Details are abstracted
from consumers, who no longer have need for expertise in, or control over, the
technology infrastructure "in the cloud" that supports them.

Cloud computing describes a new supplement, consumption, and delivery model

for IT services based on the Internet, and it typically involves over-the-Internet provision
of dynamically scalable and often virtualized resources. It is a byproduct and
consequence of the ease-of-access to remote computing sites provided by the Internet.
This frequently takes the form of web-based tools or applications that users can access
and use through a web browser as if it were a program installed locally on their own
computer.

The National Institute of Standards and Technology (NIST) provide a somewhat

more objective and specific definition here. The term "cloud" is used as a metaphor for
the Internet, based on the cloud drawing used in the past to represent the telephone
network, and later to depict the Internet in computer network diagrams as an abstraction
of the underlying infrastructure it represents. Typical cloud computing providers deliver
common business applications online that are accessed from another Web service or
software like a Web browser, while the software and data are stored on servers.

Most cloud computing infrastructures consist of services delivered through

common centers and built on servers. Clouds often appear as single points of access for
consumers' computing needs. Commercial offerings are generally expected to meet
quality of service (QoS) requirements of customers, and typically include service level
agreements (SLAs).

29
 1. Introduction

Purpose

The mainstay of this project to detect the intrusions for Grid and Cloud
computing based on Knowledge and behaviour analysis.

Project Scope

Grid and cloud computing environments are easy targets for intruders looking for
possible vulnerabilities to exploit. By impersonating legitimate users, the intruders can
use a service’s abundant resources maliciously. To combat attackers, intrusion-detection
systems can offer additional security measures for these environments by investigating
configurations, logs, network traffic, and user actions to identify typical attack behavior.
However, IDS must be distributed to work in a grid and cloud computing environment. It
must monitor each node and, when an attack occurs, alert other nodes in the environment.
This kind of communication requires compatibility between heterogeneous hosts, various
communication mechanisms, and permission control over system maintenance and
updates typical features in grid and cloud environments. Cloud middleware usually
provides these features, so we propose an IDS service offered at the middleware layer An
attack against a cloud computing system can be silent for a network-based IDS deployed
in its environment, because node communication is usually encrypted. Attacks can also
be invisible to host-based IDS, because cloud-specific attacks don’t necessarily leave
traces in a node’s operating system, where the host-based IDS reside.

30
 2. Overall Description

Product Perspective

The IDS service increases a cloud’s security level by applying two methods of
intrusion detection. The behavior-based method dictates how to compare recent user
actions to the usual behavior. The knowledge-based method detects known trails left by
attacks or certain sequences of actions from a user who might represent an attack. The
audited data is sent to the IDS service core, which analyzes the behavior using artificial
intelligence to detect deviations. The rules analyzer receives audit packages and
determines whether a rule in the database is being broken. It returns the result to the IDS
service core. With these responses, the IDS calculates the probability that the action
represents an attack and alerts the other nodes if the probability is sufficiently high.

Product Features

We propose the Grid and Cloud Computing Intrusion Detection System

(GCCIDS) integrates knowledge and behavior analysis to detect specific intrusions. In
contrast to the behavior-based system, we used audit data from both a log system and the
communication system to evaluate the knowledge based system. We created a series of
rules to illustrate security policies that the IDS should monitor. We collected audit data
referring to a route discovery service, service discovery, and service request and
response. The series of policies we created tested the system’s performance, although our
scope didn’t include discovering new kinds of attacks or creating an attack database. Our
goal was to evaluate our solution’s functionality and the prototype’s performance.

Cloud computing has computational and sociological implications. In computational

terms cloud computing is described as a subset of grid computing concerned with the use

of special shared computing resources. For this reason it is described as a hybrid model

exploiting computer networks resources, chiefly Internet, enhancing the features of the

31
client/server scheme. From a sociological standpoint on the other hand, by delocalizing

hardware and software resources cloud computing changes the way the user works as

he/she has to interact with the "clouds" on-line, instead of in the traditional stand-alone

mode.

2.3User Classes and Characteristics

User – Sends Request/Receive Response.

Server- Receives and process request.

Data Center – Supplies data.

2.5 Design and Implementation Constraints

2.4.1 Constraints in Analysis

♦ Constraints as Informal Text

♦ Constraints as Operational Restrictions
♦ Constraints Integrated in Existing Model Concepts
♦ Constraints as a Separate Concept
♦ Constraints Implied by the Model Structure

32
2.4.2 Constraints in Design

♦ Determination of the Involved Classes

♦ Determination of the Involved Objects
♦ Determination of the Involved Actions
♦ Determination of the Require Clauses
♦ Global actions and Constraint Realization

2.5.3 Constraints in Implementation

A hierarchical structuring of relations may result in more classes and a

more complicated structure to implement. Therefore it is advisable to transform
the hierarchical relation structure to a simpler structure such as a classical flat
one. It is rather straightforward to transform the developed hierarchical model
into a bipartite, flat model, consisting of classes on the one hand and flat
relations on the other. Flat relations are preferred at the design level for reasons
of simplicity and implementation ease. There is no identity or functionality
associated with a flat relation. A flat relation corresponds with the relation
concept of entity-relationship modeling and many object oriented methods.

33
3. System Features

Scalability of the number of clients:

The larger the number of clients, the larger the number of specific analysis and
forecast requests. A medium sized computational grid is able to handle hundreds of
thousands of requests in acceptable times.

Scalability of quality of the results:

If the system together with the grids, it is possible to use a larger number of
financial models over a greater number of CPUs. Since in this case every financial model
will be different, even with minor parameter variations, the results obtained should be
more accurate and more reliable.

Scalability of real time forecasts:

If the computing is performed inside the grid, the results will be returned more
quickly.

4. External Interface Requirements

User Interfaces

1. All the contents in the project are implemented using Graphical User
Interface (GUI) in Java through JavaFX concepts with Java concepts.

2. Every conceptual part of the projects is reflected using the JavaFX with
Java.

3. System gets the input and delivers through the GUI based.

34
 4.2 Hardware Interfaces

ISDN

You can connect your AS/400 to an Integrated Services Digital Network

(ISDN) for faster, more accurate data transmission. An ISDN is a public or
private digital communications network that can support data, fax, image, and
other services over the same physical interface. Also, you can use other protocols
on ISDN, such as IDLC and X.25.

Software Interfaces

Using cloud OS we have created front end design that is linked to web
server and Application server.

Communication Interfaces

1. LAN

5. Other Nonfunctional Requirements

Performance Requirements

The system has been designed to operate both in the stand-alone mode
and as a computational grid interface. This particular feature allows to take full
advantage of parallel computing and to achieve different levels of scalability.

Safety Requirements

1. The software may be safety-critical. If so, there are issues associated with its
integrity level

35
2. The software may not be safety-critical although it forms part of a safety-critical
system. For example, software may simply log transactions.

3. If a system must be of a high integrity level and if the software is shown to be of

that integrity level, then the hardware must be at least of the same integrity level.

4. There is little point in producing 'perfect' code in some language if hardware and
system software (in widest sense) are not reliable.

5. If a computer system is to run software of a high integrity level then that system
should not at the same time accommodate software of a lower integrity level.

6. Systems with different requirements for safety levels must be separated.

7. Otherwise, the highest level of integrity required must be applied to all systems in
the same environment.

Security Requirements

Do not block the some available ports through the windows firewall

Software Quality Attributes

Functionality: are the required functions available, including

Interoperability and security

Reliability: maturity, fault tolerance and recoverability

Usability: how easy it is to understand, learn, and operate the software

System

Efficiency: performance and resource behavior.

Maintainability: Maintaining the software.

Portability: can the software easily be transferred to another environment,

Including install ability

36
 CHAPTER 4
Event Auditor Event Auditor

Architecture:

Services Services
IDS-Services IDS-Services

Analyzer Analyzer
Storage
Alert System Storage
Alert System
Service Service

Knowledge Knowledge
and Behavior and Behavior

Base Base
Event Auditor

GN GN

Services
IDS-Services

Analyzer
Storage
Alert System
Service

Knowledge
and Behavior

Base

GN 37
 Fig: 4.1

4.1 Sequence Diagram:

38
4.2 Use Case Diagram:

39
4.3 Activity Diagram:

40
Collaboration Diagram:

41
DATA FLOW DIAGRAM:

Level 1:

Level 2:

42
Level 3:

43
Class Diagram

44
 CHAPTER 5

SYSTEM DESIGN

5.1 MODULES

• Grid and Cloud Architecture Design

• IDS Service
• Evaluating System
o Behavior-based
o Knowledge-based

5.2 MODULE EXPLANATION:

Cloud Architecture Design

Cloud computing has computational and sociological implications. In

computational terms cloud computing is described as a subset of grid computing

concerned with the use of special shared computing resources. For this reason it is

described as a hybrid model exploiting computer networks resources, chiefly Internet,

enhancing the features of the client/server scheme. From a sociological standpoint on the

other hand, by delocalizing hardware and software resources cloud computing changes

the way the user works as he/she has to interact with the "clouds" on-line, instead of in

the traditional stand-alone mode.

IDS Service

45
 The IDS service increases a cloud’s security level by applying two methods of

intrusion detection. The behavior-based method dictates how to compare recent user

actions to the usual behavior. The knowledge-based method detects known trails left by

attacks or certain sequences of actions from a user who might represent an attack. The

audited data is sent to the IDS service core, which analyzes the behavior using artificial

intelligence to detect deviations. The rules analyzer receives audit packages and

determines whether a rule in the database is being broken. It returns the result to the IDS

service core. With these responses, the IDS calculates the probability that the action

represents an attack and alerts the other nodes if the probability is sufficiently high.

Evaluating System

In contrast to the behavior-based system, we used audit data from both a log

system and the communication system to evaluate the knowledge based system. We

created a series of rules to illustrate security policies that the IDS should monitor. We

collected audit data referring to a route discovery service, service discovery, and service

request and response. The series of policies we created tested the system’s performance,

although our scope didn’t include discovering new kinds of attacks or creating an attack

database. Our goal was to evaluate our solution’s functionality and the prototype’s

performance.

CHAPTER 6
CODING AND TESTING

6.1 CODING

Once the design aspect of the system is finalizes the system enters into the coding

and testing phase. The coding phase brings the actual system into action by converting

46
the design of the system into the code in a given programming language. Therefore, a

good coding style has to be taken whenever changes are required it easily screwed into

the system.

6.2 CODING STANDARDS

Coding standards are guidelines to programming that focuses on the physical

structure and appearance of the program. They make the code easier to read, understand

and maintain. This phase of the system actually implements the blueprint developed

during the design phase. The coding specification should be in such a way that any

programmer must be able to understand the code and can bring about changes whenever

felt necessary. Some of the standard needed to achieve the above-mentioned objectives

are as follows:

Program should be simple, clear and easy to understand.

Naming conventions

Value conventions

Script and comment procedure

Message box format

Exception and error handling

6.2.1 NAMING CONVENTIONS

Naming conventions of classes, data member, member functions, procedures etc.,

should be self-descriptive. One should even get the meaning and scope of the variable by

47
its name. The conventions are adopted for easy understanding of the intended message

by the user. So it is customary to follow the conventions. These conventions are as

follows:

Class names

Class names are problem domain equivalence and begin with capital letter and have

mixed cases.

Member Function and Data Member name

Member function and data member name begins with a lowercase

letter with each subsequent letters of the new words in uppercase and the rest of letters in

lowercase.

6.2.2 VALUE CONVENTIONS

Value conventions ensure values for variable at any point of time. This involves the

following:

 Proper default values for the variables.

 Proper validation of values in the field.

 Proper documentation of flag values.

6.2.3 SCRIPT WRITING AND COMMENTING STANDARD

Script writing is an art in which indentation is utmost important. Conditional and

looping statements are to be properly aligned to facilitate easy understanding. Comments

48
are included to minimize the number of surprises that could occur when going through

the code.

6.2.4 MESSAGE BOX FORMAT

When something has to be prompted to the user, he must be able to understand it

properly. To achieve this, a specific format has been adopted in displaying messages to

the user. They are as follows:

 X – User has performed illegal operation.

 ! – Information to the user.

6.3 TEST PROCEDURE

SYSTEM TESTING
Testing is performed to identify errors. It is used for quality assurance.

Testing is an integral part of the entire development and maintenance process. The goal

of the testing during phase is to verify that the specification has been accurately and

completely incorporated into the design, as well as to ensure the correctness of the design

itself. For example the design must not have any logic faults in the design is detected

before coding commences, otherwise the cost of fixing the faults will be considerably

higher as reflected. Detection of design faults can be achieved by means of inspection as

well as walkthrough.

Testing is one of the important steps in the software development phase. Testing

checks for the errors, as a whole of the project testing involves the following test cases:

49
  Static analysis is used to investigate the structural properties of the Source code.

 Dynamic testing is used to investigate the behavior of the source code by

executing the program on the test data.

6.4 TEST DATA AND OUTPUT

6.4.1 UNIT TESTING

Unit testing is conducted to verify the functional performance of each modular

component of the software. Unit testing focuses on the smallest unit of the software

design (i.e.), the module. The white-box testing techniques were heavily employed for

unit testing.

6.4.2 FUNCTIONAL TESTS

Functional test cases involved exercising the code with nominal input

values for which the expected results are known, as well as boundary values and special

values, such as logically related inputs, files of identical elements, and empty files.

Three types of tests in Functional test:

 Performance Test

 Stress Test

 Structure Test

6.4.3 PERFORMANCE TEST

It determines the amount of execution time spent in various parts of the unit,

program throughput, and response time and device utilization by the program unit.

50
6.4.4 STRESS TEST

Stress Test is those test designed to intentionally break the unit. A Great deal

can be learned about the strength and limitations of a program by examining the manner

in which a programmer in which a program unit breaks.

6.4.5 STRUCTURED TEST

Structure Tests are concerned with exercising the internal logic of a program and

traversing particular execution paths. The way in which White-Box test strategy was

employed to ensure that the test cases could Guarantee that all independent paths within a

module have been have been exercised at least once.

 Exercise all logical decisions on their true or false sides.

 Execute all loops at their boundaries and within their operational bounds.

 Exercise internal data structures to assure their validity.

 Checking attributes for their correctness.

 Handling end of file condition, I/O errors, buffer problems and textual

errors in output information

6.4.6 INTEGRATION TESTING

Integration testing is a systematic technique for construction the program

structure while at the same time conducting tests to uncover errors associated with

interfacing. i.e., integration testing is the complete testing of the set of modules which

51
makes up the product. The objective is to take untested modules and build a program

structure tester should identify critical modules. Critical modules should be tested as

early as possible. One approach is to wait until all the units have passed testing, and then

combine them and then tested. This approach is evolved from unstructured testing of

small programs. Another strategy is to construct the product in increments of tested units.

A small set of modules are integrated together and tested, to which another module is

added and tested in combination. And so on. The advantages of this approach are that,

interface dispenses can be easily found and corrected.

The major error that was faced during the project is linking error. When all the

modules are combined the link is not set properly with all support files. Then we checked

out for interconnection and the links. Errors are localized to the new module and its

intercommunications. The product development can be staged, and modules integrated in

as they complete unit testing. Testing is completed when the last module is integrated and

tested.

6.5 TESTING TECHNIQUES / TESTING STRATERGIES

6.5.1 TESTING

Testing is a process of executing a program with the intent of finding an error. A

good test case is one that has a high probability of finding an as-yet –undiscovered error.

A successful test is one that uncovers an as-yet- undiscovered error. System testing is the

stage of implementation, which is aimed at ensuring that the system works accurately and

efficiently as expected before live operation commences. It verifies that the whole set of

programs hang together. System testing requires a test consists of several key activities

and steps for run program, string, system and is important in adopting a successful new

52
system. This is the last chance to detect and correct errors before the system is installed

for user acceptance testing.

The software testing process commences once the program is created and the

documentation and related data structures are designed. Software testing is essential for

correcting errors. Otherwise the program or the project is not said to be complete.

Software testing is the critical element of software quality assurance and represents the

ultimate the review of specification design and coding. Testing is the process of

executing the program with the intent of finding the error. A good test case design is one

that as a probability of finding an yet undiscovered error. A successful test is one that

uncovers an yet undiscovered error. Any engineering product can be tested in one of the

two ways:

6.5.1.1 WHITE BOX TESTING

This testing is also called as Glass box testing. In this testing, by knowing

the specific functions that a product has been design to perform test can be conducted that

demonstrate each function is fully operational at the same time searching for errors in

each function. It is a test case design method that uses the control structure of the

procedural design to derive test cases. Basis path testing is a white box testing.

Basis path testing:

 Flow graph notation

 Cyclometric complexity

 Deriving test cases

 Graph matrices Control

53
 

6.5.1.2 BLACK BOX TESTING

In this testing by knowing the internal operation of a product, test can

be conducted to ensure that “all gears mesh”, that is the internal operation performs

according to specification and all internal components have been adequately exercised. It

fundamentally focuses on the functional requirements of the software.

The steps involved in black box test case design are:

 Graph based testing methods

 Equivalence partitioning

 Boundary value analysis

 Comparison testing

6.5.2 SOFTWARE TESTING STRATEGIES:

A software testing strategy provides a road map for the software developer.

Testing is a set activity that can be planned in advance and conducted systematically. For

this reason a template for software testing a set of steps into which we can place specific

test case design methods should be strategy should have the following characteristics:

 Testing begins at the module level and works “outward” toward the

integration of the entire computer based system.

 Different testing techniques are appropriate at different points in time.

 The developer of the software and an independent test group conducts

testing.

54
  Testing and Debugging are different activities but debugging must be

accommodated in any testing strategy.

6.5.2.1 INTEGRATION TESTING:

Integration testing is a systematic technique for constructing the program

structure while at the same time conducting tests to uncover errors associated with.

Individual modules, which are highly prone to interface errors, should not be assumed to

work instantly when we put them together. The problem of course, is “putting them

together”- interfacing. There may be the chances of data lost across on another’s sub

functions, when combined may not produce the desired major function; individually

acceptable impression may be magnified to unacceptable levels; global data structures

can present problems.

6.5.2.2 PROGRAM TESTING:

The logical and syntax errors have been pointed out by program testing.

A syntax error is an error in a program statement that in violates one or more rules of the

language in which it is written. An improperly defined field dimension or omitted

keywords are common syntax error. These errors are shown through error messages

generated by the computer. A logic error on the other hand deals with the incorrect data

fields, out-off-range items and invalid combinations. Since the compiler s will not deduct

logical error, the programmer must examine the output. Condition testing exercises the

logical conditions contained in a module. The possible types of elements in a condition

include a Boolean operator, Boolean variable, a pair of Boolean parentheses A relational

55
operator or on arithmetic expression. Condition testing method focuses on testing each

condition in the program the purpose of condition test is to deduct not only errors in the

condition of a program but also other a errors in the program.

6.5.2.3 SECURITY TESTING:

Security testing attempts to verify the protection mechanisms built in to a system

well, in fact, protect it from improper penetration. The system security must be tested for

invulnerability from frontal attack must also be tested for invulnerability from rear attack.

During security, the tester places the role of individual who desires to penetrate system.

6.5.2.4 VALIDATION TESTING

At the culmination of integration testing, software is completely assembled as a

package. Interfacing errors have been uncovered and corrected and a final series of

software test-validation testing begins. Validation testing can be defined in many ways,

but a simple definition is that validation succeeds when the software functions in manner

that is reasonably expected by the customer. Software validation is achieved through a

series of black box tests that demonstrate conformity with requirement. After validation

test has been conducted, one of two conditions exists.

* The function or performance characteristics confirm to specifications and are accepted.

* A validation from specification is uncovered and a deficiency created.

Deviation or errors discovered at this step in this project is corrected prior to

completion of the project with the help of the user by negotiating to establish a method

for resolving deficiencies. Thus the proposed system under consideration has been tested

56
by using validation testing and found to be working satisfactorily. Though there were

deficiencies in the system they were not catastrophic

6.5.2.5 USER ACCEPTANCE TESTING

User acceptance of the system is key factor for the success of any system. The

system under consideration is tested for user acceptance by constantly keeping in touch

with prospective system and user at the time of developing and making changes

whenever required. This is done in regarding to the following points.

• Input screen design.

• Output screen design.

57
Source Code

58
Screenshots:

59
 REFERENCES
1. H. Debar, M. Dacier, and A. Wespi, “Towards a Taxonomy of Intrusion Detection
Systems,” Int’l J. Computer and Telecommunications Networking, vol. 31, no. 9,1999,
pp. 805–822.

2. I. Foster et al., “A Security Architecture for Computational Grids,” Proc. 5th ACM
Conf. Computer and Communications Security, ACM Press, 1998,pp. 83–92.

3. S. Axelsson, Research in Intrusion-Detection Systems: A Survey, tech. report TR-98-

17, Dept. Computer Eng.,Chalmers Univ. of Technology, 1999.

4. A. Schulter et al., “Intrusion Detection for Computational Grids,” Proc. 2nd Int’l Conf.
New Technologies, Mobility, and Security, IEEE Press, 2008, pp. 1–5.

5. H. Franke et al., “Grid-M: Middleware to Integrate Mobile Devices, Sensors and Grid
Computing,” Proc.3rd Int’l Conf. Wireless and Mobile Comm. (ICWMC 07),IEEE CS
Press, 2007, p. 19.

6. N.B. Idris and B. Shanmugam, “Artificial Intelligence Techniques Applied to Intrusion

Detection,” Proc.2005 IEEE India Conf. (Indicon) 2005 Conf., IEEE Press,2005, pp. 52–
55.

60
7. P.F. da Silva and C.B. Westphall, “Improvements in the Model for Interoperability of
Intrusion Detection Responses Compatible with the IDWG Model,”Int’l J. Network
Management, vol. 17, no. 4, 2007,pp. 287–294.
.

61