Date post: | 26-Oct-2014 |
Category: |
Documents |
Upload: | nandyala-mohan-babu |
View: | 294 times |
Download: | 2 times |
An Intrusion Response System for Relational Databases
1. INTRODUCTION
RECENTLY, we have seen an interest in products that continuously monitor
a database system and report any relevant suspicious activity. Database activity
monitoring has been identified by Gartner research as one of the top five strategies
that are crucial for reducing data leaks in organizations. Such step-up in data
vigilance by organizations is partly driven by various US government regulations
concerning data management such as SOX, PCI, GLBA, HIPAA, and so forth.
Organizations have also come to realize that current attack techniques are more
sophisticated, organized, and targeted than the broad-based hacking days of past.
Often, it is the sensitive and proprietary data that is the real target of attackers.
Also, with greater data integration, aggregation and disclosure, preventing data
theft, from both inside and outside organizations, has become a major challenge.
Standard database security mechanisms, such as access control, authentication,
and encryption, are not of much help when it comes to preventing data theft from
insiders. Such threats have thus forced organizations to reevaluate security
strategies for their internal databases. Monitoring a database to detect potential
intrusions, intrusion detection (ID), is a crucial technique that has to be part of any
comprehensive security solution for high-assurance database security. Note that
the ID systems that are developed must be tailored for a Database Management
System (DBMS) since database-related attacks such as SQL injection and data
exhilaration are not malicious for the underlying operating system or the network.
Our approach to an ID mechanism consists of two main elements,
specifically tailored to a DBMS: an anomaly detection (AD) system and an
Department of MCA, SVCET, Chittoor 1
An Intrusion Response System for Relational Databases
anomaly response system. The first element is based on the construction of
database access profiles of roles and users, and on the use of such profiles for the
ADtask. A user-request that does not conform to the normal access profiles is
characterized as anomalous.
Profiles can record information of different levels of details; we refer the
reader to for additional information and experimental results. The second element
of our approach the focus of this paper is in charge of taking some actions once an
anomaly is detected. There are three main types of response actions that we refer
to, respectively, as conservative actions, fine-grained actions, and aggressive
actions. The conservative actions, such as sending an alert, allow the anomalous
request to go through, whereas the aggressive actions can effectively block the
anomalous request. Fine-grained response actions, on the other hand, are neither
conservative nor aggressive. Such actions may suspend or taint an anomalous
request. A suspended request is simply put on hold, until some specific actions are
executed by the user, such as the execution of further authentication steps. A
tainted request is marked as a potential suspicious request resulting in further
monitoring of the user and possibly in the suspension or dropping of subsequent
requests by the same user.
Department of MCA, SVCET, Chittoor 2
An Intrusion Response System for Relational Databases
2. OBJECTIVE
With greater data integration, aggregation and disclosure, preventing data
theft, from both inside and outside organizations, has become a major challenge.
Standard database security mechanisms, such as access control, authentication,
and encryption, are not of much help when it comes to preventing data theft from
insiders. Such threats have thus forced organizations to reevaluate security
strategies for their internal databases. Monitoring a database to detect potential
intrusions, intrusion detection (ID), is a crucial technique that has to be part of any
comprehensive security solution for high-assurance database security.
Our approach is to design an ID mechanism that consists of two main
elements, specifically tailored to a DBMS: an anomaly detection (AD) system and
an anomaly response system. The first element is based on the construction of
database access profiles of roles and users, and on the use of such profiles for the
AD task. A user request that does not conform to the normal access profiles is
characterized as anomalous. The second element of our approach is in charge of
taking some actions once an anomaly is detected.
Department of MCA, SVCET, Chittoor 3
An Intrusion Response System for Relational Databases
3. LITERATURE SURVEY
3.1. DOMAIN KNOWLEDGE
3.1.1 DATA MINING
Generally, data mining (sometimes called data or knowledge discovery) is
the process of analyzing data from different perspectives and summarizing it into
useful information - information that can be used to increase revenue, cuts costs,
or both. Data mining software is one of a number of analytical tools for analyzing
data. It allows users to analyze data from many different dimensions or angles,
categorize it, and summarize the relationships identified. Technically, data mining
is the process of finding correlations or patterns among dozens of fields in large
relational databases.
Although data mining is a relatively new term, the technology is not.
However, continuous innovations in computer processing power, disk storage, and
statistical software are dramatically increasing the accuracy of analysis while
driving down the cost.
3.1.2 DATA AND KNOWLEDGE ENGINEERING
Database Systems and Knowledge base Systems share many common
principles. Data & Knowledge Engineering (DKE) stimulates the exchange of ideas
and interaction between these two related fields of interest. DKE reaches a world-
wide audience of researchers, designers, managers and users. The major aim of
the journal is to identify, investigate and analyze the underlying principles in the
design and effective use of these systems. DKE achieves this aim by publishing
Department of MCA, SVCET, Chittoor 4
An Intrusion Response System for Relational Databases
original research results, technical advances and news items concerning data
engineering, knowledge engineering, and the interface of these two fields.
The problem of insider threats to DBMSs is being recognized as a major
security threat by the organizations; in a 2004 E-crime watch survey conducted by
CERT and US Secret Service, insider threat was identified as the second biggest
threat after hackers. The solution to the insider threat problem requires among
other techniques the adoption of mechanisms able to detect and respond to
access anomalies by users internal to the organization owning the data. For our
IDR system to provide stronger security guarantees, it needs to ensure that the
activities of even the database administrators (DBAs) be monitored, and
responded to if deemed malicious. This is a difficult problem to address since the
policies that specify a response action need to be created for the DBAs who are, in
turn, responsible for managing the same policies.
3.2. SYSTEM INTRODUCTION
Organizations have come to realize that current attack techniques are more
sophisticated, organized, and targeted than the broad-based hacking days of past.
Often, it is the sensitive and proprietary data that is the real target of attackers.
Also, with greater data integration, aggregation and disclosure, preventing data
theft, from both inside and outside organizations, has become a major challenge.
Standard database security mechanisms, such as access control, authentication,
and encryption, are not of much help when it comes to preventing data theft from
insiders. Such threats have thus forced organizations to reevaluate security
strategies for their internal databases. Monitoring a database to detect potential
Department of MCA, SVCET, Chittoor 5
An Intrusion Response System for Relational Databases
intrusions, intrusion detection (ID), is a crucial technique that has to be part of any
comprehensive security solution for high-assurance database security.
3.3 PREVIOUS TAXONOMY
Title : The Cyber Enemy within ... Countering the Threat from Malicious
Insiders.
Authors: D. Brackney,T. Goan,A.Ott, and L. Martin.
One of the most critical problems facing the information security community
is the threat of a malicious insider abusing his computer privileges to modify,
remove, or prevent access to an organization's data. An insider is considered
trusted (at least implicitly) by his organization because he is granted access to its
computing environment. Whether or not that insider is in fact trustworthy is a
question that lies at the heart of the insider threat problem. Complicating this
problem is the fact that there is no "one size fits all" description of a malicious
insider. Motivations, objectives, cyber expertise, system privileges[1] all can and
do vary from one case to the next.
Title : Detecting Anomalous Access Patterns in Relational Databases.
Authors: A. Kamra, E. Terzi, and E. Bertino.
A considerable effort has been recently devoted to the development of
Database Management Systems (DBMS) which guarantee high assurance and
security. An important component of any strong security solution is represented by
Intrusion Detection (ID) techniques, able to detect anomalous behavior of
applications and users. To date, however, there have been few ID mechanisms
proposed which are specifically tailored to function within the DBMS. In this
paper[2], we propose such a mechanism. Our approach is based on mining SQL
Department of MCA, SVCET, Chittoor 6
An Intrusion Response System for Relational Databases
queries stored in database audit log files. The result of the mining process is used
to form profiles that can model normal database access behavior and identify
intruders. We consider two different scenarios while addressing the problem.
Title : Responding to Anomalous Database Requests.
Authors: A. Kamra, E. Bertino, and R.V. Nehme.
Organizations have recently shown increased interest in database activity
monitoring and anomaly detection techniques to safeguard their internal
databases. Once an anomaly is detected, a response from the database is needed
to contain the effects of the anomaly. However, the problem of issuing an
appropriate response to a detected database anomaly has received little attention
so far. In this paper[3], we propose a framework and policy language for issuing a
response to a database anomaly based on the characteristics of the anomaly. We
also propose a novel approach to dynamically change the state of the access
control system in order to contain the damage that may be caused by the
anomalous request. We have also carried out an experimental evaluation to
assess the performance overhead introduced by our response mechanism. The
experimental results show that the techniques are very efficient.
Title : Design and Implementation of SAACS: A State-Aware Access
Control System.
Authors: A. Kamra and E. Bertino.
The intrusion response component of an overall intrusion detection system
is responsible for issuing a suitable response to an anomalous request. We
propose the notion of database response policies to support our intrusion response
system tailored for a DBMS. Our interactive response policy language makes it
very easy for the database administrators to specify appropriate response actions
Department of MCA, SVCET, Chittoor 7
An Intrusion Response System for Relational Databases
for different circumstances depending upon the nature of the anomalous request
[4]. The two main issues that we address in context of such response policies are
that of policy matching, and policy administration. For the policy matching problem,
we propose two algorithms that efficiently search the policy database for policies
that match an anomalous request. We also extend the PostgreSQL DBMS with our
policy matching mechanism, and report experimental results. The experimental
evaluation shows that our techniques are very efficient.
3.4 OUR TAXONOMY
Our proposed solution is to design and implement an intrusion
response system to overcome the drawbacks of the existing system. The two main
issues that we address in context of such response policies are that of policy
matching, and policy administration. For the policy matching problem, we propose
two algorithms that efficiently search the policy database for policies that match an
anomalous request. We also extend the PostgreSQL DBMS with our policy
matching mechanism, and report experimental results. The experimental
evaluation shows that our techniques are very efficient. The other issue that we
address is that of administration of response policies to prevent malicious
modifications to policy objects from legitimate users. We propose a novel Joint
Threshold Administration Model (JTAM) that is based on the principle of separation
of duty. The key idea in JTAM is that a policy object is jointly administered by at
least k database administrator (DBAs), that is, any modification made to a policy
object will be invalid unless it has been authorized by at least k DBAs. We present
design details of JTAM which is based on a cryptographic threshold signature
Department of MCA, SVCET, Chittoor 8
An Intrusion Response System for Relational Databases
scheme, and show how JTAM prevents malicious modifications to policy objects
from authorized users.
The main contributions can be summarized as follows:
We present a framework for specifying intrusion response policies in the
context of a DBMS.
We present a novel administration model called JTAM for administration of
response policies.
We present algorithms to efficiently search the policy database for policies
that match an anomalous request.
We extend the PostgreSQL DBMS with our response policy mechanism,
and conduct an experimental evaluation of our techniques.
3.4.1 POLICY LANGUAGE
The detection of an anomaly by the detection engine can be considered as
a system event. The attributes of the anomaly, such as user, role, SQL command,
then correspond to the environment surrounding such an event. Intuitively, a policy
can be specified taking into account the anomaly attributes to guide the response
engine in taking a suitable action. Keeping this in mind, we propose an Event-
Condition-Action (ECA) language for specifying response policies.
3.4.1.1 Attributes and Conditions
The anomaly detection mechanism provides its assessment of the anomaly
using the anomaly attributes. We have identified two main categories for such
attributes. The first category, referred to as contextual category includes all
attributes describing the context of the anomalous request such as user, role,
Department of MCA, SVCET, Chittoor 9
An Intrusion Response System for Relational Databases
source, and time. The second category, referred to as structural category includes
all attributes conveying information about the structure of the anomalous request
such as SQL command, and accessed database objects.
3.4.1.2 Response Actions
Once a database request has been flagged off as anomalous, an action is
executed by the response system to address the anomaly. The response action to
be executed is specified as part of a response policy.
3.4.2 POLICY ADMINISTRATION
The main issue in the administration of response policies is how to protect a
policy from malicious modifications made by a DBA that has legitimate access
rights to the policy object. To address this issue, we propose an administration
model referred to as the Joint Threshold Administration Model (JTAM).The threat
scenario that we assume is that a DBA has all the privileges in the DBMS, and
thus it is able to execute arbitrary SQL insert, update, and delete commands to
make malicious modifications to the policies. Such actions are possible even if the
policies are stored in the system catalogs. JTAM protects a response policy
against malicious modifications by maintaining a digital signature on the policy
definition. The signature is then validated either periodically or upon policy usage
to verify the integrity of the policy definition.
One of the key assumptions in JTAM is that we do not assume the DBMS to
be in possession of a secret key for verifying the integrity of policies. If the DBMS
had possessed such key, it could simply create a HMAC (Hashed Message
Authentication Code) of each policy using its secret key, and later use the same
Department of MCA, SVCET, Chittoor 10
An Intrusion Response System for Relational Databases
key to verify the integrity of the policy. However, management of such secret key is
an issue since we cannot assume the key to be hidden from a malicious DBA. The
fundamental premise of our approach is that we do not trust a single DBA (with the
secret key) to create or manage the response policies, but the threat is mitigated if
the trust (the secret key) is distributed among multiple DBAs. This is also the
fundamental problem in threshold cryptography, that is, the problem of secure
sharing of a secret. We thus base JTAM on a threshold cryptographic signature
scheme.
3.4.3 POLICY MATCHING
We present our algorithms for finding the set of policies matching an
anomaly. Such search is executed by matching the attributes of the anomaly
assessment with the conditions in the policies.
. Policy matching is the problem of searching for policies applicable to an
anomalous request. When an anomaly is detected, the response system must
search through the policy database and find policies that match the anomaly. Our
ID mechanism is a real-time intrusion detection and response system; thus
efficiency of the policy search procedure is crucial. There are two variations of our
policy matching algorithm. The first algorithm, called the Base Policy Matching
algorithm and the second algorithm is called the Ordered Policy Matching
algorithm.
Department of MCA, SVCET, Chittoor 11
An Intrusion Response System for Relational Databases
3.4.4 RESPONSE ACTION SELECTION
In the event of multiple policies matching an anomaly, we must provide for a
resolution scheme to determine the response to be issued. We propose the
following two rank-based selection options that are based on the severity level of
the response actions:
Most Severe Policy (MSP)
The severity level of a response policy is determined by the highest
severity level of its response action. This strategy selects the most severe policy
from the set of matching policies. Note that the response actions described in
Section 3.1.2 are categorized according to their severity levels. Also, in the case of
interactive ECA response policies, the severity of the policy is taken as the severity
level of the Failure Action.
Least Severe Policy (LSP)
This strategy, unlike the MSP strategy, selects the least severe policy.
Department of MCA, SVCET, Chittoor 12
An Intrusion Response System for Relational Databases
4. PROBLEM IDENTIFICATION & SYSTEM
FRAMEWORK
4.1 PROBLM DEFINITION & EXAMPLE
Data represent today an important asset for companies and organizations.
Some of these data are worth millions of dollars and organizations take great care
at controlling access to these data, with respect to both internal users, within the
organization, and external users, outside the organization. Data security is also
crucial when addressing issues related to privacy of data pertaining to individuals;
companies and organizations managing such data need to provide strong
guarantees about the confidentiality of these data in order to comply with legal
regulations and policies. Overall, data security has a central role in the larger
context of information systems security. Therefore, the development of Database
Management Systems (DBMSs) with high-assurance security is a central research
issue. The development of such DBMSs requires a revision of architectures and
techniques adopted by traditional DBMS. An important component of this new
generation security-aware DBMS is an Intrusion Detection (ID) mechanism. Even
though DBMSs provide access control mechanisms, these mechanisms alone are
not enough to guarantee data security; they need to be complemented by suitable
ID mechanisms. However, despite the fact that building ID systems for networks
and operating systems has been an active area of research, few ID systems exist
that are specifically tailored to DBMS.
Department of MCA, SVCET, Chittoor 13
An Intrusion Response System for Relational Databases
For example, consider that a database user/application normally access
data only from the human resources schema. Consider that such user/application
submits a SQL command to the DBMS that accesses the financial records of the
employees from the finance schema. Such anomalous access pattern of the SQL
command may be the result of a SQL Injection vulnerability or privilege abuse by
an authorized user. The key observation is that an ID system designed for a
network or an operating system is ineffective against such database specific
malicious actions.
4.2 SYSTEM FRAME WORK
Our proposed solution is to design and implement an intrusion response
system to overcome the drawbacks of the existing system. The two main issues
that we address in context of such response policies are that of policy matching,
and policy administration. For the policy matching problem, we propose two
algorithms that efficiently search the policy database for policies that match an
anomalous request. The other issue that we address is that of administration of
response policies to prevent malicious modifications to policy objects from
legitimate users. We propose a novel Joint Threshold Administration Model
(JTAM) that is based on the principle of separation of duty. The key idea in JTAM
is that a policy object is jointly administered by at least k database administrator
(DBAs), that is, any modification made to a policy object will be invalid unless it
has been authorized by at least k DBAs. We present design details of JTAM which
Department of MCA, SVCET, Chittoor 14
An Intrusion Response System for Relational Databases
is based on a cryptographic threshold signature scheme, and show how JTAM
prevents malicious modifications to policy objects from authorized users.
Fig.4.1 System Frame Work
Department of MCA, SVCET, Chittoor 15
An Intrusion Response System for Relational Databases
4.3 SYSTEM FLOW CHART
A flow chart is graphical tool used to describe and analyze the movement of
data through a system. The transformation of data from input to output, through
processing, may be described logically associated with the system.
Fig.4.2 System Flow Chart
Department of MCA, SVCET, Chittoor 16
An Intrusion Response System for Relational Databases
4.4 SYSTEM REQUIREMENTS
4.4.1 FUNCTIONAL REQUIREMENTS
Functional requirements should include functions performed by specific
screens, outlines of work-flows performed by the system and other business or
compliance requirements the system must meet.
The functionalities in my project are:
File should be browsed.
Select the conditions for the browsed file.
Send the file to the detector.
Detector accepts the request and verifies whether it is anomaly or not.
For anomaly requests the query is not processed and the detector takes
appropriate actions.
For non-anomaly requests the query is processed and the sink is updated.
4.4.2 NON FUNCTIONAL REQUIREMENTS
The non functionalities in my project are:
ACCESSIBILITY
Accessibility can be viewed as the "ability to access" and possible benefit of
some system or entity. Accessibility is often used to focus on people with
disabilities and their right of access to the system.
PERFORMANCE
Computer performance is characterized by the amount of useful work
accomplished by a computer system compared to the time and resources used.
Department of MCA, SVCET, Chittoor 17
An Intrusion Response System for Relational Databases
PORTABILITY
Portability is the software-code base feature to be able to reuse the existing
code instead of creating new code when moving software from an environment to
another.
SECURITY
Security is the degree of protection against danger, loss, and criminals.
Security has to be compared and contrasted with other related concepts: Safety,
continuity, reliability.
4.4.3 HARDWARE REQUIREMENTS
Processor : PENTIUM IV 2.6 GHz
RAM : 256Mb and above
Hard Disk : 10 GB.
Input device : Standard Keyboard and Mouse.
Output device : VGA and High Resolution Monitor.
4.4.4 SOFTWARE REQUIREMENTS
Front End : Java
Operating System : Windows
Back End : SQL Server 2005
Department of MCA, SVCET, Chittoor 18
An Intrusion Response System for Relational Databases
5. SYSTEM DESIGN
5.1 DATABASE DESIGN
ENTITY RELATIONSHIP (E-R) DIAGRAM
Logical or graphical representation of data for an organization using entities,
attributes and their relationships is termed as an E-R diagram.
Entity: An entity may be defined as a thing which is recognized as being capable
of an independent existence and which can be uniquely identified.
Entity is represented by rectangle.
Relationship: A relationship captures how two or more entities are related to one
another.
or
Attributes: Entities and relationships can both have attributes. Represented with
ellipse.
Department of MCA, SVCET, Chittoor 19
An Intrusion Response System for Relational Databases
E-R DIAGRAM
Fig. 5.1 E-R Diagram
TABLES
Column Name Data Type
PolicyId varchar(10)
PolicyData varchar(20)
Department of MCA, SVCET, Chittoor 20
Policy DB
Policy IdPolicy Id Policy DataPolicy Data
havehave
User Info
RoleRoleIdId
AddressAddressNameName
An Intrusion Response System for Relational Databases
Table. 5.1 Policy Information
Column Name Data Type
Id varchar(10)
Role varchar(10)
Name varchar(10)
Address varchar(10)
Table. 5.2 User Details
5.2 MODULE DESCRIPTION
In this system we developed four modules for developing the system. The
modules are explained below:
Anomalous Request.
Intrusion Detection.
Protection Data Transmission.
Intrusion Response
ANOMALOUS REQUEST
Interactive response policy language makes it very easy for the database
administrators to specify appropriate response actions for different circumstances
depending upon the nature of the anomalous request. The conservative actions,
such as sending an alert, allow the anomalous request to go through, whereas the
Department of MCA, SVCET, Chittoor 21
An Intrusion Response System for Relational Databases
aggressive actions can effectively block the anomalous request. Recall that a
response policy is created to select a response action to be executed in the event
of an anomalous request.
INTRUSION DETECTION
Monitoring a database to detect potential intrusions, intrusion detection (ID),
is a crucial technique that has to be part of any comprehensive security solution for
high-assurance database security. We present a framework for specifying intrusion
response policies in the context of a DBMS.
The two main issues that we address in context of such response policies are that
of policy matching, and policy administration.
Policy Matching
. Policy matching is the problem of searching for policies applicable to an
anomalous request. When an anomaly is detected, the response system must
search through the policy database and find policies that match the anomaly. Our
ID mechanism is a real-time intrusion detection and response system; thus
efficiency of the policy search procedure is crucial.
Policy Administration
The main issue in the administration of response policies is how to protect a
policy from malicious modifications made by a DBA that has legitimate access
rights to the policy object. .Propose an administration model referred to as the
JTAM. The threat scenario that we assume is that a DBA has all the privileges in
the DBMS, and thus it is able to execute arbitrary SQL insert, update, and delete
commands to make malicious modifications to the policies.
Department of MCA, SVCET, Chittoor 22
An Intrusion Response System for Relational Databases
PROTECTION DATA TRANSMISSION
Data protection must deal with two general problems. First, data must be
protected from unauthorized access and tampering. This is the problem of data
security. Second, data must be protected from errors by authorized system users.
Concern for data security will take different forms in different system applications.
Individual users may be concerned with personal privacy, and wish to limit access
to private data files. Corporate organizations may seek to protect data related to
proprietary interests.
INTRUSION RESPONSE
A condition is specified on the attributes of the detected anomaly. An action
is the response action executed by the engine Our implementation of the response
system can be configured to include/exclude other user-defined anomaly
attributes. We address is that of administration of response policies to prevent
malicious modifications to policy objects from legitimate users.
5.3 UML DIAGRAMS
The UML is applicable to object-oriented problem solving. Anyone
interested in learning UML must be familiar with the underlying tenet of object-
oriented problem solving -- it all begins with the construction of a model. A model is
an abstraction of the underlying problem. The domain is the actual world from
which the problem comes.
Department of MCA, SVCET, Chittoor 23
An Intrusion Response System for Relational Databases
5.3.1 USE CASE DIAGRAM
Use case Diagrams represent the functionality of the system from a user’s
point of view. Use cases are used during requirements elicitation and analysis to
represent the functionality of the system. Use cases focus on the behavior of the
system from external point of view.
Actors are external entities that interact with the system. Examples of actors
include users like administrator, bank customer …etc., or another system like
central database.
Department of MCA, SVCET, Chittoor 24
An Intrusion Response System for Relational Databases
SEND FILE
INTRUDER DETECTED
BROWSE FILE
INSERT REORD
VIEW
SENDER
DETECTION DETAILS
SYSTEM
Fig.5.2 Use Case Diagram
5.3.2 SEQUENCE DIAGRAM
A sequence diagram is an interaction diagram that details how operations
are carried out -- what messages are sent and when. Sequence diagrams are
organized according to time. The time progresses as you go down the page. The
Department of MCA, SVCET, Chittoor 25
An Intrusion Response System for Relational Databases
objects involved in the operation are listed from left to right according to when they
take part in the message sequence.
: SENDER : SYSTEM
BROWSE BROWSING
FILE DISPLAYED
SEND FILE SENDING
INTRUDER DETECTED
INSERT FILE INSERTING
VIEW
DISPLAYS CONTENT OF THE FILE
DETECTION DETAILS ANALYZING
PROCESSING
DISPLAYS ATTACKS AT EACH LAYER
Fig.5.3 Sequence Diagram
5.3.3 CLASS DIAGRAM
A Class diagram gives an overview of a system by showing its classes and
the relationships among them. Class diagrams are static -- they display what
interacts but not what happens when they do interact.
Department of MCA, SVCET, Chittoor 26
An Intrusion Response System for Relational Databases
class Class Model
JFrame
Detector1
~ client_1: Socket~ client_2: Socket~ temp: long
+ Detector1()+ Detector2()+ Detector3()- initializeComponent() : void+ main(String[]) : void+ server() : void
JFrame
Detector2
~ client_1: Socket~ client_2: Socket- contentPane: JPanel~ dis: DataInputStream~ temp: long
- addComponent(Container, Component, int, int, int, int) : void+ Detector2()- initializeComponent() : void- jButton1_actionPerformed(ActionEvent) : void- jTabbedPane1_stateChanged(ChangeEvent) : void+ main(String[]) : void+ server() : void+ Sink2()
JFrame
Detector3
~ client_1: Socket~ client_2: Socket- jTextArea1: JTextArea~ length: int~ length1: int~ sen: String = ""~ server_1: ServerSocket~ socket_1: Socket~ temp: long
- addComponent(Container, Component, int, int, int, int) : void+ Detector3()- initializeComponent() : void- jButton1_actionPerformed(ActionEvent) : void- jTabbedPane1_stateChanged(ChangeEvent) : void+ main(String[]) : void+ server() : void
JFrame
Sink1
- contentPane: JPanel~ destination: String~ i: int = 1~ Recieved1: String~ rr: String = ""~ server_1: ServerSocket~ socket_1: Socket- transferTime: JLabel
- addComponent(Container, Component, int, int, int, int) : void- initializeComponent() : void- jButton1_actionPerformed(ActionEvent) : void- jTabbedPane1_stateChanged(ChangeEvent) : void+ main(String[]) : void+ server() : void+ Sink1()
JFrame
Sink2
- contentPane: JPanel~ destination: String~ i: int = 1- jButton1: JButton- jLabel1: JLabel- jPanel1: JPanel- jPanel2: JPanel- jScrollPane1: JScrollPane- jScrollPane2: JScrollPane- jTabbedPane1: JTabbedPane- jTextArea1: JTextArea- jTextArea2: JTextArea~ Recieved1: String~ rr: String = ""~ server_1: ServerSocket~ socket_1: Socket
- addComponent(Container, Component, int, int, int, int) : void- initializeComponent() : void- jButton1_actionPerformed(ActionEvent) : void- jTabbedPane1_stateChanged(ChangeEvent) : void+ main(String[]) : void+ server() : void+ Sink2()+ Sink3()JFrame
Sink3
- contentPane: JPanel~ destination: String~ i: int = 1- jButton1: JButton- jLabel1: JLabel- jPanel1: JPanel~ socket_1: Socket
- addComponent(Container, Component, int, int, int, int) : void- initializeComponent() : void- jButton1_actionPerformed(ActionEvent) : void- jTabbedPane1_stateChanged(ChangeEvent) : void+ main(String[]) : void+ server() : void+ Sink3()
JFrame
Source1
~ a: String ([]) = {"Select","Prob...~ b: String ([]) = {"Graph","probe...- contentPane: JPanel~ d: double~ dest1: String~ destination: String- Detect: JButton- fi lepath: JLabel
- jButton2_actionPerformed(ActionEvent) : void- jButton3_actionPerformed(ActionEvent) : void- jComboBox1_actionPerformed(ActionEvent) : void- jTextField1_actionPerformed(ActionEvent) : void+ main(String[]) : void+ paint(Graphics) : void+ sendData(String, int, String) : void+ setDest(String) : String+ Source1()+ view_actionperformed(ActionEvent) : void
Fig.5.4 Class Diagram
Our class diagram has three kinds of relationships.
Department of MCA, SVCET, Chittoor 27
An Intrusion Response System for Relational Databases
association -- a relationship between instances of the two classes. There is
an association between two classes if an instance of one class must know
about the other in order to perform its work. In a diagram, an association is
a link connecting two classes.
aggregation -- an association in which one class belongs to a collection. An
aggregation has a diamond end pointing to the part containing the whole.
generalization -- an inheritance link indicating one class is a super class of
the other. A generalization has a triangle pointing to the super class.
5.3.4 ACTIVITY DIAGRAM
Department of MCA, SVCET, Chittoor 28
An Intrusion Response System for Relational Databases
An activity diagram is essentially a fancy flowchart. Activity diagrams and
state chart diagrams are related. While a state chart diagram focuses attention on
an object undergoing a process (or on a process as an object), an activity diagram
focuses on the flow of activities involved in a single process. The activity diagram
shows the how those activities depend on one another.
Start
BROWSE A FILE
SEND A FILE
INTRUSION RESPONSE SYSTEM
SINK
End
YES
NO
Fig.5.5 Activity Diagram
5.4 TECHNIQUES
Department of MCA, SVCET, Chittoor 29
An Intrusion Response System for Relational Databases
The following are the techniques that are used in our project to our come
the drawbacks that are arise in previous systems. They are
Policy Matching
Policy Administration
POLICY MATCHING
Policy matching is the problem of searching for policies applicable to an
anomalous request. When an anomaly is detected, the response system must
search through the policy database and find policies that match the anomaly. Our
ID mechanism is a real-time intrusion detection and response system; thus
efficiency of the policy search procedure is crucial.
POLICY ADMINISTRATION
The main issue in the administration of response policies is how to protect a
policy from malicious modifications made by a DBA that has legitimate access
rights to the policy object. .Propose an administration model referred to as the
JTAM. The threat scenario that we assume is that a DBA has all the privileges in
the DBMS, and thus it is able to execute arbitrary SQL insert, update, and delete
commands to make malicious modifications to the policies.
5.5 SYSTEM ARCHITECTURE
Department of MCA, SVCET, Chittoor 30
An Intrusion Response System for Relational Databases
The system’s architecture consists of three main components: the traditional
DBMS that handles the query execution, the profile creator module for collecting
the training data and creating/maintaining the profiles, and the detection and
response mechanisms integrated with the core DBMS functionality. These
components form the new extended DBMS that is enhanced with an independent
ID system operating at the database level.
Fig.5.6 System Architecture
The flow of interactions for the IDR process is shown in Figure 5.5. During
the training phase, the SQL commands submitted to the DBMS (or read from the
audit log) are analyzed by the profile creator module to create the initial profiles of
the database users. For every SQL command under detection, the feature selector
module extracts the features from the queries in the format expected by the
detection engine. The detection engine then runs the extracted features through
Department of MCA, SVCET, Chittoor 31
An Intrusion Response System for Relational Databases
the detection algorithm. If an anomaly detected, the detection mechanism submits
its assessment of the SQL command to the response engine according to a pre-
defined interface; otherwise the command information is sent to the profile creator
process for updating the profiles.
The response engine consults a policy base of existing response policies to
issue a response depending on the assessment of the query submitted by the
detection engine. Notice that the fact that a query is anomalous may not
necessarily imply an intrusion. Other information and security policies must also be
taken into account. For example, if the user logged under the role is performing
some special activities to manage an emergency, the response mechanism may
be instructed not to raise alarms in such circumstances. If the response engine
decides to raise an alarm, certain actions for handling the alarm can be taken. The
most common action is to send an alert to the security administrator. However
other actions are possible, such as log the alarm, drop the query, or even take no
action at all.
6. IMPLEMENTATION
Department of MCA, SVCET, Chittoor 32
An Intrusion Response System for Relational Databases
Implementation is the stage of the project when the theoretical design is turned
out into a working system. Thus it can be considered to be the most critical stage
in achieving a successful new system and in giving the user, confidence that the
new system will work and be effective.
The implementation stage involves careful planning, investigation of the
existing system and it’s constraints on implementation, designing of methods to
achieve changeover and evaluation of changeover methods.
6.1 TECHNOLOGY USED
JAVAJava was designed to meet all the real world requirements with its key
features, which are explained in the following paragraph.
SIMPLE AND POWERFUL
Java was designed to be easy for the professional programmer to learn and
use efficiently. Java makes itself simple by not having surprising features. Since it
exposes the inner working of a machine, the programmer can perform his desired
actions without fear.
SECURE
Using Java Compatible Browser, anyone can safely download java applets
without the fear of viral infection or malicious intent. Java achieves this protection
by confining a java program to the java execution environment and by making it
inaccessible to other parts of the computer. We can download applets with
confidence that no harm will be done and no security will be breached.
Department of MCA, SVCET, Chittoor 33
An Intrusion Response System for Relational Databases
PORTABLE
In java, the same mechanism that gives security also helps in portability.
Many types of computers and operating systems are in use throughout the world
and are connected to the internet. For downloading programs through different
platforms connected to the internet, some portable, executable code is needed.
Java’s answer to these problems is its well designed architecture.
OBJECT-ORIENTED
Java was designed to be source-code compatible with any other
language. Java team gave a clean, usable, realistic approach to objects. The
object model in java is simple and easy to extend, while simple types, such as
integers, are kept as high-performance non -objects.
DYNAMIC
Java programs carry with them extensive amounts of run-time information
that is used to verify and resolve accesses to objects at run-time. Using this
concept it is possible to dynamically link code. Dynamic property of java adds
strength to the applet environment, in which small fragments of byte code may be
dynamically updated on a running system.
SWING
Swing components facilitate efficient graphical user interface (GUI)
development. These components are a collection of lightweight visual
components. Swing components contain a replacement for the heavyweight
Department of MCA, SVCET, Chittoor 34
An Intrusion Response System for Relational Databases
AWT components as well as complex user interface components such as
Trees and Tables.
Swing components contain a pluggable look and feel (PL & F). This
allows all applications to run with the native look and feel on different platforms.
PL & F allows applications to have the same behaviour on various platforms.
JFC contains operating system neutral look and feel. Swing components do not
contain peers. Swing components allow mixing AWT heavyweight and Swing
lightweight components in an application.
The major difference between lightweight and heavyweight
components is that lightweight components can have transparent pixels while
heavyweight components are always opaque. Lightweight components can be
non-rectangular while heavyweight components are always rectangular.
Swing components are JavaBeans compliant. This allows
components to be used easily in a Bean aware application building program.
The root of the majority of the Swing hierarchy is the JComponent class. This
class is an extension of the AWT Container class.
Swing components comprise of a large percentage of the JFC
release. The Swing component toolkit consists of over 250 pure Java classes
and 75 Interfaces contained in about 10 Packages. They are used to build
lightweight user interfaces. Swing consists of User Interface (UI) classes and
non- User Interface classes. The non-User Interface classes provide services
and other operations for the UI classes.
Department of MCA, SVCET, Chittoor 35
An Intrusion Response System for Relational Databases
Swing offers a number of advantages, which include
Wide variety of Components
Pluggable Look and Feel
MVC Architecture
Keystroke Handling
Action Objects
Nested Containers
Virtual Desktops
Compound Borders
Customized Dialogues
Standard Dialog Classes
Powerful Text Manipulation
Generic Undo Capabilities
Accessibility Support
JAVA DATABASE CONNECTIVITY (JDBC)
JDBC AND ODBC IN JAVA:
Most popular and widely accepted database connectivity
called Open Database Connectivity (ODBC) is used to access the
relational databases. It offers the ability to connect to almost all the
databases on almost all platforms. Java applications can also use this
ODBC to communicate with a database. Then we need JDBC why? There
are several reasons:
Department of MCA, SVCET, Chittoor 36
An Intrusion Response System for Relational Databases
ODBC API was completely written in C language and it makes an ex-
tensive use of pointers. Calls from Java to native C code have a num-
ber of drawbacks in the security, implementation, robustness and auto-
matic portability of applications.
ODBC is hard to learn. It mixes simple and advanced features to-
gether, and it has complex options even for simple queries.
ODBC drivers must be installed on client’s machine.
6.2 DATABASE
SQL SERVER
A database management, or DBMS, gives the user access to their data
and helps them transform the data into information. Such database management
systems include dBase, paradox, IMS, SQL Server and SQL Server. These
systems allow users to create, update and extract information from their database.
There are so many databases are available in the market and why I have
choose this SQL server is nothing but my project follows the client/server
architecture, so it should be execute both in the client as well as at the server side.
So for maintaining the records at the server side, and to distribute them among the
clients I have chosen this SQL server as a database for my project.
SQL Server stores each data item in its own fields. In SQL Server, the
fields relating to a particular person, thing or event are bundled together to form a
single complete unit of data, called a record (it can also be referred to as raw or an
occurrence). Each record is made up of a number of fields. No two fields in a
record can have the same field name.
Department of MCA, SVCET, Chittoor 37
An Intrusion Response System for Relational Databases
During an SQL Server Database design project, the analysis of your
business needs identifies all the fields or attributes of interest. If your business
needs change over time, you define any additional fields or change the definition of
existing fields.
RELATIONAL
Sometimes all the information of interest to a business operation can be
stored in one table. SQL Server makes it very easy to link the data in multiple
tables. Matching an employee to the department in which they work is one
example. This is what makes SQL Server a relational database management
system, or RDBMS. It stores data in two or more tables and enables you to define
relationships between the tables and enables you to define relationships between
the tables. The major advantages which suits my Project are
Redundancy avoidance
Data sharing
Standards can be enforced
More Secured
Integrity can be maintained
6.3 MODULES IMPLEMENTATION
6.3.1 USER MODULE
Send request (Browse file)
Select layer types (Conditions for request)
Send the request
Department of MCA, SVCET, Chittoor 38
An Intrusion Response System for Relational Databases
Insert records (DBAs’ Profiles)
View records
6.3.2 INTRUSION RESPONSE MODULE
Accepts request
Request Validation
Detector (Checks whether the request is anomaly or not)
Response (Sends appropriate messages to user based on request)
Action (Takes appropriate actions based on severity of request)
7. TESTING
The purpose of testing is to discover errors. Testing is the process of trying
to discover every conceivable fault or weakness in a work product. It provides a
way to check the functionality of components, sub assemblies, assemblies and/or
a finished product It is the process of exercising software with the intent of
Department of MCA, SVCET, Chittoor 39
An Intrusion Response System for Relational Databases
ensuring that the software system meets its requirements and user expectations
and does not fail in an unacceptable manner. There are various types of test. Each
test type addresses a specific testing requirement.
7.1 SELECT TEST FACTOR
The particular module of the Project which is essential for the testing
methodologies is sorted out first. This will help the testing process to be completed
within time. The test factors for my project include encoding, verification and
decoding process.
7.1.1 DETERMINE SDLC PHASE
This phase involves the structural testing of the system which will be used
for easy implementations of the functions. Though structural testing is so much
associated with the coding phase, the structural testing should be carried out at all
the phases of the lifecycle.
7.1.2 SELECT TYPE OF TEST
For selecting the appropriate testing process the project should be
analyzed with the following three testing concepts:
STRUCTURAL TESTING
Structural analysis based test sets are tend to uncover errors that occur
during coding of the program. The properties of the test set are to reflect the
internal structure of the program. Structural testing is designed to verify that the
developed system and programs work as specified in the requirement. The
objective is to ensure that the product is designed structurally sound and will
Department of MCA, SVCET, Chittoor 40
An Intrusion Response System for Relational Databases
function correctly.
FUNCTIONAL TESTING
Functional testing ensures that the requirements are properly satisfied by
the application system. The functions are those tasks that the system is designed
to accomplish. This is not concerned with how processing occurs but rather with
the results of the processing. The functional analysis based test sets tend to
uncover errors that occurred in implementing requirements or design
specifications.
SELECT TECHNIQUE
After selecting the appropriate testing methodology we have to select the
necessary testing technique such as stress testing, execution testing, recovery
testing, operation testing, compliance testing and security testing. We are
performing operation testing.
7.2 TYPES OF TESTS
7.2.1 UNIT TESTING
Unit testing involves the design of test cases that validate that the internal
program logic is functioning properly, and that program input produce valid
outputs. All decision branches and internal code flow should be validated. It is the
testing of individual software units of the application .it is done after the completion
of an individual unit before integration. This is a structural testing, that relies on
knowledge of its construction and is invasive. Unit tests perform basic tests at
component level and test a specific business process, application, and/or system
configuration. Unit tests ensure that each unique path of a business process
Department of MCA, SVCET, Chittoor 41
An Intrusion Response System for Relational Databases
performs accurately to the documented specifications and contains clearly defined
inputs and expected results.
7.2.2 INTEGRATION TESTING
Integration tests are designed to test integrated software components to
determine if they actually run as one program. Testing is event driven and is more
concerned with the basic outcome of screens or fields. Integration tests
demonstrate that although the components were individually satisfaction, as shown
by successfully unit testing, the combination of components is correct and
consistent. Integration testing is specifically aimed at exposing the problems that
arise from the combination of components.
7.2.3FUNCTIONAL TESTING
Functional tests provide systematic demonstrations that functions tested are
available as specified by the business and technical requirements, system
documentation, and user manuals.
Functional testing is centered on the following items:
Valid Input : identified classes of valid input must be accepted.
Invalid Input : identified classes of invalid input must be rejected.
Functions : identified functions must be exercised.
Output : identified classes of application outputs must be
exercised.
7.2.4 SYSTEM TESTING
System testing ensures that the entire integrated software system meets
requirements. It tests a configuration to ensure known and predictable results. An
Department of MCA, SVCET, Chittoor 42
An Intrusion Response System for Relational Databases
example of system testing is the configuration oriented system integration test.
System testing is based on process descriptions and flows, emphasizing pre-
driven process links and integration points.
White Box Testing
White Box Testing is a testing in which in which the software tester has
knowledge of the inner workings, structure and language of the software, or at
least its purpose. It is used to test areas that cannot be reached from a black box
level.
Black Box Testing
Black Box Testing is testing the software without any knowledge of the inner
workings, structure or language of the module being tested. Black box tests, as
most other kinds of tests, must be written from a definitive source document, such
as specification or requirements document, such as specification or requirements
document. It is a testing in which the software under test is treated, as a black
box .you cannot “see” into it. The test provides inputs and responds to outputs
without considering how the software works.
7.3 TEST REPORTS
Test Type Test case Expected value
Actual value Remarks Action
Functional Testing
Searching file
Select system path to search
System path valid ------- File browsed
Department of MCA, SVCET, Chittoor 43
An Intrusion Response System for Relational Databases
the file
System path invalid
Path specification error
Enter correct system path
Structural Testing
Selecting conditions
Select Probe/R2L/U2
R
Selected probe -------- Process request
Selected Normal/DOS
Intruder detected
Sends response and shuts the system
Functional Testing
Sending fileSend browsed
file
Sending browsed file
-------- File sent to Detector
File not browsed No file detected
Alerts the user to browse the file before sending
Validation Testing
Authentication
Key shares from DBAs’
Authorized signatures
-------- Transfers the request to detector
Unauthorized signatures
No valid authentication from DBAs’
Blocks the request
System Testing
Intrusion Detecting
Accept normal request
Accepting valid request as probe/U2R/R2L
-------- Ask for authentication from DBAs’.
Sending anomaly request
Detects request as Intrusion
Leaves an alert and resend the valid
Department of MCA, SVCET, Chittoor 44
An Intrusion Response System for Relational Databases
request
Validation Testing
Updating Destination database
Accepts only valid requests
data
Valid data --------- Update the destination database
Invalid data Data from detector is not accurate
Close sink
Table.7.1 Test Cases
7.4 CONCLUSIONS
All the test cases mentioned above passed successfully. No defects
encountered.
8. FUTURE ENHANCEMENT
8.1 DETECTION MECHANISM
We have presented two scenarios for the intrusion detection task in
databases. For the first scenario, when a role based access control system is in
Department of MCA, SVCET, Chittoor 45
An Intrusion Response System for Relational Databases
place, we identify role intruders, that is, users that while holding a specific role,
behave in a manner that of some other role. The first limitation of our current
approach is that we assume the user to activate only one role in a session. A
possible research direction to extend the scheme is to assume multiple role
activation by a user in a session. The second limitation of our approach is that we
assume that the roles form a partitioning of the universe of database access
behavior. With this assumption, we are not able to identify users that while holding
a specific role, behave differently from that role and from any other role in the
system. One approach towards identifying such behavior is to train a one class
Support Vector Machine (SVM) with the normal role behavior SQL query features.
Then any behavior deviating from the normal role behavior learned by the SVM
classifier will be identified as anomalous. A similar approach may be adopted for
the unsupervised learning scenario for the clusters of similar SQL queries. The one
class SVM classifier, trained for every cluster, may be applied to detect SQL
queries deviating from their representative cluster.
Apart from the above mentioned research directions, the traditional issues
related to application of machine learning techniques to real-world problems are
applicable to our approach as well. Such issues include, but are not limited to, the
problem of concept drift, the problem of over fitting or under fitting the training data,
and so forth.
8.2 RESPONSE MECHANISM
The response mechanism described in this dissertation works on the basis
of pre-configured policies. The policies are based on attributes related to the
Department of MCA, SVCET, Chittoor 46
An Intrusion Response System for Relational Databases
structure of a SQL query and also the context surrounding the query. In this
regard, our response mechanism may be considered to be static by its ability to
adjust. One possible research direction is to come up with more dynamic
approaches that are suitable for responding to a database intrusion.
An interactive response policy that requires a second factor of
authentication provides a second layer of defense when certain anomalous actions
are executed against critical system resources such as anomalous access to
system catalog tables. This opens the way to new research on how to organize
applications to handle such interactions for the case of legacy applications and
new applications. In the security area there is a lot work dealing with retrofitting
legacy applications for authorization policy enforcement. We believe that such
approaches can be extended to support such an interactive approach. For new
applications, one can devise methodologies to organize applications that support
such interactions. Notice that, however, because our approach is policy-based, the
database administrators have the flexibility of designing policies that best fit the
way applications are organized.
9. CONCLUSION
The response component of intrusion detection system for a DBMS is
described. The response component is responsible for issuing a suitable response
to an anomalous user request. An interactive Event-Condition-Action type
response policy language is presented that makes it very easy for the database
Department of MCA, SVCET, Chittoor 47
An Intrusion Response System for Relational Databases
security administrator to specify appropriate response actions for different
circumstances depending upon the nature of the anomalous request. The two
main issues that are addressed in the context of such response policies are policy
matching, and policy administration. For the policy matching procedure, an
algorithm is described to efficiently search the policy database for policies
matching an anomalous request assessment. The other issue that is addressed is
the administration of response policies to prevent malicious modifications to policy
objects from legitimate users.
10. APPENDICES
APPENDIX - I
SOURCE CODE
Source1:
Department of MCA, SVCET, Chittoor 48
An Intrusion Response System for Relational Databases
import java.awt.*;
import java.awt.event.*;
import javax.swing.*;
import java.io.*;
import java.net.*;
import java.sql.*;
public class Source1 extends JFrame
{
String fp;
Double fs;
Double tt;
Double rt;
Long ls;
JTextArea jtr;
private JLabel jLabel1;
private JLabel jLabel2;
private JLabel jLabel3;
private JLabel filesize;
private JLabel jfileSize;
private JLabel transferTime;
private JLabel jtransferTime;
private JLabel filepath;
private JLabel Jfilepath;
private JLabel readTime;
private JLabel JreadTime;
private JTextArea show;
private Long los;
private JComboBox graph;
private JButton view,insert;
long loss;
String str;
Department of MCA, SVCET, Chittoor 49
An Intrusion Response System for Relational Databases
private JTextField jTextField1;
private JComboBox jComboBox1;
private JTextArea jTextArea1;
private JScrollPane jScrollPane1,jsp,jsp1,jsp2,jsp3;
private JButton jButton1;
private JButton jButton2;
private JButton jButton3;
private JPanel contentPane;
private JButton Detect;
private int lossspace;
JScrollPane js;
Object o;
String dest1;
int len;
double d;
double time;
long read;
double rd;
private String r="";
String msg="";
int flag=1;
int flag1=1;
Socket n1_client;
String destination;
int limit;
String a[]={"Select","Probe","Dos","R2L","U2R","Normal"};
int packets;
int rem;
String b[]={"Graph","probe","DOS","R2L","U2R"};
FileInputStream fis=null;
Image im;
Department of MCA, SVCET, Chittoor 50
An Intrusion Response System for Relational Databases
public Source1()
{
super();
initializeComponent();
this.setVisible(true);
try{
FileInputStream f=new FileInputStream(".//Detector.txt");
while((d=f.read())!=-1)
{
r+=(char)d;
}
}catch(Exception ex){ex.printStackTrace();}
}
private void initializeComponent()
{
jLabel1 = new JLabel();
jLabel2 = new JLabel();
jLabel3 = new JLabel();
jTextField1 = new JTextField();
filesize=new JLabel();
jfileSize=new JLabel();
transferTime=new JLabel();
jtransferTime=new JLabel();
filepath=new JLabel();
Jfilepath=new JLabel();
readTime=new JLabel();
JreadTime=new JLabel();
jLabel1.setFont(new Font("Arial",Font.BOLD,15));
show=new JTextArea(70,80);
jComboBox1 = new JComboBox(a);
Department of MCA, SVCET, Chittoor 51
An Intrusion Response System for Relational Databases
jTextArea1 = new JTextArea();
jScrollPane1 = new JScrollPane();
jButton1 = new JButton();
jButton2 = new JButton();
jButton3 = new JButton();
view=new JButton("View");
graph=new JComboBox(b);
insert=new JButton("Insert");
Detect=new JButton("Detection");
jtr=new JTextArea();
js=new JScrollPane();
contentPane = (JPanel)this.getContentPane();
jLabel1.setText("<html><h1><b><u><font
color=\'white',size=\"6\">SOURCE1</font><u></i></h1></html>");
filepath.setText("<html><font
color=\'white',size=\"4\">lossSpace:</font></h1></html>");
jLabel1.setForeground(new Color(0, 0, 102));
jLabel2.setText("<html><b><font color=\'white'>Layers
No</font></b></html>");
readTime.setText("<html><font
color=\'white',size=\"4\">ReadTime:</font></h1></html>");
jLabel3.setText("<html><b><font color=\'white' >Status
Information</font></b></html>");
filesize.setBackground(new Color(255, 255, 255));
filesize.setText("<html><b><font
color=\'white',size=\"4\">FileSize:</font></b></html>");
transferTime.setBackground(new Color(255,255,255));
transferTime.setText("<html><b><font
color=\'white',size=\"4\">TransferTime:</font></b></html>");
jTextField1.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e)
Department of MCA, SVCET, Chittoor 52
An Intrusion Response System for Relational Databases
{
jTextField1_actionPerformed(e);
}
});
jComboBox1.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e)
{
jComboBox1_actionPerformed(e);
}
});
Detect.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e)
{
Detect_actionperformed(e);
}
});
jScrollPane1.setViewportView(jTextArea1);
js.setViewportView(jtr);
jButton1.setBackground(new Color(255, 255, 255));
jButton1.setText("<html><b><font color=\'black'
>Browse</font></b></html>");
jButton1.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e)
{
jButton1_actionPerformed(e);
}
});
jButton2.setBackground(new Color(255, 255, 255));
jButton2.setText("<html><b><font color=\'black'
>Send</font></b></html>");
Department of MCA, SVCET, Chittoor 53
An Intrusion Response System for Relational Databases
jButton2.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e)
{
jButton2_actionPerformed(e);
}
});
insert.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e)
{
insert_actionperformed(e);
}
});
view.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e)
{
view_actionperformed(e);
}
});
jButton3.setText("Exit");
jButton3.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e)
{
jButton3_actionPerformed(e);
}
});
graph.addActionListener(new ActionListener()
{
Department of MCA, SVCET, Chittoor 54
An Intrusion Response System for Relational Databases
public void actionPerformed(ActionEvent ae)
{
graph_actionPerformed(ae);
}
});
contentPane.setLayout(null);
Color colr = new Color(210,105,30);
contentPane.setBackground(colr);
jLabel1.setForeground(colr);
addComponent(contentPane, jLabel1, 158,14,136,28);
addComponent(contentPane, jLabel2, 100,149,60,18);
addComponent(contentPane, jLabel3, 165,180,118,23);
addComponent(contentPane, jTextField1, 41,80,252,20);
addComponent(contentPane, jComboBox1, 180,147,100,22);
addComponent(contentPane, jScrollPane1, 60,200,295,246);
addComponent(contentPane, jButton1, 317,78,83,28);
addComponent(contentPane, jButton2, 317,147,83,28);
addComponent(contentPane, jButton3, 317,450,83,28);
addComponent(contentPane,filepath,60,500,136,28);
addComponent(contentPane,Jfilepath,150,500,280,28);
addComponent(contentPane,filesize,310,500,140,28);
addComponent(contentPane,jfileSize,390,500,136,28);
addComponent(contentPane,transferTime,60,550,136,28);
addComponent(contentPane,jtransferTime,180,550,136,28);
addComponent(contentPane,readTime,310,550,136,28);
addComponent(contentPane,JreadTime,390,550,136,28);
addComponent(contentPane,insert,30,600,136,28);
addComponent(contentPane,view,80,600,136,28);
addComponent(contentPane,graph,250,600,100,28);
addComponent(contentPane,Detect,350,600,103,28);
addComponent(contentPane,jtr,350,300,400,200);
Department of MCA, SVCET, Chittoor 55
An Intrusion Response System for Relational Databases
jtr.setVisible(false);
this.setTitle("Source1 - extends JFrame");
this.setLocation(new Point(66, 48));
this.setSize(new Dimension(783, 635));
}
private void addComponent(Container container,Component c,int x,int y,int
width,int height)
{
c.setBounds(x,y,width,height);
container.add(c);
}
private void jTextField1_actionPerformed(ActionEvent e)
{
System.out.println("\njTextField1_actionPerformed(ActionEvent e)
called.");
}
private void jComboBox1_actionPerformed(ActionEvent e)
{
System.out.println("\njComboBox1_actionPerformed(ActionEvent e)
called.");
o = jComboBox1.getSelectedItem();
destination=""+o;
flag=0;
}
private void jButton1_actionPerformed(ActionEvent e)
{
System.out.println("\njButton1_actionPerformed(ActionEvent e)
called.");
try
Department of MCA, SVCET, Chittoor 56
An Intrusion Response System for Relational Databases
{
int b;
Long l=0L;
msg="";
FileDialog fd=new
FileDialog(this,"Open",FileDialog.LOAD);
JFileChooser jf=new JFileChooser();
int s=jf.showOpenDialog(null);
File f1=jf.getSelectedFile();
str=f1.getPath();
File f=new File(str);
long size1=f1.getTotalSpace();
long freespace=f1.getFreeSpace();
loss=size1-freespace;
FileInputStream fos=new FileInputStream(str);
long length=f.length();
int sizedata=fos.available();
int n=sizedata/4;
jTextField1.setText(str);
while((b=fos.read())!=-1)
{
msg+=(char)b;
l+=b;
}
byte by[]=new byte[fos.available()];
String sbyte=new String(by);
jTextArea1.setText("Size");
fos.read(by);
fos.close();
flag1=0;
len=msg.length();
Department of MCA, SVCET, Chittoor 57
An Intrusion Response System for Relational Databases
d=len/1024;
time=d/60;
read=l/1024;
rd=read/60;
String source=jTextField1.getText();
System.out.println(""+System.currentTimeMillis());
jTextArea1.append("\n\nSource1 Address::"+source+"\n\n");
jTextArea1.append("Selected File Path "+"<b>"+fd.getDirectory()+fd.getFile()
+"</b>"+"\n\n");
jTextArea1.append("Total Size::"+len+"bytes"+"\n\n");
jTextArea1.append("Total space::"+size1+"bytes"+"\n\n");
jTextArea1.append("Total Freespace::"+freespace+"bytes"+"\n\n");
jTextArea1.append("Reading Files:"+l+"bytes"+"\n\n");
jfileSize.setText(""+d+"Kb");
Jfilepath.setText(""+loss);
JreadTime.setText(""+rd+"Sec");
}
catch (Exception ex)
{
ex.printStackTrace();
}
}
public void insert_actionperformed(ActionEvent e)
{
try
{
Class.forName("oracle.jdbc.driver.OracleDriver");
Connection
con=DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:xe","intursio
n","intursion");
Statement stm=con.createStatement();
Department of MCA, SVCET, Chittoor 58
An Intrusion Response System for Relational Databases
String ss="insert into
sour1(layerports,filePath,fileSize,transferTime,readTime,lossSpace)values('"+jCom
boBox1.getSelectedItem()+"','"+str+"',"+d+","+time+","+rd+","+loss+")";
stm.executeUpdate(ss);
JOptionPane.showMessageDialog(null,"Record Inserted");
System.out.println("record inserted");
}
catch(Exception ex)
{
ex.printStackTrace();
}
}
public void view_actionperformed(ActionEvent e)
{
addComponent(contentPane,show,280,600,236,58);
try
{
System.out.println("retrieved************");
Class.forName("oracle.jdbc.driver.OracleDriver");
Connection
con=DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:xe","intursio
n","intursion");
Statement stm=con.createStatement();
ResultSet rs=stm.executeQuery("select * from sour1");
String
tb[]={"Layers","FilePath","FileSize","TransferTime","ReadTime","LossSpace"};
String stab[][]=new String[50][50];
for(int i=0;rs.next();i++)
{
stab[i][0]=rs.getString(1);
Department of MCA, SVCET, Chittoor 59
An Intrusion Response System for Relational Databases
stab[i][1]=rs.getString(2);
stab[i][2]=Double.toString(rs.getDouble(3));
stab[i][3]=Double.toString(rs.getDouble(4));
stab[i][4]=Double.toString(rs.getDouble(5));
stab[i][5]=Double.toString(rs.getDouble(6));
System.out.println("record inserted");
}
JTable jt=new JTable(stab,tb);
int v=ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED;
int h=ScrollPaneConstants.HORIZONTAL_SCROLLBAR_AS_NEEDED;
JScrollPane jsp=new JScrollPane(jt,v,h);
addComponent(contentPane,jsp,500,450,436,158);
}
catch(Exception ex)
{
}
}
public void graph_actionPerformed(ActionEvent ae)
{
Object o1=graph.getSelectedItem();
dest1=""+o1;
System.out.println("a[3]="+a[3]+"a[4]="+a[4]);
if(dest1.equalsIgnoreCase(a[1]))
{
final probe1chart demo = new probe1chart("Probe1 Layer");
demo.pack();
demo.setLocation(200,200);
demo.setVisible(true);
try
{
Department of MCA, SVCET, Chittoor 60
An Intrusion Response System for Relational Databases
Class.forName("oracle.jdbc.driver.OracleDriver");
Connection
con=DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:xe","intursio
n","intursion");
Statement stm=con.createStatement();
String str="select* from sour1 where layerports='"+a[1]+"'";
ResultSet rs=stm.executeQuery(str);
String
tb[]={"Layers","FilePath","FileSize","TransferTime","ReadTime","LossSpace"};
String stab[][]=new String[50][50];
for(int i=0;rs.next();i++)
{
stab[i][0]=rs.getString(1);
stab[i][1]=rs.getString(2);
stab[i][2]=Double.toString(rs.getDouble(3));
stab[i][3]=Double.toString(rs.getDouble(4));
stab[i][4]=Double.toString(rs.getDouble(5));
stab[i][5]=Double.toString(rs.getDouble(6));
}
JTable p=new JTable(stab,tb);
int v=ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED;
int h=ScrollPaneConstants.HORIZONTAL_SCROLLBAR_AS_NEEDED;
jsp=new JScrollPane(p,v,h);
addComponent(contentPane,jsp,500,250,436,158);
jsp1.setVisible(false);
jsp2.setVisible(false);
jsp3.setVisible(false);
}
catch(Exception ex)
{
}
Department of MCA, SVCET, Chittoor 61
An Intrusion Response System for Relational Databases
}
else if(dest1.equalsIgnoreCase(a[2]))
{
final Doschart1 demo = new Doschart1("Dos1 Layer");
demo.pack();
demo.setLocation(200,200);
demo.setVisible(true);
try
{
Class.forName("oracle.jdbc.driver.OracleDriver");
Connection
con=DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:xe","intursio
n","intursion");
Statement stm=con.createStatement();
String str="select* from sour1 where layerports='"+a[2]+"'";
ResultSet rs=stm.executeQuery(str);
String
tb[]={"Layers","FilePath","FileSize","TransferTime","ReadTime","LossSpace"};
String stab[][]=new String[50][50];
for(int i=0;rs.next();i++)
{
stab[i][0]=rs.getString(1);
stab[i][1]=rs.getString(2);
stab[i][2]=Double.toString(rs.getDouble(3));
stab[i][3]=Double.toString(rs.getDouble(4));
stab[i][4]=Double.toString(rs.getDouble(5));
stab[i][5]=Double.toString(rs.getDouble(6));
}
JTable p=new JTable(stab,tb);
Department of MCA, SVCET, Chittoor 62
An Intrusion Response System for Relational Databases
int v=ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED;
int h=ScrollPaneConstants.HORIZONTAL_SCROLLBAR_AS_NEEDED;
jsp1=new JScrollPane(p,v,h);
addComponent(contentPane,jsp1,500,250,436,158);
jsp.setVisible(false);
jsp2.setVisible(false);
jsp3.setVisible(false);
}
catch(Exception ex)
{
}
}
else if(dest1.equalsIgnoreCase(a[3]))
{
final R2Lchart1 demo = new R2Lchart1("R2L Layer");
demo.pack();
demo.setLocation(200,200);
demo.setVisible(true);
try
{
Class.forName("oracle.jdbc.driver.OracleDriver");
Connection
con=DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:xe","intursio
n","intursion");
Statement stm=con.createStatement();
String str="select* from sour1 where layerports='"+a[3]+"'";
ResultSet rs=stm.executeQuery(str);
String
tb[]={"Layers","FilePath","FileSize","TransferTime","ReadTime","LossSpace"};
String stab[][]=new String[50][50];
for(int i=0;rs.next();i++)
Department of MCA, SVCET, Chittoor 63
An Intrusion Response System for Relational Databases
{
stab[i][0]=rs.getString(1);
stab[i][1]=rs.getString(2);
stab[i][2]=Double.toString(rs.getDouble(3));
stab[i][3]=Double.toString(rs.getDouble(4));
stab[i][4]=Double.toString(rs.getDouble(5));
stab[i][5]=Double.toString(rs.getDouble(6));
}
JTable p=new JTable(stab,tb);
int v=ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED;
int h=ScrollPaneConstants.HORIZONTAL_SCROLLBAR_AS_NEEDED;
jsp2=new JScrollPane(p,v,h);
addComponent(contentPane,jsp2,500,250,436,158);
jsp1.setVisible(false);
jsp.setVisible(false);
jsp3.setVisible(false);
}
catch(Exception ex)
{
}
}
else if(dest1.equalsIgnoreCase(a[4]))
{
System.out.println("U2RChart**************");
final U2Rchart1 demo = new U2Rchart1("U2R Layer");
demo.pack();
demo.setLocation(200,200);
demo.setVisible(true);
try
{
Department of MCA, SVCET, Chittoor 64
An Intrusion Response System for Relational Databases
Class.forName("oracle.jdbc.driver.OracleDriver");
Connection
con=DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:xe","intursio
n","intursion");
Statement stm=con.createStatement();
String str="select* from sour1 where layerports='"+a[4]+"'";
ResultSet rs=stm.executeQuery(str);
String
tb[]={"Layers","FilePath","FileSize","TransferTime","ReadTime","LossSpace"};
String stab[][]=new String[50][50];
for(int i=0;rs.next();i++)
{
stab[i][0]=rs.getString(1);
stab[i][1]=rs.getString(2);
stab[i][2]=Double.toString(rs.getDouble(3));
stab[i][3]=Double.toString(rs.getDouble(4));
stab[i][4]=Double.toString(rs.getDouble(5));
stab[i][5]=Double.toString(rs.getDouble(6));
}
JTable p=new JTable(stab,tb);
int v=ScrollPaneConstants.VERTICAL_SCROLLBAR_AS_NEEDED;
int h=ScrollPaneConstants.HORIZONTAL_SCROLLBAR_AS_NEEDED;
jsp3=new JScrollPane(p,v,h);
addComponent(contentPane,jsp3,500,250,436,158);
jsp1.setVisible(false);
jsp2.setVisible(false);
jsp.setVisible(false);
}
catch(Exception ex)
{
}
Department of MCA, SVCET, Chittoor 65
An Intrusion Response System for Relational Databases
}
}
public void paint(Graphics g)
{
g.drawImage(im, 0, 0, null);
}
private void Detect_actionperformed(ActionEvent ae)
{
try
{
Class.forName("oracle.jdbc.driver.OracleDriver");
Connection
con=DriverManager.getConnection("jdbc:oracle:thin:@localhost:1521:xe","intursio
n","intursion");
Statement stm=con.createStatement();
String sa1="select * from sour1 where layerports='"+a[1]+"'";
String sa2="select * from sour1 where layerports='"+a[2]+"'";
String sa3="select * from sour1 where layerports='"+a[3]+"'";
String sa4="select * from sour1 where layerports='"+a[4]+"'";
//Probe
ResultSet rs=stm.executeQuery(sa1);
double s6=0,s8=0,s9=0;
int i=1;
while(rs.next())
{
String s1=rs.getString(1);
String s2=rs.getString(2);
double s3=rs.getDouble(3);
s6=rs.getDouble(4)+s6;
s8=rs.getDouble(5)+s8;
double s4=rs.getDouble(6);
Department of MCA, SVCET, Chittoor 66
An Intrusion Response System for Relational Databases
i++;
System.out.println("TransferTime"+r);
}
double s7=s6/i;
s9=s8/i;
System.out.println("pobe transferTime="+s7+"\t"+"ReadTime"+s9);
//Dos
rs=stm.executeQuery(sa2);
double st=0,sr=0,at,ar;
int j=1;
while(rs.next())
{
String s1=rs.getString(1);
String s2=rs.getString(2);
double s3=rs.getDouble(3);
st=rs.getDouble(4)+st;
sr=rs.getDouble(5)+sr;
double s4=rs.getDouble(6);
j++;
}
at=st/j;
ar=sr/j;
System.out.println("Dos transferTime="+at+"\t"+"ReadTime"+ar);
rs.close();
//R2L
rs=stm.executeQuery(sa3);
double st1=0,sr1=0,at1,ar1;
int k=1;
while(rs.next())
{
String s1=rs.getString(1);
Department of MCA, SVCET, Chittoor 67
An Intrusion Response System for Relational Databases
String s2=rs.getString(2);
double s3=rs.getDouble(3);
st1=rs.getDouble(4)+st1;
sr1=rs.getDouble(5)+sr1;
double s4=rs.getDouble(6);
k++;
}
at1=st1/k;
ar1=sr1/k;
System.out.println("R2L transferTime="+at1+"\t"+"ReadTime"+ar1);
//U2R
rs=stm.executeQuery(sa4);
double st2=0,sr2=0,at2,ar2;
int l=1;
while(rs.next())
{
String s1=rs.getString(1);
String s2=rs.getString(2);
double s3=rs.getDouble(3);
st2=rs.getDouble(4)+st2;
sr2=rs.getDouble(5)+sr2;
double s4=rs.getDouble(6);
l++;
}
at2=st2/l;
ar2=sr2/l;
System.out.println("U2R transferTime="+at2+"\t"+"ReadTime"+ar2);
//rs3.close();
jtr.append("Name"+"\tAvgTransferTime"+"\t"+"AvgReadTime"+"\n");
Department of MCA, SVCET, Chittoor 68
An Intrusion Response System for Relational Databases
jtr.append("======================================================
=============================\n");
jtr.append("Probe"+"\t"+(Math.abs(s7))+"\t"+""+Math.abs(s9)+"\n");
jtr.append("Dos"+"\t"+Math.abs(at)+"\t"+""+Math.abs(ar)+"\n");
jtr.append("R2L"+"\t"+Math.abs(at1)+"\t"+""+Math.abs(ar1)+"\n");
jtr.append("U2R"+"\t"+Math.abs(at2)+"\t"+""+Math.abs(ar2)+"\n");
jtr.setVisible(true);
LineChartDemo6 ld=new
LineChartDemo6("Detection",s7,s9,at,ar,at1,ar1,at2,ar2);
ld.setSize(300,300);
ld.setVisible(true);
}
catch(Exception ex)
{
ex.printStackTrace();
}
}
private void jButton2_actionPerformed(ActionEvent e)
{
System.out.println("\njButton2_actionPerformed(ActionEvent e)
called.");
jtransferTime.setText(""+time);
String dest;
if(flag==0)
{
if(destination.equalsIgnoreCase(a[0]))
{
JOptionPane.showMessageDialog(null,"Select the
Destination!..");
}
else if(destination.equalsIgnoreCase(a[1]))
Department of MCA, SVCET, Chittoor 69
An Intrusion Response System for Relational Databases
{
JOptionPane.showMessageDialog(null,"This Is From
PROBE Layer : This transaction need authentication from 4 DBAs");
String
dba1sign=JOptionPane.showInputDialog("JTAM : Enter Threshold Signature of
DBA 1 ");
System.out.println("dba1sign : "+dba1sign);
if(dba1sign!=null&&!dba1sign.equals("")){
int dba1conform= JOptionPane.showConfirmDialog(null,"DBA
1: Is it Conformed?");
System.out.println("dba1conform : "+dba1conform);
if(dba1conform!=0){
JOptionPane.showMessageDialog(null,"JTAM : Since DBA
1 not conformed signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
}else{
JOptionPane.showMessageDialog(null,"JTAM : Since DBA 1
not accepted / not entered signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
String dba2sign=JOptionPane.showInputDialog("JTAM : Enter
Threshold Signature of DBA 2 ");
System.out.println("dba2sign : "+dba2sign);
if(dba2sign!=null&&!dba2sign.equals("")){
int dba2conform= JOptionPane.showConfirmDialog(null,"DBA
2: Is it Conformed?");
System.out.println("dba2conform : "+dba2conform);
if(dba2conform!=0){
Department of MCA, SVCET, Chittoor 70
An Intrusion Response System for Relational Databases
JOptionPane.showMessageDialog(null,"JTAM : Since DBA
2 not conformed signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
}else{
JOptionPane.showMessageDialog(null,"JTAM : Since DBA 2
not accepted / not entered signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
String dba3sign=JOptionPane.showInputDialog("JTAM : Enter
Threshold Signature of DBA 3 ");
System.out.println("dba3sign : "+dba3sign);
if(dba3sign!=null&&!dba3sign.equals("")){
int dba3conform= JOptionPane.showConfirmDialog(null,"DBA
3: Is it Conformed?");
System.out.println("dba3conform : "+dba3conform);
if(dba3conform!=0){
JOptionPane.showMessageDialog(null,"JTAM : Since DBA
3 not conformed signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
}else{
JOptionPane.showMessageDialog(null,"JTAM : Since DBA 3
not accepted / not entered signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
Department of MCA, SVCET, Chittoor 71
An Intrusion Response System for Relational Databases
String dba4sign=JOptionPane.showInputDialog("JTAM : Enter
Threshold Signature of DBA 4 ");
System.out.println("dba4sign : "+dba4sign);
if(dba4sign!=null&&!dba4sign.equals("")){
int dba4conform= JOptionPane.showConfirmDialog(null,"DBA
4: Is it Conformed?");
System.out.println("dba4conform : "+dba4conform);
if(dba4conform!=0){
JOptionPane.showMessageDialog(null,"JTAM : Since DBA
4 not conformed signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
}else{
JOptionPane.showMessageDialog(null,"JTAM : Since DBA 4
not accepted / not entered signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
JOptionPane.showMessageDialog(null,"Now you can insert
details of a file into Database ");
dest=setDest(a[1]);
sendData(r,111,dest);
}
else if(destination.equalsIgnoreCase(a[2]))
{
JOptionPane.showMessageDialog(null,"This Is From
Dos Layer");
dest=setDest(a[2]);
int a;
Department of MCA, SVCET, Chittoor 72
An Intrusion Response System for Relational Databases
sendData(r,111,dest);
}
else if(destination.equalsIgnoreCase(a[3]))
{
JOptionPane.showMessageDialog(null,"This Is From
R2L layer");
JOptionPane.showMessageDialog(null,"This Is From PROBE
Layer : This transaction need authentication from 4 DBAs");
String
dba1sign=JOptionPane.showInputDialog("JTAM : Enter Threshold Signature of
DBA 1 ");
System.out.println("dba1sign : "+dba1sign);
if(dba1sign!=null&&!dba1sign.equals("")){
int dba1conform= JOptionPane.showConfirmDialog(null,"DBA
1: Is it Conformed?");
System.out.println("dba1conform : "+dba1conform);
if(dba1conform!=0){
JOptionPane.showMessageDialog(null,"JTAM : Since DBA
1 not conformed signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
}else{
JOptionPane.showMessageDialog(null,"JTAM : Since DBA 1
not accepted / not entered signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
String
dba2sign=JOptionPane.showInputDialog("JTAM : Enter Threshold Signature of
DBA 2 ");
Department of MCA, SVCET, Chittoor 73
An Intrusion Response System for Relational Databases
System.out.println("dba2sign : "+dba2sign);
if(dba2sign!=null&&!dba2sign.equals("")){
int dba2conform= JOptionPane.showConfirmDialog(null,"DBA
2: Is it Conformed?");
System.out.println("dba2conform : "+dba2conform);
if(dba2conform!=0){
JOptionPane.showMessageDialog(null,"JTAM : Since DBA
2 not conformed signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
}else{
JOptionPane.showMessageDialog(null,"JTAM : Since DBA 2
not accepted / not entered signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
String
dba3sign=JOptionPane.showInputDialog("JTAM : Enter Threshold Signature of
DBA 3 ");
System.out.println("dba3sign : "+dba3sign);
if(dba3sign!=null&&!dba3sign.equals("")){
int dba3conform= JOptionPane.showConfirmDialog(null,"DBA
3: Is it Conformed?");
System.out.println("dba3conform : "+dba3conform);
if(dba3conform!=0){
JOptionPane.showMessageDialog(null,"JTAM : Since DBA
3 not conformed signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
Department of MCA, SVCET, Chittoor 74
An Intrusion Response System for Relational Databases
}else{
JOptionPane.showMessageDialog(null,"JTAM : Since DBA 3
not accepted / not entered signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
String dba4sign=JOptionPane.showInputDialog("JTAM : Enter
Threshold Signature of DBA 4 ");
System.out.println("dba4sign : "+dba4sign);
if(dba4sign!=null&&!dba4sign.equals("")){
int dba4conform= JOptionPane.showConfirmDialog(null,"DBA
4: Is it Conformed?");
System.out.println("dba4conform : "+dba4conform);
if(dba4conform!=0){
JOptionPane.showMessageDialog(null,"JTAM : Since DBA
4 not conformed signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
}else{
JOptionPane.showMessageDialog(null,"JTAM : Since DBA 4
not accepted / not entered signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
JOptionPane.showMessageDialog(null,"Now you can insert
details of a file into Database ");
dest=setDest(a[3]);
sendData(r,222,dest);
}
Department of MCA, SVCET, Chittoor 75
An Intrusion Response System for Relational Databases
else if(destination.equalsIgnoreCase(a[4]))
{
JOptionPane.showMessageDialog(null,"This Is From
U2R Layer");
JOptionPane.showMessageDialog(null,"This Is From
PROBE Layer : This transaction need authentication from 4 DBAs");
String
dba1sign=JOptionPane.showInputDialog("JTAM : Enter Threshold Signature of
DBA 1 ");
System.out.println("dba1sign : "+dba1sign);
if(dba1sign!=null&&!dba1sign.equals("")){
int dba1conform= JOptionPane.showConfirmDialog(null,"DBA
1: Is it Conformed?");
System.out.println("dba1conform : "+dba1conform);
if(dba1conform!=0){
JOptionPane.showMessageDialog(null,"JTAM : Since DBA
1 not conformed signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
}else{
JOptionPane.showMessageDialog(null,"JTAM : Since DBA 1
not accepted / not entered signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
String dba2sign=JOptionPane.showInputDialog("JTAM : Enter
Threshold Signature of DBA 2 ");
System.out.println("dba2sign : "+dba2sign);
if(dba2sign!=null&&!dba2sign.equals("")){
Department of MCA, SVCET, Chittoor 76
An Intrusion Response System for Relational Databases
int dba2conform= JOptionPane.showConfirmDialog(null,"DBA
2: Is it Conformed?");
System.out.println("dba2conform : "+dba2conform);
if(dba2conform!=0){
JOptionPane.showMessageDialog(null,"JTAM : Since DBA
2 not conformed signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
}else{
JOptionPane.showMessageDialog(null,"JTAM : Since DBA 2
not accepted / not entered signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
String dba3sign=JOptionPane.showInputDialog("JTAM : Enter
Threshold Signature of DBA 3 ");
System.out.println("dba3sign : "+dba3sign);
if(dba3sign!=null&&!dba3sign.equals("")){
int dba3conform= JOptionPane.showConfirmDialog(null,"DBA
3: Is it Conformed?");
System.out.println("dba3conform : "+dba3conform);
if(dba3conform!=0){
JOptionPane.showMessageDialog(null,"JTAM : Since DBA
3 not conformed signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
}else{
Department of MCA, SVCET, Chittoor 77
An Intrusion Response System for Relational Databases
JOptionPane.showMessageDialog(null,"JTAM : Since DBA 3
not accepted / not entered signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
String dba4sign=JOptionPane.showInputDialog("JTAM : Enter
Threshold Signature of DBA 4 ");
System.out.println("dba4sign : "+dba4sign);
if(dba4sign!=null&&!dba4sign.equals("")){
int dba4conform= JOptionPane.showConfirmDialog(null,"DBA
4: Is it Conformed?");
System.out.println("dba4conform : "+dba4conform);
if(dba4conform!=0){
JOptionPane.showMessageDialog(null,"JTAM : Since DBA
4 not conformed signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
}else{
JOptionPane.showMessageDialog(null,"JTAM : Since DBA 4
not accepted / not entered signature this transaction is failed. Response Action :
ShutDown");
System.exit(0);
}
JOptionPane.showMessageDialog(null,"Now you can insert
details of a file into Database ");
dest=setDest(a[4]);
sendData(r,222,dest);
}
else if(destination.equalsIgnoreCase(a[5]))
{
Department of MCA, SVCET, Chittoor 78
An Intrusion Response System for Relational Databases
JOptionPane.showMessageDialog(null,"This Is From
Normal");
dest=setDest(a[5]);
sendData(r,222,dest);
}
}
else
JOptionPane.showMessageDialog(null,"Load the File OR Select the
Destination!..");
}
private void jButton3_actionPerformed(ActionEvent e)
{
System.out.println("\njButton3_actionPerformed(ActionEvent e)
called.");
}
public void sendData(String name,int port,String dest)
{
try
{
n1_client=new Socket(name,port);
DataOutputStream out=new
DataOutputStream(n1_client.getOutputStream());
if(out!=null)
{
out.flush();
}
int outgoing=0;
byte buffer[]=msg.getBytes();
int len=buffer.length;
int tlength=buffer.length/48;
int length11=buffer.length%48;
Department of MCA, SVCET, Chittoor 79
An Intrusion Response System for Relational Databases
int len1=len;
if(length11!=0)
{
tlength++;
}
out.writeInt(tlength);
out.writeUTF(destination);
int st=0;
int end=48;
jTextArea1.append("Packet Length:"+len+"\n");
String prefinal="";
String finalst="";
if(len<=48)
{
System.out.println("smaller than 48");
finalst=prefinal+msg+"\n"+"null";
jTextArea1.append("packet\t"+(++outgoing)+"\
t"+msg+"\n");
out.writeUTF(dest+msg);
}
else
{
System.out.println("else than 48");
jTextArea1.append("Packet: "+"\t"+(++outgoing)
+"\t"+msg.substring(st,end)+"\n");
out.writeUTF(dest+msg.substring(st,end));
while(len1>48)
{
len1-=48;
Department of MCA, SVCET, Chittoor 80
An Intrusion Response System for Relational Databases
if(len1<=48)
{
System.out.println("greateer than 48");
jTextArea1.append("Packet: "+"\t"+(++outgoing)
+"\t"+msg.substring(end,len)+"\n");
out.writeUTF(dest+msg.substring(end,len));
}
else
{
System.out.println("else than 48");
int sp=end+48;
jTextArea1.append("Packet: "+"\t"+
(++outgoing)+"\t"+msg.substring(end,sp)+"\n");
out.writeUTF(dest+msg.substring(end,sp));
end=sp;
}
}
}
}
catch (Exception exp)
{
exp.printStackTrace();
}
}
public String setDest(String Destname)
{
String Destinationname="";
if(Destname.equalsIgnoreCase(a[1]))
{
Destinationname="Source1-->D1";
}
Department of MCA, SVCET, Chittoor 81
An Intrusion Response System for Relational Databases
else if(Destname.equalsIgnoreCase(a[2]))
{
Destinationname="Source1-->D2";
}
else if(Destname.equalsIgnoreCase(a[3]))
{
Destinationname="Source1-->D3";
}
else if (Destname.equalsIgnoreCase(a[4]))
{
Destinationname="Source1-->D4";
}
else if (Destname.equalsIgnoreCase(a[5]))
{
Destinationname="Source1-->D5";
}
return Destinationname;
}
}
Detector1
import java.awt.*;
import java.awt.event.*;
import javax.swing.*;
import java.io.*;
import java.net.*;
import java.lang.*;
public class Detector1 extends JFrame
{
Department of MCA, SVCET, Chittoor 82
An Intrusion Response System for Relational Databases
private JLabel jLabel1;
private JTextArea jTextArea1;
private JScrollPane jScrollPane1;
private JButton jButton1;
private JPanel contentPane;
ServerSocket server_1;
DataOutputStream dis1;
DataOutputStream dis2;
DataInputStream dis;
Socket socket_1;
Socket client_1;
Socket client_2;
long temp;
int i=1;
int length;
int length1;
String sen="";
public Detector1()
{
super();
initializeComponent();
this.setVisible(true);
try
{
server_1=new ServerSocket(111);
FileInputStream f=new FileInputStream(".//Sink.txt");
while((length1=f.read())!=-1)
{
sen+=(char)length1;
}
System.out.println(sen);
Department of MCA, SVCET, Chittoor 83
An Intrusion Response System for Relational Databases
}
catch (Exception exp)
{
exp.printStackTrace();
}
this.setVisible(true);
}
private void initializeComponent()
{
jLabel1 = new JLabel();
jTextArea1 = new JTextArea();
jScrollPane1 = new JScrollPane();
jButton1 = new JButton();
contentPane = (JPanel)this.getContentPane();
jLabel1.setText("INTRUSION DETECTOR1");
jLabel1.setForeground(Color.white);
jScrollPane1.setViewportView(jTextArea1);
jButton1.setBackground(new Color(255, 255, 255));
jButton1.setText("Exit");
jButton1.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e)
{
jButton1_actionPerformed(e);
}
});
contentPane.setLayout(null);
contentPane.setBackground(new Color(210,105,30));
addComponent(contentPane, jLabel1, 172,9,133,38);
addComponent(contentPane, jScrollPane1, 26,37,441,341);
addComponent(contentPane, jButton1, 204,390,83,28);
this.setTitle("Detector1 - extends JFrame");
Department of MCA, SVCET, Chittoor 84
An Intrusion Response System for Relational Databases
this.setLocation(new Point(0, 0));
this.setSize(new Dimension(505, 462));
}
private void addComponent(Container container,Component c,int x,int y,int
width,int height)
{
c.setBounds(x,y,width,height);
container.add(c);
}
private void jButton1_actionPerformed(ActionEvent e)
{
System.out.println("\njButton1_actionPerformed(ActionEvent e)
called.");
}
public void server()
{
try
{
String rr="";
socket_1=server_1.accept();
dis=new
DataInputStream(socket_1.getInputStream());
int length=dis.readInt();
String destination=dis.readUTF();
if(destination.equalsIgnoreCase("probe"))
{
jTextArea1.append("\t**********************************\n");
jTextArea1.append("\tTHIS
IS FROM PORT Probe \n");
Department of MCA, SVCET, Chittoor 85
An Intrusion Response System for Relational Databases
jTextArea1.append("\
t**********************************\n");
client_1=new
Socket(sen,101);
dis1=new
DataOutputStream(client_1.getOutputStream());
dis1.writeInt(length);
dis1.writeUTF(destination);
while(length>0)
{
rr=dis.readUTF();
jTextArea1.append("Packet
"+i+"\t"+rr+" Recieved...\n");
dis1=new
DataOutputStream(client_1.getOutputStream());
dis1.writeUTF(rr);
length--;
i++;
}
i=1;
}
else if (destination.equalsIgnoreCase("Dos"))
{
jTextArea1.append("\t**********************************\n");
jTextArea1.append("\tTHIS IS
FROM PORT U2R\n");
jTextArea1.append("\t**********************************\n");
while(length>0)
{
rr=dis.readUTF();
Department of MCA, SVCET, Chittoor 86
An Intrusion Response System for Relational Databases
StringBuffer sb=new
StringBuffer(rr);
sb.delete(7,10);
jTextArea1.append("\t\tPacket
"+i+"\t"+rr.substring(4,15)+" Recieved...\n");
length--;
i++;
}
i=1;
int delay = 100; //milliseconds
Timer t=new Timer(delay,
new ActionListener() {
int count=1;
public void
actionPerformed(ActionEvent evt) {
if(count<=10)
{
ava.awt.Toolkit.getDefaultToolkit().beep();
count++;
}
else
return;
}
});
t.start();
JOptionPane.showMessageDialog(null,"Detector1:From Policy Matching :
This is an Anomalous Request :This modification to policy object is invalid");
JOptionPane.showMessageDialog(null,"Detector1:From Policy
Administration : Intursion Response System : This request should get
authentication from k authorised users ");
Department of MCA, SVCET, Chittoor 87
An Intrusion Response System for Relational Databases
JOptionPane.showMessageDialog(null,"Detector1:Intursion Response
System : Taken Aggresive action i.e.Shutdown !!!!!!");
System.exit(0);
}
else if (destination.equalsIgnoreCase("DoS1"))
{ jTextArea1.append("\
t**********************************\n");
jTextArea1.append("\tTHIS
IS FROM PORT Dos1\n");
jTextArea1.append("\t**********************************\n");
client_1=new
Socket(sen,101);
dis1=new
DataOutputStream(client_1.getOutputStream());
dis1.writeInt(length);
dis1.writeUTF(destination);
while(length>0)
{rr=dis.readUTF();
jTextArea1.append("Packet
"+i+"\t"+rr+" Recieved...\n");
dis1=new
DataOutputStream(client_1.getOutputStream());
dis1.writeUTF(rr);
length--;
i++;
}
i=1;
}
}
catch (Exception exp)
{
Department of MCA, SVCET, Chittoor 88
An Intrusion Response System for Relational Databases
exp.printStackTrace();
}
}
Sink1
import java.awt.*;
import java.awt.event.*;
import javax.swing.*;
import javax.swing.event.*;
import java.io.*;
import java.net.*;
public class Sink1 extends JFrame
{
private JLabel jLabel1;
private JTabbedPane jTabbedPane1;
private JButton jButton1;
private JPanel contentPane;
private JTextArea jTextArea1;
private JScrollPane jScrollPane1;
private JPanel jPanel1;
private JLabel transferTime;
private JLabel JtransferTime;
private JTextArea jTextArea2;
private JScrollPane jScrollPane2;
private JPanel jPanel2;
String Recieved1;
ServerSocket server_1;
Socket socket_1;
int i=1;
String destination;
String rr="";
Department of MCA, SVCET, Chittoor 89
An Intrusion Response System for Relational Databases
public Sink1()
{
super();
initializeComponent();
try
{
server_1=new ServerSocket(101);
}
catch (Exception exp)
{
exp.printStackTrace();
}
this.setVisible(true);
}
private void initializeComponent()
{
jLabel1=new JLabel();
jLabel1.setFont(new Font("Serief",Font.BOLD,16));
jTabbedPane1 = new JTabbedPane();
jButton1 = new JButton();
contentPane = (JPanel)this.getContentPane();
jTextArea1 = new JTextArea();
jScrollPane1 = new JScrollPane();
jPanel1 = new JPanel();
jTabbedPane1.setForeground(Color.white);
jTabbedPane1.setForeground(new Color(210,105,30));
transferTime=new JLabel();
JtransferTime=new JLabel();
transferTime.setText("TransferTime");
jTextArea2 = new JTextArea();
jScrollPane2 = new JScrollPane();
Department of MCA, SVCET, Chittoor 90
An Intrusion Response System for Relational Databases
jPanel2 = new JPanel();
jLabel1.setForeground(Color.white);
jTextArea1.setText("\t**********THIS IS FROM PORT
PROBE*************\n\n");
jTextArea2.setText("\t**********THIS IS FROM PORT
DoS1**************\n\n");
jTabbedPane1.addTab("Dest1", jPanel1);
jTabbedPane1.addTab("Dest2", jPanel2);
jTabbedPane1.addChangeListener(new ChangeListener() {
public void stateChanged(ChangeEvent e)
{
jTabbedPane1_stateChanged(e);
}
});
jLabel1.setText("Sink1");
jButton1.setText("Exit");
jButton1.addActionListener(new ActionListener() {
public void actionPerformed(ActionEvent e)
{
jButton1_actionPerformed(e);
}
});
contentPane.setLayout(null);
contentPane.setBackground(new Color(210,105,30));
addComponent(contentPane, jLabel1, 232,9,193,38);
addComponent(contentPane, jTabbedPane1, 21,44,473,374);
addComponent(contentPane, jButton1, 228,425,88,32);
addComponent(contentPane,transferTime,50,500,193,38);
addComponent(contentPane,JtransferTime,100,500,193,38);
jScrollPane1.setViewportView(jTextArea1);
jPanel1.setLayout(null);
Department of MCA, SVCET, Chittoor 91
An Intrusion Response System for Relational Databases
addComponent(jPanel1, jScrollPane1, 23,19,418,301);
jScrollPane2.setViewportView(jTextArea2);
jPanel2.setLayout(null);
addComponent(jPanel2, jScrollPane2, 22,19,416,302);
this.setTitle("Sink1 - extends JFrame");
this.setLocation(new Point(0, 0));
this.setSize(new Dimension(544, 494));
}
private void addComponent(Container container,Component c,int x,int y,int
width,int height)
{
c.setBounds(x,y,width,height);
container.add(c);
}
private void jTabbedPane1_stateChanged(ChangeEvent e)
{
System.out.println("\njTabbedPane1_stateChanged(ChangeEvent e)
called.");
}
private void jButton1_actionPerformed(ActionEvent e)
{
System.out.println("\njButton1_actionPerformed(ActionEvent e)
called.");
}
public void server()
{
try
{
String rr="";
socket_1=server_1.accept();
Department of MCA, SVCET, Chittoor 92
An Intrusion Response System for Relational Databases
DataInputStream dis=new
DataInputStream(socket_1.getInputStream());
int length=dis.readInt();
String destination=dis.readUTF();
while(length>0)
{
rr=dis.readUTF();
if(destination.equalsIgnoreCase("probe"))
{
jTextArea1.append("Packet "+i+"\t"+rr+" Recieved...\n");
}
else if
(destination.equalsIgnoreCase("Dos1"))
{
jTextArea2.append("Packet "+i+"\
t"+rr+" Recieved...\n");}else OptionPane.showMessageDialog(null,"No Packets
Received");
length--;
i++;
}
i=1;
}
catch (Exception exp)
{
exp.printStackTrace();
}
}
Department of MCA, SVCET, Chittoor 93
An Intrusion Response System for Relational Databases
APPENDIX- II
SCREEN SHOTS
Browse file: This screen is used to browse a file and send the selected request to
the Intrusion Detetor based on the leyers number type.
Screen Number: 1
Department of MCA, SVCET, Chittoor 94
An Intrusion Response System for Relational Databases
Sink1: This is the destination point where the sent file is stored displayed in case
of normal request.
Screen Number: 2
Dectector1: This screen detects the request as anomaly or not and takes
appropriate actions based on the layer number type
Screen Number: 3
Department of MCA, SVCET, Chittoor 95
An Intrusion Response System for Relational Databases
Display Response: Here the response is displayed that is sent by the Intrusion
Detector in case of normal request.
Screen Number: 4
Request found: Here as the request is found not anomaly the JTAM asks for
signature from remaining DB’s.
Screen Number: 5
Department of MCA, SVCET, Chittoor 96
An Intrusion Response System for Relational Databases
Acceptance: Asks the DBA’s to conform their acceptance.
Screen Number: 6
Display file:Display’s the browsed file after getting acceptance from all the DBA’s.
Screen Number: 7
Department of MCA, SVCET, Chittoor 97
An Intrusion Response System for Relational Databases
Destination Screen: This is the destination screen that displays the sent file via
Intrusion detector.
Screen Number: 8
Response sent: Response sent by the Intrusion Detector in case of an anomals
request is displayed.
Screen Number: 9
Department of MCA, SVCET, Chittoor 98
An Intrusion Response System for Relational Databases
Response sent by system: Response sent by the system in case of not getting
acceptance from K authorized users is displayed.
Screen Number: 10
Action taken: An action is taken by the Intrusion response system
Screen Number: 11
Department of MCA, SVCET, Chittoor 99
An Intrusion Response System for Relational Databases
APPENDIX- III
BASE PAPER
Department of MCA, SVCET, Chittoor 100
An Intrusion Response System for Relational Databases
Department of MCA, SVCET, Chittoor 101
An Intrusion Response System for Relational Databases
Department of MCA, SVCET, Chittoor 102
An Intrusion Response System for Relational Databases
Department of MCA, SVCET, Chittoor 103
An Intrusion Response System for Relational Databases
Department of MCA, SVCET, Chittoor 104
An Intrusion Response System for Relational Databases
Department of MCA, SVCET, Chittoor 105
An Intrusion Response System for Relational Databases
Department of MCA, SVCET, Chittoor 106
An Intrusion Response System for Relational Databases
Department of MCA, SVCET, Chittoor 107
An Intrusion Response System for Relational Databases
Department of MCA, SVCET, Chittoor 108
An Intrusion Response System for Relational Databases
Department of MCA, SVCET, Chittoor 109
An Intrusion Response System for Relational Databases
Department of MCA, SVCET, Chittoor 110
An Intrusion Response System for Relational Databases
Department of MCA, SVCET, Chittoor 111
An Intrusion Response System for Relational Databases
Department of MCA, SVCET, Chittoor 112
An Intrusion Response System for Relational Databases
Department of MCA, SVCET, Chittoor 113
An Intrusion Response System for Relational Databases
APPENDIX- IV
REFERENCES
[1] D. Brackney, T. Goan, A. Ott, and L. Martin, “The Cyber Enemy within ... Countering the Threat from Malicious Insiders,” Proc. Ann. Computer Security Applications Conf. (ACSAC). pp. 346-347, 2004.
[2] A. Kamra, E. Terzi, and E. Bertino, “Detecting Anomalous Access Patterns in Relational Databases,” J. Very Large DataBases (VLDB), vol. 17, no. 5, pp. 1063-1077, 2008.
[3] A. Kamra, E. Bertino, and R.V. Nehme, “Responding to Anomalous Database Requests,” Secure Data Management, pp. 50- 66, Springer, 2008.
[4] A. Kamra and E. Bertino, “Design and Implementation of SAACS: A State- Aware Access Control System,” Proc. Ann. Computer Security Applications Conf. (ACSAC), 2009.
[5] A. Conry-Murray, “The Threat from within. Network Computing(Aug. 2005),” http://www.networkcomputing.com/showArticle jhtml?articleID=166400792, July 2009.
[6] R. Mogull, “Top Five Steps to Prevent Data Loss and Information Leaks. Gartner Research (July 2006),” http://www.gartner.com, 2010.
BOOKS
[7] The Complete Reference Java J2SE, 5th Edition, Herbert Schildt, TMH.
[8] Software Engineering, Sommerville, 7th Edition.
[9] Software Testing techniques, Baris Breizer, Dreamtech, second Edition.
Department of MCA, SVCET, Chittoor 114