New Report
Content
1. INTRODUCTION The open nature of this medium leaves it vulnerable to multiple security threats. Anyone with a transceiver can eavesdrop on wireless transmissions, inject spurious messages, or jam legitimate ones. While eavesdropping and message injection can be prevented using cryptographic methods, jamming attacks are much harder to counter. They have been shown to actualize severe Denial of !ervice "Do!# attacks against wireless networks $%& $'&. (n the simplest form of jamming, the adversary interferes with the reception of messages by transmitting a continuous jamming signal or several short jamming pulses. Typically, jamming attacks have been considered under an e)ternal threat model, in which the jammer is not part of the network. *owever, adopting an +always on, strategy has several disadvantages. -irst, the adversary has to e)pend a significant amount of energy to jam fre.uency bands of interest. !econd, the continuous presence of unusually high interference levels makes this type of attacks easy to detect .*ence the compromise of a single receiver is sufficient to reveal relevant cryptographic information. (n this paper, we address the problem of jamming under an internal threat model. We consider a sophisticated adversary who is aware of network secrets and the implementation details of network protocols at any layer in the network stack. The adversary e)ploits his internal knowledge for launching selective jamming attacks in which specific messages of +high importance, are targeted.
/
Our Contributions We investigate the feasibility of real time packet classification for launching selective jamming attacks, under an internal threat model. We show that such attacks are relatively easy to actualize by e)ploiting knowledge of network protocols and cryptographic primitives e)tracted from compromised nodes. We investigate the impact of selective jamming on critical network functions .0ur findings indicate that selective jamming attacks lead to a Does with very low effort on behalf of the jammer. To mitigate such attacks, we develop three schemes that prevent classification of transmitted packets in real time. 0ur schemes rely on the joint consideration of cryptographic mechanisms with 1*2 layer attributes. We analyze the security of our schemes and show that they achieve strong security properties, with minimal impact on the network performance. 1.1 OVERVIEW Problem Statement 3onsider the scenario depicted nodes A and 4 communicate via a wireless link. Within the communication range of both A and 4 there is a jamming node 5. When A transmits a packet m to 4, node 5 classifies m by receiving only the first few bytes of m. 5 then corrupts m beyond recovery by interfering with its reception at 4. We address the problem of preventing the jamming node from classifying m in real time, thus mitigating 56s ability to perform selective jamming. 0ur goal is to transform a selective jammer to a random one. 7ote that in the present work, we do not address packet classification methods based on protocol semantics.
8
1.2 LITERATURE SURVE Net!or" mo#el The network consists of a collection of nodes connected via wireless links. 7odes may communicate directly if they are within communication range, or indirectly via multiple hops. 7odes communicate both in uncast mode and broadcast mode. 3ommunications can be either unencrypted or encrypted. -or encrypted broadcast communications, symmetric keys are shared among all intended receivers. These keys are established using presaged pair wise keys or asymmetric cryptography. Communi$ation %o#el 1ackets are transmitted at a rate of 9 bauds. :ach 1*2 layer symbol corresponds to . bits, where the value of . is defined by the underlying digital modulation scheme. :very symbol carries data bits, where ;<= is the rate of the 1*2 layer encoder. *ere, the transmission bit rate is e.ual to . 9bps and the information bit rate is bps. !pread spectrum techni.ues such as fre.uency hopping spread spectrum "-*!!#, or direct se.uence spread spectrum "D!!!# may be used at the 1*2 layer to protect wireless transmissions from jamming. ! provides immunity to interference to some e)tent "typically8> to ?> d4 gain#, but a powerful jammer is still capable of jamming data packets of his choosing. Transmitted packets have the generic format depicted. The preamble is used for synchronizing the sampling process at the receiver. The 1*2 layer header contains information regarding the length of the frame, and the transmission rate.
?
The @A3 header determines the @A3 protocol version, the source and destination addresses, se.uence numbers plus some additional fields. The @A3 header is followed by the frame body that typically contains an A91 packet or an (1 datagram. -inally, the @A3 frame is protected by a cyclic redundancy check "393# code. At the 1*2 layer, a trailer may be appended for synchronizing the sender and receiver. A#&ersar' %o#el We assume the adversary is in control of the communication medium and can jam messages at any part of the network of his choosing "similar to the Dolev2ao model#. The adversary can operate in full duple) mode, thus being able to receive and transmit simultaneously. This can be achieved, for e)ample, with the use of multi radio transceivers. (n addition, the adversary is e.uipped with directional antennas that enable the reception of a signal from one node and jamming of the same signal at another. -or analysis purposes, we assume that the adversary can pro actively jam a number of bits just below the :33 capability early in the transmission. *e can then decide to irrecoverably corrupt a transmitted packet by jamming the last symbol. (n reality, it has been demonstrated that selective jamming can be achieved with far less resources $A& $B&. A jammer e.uipped with a single half duple) transceiver is sufficient to classify and jam transmitted packets. *owever, our model captures a more potent adversary that can be effective even at high transmission speeds.
%
This internal adversary model is realistic for network architectures such as mobile ad hoc, mesh, cognitive radio, and wireless sensor networks, where network devices may operate unattended, thus being susceptible to physical compromise.
(i) 1.2.1 *eneri$ Communi$ation S'stem Dia)ram The adversary6s ability in classifying a packet m depends on the implementation of the blocks. The channel encoding block e)pands the original bit se.uence m, adding necessary redundancy for protecting m against channel errors. -or e)ample, an ;<= block code may protect m from up to e errors per block. Alternatively, an ;<= rate convolution encoder with a constraint length of C ma), and a free distance of e bits provides similar protection. -or our purposes, we assume that the rate of the encoder is ;<=. At the ne)t block, interleaving is applied to protect m from burst errors.
'
-or simplicity, we consider a block inter leave that is defined by a matri) Ad. The de inter leaver is simply the transpose of A. -inally, the digital modulator maps the received bit stream to symbols of length ., and modulates them into suitable waveforms for transmission over the wireless channel. Typical modulation techni.ues include 0-D@, 41!D, /A"A%# EA@, and 33D. (n order to recover any bit of m, the receiver must collected = bits for de interleaving. The d = de interleaved bits are then passed through the decoder. (gnoring any propagation and decoding delays, the delay until decoding the first block of data is ⌈dF. ⌉symbol durations. As an e)ample, in the G>8.//a standard, operating at the lowest rate of A @bps, data is passed via a /<8 rate encoder before it is mapped to an 0-D@ symbol of . H %G bits. (n this case, decoding of one symbol provides 8% bits of data. At the highest data rate of '% @bps, 8/A bits of data are recovered per symbol. -rom our analysis, it is evident that intercepting the first few symbols of a packet is sufficient for obtaining relevant header information. -or e)ample, consider the transmission of a T31 !27 packet used for establishing a T31 connection at the transport layer. Assume an G>8.//a 1*2 layer with a transmission rate of A @bps. At the 1*2 layer, a %> bit header and a A bit tail are appended to the @A3 packet carrying the T31 !27 packet. At the ne)t stage, the /<8 rate convolution encoder maps the packet to a se.uence of /,/G> bits. (n turn, the output of the encoder is split into8' blocks of %G bits each and interleaved on a per symbol basis. -inally, each of the blocks is modulated as an 0-D@ symbol for transmission.
A
2. S STE% ANAL SIS 2.1 E+istin) S'stem 1acket classification is performed at routers by applying +rules, to incoming packets for categorizing them into flows. (t employs multiple fields in the header of an arrival 1acket as the search key for identifying the best suitable 9ule to apply. 9ules are created to differentiate packets 4ased on the values of their corresponding header fields, constituting a filter set. A field value in a filter can be a 1refi) a range or an e)act number. A real filter data set often contains multiple rules for a pair of communicating 7etworks, one for each application. !imilarly, an application is likely to appear in multiple filters, one for each pair of communicating networks using the application. Therefore, Cookups over a filter set with respect to multiple header -ields are comple) and can easily become router 1erformance bottlenecks. 2.1.1 Disa#&anta)e I The inherent limitation of classifiers in handling incremental rule updates will soon become a major concern.
B
2.2 Pro,ose# S'stem A classification rule is often specified with a pair of communicating networks, followed by the application specific constraints. 0ur e)ploits this situation by considering the fields on communicating networks and on application specific constraints separately, comprising two search stages. (ts first stage narrows the search range via communicating network prefi) fields, and its second stage checks other fields on only entries chosen in the first stage. The first stage of comprises a single set associative hash table, referred to as the table. Jnlike typical hash table creation using the object key to determine one single set for an object, our table aims to achieve e)tremely efficient table utilization by permitting multiple candidate sets to accommodate a given filter rule and yet maintaining fast search over those possible sets in parallel during the classification process. 2.2.1 A#&anta)e I An efficient packet classification algorithm was introduced by hashing flow (Ds held in digest caches for reduced memory re.uirements at the e)pense of a small amount of packet misclassification. I A!( entries are fragmented into chunks of a fi)ed size. I The given source and destination (1 addresses could match multiple entries in the Cu*a table. 2.- (eature Wor" The impact of an e)ternal selective jammer who targets various control packets at the @A3 layer.
G
To perform packet classification, the adversary e)ploits inter packet timing information to infer eminent packet transmissions. (n Caw et al. proposed the estimation of the probability distribution of inter packet transmission times for different packet types based on network traffic analysis. -uture transmissions at various layers were predicted using estimated timing information. Jsing their model, the authors proposed selective jamming strategies for well known sensor network @A3 protocols. (n brown et al. illustrated the feasibility of selective jamming based on protocol semantics $G&. They considered several packet identifiers for encrypted packets such as packet size, precise timing information of different protocols, and physical signal sensing. To prevent selectivity, the unification of packet characteristics such as the minimum length and inter packet timing was proposed. !imilar packet classification techni.ues were investigated. Ciu et al. considered a smart jammer that takes into account protocol specifics to optimize its jamming strategy. The adversary was assumed to target control messages at different layers of the network stack. To mitigate smart jamming, the authors proposed the !19:AD system, which is based on the idea of stochastic selection between collections of parallel protocols at each layer. The uncertainty introduced by this stochastic selection, mitigated the selective ability of the jammer. Kreenstein et al. present data G>8.// like wireless protocol called !lyfi that prevents the classification of packets by e)ternal observers. This protocol hides all e)plicit identifiers from the transmitted packets "e.g. @A3 layer header and payload#, by encrypting them with keys only known to the intended receivers.
L
2.. (easibilit' Stu#' -easibility study is a test of a system proposal according to its workability, impact on the organization, ability to meet user needs, and effective use of resources. The objective of a feasibility study is to ac.uire a sense of the scope of the problem. During the study, the problem definition is crystallized and aspects of the problems to be included in the system are determined. 3onse.uently, costs and benefits are estimated with greater accuracy at this stage. (easibilit' Consi#erations/ Three key considerations are involved in the feasibility study. /. :conomic feasibility 8. Technical feasibility ?. 0perational feasibility
2...1 E$onomi$ 0easibilit' :conomic feasibility is the most fre.uently used method for evaluating the effectiveness of the candidate system. (t is more commonly known as 3ost<4enefit analysis. The procedure is to determine the benefits and savings that are e)pected from the candidate system and compare them with costs. (t benefits outweight costs, and then the decision is made to design and implement the system. 0therwise, further justification or alteration in the proposed system will have to be made if it is to have a chance of being approved.
/>
(n the case of this !tock @anagement system the performance of the proposed system is e)pected to be cost effective owing to its accuracy, real time response and user friendliness. 7oteM !ome e)tra e)penditure may be incurred in the initial stage of computerization. 2...2 Te$1ni$al 0easibilit' Technical feasibility centers on the organization to what e)tend it can support the proposed system. The .uestion is whether the organization is technically sound to operate the system. The necessary hardware and software must be installed in the organization.
2...- O,erational 0easibilit'/ 1eople are inherently resistant to change while computers have been known to facilitate change. 0perational feasibility determines how much effort will go into educating selling and training to the user staff on the candidate system. (f the staff is computer literate, then only an introductory training in data entry and operating the system.
//
-. S STE% SPECI(ICATION -.1 2ARDWARE RE3UIRE%ENTS 1rocessor 9am *ard disk @onitor Deyboard @ouse -.2 SO(TWARE RE3UIRE%ENTS -ront end 4ack :nd 0perating !ystem Tools Jsed 5ava @! !EC !:9N:9 Windows B 7et 4eans (ntel 1entium dual core /K4 G>K4 /B6inchs Cogitech optical mouse "Cogitech#
/8
..SO(TWARE DESCRIPTION ..1 (RONT END ..1.1 4a&a intro#u$tion 5ava is an object oriented programming language developed by !un @icrosystems and it is also a powerful internet programming language. 5ava is a high level programming language which has the following featuresM /. 0bject oriented 8. 1ortable ?. Architecture neutral %. *igh performance '. @ultithreaded A. 9obust B. !ecure 5ava is an efficient application programming language. (t has A1(s to support the KJ( based application development. The following features of java, makes it more suitable for implementing this project. (nitially the languages were called as +0AD, but it was renamed as +5ava, in /LL'. The primary motivation of this language was the need for a platform independent language that could be used to create software to be embedded in various consumer electronic devices. 5ava is programmer6s language. 5ava is cohesive and consistent. :)cept for those constraints imposed by the internet environment, 5ava gives the programmer, full control.
/?
The e)citement of the (nternet attracted software vendors such that 5ava development tools from many vendors .uickly became available. That same e)citement has provided the impetus for a multitude of software developers to discover 5ava and its many wonderful features.
-ig %./ :)ecution of 5ava 1rogram With most programming languages, you either compile or interpret a program so that you can run it on your computer. The 5ava programming language is unusual in that a program is both compiled and interpreted. With the compiler, first you translate a program into an intermediate language called 5ava byte codes the platform independent codes interpreted by the interpreter on the 5ava platform. The interpreter parses and runs each 5ava byte code instruction on the computer. 3ompilation happens just onceO interpretation occurs each time the program is e)ecuted.
/%
*ighlights what functionality some of the packages in the 5ava A1( provide. The following figure depicts a program that6s running on the 5ava platform. As the figure shows, The 5ava A1( and the virtual machine insulate the program from the hardware.
-ig %.8 5ava 1latform 7ative code is code that after you compile it, the compiled code runs on a specific hardware platform. As a platform independent environment, the 5ava platform can be a bit slower than native code. *owever, smart compilers, well tuned interpreters, and just in time byte code compilers can bring performance close to that of native code without threatening portability. ..1.2 T',es o0 4a&a Pro)ram A,,li$ations An application is a program that runs on our computer under the operating system of that computer. (t is more or less like on creating using 3 or 3PP. 5ava6s ability to create Applets makes it important. Applets An applet is an application designed to be transmitted over the internet and e)ecuted by a java Q compatible web browser. An applet is actually a tiny java
/'
program, dynamically downloaded across the network, just like an image. 4ut the difference is, it is an intelligent program, not just a media file. (t can react to the user input the dynamically change. ..2 (eatures/ Se$urit' :very time you that the download a +normal, program, you are risking a viral infection. 1rior to java, most users did not download e)ecutable programs fre.uently. (n addition, another type of malicious program e)ists that must be guarded against. This type of program can gather private information, such as credit card numbers, bank account balances, and passwords. 5ava answers both these concerns by providing a +firewall, between a network application and your computer. Portabilit' -or programs to be dynamically downloaded to all the various types of platforms connected to the internet, some means of generating portable e)ecutable code is needed. As you will see, the same mechanism that helps ensure security also helps create portability. (ndeed, java6s solution to these two problems is both elegant and efficient. T1e 5'te $o#e The key that allows the java to solve the security and portability problems is that the output of java compiler is byte code. 4yte code is a highly optimized set of instructions designed to be e)ecuted by the java run Q time system, which is called the java virtual machine "5N@#. That is, in its standard form, the 5N@ is an interpreter for byte code.
/A
4a&a Virtual %a$1ine 64V%7 4eyond the language, there is the java virtual machine. The java virtual machine is an important element of the java technology. The virtual machine can be embedded within a web browser or an operating system. 0nce a piece of java code is loaded onto a machine, it is verified. As part of the loading process, a class loader is invoked and the byte code verification makes sure that the code that has been generated by the compiler will not corrupt the machine it is loaded on. 4yte code verification takes place at the end of the compilation process to make sure that it is accurate and correct. 4a&a Ar$1ite$ture 5ava architecture provides a portable, robust, high performing environment for development. 5ava provides portability by compiling the byte codes for the java virtual machine, which is then interpreted on each platform by the run time environment. 5ava is dynamic system, able to load code when needed from a machine in the same room or across the planet. Com,ilation o0 $o#e When you compile the code, the java compiler creates machine code "called byte code# for a hypothetical machine called java virtual machine "5N@#. The 5N@ is supposed to e)ecute the byte code. The 5N@ is created for overcoming the issue of portability. The code is written and compiled for one machine and interpreted on all machines. This machine is called 5ava Nirtual @achine.
/B
Plat0orm In#e,en#ent 1latform independence, that means the ability of a program to move easily from one computer system to another. (t is one of the most significant advantages that 5ava has over other programming languages. 5ava is platform independent at both the source and the binary level. 7etworking 3lasses in the 5DD Through the classes in java.net, 5ava programs can use T31 or JD1 to communicate over the (nternet. The !ocket and !erver !ocket classes all use T31 to communicate over the network. A#&anta)es 4y using 5ava, one program can be run on many different platforms/. This means that you do not need to put your efforts on developing a different version of software for each platform. There are many programmers who can understand and write code in 5ava, so that many people can participate in developing an open source software. (n many cases, a 5ava virtual machine can prevent an incorrectly written application program from causing problems to the rest of your computing environment. ..- Net beans The 7et4eans (D: is an award winning (ntegrated Development :nvironment available for Windows, @ac, Cinu), and !olaris. The 7et4eans project consists of an open source (D: and an application platform which enable developers to rapidly create web, enterprise, desktop, and mobile applications
/G
using the 5ava platform, as well as 1*1, 5ava!cript and Aja), 9uby and 9uby on 9ails, Kroovy, and 3<3PP. 7et4eans is an open source integrated development environment "(D:# for developing with 5ava, 1*1, 3PP, and other programming languages. 7et4eans is also referred to as a platform of modular components used for developing 5ava desktop applications. 7et4eans uses components, also known as modules, to enable software development. 7et4eans dynamically installs modules and allows users to download updated features and digitally authenticated upgrades. 7et4eans (D: modules include 7et4eans 1rofiler, a Kraphical Jser (nterface "KJ(# design tool, and 7et4eans 5ava!cript :ditor. 7et4eans framework reusability simplifies 5ava !wing desktop application development, which provides platform e)tension capabilities to third party developers. ..-.1 Netbeans Plat0orm The Net5eans Plat0orm is a reusable framework for simplifying the development of 5ava !wing desktop applications. The 7et4eans (D: bundle for 5ava !: contains what is needed to start developing 7et4eans plugins and 7et4eans 1latform based applicationsO no additional !DD is re.uired. Applications can install modules dynamically. Any application can include the Jpdate 3enter module to allow users of the application to download digitally signed upgrades and new features directly into the running application. 9
/L
9einstalling an upgrade or a new release does not force users to download the entire application again.The platform offers reusable services common to desktop applications, allowing developers to focus on the logic specific to their application. Among the features of the platform areM
I I I I I I I
Jser interface management "e.g. menus and toolbars# Jser settings management !torage management "saving and loading any kind of data# Window management Wizard framework "supports step by step dialogs# 7et4eans Nisual Cibrary (ntegrated Development Tools
Netbeans IDE Net5eans IDE is an open source integrated development environment. 7et4eans (D: supports development of all 5ava application types out of the bo). Among other features are an Ant based project system, @aven support, refactorings and version control. Netbeans Pro0iler/ The Net5eans Pro0iler is a tool for the monitoring of 5ava applicationsM (t helps developers find memory leaks and optimize speed. -ormerly downloaded separately, it is integrated into the core (D: since version A.>. The 1rofiler is based on a !un Caboratories research project that was named 5-luid.
8>
-ig %.? 7et beans ..-.2 O,en Database Conne$ti&it' 0D43 aims to provide a common A1( for access to !EC/ based database management systems "D4@!s# such as @y!EC, 1ostgre!EC, @icrosoft Access and !EC !erver, D48, 0racle and !ECite. (t originated on Windows in the early /LL>s, but 0D43 driver manager6s uni)0D43 and i0D43 are nowadays available on a wide range of platforms "and a version of (odbc ships with recent versions of @ac 0! R#. The connection to the particular D4@! needs an 0D43 driverM these may come with the D4@! or the 0D43 driver manager or be provided separately by the D4@! developers, and there are third party8 developers.
8/
Actual Technologies, :asysoft and 0penCink. "This means that for some D4@!s there are several different 0D43 drivers available, and they can behave differently.# @icrosoft provides drivers on Windows for non !EC database systems such as Dbase and -o)1ro, and even for at Fles and :)cel spreadsheets. Actual Technologies sell a driver for @ac 0! R that covers "some# :)cel spread sheets and flat file. The 0D43 system files are not installed on your system by Windows L'. 9ather, they are installed when you setup a separate database application, such as !EC !erver 3lient or Nisual 4asic %.>. When the 0D43 icon is installed in 3ontrol 1anel, it uses a file called 0D43(7!T.DCC. (t is also possible to administer your 0D43 data sources through a stand alone program called 0D43AD@.:R:.
88
8. PRO4ECT DESCRIPTION 8.1 S STE% ARC2ITECTURE
!erver
7ode 1ath (ntermediato r
(ntermediate !erver "3hecks the (nter 7ode6s#
!erver "web!ervice9e.uest #
Web service re.uest<reply Application
(i) 8.1 O&erall Ar$1ite$ture #ia)ram
8?
8.2 %ODULE DESCRIPTION 1. !oftware 0riented 3lassification 2. 9ecursive flow classification -. Application !pecific (nformation "A!(# Table .. :ffectiveness and !calability of Table 8. -ilter Data !ets 9. !torage 9e.uirements and @emory :fficiency :. !calability and lookup performance on multicourse
8.2.1 So0t!are;Oriente# Classi0i$ation !oftware oriented mechanisms are less e)pensive and more fle)ible in filter lookups when compared with their hardware centric counterparts. !uch mechanisms are abundant, commonly involving efficient algorithms for .uick packet classification with an aid of caching or hashing. Their classification speeds rely on efficiency in search over the rule set using the keys constituted by corresponding header fields. !everal representative software classification techni.ues are reviewed in se.uence. 8.2.2 Re$ursi&e 0lo! $lassi0i$ation 9ecursive flow classification "9-3# carries out multistage reduction from a look up key "composed of packet header fields# to a final class (D.
8%
which specifies the classification rule to apply. Kiven a rule set, preprocessing is re.uired to decide memory contents so that the se.uence of 9-3 lookups according to a lookup key yields the appropriate class (D. 4ased on a recomputed decision tree, *ierarchical (ntelligent 3uts "*i 3uts# holds classification rules merely in leaf nodes and each classification operation needs to traverse the tree to a leaf node, where multiple rules are stored and searched se.uentially. During tree search, *i 3uts relies on local optimization decisions at each node to choose the ne)t field to test. 8.2.- A,,li$ation;S,e$i0i$ In0ormation 6ASI7 Table This stage of involves a table, each of whose entry keeps the values of application specific filter fields of one rule, dubbed the application specific information "A!(# table. (f rules share the same (1 prefi) pair, their application specific fields are stored in contiguous A!( entries packed as one chunk pointed by its corresponding entry in the table. -or fast lookups and easy management, A!( entries are fragmented into chunks of a fi)ed size. Jpon creating a entry for one pair of sip and dip, a free A!( chunk is allocated and pointed to by the created entry. Any subse.uent rule with an identical pair of sip and dip puts its application specific fields in a free entry inside the A!( chunk, if availableO otherwise, another free A!( chunk is allocated for use, with a pointer established from the earlier chunk to this newly allocated chunk. (n essence, the A!( table comprises linked chunks with one link for each pair. 8.2.. E00e$ti&eness an# S$alabilit' o0 Table
8'
A theoretic analysis perspective, the probability distribution could be appro)imated by a 4ernoulli process, assuming a uniform hash distribution for round down prefi)es. As round down prefi)es for real filter data sets may not be hashed uniformly, we performed e)tensive evaluation of under publicly available nine real world data sets, with the results provided. 8.2.8 (ilter Data Sets The filter database suite from the open source of 3lass 4ench. The suite contains three seed filter setsM covering -irewall "-W/#, Access 3ontrol Cist "A3C/#, and (1 3hain "(13/#, made available by service providers and network e.uipment vendors. 4y their different characteristics, large synthetic filter data sets of />D and ?>D rules are generated in order to study the scalability. 8.2.9 Stora)e Re<uirements an# %emor' E00i$ien$' The displays the consumed storage size and the memory efficiency of different methods, where the dilation factor refers to the ratio of the number of table entries to the data set size. @emory efficiency is defined as the ratio between the minimal storage re.uired to keep all filter rules and the total storage of constituent data structures. @inimum memory for all rules @emory efficiency H Total memory used and provisioned
8A
8.2.: S$alabilit' an# loo"u, ,er0orman$e on multi$ourse The each packet can be handled independently packet classification suits a multicourse system well. Kiven a multicourse processor with cores, a simple implementation may assign a packet to any available core at a time so that packets can be handled in parallel by cores. 8.- In,ut #esi)n Design is concerned with identifying software components specifying relationships among components. !pecifying software structure and providing blue print for the document phase. @odularity is one of the desirable properties of large systems. (t implies that the system is divided into several parts. (n such a manner, the interaction between parts is minimal clearly specified. Design will e)plain software components in detail. This will help the implementation of the system. @oreover, this will guide the further changes in the system to satisfy the future re.uirements.
8B
-ig '.? (nput Design This fig '.? refers the server which displays all the (1 address and it will transfer the data to the client. 8.. Out,ut #esi)n -orm is a tool with a messageO it is the physical carrier of data or information. (t also can constitute authority for actions. (n the form design files are used to do each module. The following are list of forms used in this projectM %ain (orm 3ontains option for viewing face from data base. The system retrieves the images stored in the folder called train and test folder, which is available in bin folder of your application.
8G
-ig '.% output Design This fig '.% helps us to detect the file which has been attacked and helps us to prevent the file from any type of attack.
8L
9. S STE% TESTIN* Testing is a series of different tests that whose primary purpose is to fully e)ercise the computer based system. Although each test has a different purpose, all work should verify that all system element have been properly integrated and performed allocated function. Testing is the process of checking whether the developed system works according to the actual re.uirement and objectives of the system. The philosophy behind testing is to find the errors. A good test is one that has a high probability of finding an undiscovered error. A successful test is one that uncovers the undiscovered error. Test cases are devised with this purpose in mind. A test case is a set of data that the system will process as an input. *owever the data are created with the intent of determining whether the system will process them correctly without any errors to produce the re.uired output. 9.1 SO(TWARE TESTIN* The software testing process commences once the program is created and the documentation and related data structures are designed. !oftware testing is essential for correcting errors Testin) t',es The following are the types of testingM /. Jnit testing. 8. (ntegration testing. ?. Nalidation testing.
?>
%. !ystem testing. 9.1.1 UNIT TESTIN* Jnit testing focuses verification effort on the smallest unit of software design "i.e.#, the module. Jnit Testing e)ercise specific paths in a module6s control structure to ensure complete coverage and ma)imum error detection. This test focuses on each module individuallyO ensure that it functions properly as a unit. *ence, the name is unit testing. 9.1.2 INTE*RATION TESTIN* (ntegration Testing addresses the issues associated with the dual problems of verification and program construction. After the software has been integrated a set of *igh order tests are conducted. The main objective in this testing process is to take unit tested modules and build a program structure that has been dictated by design. The following are the types of (ntegration TestingM i7 To,;Do!n Inte)ration This method is an incremental approach to the construction of program structure. @odules are integrated by moving downward through the control hierarchy, beginning with the main program module. The module subordinates to the main program module are incorporated into the structure in either a depth first of breadth first manner. ii7 5ottom;U, Inte)ration This method begins the construction and testing with the modules at the lowest level in the program structure.
?/
!ince the modules are integrated from the bottom up, processing re.uired for modules subordinate to a given level is always available and the need for stubs is eliminated. The bottom up integration strategy may be implemented with the following steps M I The low Qlevel modules are combined into clusters that perform a specific software sub function. I A driver"i.e.#,the control program for testing is written to co ordinate test case input and output. I The cluster is tested. I Drivers are removed and clusters are combined moving upward in the program structure. 9.1.- VALITATION TESTIN* At the end of (ntegration Testing, software is completely assembled as a package, interfacing errors have been uncovered and correction testing begin. Vali#ation Test Criteria !oftware Testing and Nalidation is achieved through serried of black bo) tests that demonstrate conformity with the re.uirements. A test plan outlines the classes of tests to be conducted and a test procedure defines specific test cases that will be used to demonstrate conformity with re.uirements. 4oth, the plan and the procedure are designed to ensure that all functional re.uirements are achieved, documentation is correct and other re.uirements are met.
?8
:. S STE% I%PLE%ENTATION This document contains the depth in analysis of wireless networks and all the details that are re.uired to form an understanding of 7etwork simulation. The document is a report of the investigation phase of a project which is the development of a web based network simulator that allows the simulation and understanding of networks. This document gives the aim and the objectives of the project and the steps in which those objectives can be achieved. All of the essential knowledge for the development for a network simulator is provided in a clear and concise manner. 0nce the entire project is completed it will provide users with a web based network simulator that is open source thus allowing users to use the source code to modify the application to suit their needs or use it in the creation of their own application. This application is intended to be used for educational purposes, thus it will have a user friendly and simplistic approach to network simulation. The !ystem implementation phase consists of the following stepsM § Testing the developed software with sample data. § 3orrection of any errors if identified. § 3reating the files of the system with actual data. § @aking necessary changes to the system to find out errors. § Training of user personnel.
??
The system has been tested with sample data, changes are made to the user re.uirements and run in parallel with the e)isting system to find out the discrepancies. The user has also been appraised how to run the system during the training period. The @ulti cloud data transfer between the client and server to set the secret key to transfer from the data. (t is using the secret key to encrypt the data to transfer the client to the server. The data received from the client side to decrypt the data then only view all the information from the available network.
?%
=. APPENDI> =.1 Sam,le Co#in) Ser&er <S S To change this template, choose Tools T Templates S and open the template in the editor. S< <S S 9:3:(N:9.java S S 3reated on 5an ?, 8>//, />M%GM?' A@ S< package nymbleO import java.io.-ile7ot-ound:)ceptionO import java.io.-ile0utput!treamO import java.util.logging.CevelO import java.util.logging.CoggerO import java.io.SO import java.net.(netAddressO import java.net.!ocketO import java.net.Jnknown*ost:)ceptionO import java.s.l.SO import java.net.SO import java).swing.50ption1aneO
?'
<SS S S Uauthor Admin S< public class servername e)tends java).swing.5-rame V !tring s/,s,fO int yuO public !tring fp/,fp8,fp?O << !erver!ocket serO public static int clientportHLLLO public static int serverportHAAAO public static Datagram!ocket dsO public static int butH/>8%O public static byte buffer$ &Hnew byte$but&O <SS 3reates new form 9:3:(N:9 S< public servername"# V init3omponents"#O view"#O display"#O <<del"#O W <SS This method is called from within the constructor to
?A
S initialize the form. S WA97(7KM Do 70T modify this code. The content of this method is S always regenerated by the -orm :ditor. S< U!uppressWarnings"XuncheckedX# << Yeditor fold defaultstateHXcollapsedX descHXKenerated 3odeXZ private void init3omponents"# V j0ption1ane/ H new java).swing.50ption1ane"#O j-ile3hooser/ H new java).swing.5-ile3hooser"#O jCabel8 H new java).swing.5Cabel"#O jTe)t-ield/ H new java).swing.5Te)t-ield"#O jCabel? H new java).swing.5Cabel"#O list/ H new java.awt.Cist"#O jCabelB H new java).swing.5Cabel"#O jTe)t-ield% H new java).swing.5Te)t-ield"#O jCabel/> H new java).swing.5Cabel"#O jTe)t-ieldB H new java).swing.5Te)t-ield"#O j4utton8 H new java).swing.54utton"#O jCabel% H new java).swing.5Cabel"#O jTe)t-ield8 H new java).swing.5Te)t-ield"#O jCabel' H new java).swing.5Cabel"#O jTe)t-ield? H new java).swing.5Te)t-ield"#O jCabel/ H new java).swing.5Cabel"#O
?B
setDefault3lose0peration"java).swing.Window3onstants.D0F70T*(7KF07F3 C0!:#O set@inimum!ize"new java.awt.Dimension"%>>, %>>##O set7ame"X9:3:(N:9X#O << 70(/G7 get3ontent1ane"#.setCayout"new org.netbeans.lib.awte)tra.AbsoluteCayout"##O jCabel8.set-ont"new java.awt.-ont"XArialX, /, /8##O jCabel8.set-oreground"new java.awt.3olor"'/, '/, '/##O jCabel8.setTe)t"X W09D K90J1X#O get3ontent1ane"#.add"jCabel8new org.netbeans.lib.a wte)tra.Absolute3onstraints"8>>, /L>, //>, /##O get3ontent1ane"#.add"jTe)t-ield/,new org.netbeans.lib.awte)tra.Absolute3onstraints"?'>, /G>, /%>, ?>##O jCabel?.set-ont"new java.awt.-ont"XArialX, /, /8##O jCabel?.set-oreground"new java.awt.3olor"'/, '/, '/##O jCabel?.setTe)t"X 7:TW09D 3C(:7T!X#O get3ontent1ane"#.add"jCabel?,new org.netbeans.lib.awte)tra.Absolute3onstraints"8>>, 8'>, /?>, /##O list/.addActionCistener"new java.awt.event.ActionCistener"# V public void action1erformed"java.awt.event.Action:vent evt# V list/Action1erformed"evt#O W W#O
?G
get3ontent1ane"#.add"list/,new org.netbeans.lib.awte)tra.Absolute3onstraints"?'>, 88>, /%>, /##O jCabelB.set-ont"new java.awt.-ont"XArialX, /, /8##O jCabelB.set-oreground"new java.awt.3olor"'/, '/, '/##O jCabelB.setTe)t"X -(C: !([:X#O get3ontent1ane"#.add"jCabelB,new org.netbeans.lib.awte)tra.Absolute3onstraints"8>>, ?A>, G>, /##O get3ontent1ane"#.add"jTe)t-ield%,new org.netbeans.lib.awte)tra.Absolute3onstraints"?'>, ?'>, /%>, ?>##O jCabel/>.set-ont"new java.awt.-ont"XArialX, /, /8##O jCabel/>.set-oreground"new java.awt.3olor"'/, '/, '/##O jCabel/>.setTe)t"X !:C:3T -(C:X#O get3ontent1ane"#.add"jCabel/>,new org.netbeans.lib.awte)tra.Absolute3onstraints"8>>, ?/>, />>, /##O jTe)t-ieldB.addActionCistener"new java.awt.event.ActionCistener"# V public void action1erformed"java.awt.event.Action:vent evt# V jTe)t-ieldBAction1erformed"evt#O W W#O jTe)t-ieldB.add(nput@ethodCistener"new java.awt.event.(nput@ethodCistener"# V public void input@ethodTe)t3hanged"java.awt.event.(nput@ethod:vent evt# V jTe)t-ieldB(nput@ethodTe)t3hanged"evt#O
?L
W public void caret1osition3hanged"java.awt.event.(nput@ethod:vent evt# V W W#O jTe)t-ieldB.addDeyCistener"new java.awt.event.DeyAdapter"# V public void key1ressed"java.awt.event.Dey:vent evt# V jTe)t-ieldBDey1ressed"evt#O W W#O get3ontent1ane"#.add"jTe)t-ieldB,new org.netbeans.lib.awte)tra.Absolute3onstraints"?'>, ?/>, /%>, ?>##O j4utton8.set-ont"new java.awt.-ont"X3alibriX, /, /%##O j4utton8.setTe)t"X!:7DX#O j4utton8.addActionCistener"new java.awt.event.ActionCistener"# V public void action1erformed"java.awt.event.Action:vent evt# V j4utton8Action1erformed"evt#O W W#O get3ontent1ane"#.add"j4utton8,new org.netbeans.lib.awte)tra.Absolute3onstraints"'/>, ?/>, //>, ?>##O jCabel%.set-ont"new java.awt.-ont"XArialX, /, /8##O jCabel%.setTe)t"X 9:3:(N(7K T(@:X#O get3ontent1ane"#.add"jCabel%,new org.netbeans.lib.awte)tra.Absolute3onstraints"8>>, %>>, />>, /##O
%>
get3ontent1ane"#.add"jTe)t-ield8,new org.netbeans.lib.awte)tra.Absolute3onstraints"?'>, ?L>, /%>, ?>##O jCabel'.set-ont"new java.awt.-ont"XArialX, /, /8##O jCabel'.setTe)t"X 9:3:(N: 1AT*X#O get3ontent1ane"#.add"jCabel',new org.netbeans.lib.awte)tra.Absolute3onstraints"8>>, /'>, />>, /##O get3ontent1ane"#.add"jTe)t-ield?,new org.netbeans.lib.awte)tra.Absolute3onstraints"?'>, /%>, /%>, ?>##O jCabel/.set-ont"new java.awt.-ont"XArialX, /, /8##O << 70(/G7 jCabel/.set-oreground"new java.awt.3olor"'/, '/, '/##O jCabel/.set(con"new java).swing.(mage(con"get3lass"#.get9esource"X<nymble<9ipple.jpgX###O 70(/G7 jCabel/.set@inimum!ize"new java.awt.Dimension"'A', '/A##O get3ontent1ane"#.add"jCabel/,new org.netbeans.lib.awte)tra.Absolute3onstraints">, >, AG>, %L>##O getAccessible3onte)t"#.setAccessible1arent"this#O pack"#O W<< Y<editor foldZ private void j4utton8Action1erformed"java.awt.event.Action:vent evt# V vi"#O tryV int co/H>O 3onnection cO <<
%/
!tatement stO 3lass.for7ame"Xsun.jdbc.odbc.5dbc0dbcDriverX#O c H [email protected]"XjdbcModbcMnymbX#O st H c.create!tatement"#O !tring iH jTe)t-ield/.getTe)t"#O 9esult!et rs H st.e)ecuteEuery"Xselect S from blockid where blockipH\XPsPX\X#O !ystem.out.println"s#O while"rs.ne)t"##V fHrs.get!tring"XblockipX#O if"f.e.uals"s##V co/PPO W W if"co/HH/# V 50ption1ane.show@essageDialog"root1ane, XT*(! (1 4C03D:DX#O W elseV load?"f#O 50ption1ane.show@essageDialog"root1ane, XDATA !:7D(7K........X#O W W catch "!EC:)ception e)# V Cogger.getCogger"servername.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O
%8
W catch "3lass7ot-ound:)ception e)# V Cogger.getCogger"servername.class.get7ame"##.log"Cevel.!:N:9:,null,e)#O W W list/.get!elected(tem"#O sHlist/.get!elected(tem"#O !ystem.out.println"s#O W private void jTe)t-ieldBAction1erformed"java.awt.event.Action:vent evt# V W 1rivatevoid jTe)t-ieldB(nput@ethodTe)t3hanged"java.awt.event.(nput@ethod:vent evt# V << T0D0 add your handling code hereM W private void jTe)t-ieldBDey1ressed"java.awt.event.Dey:vent evt# V << T0D0 add your handling code hereM W void da"!tring c#V jTe)t-ield?.setTe)t"c#O W void A4"!tring -#V jTe)t-ieldB.setTe)t"-#O W void load?"!tring f#V private void list/Action1erformed"java.awt.event.Action:vent evt# V
%?
V try V dsHnew Datagram!ocket"serverport#O !tring c H XjkhjXO !ystem.out.println"X-(C: (! T9A7!-:99(7K...X#O byte b$ &Hnew byte$c.length"#&O c.get4ytes">,c.length"#,b,>#O ds.send"new Datagram1acket"b,b.length,(netAddress.getCocal*ost"#,clientport##O cHnullO !ystem.out.println"X-(C: T9A7!-:9 (! 30@1C:T:DX#O Wcatch "(0:)ception e)# V Cogger.getCogger"servername.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W W W void call"#V !tring s8? O try V dsHnew Datagram!ocket"clientport#O Datagram1acket nO while"true# V nHnew Datagram1acket"buffer,buffer.length#O
%%
ds.receive"n#O s8? Hnew !tring"n.getData"#,>,n.getCength"##O !ystem.out.println"s8?#O << list?.add(tem"s8?#O W W catch "(0:)ception e)# V Cogger.getCogger"clientre.uest.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W W void view/"# V try V << T0D0 add your handling code hereM 3onnection cO !tatement stO << T0D0 add your handling code hereM 3lass.for7ame"Xsun.jdbc.odbc.5dbc0dbcDriverX#O c H [email protected]"XjdbcModbcMnymbX#O st H c.create!tatement"#O !tring iH jTe)t-ield/.getTe)t"#O 9esult!et rs Hst.e)ecuteEuery"Xselect S from blockid where workgroupH\XPiPX\X#O while "rs.ne)t"## V << jTe)t-ield/.setTe)t"rs.get!tring"XsnoX##O
%'
<<jCist/.add"this,rs.get!tring"XipaddX##O <<list8.add(tem"rs.get!tring"XblockipX##O W Wcatch"!EC:)ceptione)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W catch "3lass7ot-ound:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W W void view"# V try V 3onnection cO !tatementstO 3lass.for7ame"Xsun.jdbc.odbc.5dbc0dbcDriverX c H [email protected]"XjdbcModbcMnymbX#O st H c.create!tatement"#O !tring iH XuisXO jTe)t-ield/.setTe)t"i#O 9esult!et rs H st.e)ecuteEuery"Xselect S from register where groupnameH\XPiPX\X#O while "rs.ne)t"## V
%A
<< jTe)t-ield/.setTe)t"rs.get!tring"XsnoX##O <<jCist/.add"this,rs.get!tring"XipaddX##O list/.add(tem"rs.get!tring"XipaddX##O W st.close"#O c.close"#O W catch "!EC:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W catch "3lass7ot-ound:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W W void display"#V !tring df H nullO try V 3onnection cO !tatementstO 3lass.for7ame"Xsun.jdbc.odbc.5dbc0dbcDriverX#O c H [email protected]"XjdbcModbcMnymbX#O st H c.create!tatement"#O << !tring iH XuisXO <<jTe)t-ield/.setTe)t"i#O
%B
9esult!et rs H st.e)ecuteEuery"Xselect receivefile from file X#O while "rs.ne)t"## V << jTe)t-ield/.setTe)t"rs.get!tring"XsnoX##O <<jCist/.add"this,rs.get!tring"XipaddX##O df Hrs.get!tring"XreceivefileX#O W jTe)t-ield?.setTe)t"df#O W catch "!EC:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W catch "3lass7ot-ound:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W W void del"#V try V 3lass.for7ame"Xsun.jdbc.odbc.5dbc0dbcDriverX#O 3onnection c H [email protected]"XjdbcModbcMnymbX#O !tatement st H c.create!tatement"#O st.e)ecuteJpdate"Xdelete from fileX#O st.close"#O c.close"#O W catch "!EC:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O
%G
Wcatch"3lass7ot-ound:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W W void vi"# V for"int jH/>OjZ>Oj # V try V jTe)t-ield8.setTe)t"!tring.value0f"j##O !ystem.out.println"j#O Thread.sleep"/>>>#O W catch "(nterrupted:)ception e)# V Cogger.getCogger"servername.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W W try V 3onnection cO !tatement stO 3lass.for7ame"Xsun.jdbc.odbc.5dbc0dbcDriverX#O c H [email protected]"XjdbcModbcMnymbX#O st H c.create!tatement"#O !tring iH jTe)t-ieldB.getTe)t"#O
%L
9esult!et rs H st.e)ecuteEuery"Xselect S from file/ where fp8H\XPiPX\X#O if "rs.ne)t"## V << jTe)t-ield/.setTe)t"rs.get!tring"XsnoX##O <<jCist/.add"this,rs.get!tring"XipaddX##O <<list/.add(tem"rs.get!tring"Xfp?X##O !tring rtH"rs.get!tring"Xfp?X##O int yuHrt.length"#O jTe)t-ield%.setTe)t"!tring.value0f"yu##O W st.close"#O c.close"#O << W catch "(nterrupted:)ception e)# V << Cogger.getCogger"servername.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W catch "!EC:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W catch "3lass7ot-ound:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W W <SS S Uparam args the command line arguments S<
'>
public static void main"!tring args$&# V java.awt.:ventEueue.invokeCater"new 9unnable"# V public void run"# V new servername"#.setNisible"true#O W W#O W << Nariables declaration do not modify private java).swing.54utton j4utton8O private java).swing.5-ile3hooser j-ile3hooser/O private java).swing.5Cabel jCabel/O private java).swing.5Cabel jCabel/>O private java).swing.5Cabel jCabel8O private java).swing.5Cabel jCabel?O private java).swing.5Cabel jCabel%O private java).swing.5Cabel jCabel'O private java).swing.5Cabel jCabelBO private java).swing.50ption1ane j0ption1ane/O private java).swing.5Te)t-ield jTe)t-ield/O private java).swing.5Te)t-ield jTe)t-ield8O private java).swing.5Te)t-ield jTe)t-ield?O private java).swing.5Te)t-ield jTe)t-ield%O public java).swing.5Te)t-ield jTe)t-ieldBO private java.awt.Cist list/O << :nd of variables declarationW
'/
=.2 Out,ut An# S$reen S1ots =.2.1 User #etails
-ig G./ Jser Details The fig G./ represents if the user is a new user, this form enters the details and store the user details in the database.
'8
?.2.1.1 A0ter $reation o0 ne! user
-ig G.8 After creation of new user The fig G.8 represents the creation of new user in the database.
'?
=.2.2 Sear$1in) o0 IP A##ress
-ig G.? !earching of 7eighbor (1 address This fig G.? represents that it will display all the (1 address within the location when the workgroup name is given.
'%
=.2.- Sear$1in) t1e Client
-ig G.% client (dentification This fig G.% involves client identification and gets the authority to transfer the data.
''
=.2.. Dete$tion o0 t1e atta$"e# 0ile
-ig G.' Detection of attacked file This fig G.' helps us to detect the file which has been attacked, and helps us to prevent the file from any type of attack.
'A
?. CONCLUSION @ (UTURE EN2ANCE%ENT 1acket classification is essential for most network system functionality and services, but it is comple), since it involves comparing multiple fields in a packet header against entries in the filter data set to decide the proper rule to apply for handling the packet. This paper has considered a rapid packet classification mechanism realized by able to not only e)hibit high scalability in terms of both the classification time and the !9A@ size involved, but also effectively handle incremental updates to the filter data sets. 4ased on a single set associative hash table to support two staged search, promises to enjoy better classification performance than its known software oriented counterpart, because the table narrows the search scope effectively based on the source and the destination (1 addresses of an arrival packet during the first stage, leading to fast search in the second stage. With its re.uired !9A@ size lowered considerably, makes it possible to hold entire search data structures in the local cache of each core within a contemporary processor, further elevating its classification performance. The table admits each filter rule in a set with lightest occupancy among all those inde)ed by hash"round down sip# and hash"round down dip#, under. Jtilizing the first F bits of an (1 prefi) with l bits as the key to the hash function "instead of using the original (1 prefi)#, this way lowers substantially the likelihood of set overflow, which occurs only when all inde)ed sets are full, attaining high !9A@ storage utilization. (t also leads to great scalability, even for small table set associatively and a small table dilation factor.
'B
0ur evaluation results have shown that with the set associative degree of %, generally e)periences very rare set overflow instances. :mpirical assessment of has been conducted on an A@D % way server with the 8.G K*z 0ption processor. A simple hashing function was employed for our implementation. :)tensive measured results demonstrate that *arp outperforms *3 to e)hibit throughput of .B to ?.A times, on an average, under the si) databases e)amined, when its table is with ] /M> and there are five D1C treads. 4esides its efficient support for incremental rule updates, our proposed also enjoys far better classification performance than previous software based techni.ues. 7ote that theoretically pathological cases may occur despite encouraging pragmatic results by ] /M>, as we have witnessed in this study. -or e)ample, a large number of "hosts on the same subnet with# prefi)es 1jw can differ only in a few bits. There are possible ways to deal with such cases and to avoid overwhelming the inde)ed set. A possible way is to use one and only one entry to keep the round down prefi) 1jli, as opposed to holding all 1jw6s in individual entries under the current design. !ubse.uently, the round down bits can form a secondary inde)ing structure to provide the differentiation "among rules specific to each host# and<or the round down bits can be mingled with the remaining fields of the filter rules. Thus, each stage narrows the search range by small and manageable structures. These possible options are being e)plored.
'G
1A. RE(ERENCES [/& W. Ru, W. Trappe, and 2. [hang. Anti jamming timing channels for 7etworks. (n 1roceedings of Wi!ec, pages 8>?Q8/?, 8>>G. $8& D. Thuente and@. Acharya. (ntelligent jamming in wireless networks with applications to G>8.// b and other networks. (n 1roceedings of the (::: @ilitary 3ommunications 3onference @(C30@, 8>>A. $?& @.!trasser, 3. 1^opper, !. 3apkun, and @. 3agalj. 5amming resistant key establishment using uncoordinated fre.uency hopping. (n 1ro ceedings of (::: !ymposium on !ecurity and 1rivacy, 8>>G. $%& C.Cazos, !. Ciu, and @. Drunz. @itigating control channel jamming attacks in multi channel ad hoc networks. (n 1roceedings of the 8nd A3@ conference on wireless network security, pages /ALQ/G>, 8>>L. $'& K. 7oubir and K. Cin. Cow power Do! attacks in data wireless lans and countermeasures. @obile 3omputing and 3ommunications 9eview, B"?#M8LQ?>, 8>>?. $A& 4.Thapa, K. 7oubir, 9. 9ajaramanand, and 4. !heng. 0n the robustness of (:::G>8.// rate adaptation algorithms against smart jamming. (n 1roceedings of Wi!ec, 8>//.
'L
$B&
@. Wilhelm, (. @artinovic, 5. !chmitt, and N. Cenders. 9eactive jamming in wireless networksM *ow realistic is the threat_ (n 1roceedings of Wi!ec, 8>//.
$G&
T.R. 4rown,5. :. 5ames, and A.!ethi. 5amming and sensing of :ncrypted wireless ad hoc networks. (n 1roceedings of @obi*oc, pages /8>Q/?>, 8>>A.
$L&
W.Ru, W. Trappe, 2. [hang, and T.Wood. The feasibility of launching and detecting jamming attacks in wireless networks. (n 1roceedings of @obi*oc, pages %AQ'B, 8>>'.
$/>& 0. Koldreich. -oundations of cryptographyM 4asic applications. 3ambridge Jniversity 1ress, 8>>%. s
A>
/
Our Contributions We investigate the feasibility of real time packet classification for launching selective jamming attacks, under an internal threat model. We show that such attacks are relatively easy to actualize by e)ploiting knowledge of network protocols and cryptographic primitives e)tracted from compromised nodes. We investigate the impact of selective jamming on critical network functions .0ur findings indicate that selective jamming attacks lead to a Does with very low effort on behalf of the jammer. To mitigate such attacks, we develop three schemes that prevent classification of transmitted packets in real time. 0ur schemes rely on the joint consideration of cryptographic mechanisms with 1*2 layer attributes. We analyze the security of our schemes and show that they achieve strong security properties, with minimal impact on the network performance. 1.1 OVERVIEW Problem Statement 3onsider the scenario depicted nodes A and 4 communicate via a wireless link. Within the communication range of both A and 4 there is a jamming node 5. When A transmits a packet m to 4, node 5 classifies m by receiving only the first few bytes of m. 5 then corrupts m beyond recovery by interfering with its reception at 4. We address the problem of preventing the jamming node from classifying m in real time, thus mitigating 56s ability to perform selective jamming. 0ur goal is to transform a selective jammer to a random one. 7ote that in the present work, we do not address packet classification methods based on protocol semantics.
8
1.2 LITERATURE SURVE Net!or" mo#el The network consists of a collection of nodes connected via wireless links. 7odes may communicate directly if they are within communication range, or indirectly via multiple hops. 7odes communicate both in uncast mode and broadcast mode. 3ommunications can be either unencrypted or encrypted. -or encrypted broadcast communications, symmetric keys are shared among all intended receivers. These keys are established using presaged pair wise keys or asymmetric cryptography. Communi$ation %o#el 1ackets are transmitted at a rate of 9 bauds. :ach 1*2 layer symbol corresponds to . bits, where the value of . is defined by the underlying digital modulation scheme. :very symbol carries data bits, where ;<= is the rate of the 1*2 layer encoder. *ere, the transmission bit rate is e.ual to . 9bps and the information bit rate is bps. !pread spectrum techni.ues such as fre.uency hopping spread spectrum "-*!!#, or direct se.uence spread spectrum "D!!!# may be used at the 1*2 layer to protect wireless transmissions from jamming. ! provides immunity to interference to some e)tent "typically8> to ?> d4 gain#, but a powerful jammer is still capable of jamming data packets of his choosing. Transmitted packets have the generic format depicted. The preamble is used for synchronizing the sampling process at the receiver. The 1*2 layer header contains information regarding the length of the frame, and the transmission rate.
?
The @A3 header determines the @A3 protocol version, the source and destination addresses, se.uence numbers plus some additional fields. The @A3 header is followed by the frame body that typically contains an A91 packet or an (1 datagram. -inally, the @A3 frame is protected by a cyclic redundancy check "393# code. At the 1*2 layer, a trailer may be appended for synchronizing the sender and receiver. A#&ersar' %o#el We assume the adversary is in control of the communication medium and can jam messages at any part of the network of his choosing "similar to the Dolev2ao model#. The adversary can operate in full duple) mode, thus being able to receive and transmit simultaneously. This can be achieved, for e)ample, with the use of multi radio transceivers. (n addition, the adversary is e.uipped with directional antennas that enable the reception of a signal from one node and jamming of the same signal at another. -or analysis purposes, we assume that the adversary can pro actively jam a number of bits just below the :33 capability early in the transmission. *e can then decide to irrecoverably corrupt a transmitted packet by jamming the last symbol. (n reality, it has been demonstrated that selective jamming can be achieved with far less resources $A& $B&. A jammer e.uipped with a single half duple) transceiver is sufficient to classify and jam transmitted packets. *owever, our model captures a more potent adversary that can be effective even at high transmission speeds.
%
This internal adversary model is realistic for network architectures such as mobile ad hoc, mesh, cognitive radio, and wireless sensor networks, where network devices may operate unattended, thus being susceptible to physical compromise.
(i) 1.2.1 *eneri$ Communi$ation S'stem Dia)ram The adversary6s ability in classifying a packet m depends on the implementation of the blocks. The channel encoding block e)pands the original bit se.uence m, adding necessary redundancy for protecting m against channel errors. -or e)ample, an ;<= block code may protect m from up to e errors per block. Alternatively, an ;<= rate convolution encoder with a constraint length of C ma), and a free distance of e bits provides similar protection. -or our purposes, we assume that the rate of the encoder is ;<=. At the ne)t block, interleaving is applied to protect m from burst errors.
'
-or simplicity, we consider a block inter leave that is defined by a matri) Ad. The de inter leaver is simply the transpose of A. -inally, the digital modulator maps the received bit stream to symbols of length ., and modulates them into suitable waveforms for transmission over the wireless channel. Typical modulation techni.ues include 0-D@, 41!D, /A"A%# EA@, and 33D. (n order to recover any bit of m, the receiver must collected = bits for de interleaving. The d = de interleaved bits are then passed through the decoder. (gnoring any propagation and decoding delays, the delay until decoding the first block of data is ⌈dF. ⌉symbol durations. As an e)ample, in the G>8.//a standard, operating at the lowest rate of A @bps, data is passed via a /<8 rate encoder before it is mapped to an 0-D@ symbol of . H %G bits. (n this case, decoding of one symbol provides 8% bits of data. At the highest data rate of '% @bps, 8/A bits of data are recovered per symbol. -rom our analysis, it is evident that intercepting the first few symbols of a packet is sufficient for obtaining relevant header information. -or e)ample, consider the transmission of a T31 !27 packet used for establishing a T31 connection at the transport layer. Assume an G>8.//a 1*2 layer with a transmission rate of A @bps. At the 1*2 layer, a %> bit header and a A bit tail are appended to the @A3 packet carrying the T31 !27 packet. At the ne)t stage, the /<8 rate convolution encoder maps the packet to a se.uence of /,/G> bits. (n turn, the output of the encoder is split into8' blocks of %G bits each and interleaved on a per symbol basis. -inally, each of the blocks is modulated as an 0-D@ symbol for transmission.
A
2. S STE% ANAL SIS 2.1 E+istin) S'stem 1acket classification is performed at routers by applying +rules, to incoming packets for categorizing them into flows. (t employs multiple fields in the header of an arrival 1acket as the search key for identifying the best suitable 9ule to apply. 9ules are created to differentiate packets 4ased on the values of their corresponding header fields, constituting a filter set. A field value in a filter can be a 1refi) a range or an e)act number. A real filter data set often contains multiple rules for a pair of communicating 7etworks, one for each application. !imilarly, an application is likely to appear in multiple filters, one for each pair of communicating networks using the application. Therefore, Cookups over a filter set with respect to multiple header -ields are comple) and can easily become router 1erformance bottlenecks. 2.1.1 Disa#&anta)e I The inherent limitation of classifiers in handling incremental rule updates will soon become a major concern.
B
2.2 Pro,ose# S'stem A classification rule is often specified with a pair of communicating networks, followed by the application specific constraints. 0ur e)ploits this situation by considering the fields on communicating networks and on application specific constraints separately, comprising two search stages. (ts first stage narrows the search range via communicating network prefi) fields, and its second stage checks other fields on only entries chosen in the first stage. The first stage of comprises a single set associative hash table, referred to as the table. Jnlike typical hash table creation using the object key to determine one single set for an object, our table aims to achieve e)tremely efficient table utilization by permitting multiple candidate sets to accommodate a given filter rule and yet maintaining fast search over those possible sets in parallel during the classification process. 2.2.1 A#&anta)e I An efficient packet classification algorithm was introduced by hashing flow (Ds held in digest caches for reduced memory re.uirements at the e)pense of a small amount of packet misclassification. I A!( entries are fragmented into chunks of a fi)ed size. I The given source and destination (1 addresses could match multiple entries in the Cu*a table. 2.- (eature Wor" The impact of an e)ternal selective jammer who targets various control packets at the @A3 layer.
G
To perform packet classification, the adversary e)ploits inter packet timing information to infer eminent packet transmissions. (n Caw et al. proposed the estimation of the probability distribution of inter packet transmission times for different packet types based on network traffic analysis. -uture transmissions at various layers were predicted using estimated timing information. Jsing their model, the authors proposed selective jamming strategies for well known sensor network @A3 protocols. (n brown et al. illustrated the feasibility of selective jamming based on protocol semantics $G&. They considered several packet identifiers for encrypted packets such as packet size, precise timing information of different protocols, and physical signal sensing. To prevent selectivity, the unification of packet characteristics such as the minimum length and inter packet timing was proposed. !imilar packet classification techni.ues were investigated. Ciu et al. considered a smart jammer that takes into account protocol specifics to optimize its jamming strategy. The adversary was assumed to target control messages at different layers of the network stack. To mitigate smart jamming, the authors proposed the !19:AD system, which is based on the idea of stochastic selection between collections of parallel protocols at each layer. The uncertainty introduced by this stochastic selection, mitigated the selective ability of the jammer. Kreenstein et al. present data G>8.// like wireless protocol called !lyfi that prevents the classification of packets by e)ternal observers. This protocol hides all e)plicit identifiers from the transmitted packets "e.g. @A3 layer header and payload#, by encrypting them with keys only known to the intended receivers.
L
2.. (easibilit' Stu#' -easibility study is a test of a system proposal according to its workability, impact on the organization, ability to meet user needs, and effective use of resources. The objective of a feasibility study is to ac.uire a sense of the scope of the problem. During the study, the problem definition is crystallized and aspects of the problems to be included in the system are determined. 3onse.uently, costs and benefits are estimated with greater accuracy at this stage. (easibilit' Consi#erations/ Three key considerations are involved in the feasibility study. /. :conomic feasibility 8. Technical feasibility ?. 0perational feasibility
2...1 E$onomi$ 0easibilit' :conomic feasibility is the most fre.uently used method for evaluating the effectiveness of the candidate system. (t is more commonly known as 3ost<4enefit analysis. The procedure is to determine the benefits and savings that are e)pected from the candidate system and compare them with costs. (t benefits outweight costs, and then the decision is made to design and implement the system. 0therwise, further justification or alteration in the proposed system will have to be made if it is to have a chance of being approved.
/>
(n the case of this !tock @anagement system the performance of the proposed system is e)pected to be cost effective owing to its accuracy, real time response and user friendliness. 7oteM !ome e)tra e)penditure may be incurred in the initial stage of computerization. 2...2 Te$1ni$al 0easibilit' Technical feasibility centers on the organization to what e)tend it can support the proposed system. The .uestion is whether the organization is technically sound to operate the system. The necessary hardware and software must be installed in the organization.
2...- O,erational 0easibilit'/ 1eople are inherently resistant to change while computers have been known to facilitate change. 0perational feasibility determines how much effort will go into educating selling and training to the user staff on the candidate system. (f the staff is computer literate, then only an introductory training in data entry and operating the system.
//
-. S STE% SPECI(ICATION -.1 2ARDWARE RE3UIRE%ENTS 1rocessor 9am *ard disk @onitor Deyboard @ouse -.2 SO(TWARE RE3UIRE%ENTS -ront end 4ack :nd 0perating !ystem Tools Jsed 5ava @! !EC !:9N:9 Windows B 7et 4eans (ntel 1entium dual core /K4 G>K4 /B6inchs Cogitech optical mouse "Cogitech#
/8
..SO(TWARE DESCRIPTION ..1 (RONT END ..1.1 4a&a intro#u$tion 5ava is an object oriented programming language developed by !un @icrosystems and it is also a powerful internet programming language. 5ava is a high level programming language which has the following featuresM /. 0bject oriented 8. 1ortable ?. Architecture neutral %. *igh performance '. @ultithreaded A. 9obust B. !ecure 5ava is an efficient application programming language. (t has A1(s to support the KJ( based application development. The following features of java, makes it more suitable for implementing this project. (nitially the languages were called as +0AD, but it was renamed as +5ava, in /LL'. The primary motivation of this language was the need for a platform independent language that could be used to create software to be embedded in various consumer electronic devices. 5ava is programmer6s language. 5ava is cohesive and consistent. :)cept for those constraints imposed by the internet environment, 5ava gives the programmer, full control.
/?
The e)citement of the (nternet attracted software vendors such that 5ava development tools from many vendors .uickly became available. That same e)citement has provided the impetus for a multitude of software developers to discover 5ava and its many wonderful features.
-ig %./ :)ecution of 5ava 1rogram With most programming languages, you either compile or interpret a program so that you can run it on your computer. The 5ava programming language is unusual in that a program is both compiled and interpreted. With the compiler, first you translate a program into an intermediate language called 5ava byte codes the platform independent codes interpreted by the interpreter on the 5ava platform. The interpreter parses and runs each 5ava byte code instruction on the computer. 3ompilation happens just onceO interpretation occurs each time the program is e)ecuted.
/%
*ighlights what functionality some of the packages in the 5ava A1( provide. The following figure depicts a program that6s running on the 5ava platform. As the figure shows, The 5ava A1( and the virtual machine insulate the program from the hardware.
-ig %.8 5ava 1latform 7ative code is code that after you compile it, the compiled code runs on a specific hardware platform. As a platform independent environment, the 5ava platform can be a bit slower than native code. *owever, smart compilers, well tuned interpreters, and just in time byte code compilers can bring performance close to that of native code without threatening portability. ..1.2 T',es o0 4a&a Pro)ram A,,li$ations An application is a program that runs on our computer under the operating system of that computer. (t is more or less like on creating using 3 or 3PP. 5ava6s ability to create Applets makes it important. Applets An applet is an application designed to be transmitted over the internet and e)ecuted by a java Q compatible web browser. An applet is actually a tiny java
/'
program, dynamically downloaded across the network, just like an image. 4ut the difference is, it is an intelligent program, not just a media file. (t can react to the user input the dynamically change. ..2 (eatures/ Se$urit' :very time you that the download a +normal, program, you are risking a viral infection. 1rior to java, most users did not download e)ecutable programs fre.uently. (n addition, another type of malicious program e)ists that must be guarded against. This type of program can gather private information, such as credit card numbers, bank account balances, and passwords. 5ava answers both these concerns by providing a +firewall, between a network application and your computer. Portabilit' -or programs to be dynamically downloaded to all the various types of platforms connected to the internet, some means of generating portable e)ecutable code is needed. As you will see, the same mechanism that helps ensure security also helps create portability. (ndeed, java6s solution to these two problems is both elegant and efficient. T1e 5'te $o#e The key that allows the java to solve the security and portability problems is that the output of java compiler is byte code. 4yte code is a highly optimized set of instructions designed to be e)ecuted by the java run Q time system, which is called the java virtual machine "5N@#. That is, in its standard form, the 5N@ is an interpreter for byte code.
/A
4a&a Virtual %a$1ine 64V%7 4eyond the language, there is the java virtual machine. The java virtual machine is an important element of the java technology. The virtual machine can be embedded within a web browser or an operating system. 0nce a piece of java code is loaded onto a machine, it is verified. As part of the loading process, a class loader is invoked and the byte code verification makes sure that the code that has been generated by the compiler will not corrupt the machine it is loaded on. 4yte code verification takes place at the end of the compilation process to make sure that it is accurate and correct. 4a&a Ar$1ite$ture 5ava architecture provides a portable, robust, high performing environment for development. 5ava provides portability by compiling the byte codes for the java virtual machine, which is then interpreted on each platform by the run time environment. 5ava is dynamic system, able to load code when needed from a machine in the same room or across the planet. Com,ilation o0 $o#e When you compile the code, the java compiler creates machine code "called byte code# for a hypothetical machine called java virtual machine "5N@#. The 5N@ is supposed to e)ecute the byte code. The 5N@ is created for overcoming the issue of portability. The code is written and compiled for one machine and interpreted on all machines. This machine is called 5ava Nirtual @achine.
/B
Plat0orm In#e,en#ent 1latform independence, that means the ability of a program to move easily from one computer system to another. (t is one of the most significant advantages that 5ava has over other programming languages. 5ava is platform independent at both the source and the binary level. 7etworking 3lasses in the 5DD Through the classes in java.net, 5ava programs can use T31 or JD1 to communicate over the (nternet. The !ocket and !erver !ocket classes all use T31 to communicate over the network. A#&anta)es 4y using 5ava, one program can be run on many different platforms/. This means that you do not need to put your efforts on developing a different version of software for each platform. There are many programmers who can understand and write code in 5ava, so that many people can participate in developing an open source software. (n many cases, a 5ava virtual machine can prevent an incorrectly written application program from causing problems to the rest of your computing environment. ..- Net beans The 7et4eans (D: is an award winning (ntegrated Development :nvironment available for Windows, @ac, Cinu), and !olaris. The 7et4eans project consists of an open source (D: and an application platform which enable developers to rapidly create web, enterprise, desktop, and mobile applications
/G
using the 5ava platform, as well as 1*1, 5ava!cript and Aja), 9uby and 9uby on 9ails, Kroovy, and 3<3PP. 7et4eans is an open source integrated development environment "(D:# for developing with 5ava, 1*1, 3PP, and other programming languages. 7et4eans is also referred to as a platform of modular components used for developing 5ava desktop applications. 7et4eans uses components, also known as modules, to enable software development. 7et4eans dynamically installs modules and allows users to download updated features and digitally authenticated upgrades. 7et4eans (D: modules include 7et4eans 1rofiler, a Kraphical Jser (nterface "KJ(# design tool, and 7et4eans 5ava!cript :ditor. 7et4eans framework reusability simplifies 5ava !wing desktop application development, which provides platform e)tension capabilities to third party developers. ..-.1 Netbeans Plat0orm The Net5eans Plat0orm is a reusable framework for simplifying the development of 5ava !wing desktop applications. The 7et4eans (D: bundle for 5ava !: contains what is needed to start developing 7et4eans plugins and 7et4eans 1latform based applicationsO no additional !DD is re.uired. Applications can install modules dynamically. Any application can include the Jpdate 3enter module to allow users of the application to download digitally signed upgrades and new features directly into the running application. 9
/L
9einstalling an upgrade or a new release does not force users to download the entire application again.The platform offers reusable services common to desktop applications, allowing developers to focus on the logic specific to their application. Among the features of the platform areM
I I I I I I I
Jser interface management "e.g. menus and toolbars# Jser settings management !torage management "saving and loading any kind of data# Window management Wizard framework "supports step by step dialogs# 7et4eans Nisual Cibrary (ntegrated Development Tools
Netbeans IDE Net5eans IDE is an open source integrated development environment. 7et4eans (D: supports development of all 5ava application types out of the bo). Among other features are an Ant based project system, @aven support, refactorings and version control. Netbeans Pro0iler/ The Net5eans Pro0iler is a tool for the monitoring of 5ava applicationsM (t helps developers find memory leaks and optimize speed. -ormerly downloaded separately, it is integrated into the core (D: since version A.>. The 1rofiler is based on a !un Caboratories research project that was named 5-luid.
8>
-ig %.? 7et beans ..-.2 O,en Database Conne$ti&it' 0D43 aims to provide a common A1( for access to !EC/ based database management systems "D4@!s# such as @y!EC, 1ostgre!EC, @icrosoft Access and !EC !erver, D48, 0racle and !ECite. (t originated on Windows in the early /LL>s, but 0D43 driver manager6s uni)0D43 and i0D43 are nowadays available on a wide range of platforms "and a version of (odbc ships with recent versions of @ac 0! R#. The connection to the particular D4@! needs an 0D43 driverM these may come with the D4@! or the 0D43 driver manager or be provided separately by the D4@! developers, and there are third party8 developers.
8/
Actual Technologies, :asysoft and 0penCink. "This means that for some D4@!s there are several different 0D43 drivers available, and they can behave differently.# @icrosoft provides drivers on Windows for non !EC database systems such as Dbase and -o)1ro, and even for at Fles and :)cel spreadsheets. Actual Technologies sell a driver for @ac 0! R that covers "some# :)cel spread sheets and flat file. The 0D43 system files are not installed on your system by Windows L'. 9ather, they are installed when you setup a separate database application, such as !EC !erver 3lient or Nisual 4asic %.>. When the 0D43 icon is installed in 3ontrol 1anel, it uses a file called 0D43(7!T.DCC. (t is also possible to administer your 0D43 data sources through a stand alone program called 0D43AD@.:R:.
88
8. PRO4ECT DESCRIPTION 8.1 S STE% ARC2ITECTURE
!erver
7ode 1ath (ntermediato r
(ntermediate !erver "3hecks the (nter 7ode6s#
!erver "web!ervice9e.uest #
Web service re.uest<reply Application
(i) 8.1 O&erall Ar$1ite$ture #ia)ram
8?
8.2 %ODULE DESCRIPTION 1. !oftware 0riented 3lassification 2. 9ecursive flow classification -. Application !pecific (nformation "A!(# Table .. :ffectiveness and !calability of Table 8. -ilter Data !ets 9. !torage 9e.uirements and @emory :fficiency :. !calability and lookup performance on multicourse
8.2.1 So0t!are;Oriente# Classi0i$ation !oftware oriented mechanisms are less e)pensive and more fle)ible in filter lookups when compared with their hardware centric counterparts. !uch mechanisms are abundant, commonly involving efficient algorithms for .uick packet classification with an aid of caching or hashing. Their classification speeds rely on efficiency in search over the rule set using the keys constituted by corresponding header fields. !everal representative software classification techni.ues are reviewed in se.uence. 8.2.2 Re$ursi&e 0lo! $lassi0i$ation 9ecursive flow classification "9-3# carries out multistage reduction from a look up key "composed of packet header fields# to a final class (D.
8%
which specifies the classification rule to apply. Kiven a rule set, preprocessing is re.uired to decide memory contents so that the se.uence of 9-3 lookups according to a lookup key yields the appropriate class (D. 4ased on a recomputed decision tree, *ierarchical (ntelligent 3uts "*i 3uts# holds classification rules merely in leaf nodes and each classification operation needs to traverse the tree to a leaf node, where multiple rules are stored and searched se.uentially. During tree search, *i 3uts relies on local optimization decisions at each node to choose the ne)t field to test. 8.2.- A,,li$ation;S,e$i0i$ In0ormation 6ASI7 Table This stage of involves a table, each of whose entry keeps the values of application specific filter fields of one rule, dubbed the application specific information "A!(# table. (f rules share the same (1 prefi) pair, their application specific fields are stored in contiguous A!( entries packed as one chunk pointed by its corresponding entry in the table. -or fast lookups and easy management, A!( entries are fragmented into chunks of a fi)ed size. Jpon creating a entry for one pair of sip and dip, a free A!( chunk is allocated and pointed to by the created entry. Any subse.uent rule with an identical pair of sip and dip puts its application specific fields in a free entry inside the A!( chunk, if availableO otherwise, another free A!( chunk is allocated for use, with a pointer established from the earlier chunk to this newly allocated chunk. (n essence, the A!( table comprises linked chunks with one link for each pair. 8.2.. E00e$ti&eness an# S$alabilit' o0 Table
8'
A theoretic analysis perspective, the probability distribution could be appro)imated by a 4ernoulli process, assuming a uniform hash distribution for round down prefi)es. As round down prefi)es for real filter data sets may not be hashed uniformly, we performed e)tensive evaluation of under publicly available nine real world data sets, with the results provided. 8.2.8 (ilter Data Sets The filter database suite from the open source of 3lass 4ench. The suite contains three seed filter setsM covering -irewall "-W/#, Access 3ontrol Cist "A3C/#, and (1 3hain "(13/#, made available by service providers and network e.uipment vendors. 4y their different characteristics, large synthetic filter data sets of />D and ?>D rules are generated in order to study the scalability. 8.2.9 Stora)e Re<uirements an# %emor' E00i$ien$' The displays the consumed storage size and the memory efficiency of different methods, where the dilation factor refers to the ratio of the number of table entries to the data set size. @emory efficiency is defined as the ratio between the minimal storage re.uired to keep all filter rules and the total storage of constituent data structures. @inimum memory for all rules @emory efficiency H Total memory used and provisioned
8A
8.2.: S$alabilit' an# loo"u, ,er0orman$e on multi$ourse The each packet can be handled independently packet classification suits a multicourse system well. Kiven a multicourse processor with cores, a simple implementation may assign a packet to any available core at a time so that packets can be handled in parallel by cores. 8.- In,ut #esi)n Design is concerned with identifying software components specifying relationships among components. !pecifying software structure and providing blue print for the document phase. @odularity is one of the desirable properties of large systems. (t implies that the system is divided into several parts. (n such a manner, the interaction between parts is minimal clearly specified. Design will e)plain software components in detail. This will help the implementation of the system. @oreover, this will guide the further changes in the system to satisfy the future re.uirements.
8B
-ig '.? (nput Design This fig '.? refers the server which displays all the (1 address and it will transfer the data to the client. 8.. Out,ut #esi)n -orm is a tool with a messageO it is the physical carrier of data or information. (t also can constitute authority for actions. (n the form design files are used to do each module. The following are list of forms used in this projectM %ain (orm 3ontains option for viewing face from data base. The system retrieves the images stored in the folder called train and test folder, which is available in bin folder of your application.
8G
-ig '.% output Design This fig '.% helps us to detect the file which has been attacked and helps us to prevent the file from any type of attack.
8L
9. S STE% TESTIN* Testing is a series of different tests that whose primary purpose is to fully e)ercise the computer based system. Although each test has a different purpose, all work should verify that all system element have been properly integrated and performed allocated function. Testing is the process of checking whether the developed system works according to the actual re.uirement and objectives of the system. The philosophy behind testing is to find the errors. A good test is one that has a high probability of finding an undiscovered error. A successful test is one that uncovers the undiscovered error. Test cases are devised with this purpose in mind. A test case is a set of data that the system will process as an input. *owever the data are created with the intent of determining whether the system will process them correctly without any errors to produce the re.uired output. 9.1 SO(TWARE TESTIN* The software testing process commences once the program is created and the documentation and related data structures are designed. !oftware testing is essential for correcting errors Testin) t',es The following are the types of testingM /. Jnit testing. 8. (ntegration testing. ?. Nalidation testing.
?>
%. !ystem testing. 9.1.1 UNIT TESTIN* Jnit testing focuses verification effort on the smallest unit of software design "i.e.#, the module. Jnit Testing e)ercise specific paths in a module6s control structure to ensure complete coverage and ma)imum error detection. This test focuses on each module individuallyO ensure that it functions properly as a unit. *ence, the name is unit testing. 9.1.2 INTE*RATION TESTIN* (ntegration Testing addresses the issues associated with the dual problems of verification and program construction. After the software has been integrated a set of *igh order tests are conducted. The main objective in this testing process is to take unit tested modules and build a program structure that has been dictated by design. The following are the types of (ntegration TestingM i7 To,;Do!n Inte)ration This method is an incremental approach to the construction of program structure. @odules are integrated by moving downward through the control hierarchy, beginning with the main program module. The module subordinates to the main program module are incorporated into the structure in either a depth first of breadth first manner. ii7 5ottom;U, Inte)ration This method begins the construction and testing with the modules at the lowest level in the program structure.
?/
!ince the modules are integrated from the bottom up, processing re.uired for modules subordinate to a given level is always available and the need for stubs is eliminated. The bottom up integration strategy may be implemented with the following steps M I The low Qlevel modules are combined into clusters that perform a specific software sub function. I A driver"i.e.#,the control program for testing is written to co ordinate test case input and output. I The cluster is tested. I Drivers are removed and clusters are combined moving upward in the program structure. 9.1.- VALITATION TESTIN* At the end of (ntegration Testing, software is completely assembled as a package, interfacing errors have been uncovered and correction testing begin. Vali#ation Test Criteria !oftware Testing and Nalidation is achieved through serried of black bo) tests that demonstrate conformity with the re.uirements. A test plan outlines the classes of tests to be conducted and a test procedure defines specific test cases that will be used to demonstrate conformity with re.uirements. 4oth, the plan and the procedure are designed to ensure that all functional re.uirements are achieved, documentation is correct and other re.uirements are met.
?8
:. S STE% I%PLE%ENTATION This document contains the depth in analysis of wireless networks and all the details that are re.uired to form an understanding of 7etwork simulation. The document is a report of the investigation phase of a project which is the development of a web based network simulator that allows the simulation and understanding of networks. This document gives the aim and the objectives of the project and the steps in which those objectives can be achieved. All of the essential knowledge for the development for a network simulator is provided in a clear and concise manner. 0nce the entire project is completed it will provide users with a web based network simulator that is open source thus allowing users to use the source code to modify the application to suit their needs or use it in the creation of their own application. This application is intended to be used for educational purposes, thus it will have a user friendly and simplistic approach to network simulation. The !ystem implementation phase consists of the following stepsM § Testing the developed software with sample data. § 3orrection of any errors if identified. § 3reating the files of the system with actual data. § @aking necessary changes to the system to find out errors. § Training of user personnel.
??
The system has been tested with sample data, changes are made to the user re.uirements and run in parallel with the e)isting system to find out the discrepancies. The user has also been appraised how to run the system during the training period. The @ulti cloud data transfer between the client and server to set the secret key to transfer from the data. (t is using the secret key to encrypt the data to transfer the client to the server. The data received from the client side to decrypt the data then only view all the information from the available network.
?%
=. APPENDI> =.1 Sam,le Co#in) Ser&er <S S To change this template, choose Tools T Templates S and open the template in the editor. S< <S S 9:3:(N:9.java S S 3reated on 5an ?, 8>//, />M%GM?' A@ S< package nymbleO import java.io.-ile7ot-ound:)ceptionO import java.io.-ile0utput!treamO import java.util.logging.CevelO import java.util.logging.CoggerO import java.io.SO import java.net.(netAddressO import java.net.!ocketO import java.net.Jnknown*ost:)ceptionO import java.s.l.SO import java.net.SO import java).swing.50ption1aneO
?'
<SS S S Uauthor Admin S< public class servername e)tends java).swing.5-rame V !tring s/,s,fO int yuO public !tring fp/,fp8,fp?O << !erver!ocket serO public static int clientportHLLLO public static int serverportHAAAO public static Datagram!ocket dsO public static int butH/>8%O public static byte buffer$ &Hnew byte$but&O <SS 3reates new form 9:3:(N:9 S< public servername"# V init3omponents"#O view"#O display"#O <<del"#O W <SS This method is called from within the constructor to
?A
S initialize the form. S WA97(7KM Do 70T modify this code. The content of this method is S always regenerated by the -orm :ditor. S< U!uppressWarnings"XuncheckedX# << Yeditor fold defaultstateHXcollapsedX descHXKenerated 3odeXZ private void init3omponents"# V j0ption1ane/ H new java).swing.50ption1ane"#O j-ile3hooser/ H new java).swing.5-ile3hooser"#O jCabel8 H new java).swing.5Cabel"#O jTe)t-ield/ H new java).swing.5Te)t-ield"#O jCabel? H new java).swing.5Cabel"#O list/ H new java.awt.Cist"#O jCabelB H new java).swing.5Cabel"#O jTe)t-ield% H new java).swing.5Te)t-ield"#O jCabel/> H new java).swing.5Cabel"#O jTe)t-ieldB H new java).swing.5Te)t-ield"#O j4utton8 H new java).swing.54utton"#O jCabel% H new java).swing.5Cabel"#O jTe)t-ield8 H new java).swing.5Te)t-ield"#O jCabel' H new java).swing.5Cabel"#O jTe)t-ield? H new java).swing.5Te)t-ield"#O jCabel/ H new java).swing.5Cabel"#O
?B
setDefault3lose0peration"java).swing.Window3onstants.D0F70T*(7KF07F3 C0!:#O set@inimum!ize"new java.awt.Dimension"%>>, %>>##O set7ame"X9:3:(N:9X#O << 70(/G7 get3ontent1ane"#.setCayout"new org.netbeans.lib.awte)tra.AbsoluteCayout"##O jCabel8.set-ont"new java.awt.-ont"XArialX, /, /8##O jCabel8.set-oreground"new java.awt.3olor"'/, '/, '/##O jCabel8.setTe)t"X W09D K90J1X#O get3ontent1ane"#.add"jCabel8new org.netbeans.lib.a wte)tra.Absolute3onstraints"8>>, /L>, //>, /##O get3ontent1ane"#.add"jTe)t-ield/,new org.netbeans.lib.awte)tra.Absolute3onstraints"?'>, /G>, /%>, ?>##O jCabel?.set-ont"new java.awt.-ont"XArialX, /, /8##O jCabel?.set-oreground"new java.awt.3olor"'/, '/, '/##O jCabel?.setTe)t"X 7:TW09D 3C(:7T!X#O get3ontent1ane"#.add"jCabel?,new org.netbeans.lib.awte)tra.Absolute3onstraints"8>>, 8'>, /?>, /##O list/.addActionCistener"new java.awt.event.ActionCistener"# V public void action1erformed"java.awt.event.Action:vent evt# V list/Action1erformed"evt#O W W#O
?G
get3ontent1ane"#.add"list/,new org.netbeans.lib.awte)tra.Absolute3onstraints"?'>, 88>, /%>, /##O jCabelB.set-ont"new java.awt.-ont"XArialX, /, /8##O jCabelB.set-oreground"new java.awt.3olor"'/, '/, '/##O jCabelB.setTe)t"X -(C: !([:X#O get3ontent1ane"#.add"jCabelB,new org.netbeans.lib.awte)tra.Absolute3onstraints"8>>, ?A>, G>, /##O get3ontent1ane"#.add"jTe)t-ield%,new org.netbeans.lib.awte)tra.Absolute3onstraints"?'>, ?'>, /%>, ?>##O jCabel/>.set-ont"new java.awt.-ont"XArialX, /, /8##O jCabel/>.set-oreground"new java.awt.3olor"'/, '/, '/##O jCabel/>.setTe)t"X !:C:3T -(C:X#O get3ontent1ane"#.add"jCabel/>,new org.netbeans.lib.awte)tra.Absolute3onstraints"8>>, ?/>, />>, /##O jTe)t-ieldB.addActionCistener"new java.awt.event.ActionCistener"# V public void action1erformed"java.awt.event.Action:vent evt# V jTe)t-ieldBAction1erformed"evt#O W W#O jTe)t-ieldB.add(nput@ethodCistener"new java.awt.event.(nput@ethodCistener"# V public void input@ethodTe)t3hanged"java.awt.event.(nput@ethod:vent evt# V jTe)t-ieldB(nput@ethodTe)t3hanged"evt#O
?L
W public void caret1osition3hanged"java.awt.event.(nput@ethod:vent evt# V W W#O jTe)t-ieldB.addDeyCistener"new java.awt.event.DeyAdapter"# V public void key1ressed"java.awt.event.Dey:vent evt# V jTe)t-ieldBDey1ressed"evt#O W W#O get3ontent1ane"#.add"jTe)t-ieldB,new org.netbeans.lib.awte)tra.Absolute3onstraints"?'>, ?/>, /%>, ?>##O j4utton8.set-ont"new java.awt.-ont"X3alibriX, /, /%##O j4utton8.setTe)t"X!:7DX#O j4utton8.addActionCistener"new java.awt.event.ActionCistener"# V public void action1erformed"java.awt.event.Action:vent evt# V j4utton8Action1erformed"evt#O W W#O get3ontent1ane"#.add"j4utton8,new org.netbeans.lib.awte)tra.Absolute3onstraints"'/>, ?/>, //>, ?>##O jCabel%.set-ont"new java.awt.-ont"XArialX, /, /8##O jCabel%.setTe)t"X 9:3:(N(7K T(@:X#O get3ontent1ane"#.add"jCabel%,new org.netbeans.lib.awte)tra.Absolute3onstraints"8>>, %>>, />>, /##O
%>
get3ontent1ane"#.add"jTe)t-ield8,new org.netbeans.lib.awte)tra.Absolute3onstraints"?'>, ?L>, /%>, ?>##O jCabel'.set-ont"new java.awt.-ont"XArialX, /, /8##O jCabel'.setTe)t"X 9:3:(N: 1AT*X#O get3ontent1ane"#.add"jCabel',new org.netbeans.lib.awte)tra.Absolute3onstraints"8>>, /'>, />>, /##O get3ontent1ane"#.add"jTe)t-ield?,new org.netbeans.lib.awte)tra.Absolute3onstraints"?'>, /%>, /%>, ?>##O jCabel/.set-ont"new java.awt.-ont"XArialX, /, /8##O << 70(/G7 jCabel/.set-oreground"new java.awt.3olor"'/, '/, '/##O jCabel/.set(con"new java).swing.(mage(con"get3lass"#.get9esource"X<nymble<9ipple.jpgX###O 70(/G7 jCabel/.set@inimum!ize"new java.awt.Dimension"'A', '/A##O get3ontent1ane"#.add"jCabel/,new org.netbeans.lib.awte)tra.Absolute3onstraints">, >, AG>, %L>##O getAccessible3onte)t"#.setAccessible1arent"this#O pack"#O W<< Y<editor foldZ private void j4utton8Action1erformed"java.awt.event.Action:vent evt# V vi"#O tryV int co/H>O 3onnection cO <<
%/
!tatement stO 3lass.for7ame"Xsun.jdbc.odbc.5dbc0dbcDriverX#O c H [email protected]"XjdbcModbcMnymbX#O st H c.create!tatement"#O !tring iH jTe)t-ield/.getTe)t"#O 9esult!et rs H st.e)ecuteEuery"Xselect S from blockid where blockipH\XPsPX\X#O !ystem.out.println"s#O while"rs.ne)t"##V fHrs.get!tring"XblockipX#O if"f.e.uals"s##V co/PPO W W if"co/HH/# V 50ption1ane.show@essageDialog"root1ane, XT*(! (1 4C03D:DX#O W elseV load?"f#O 50ption1ane.show@essageDialog"root1ane, XDATA !:7D(7K........X#O W W catch "!EC:)ception e)# V Cogger.getCogger"servername.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O
%8
W catch "3lass7ot-ound:)ception e)# V Cogger.getCogger"servername.class.get7ame"##.log"Cevel.!:N:9:,null,e)#O W W list/.get!elected(tem"#O sHlist/.get!elected(tem"#O !ystem.out.println"s#O W private void jTe)t-ieldBAction1erformed"java.awt.event.Action:vent evt# V W 1rivatevoid jTe)t-ieldB(nput@ethodTe)t3hanged"java.awt.event.(nput@ethod:vent evt# V << T0D0 add your handling code hereM W private void jTe)t-ieldBDey1ressed"java.awt.event.Dey:vent evt# V << T0D0 add your handling code hereM W void da"!tring c#V jTe)t-ield?.setTe)t"c#O W void A4"!tring -#V jTe)t-ieldB.setTe)t"-#O W void load?"!tring f#V private void list/Action1erformed"java.awt.event.Action:vent evt# V
%?
V try V dsHnew Datagram!ocket"serverport#O !tring c H XjkhjXO !ystem.out.println"X-(C: (! T9A7!-:99(7K...X#O byte b$ &Hnew byte$c.length"#&O c.get4ytes">,c.length"#,b,>#O ds.send"new Datagram1acket"b,b.length,(netAddress.getCocal*ost"#,clientport##O cHnullO !ystem.out.println"X-(C: T9A7!-:9 (! 30@1C:T:DX#O Wcatch "(0:)ception e)# V Cogger.getCogger"servername.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W W W void call"#V !tring s8? O try V dsHnew Datagram!ocket"clientport#O Datagram1acket nO while"true# V nHnew Datagram1acket"buffer,buffer.length#O
%%
ds.receive"n#O s8? Hnew !tring"n.getData"#,>,n.getCength"##O !ystem.out.println"s8?#O << list?.add(tem"s8?#O W W catch "(0:)ception e)# V Cogger.getCogger"clientre.uest.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W W void view/"# V try V << T0D0 add your handling code hereM 3onnection cO !tatement stO << T0D0 add your handling code hereM 3lass.for7ame"Xsun.jdbc.odbc.5dbc0dbcDriverX#O c H [email protected]"XjdbcModbcMnymbX#O st H c.create!tatement"#O !tring iH jTe)t-ield/.getTe)t"#O 9esult!et rs Hst.e)ecuteEuery"Xselect S from blockid where workgroupH\XPiPX\X#O while "rs.ne)t"## V << jTe)t-ield/.setTe)t"rs.get!tring"XsnoX##O
%'
<<jCist/.add"this,rs.get!tring"XipaddX##O <<list8.add(tem"rs.get!tring"XblockipX##O W Wcatch"!EC:)ceptione)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W catch "3lass7ot-ound:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W W void view"# V try V 3onnection cO !tatementstO 3lass.for7ame"Xsun.jdbc.odbc.5dbc0dbcDriverX c H [email protected]"XjdbcModbcMnymbX#O st H c.create!tatement"#O !tring iH XuisXO jTe)t-ield/.setTe)t"i#O 9esult!et rs H st.e)ecuteEuery"Xselect S from register where groupnameH\XPiPX\X#O while "rs.ne)t"## V
%A
<< jTe)t-ield/.setTe)t"rs.get!tring"XsnoX##O <<jCist/.add"this,rs.get!tring"XipaddX##O list/.add(tem"rs.get!tring"XipaddX##O W st.close"#O c.close"#O W catch "!EC:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W catch "3lass7ot-ound:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W W void display"#V !tring df H nullO try V 3onnection cO !tatementstO 3lass.for7ame"Xsun.jdbc.odbc.5dbc0dbcDriverX#O c H [email protected]"XjdbcModbcMnymbX#O st H c.create!tatement"#O << !tring iH XuisXO <<jTe)t-ield/.setTe)t"i#O
%B
9esult!et rs H st.e)ecuteEuery"Xselect receivefile from file X#O while "rs.ne)t"## V << jTe)t-ield/.setTe)t"rs.get!tring"XsnoX##O <<jCist/.add"this,rs.get!tring"XipaddX##O df Hrs.get!tring"XreceivefileX#O W jTe)t-ield?.setTe)t"df#O W catch "!EC:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W catch "3lass7ot-ound:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W W void del"#V try V 3lass.for7ame"Xsun.jdbc.odbc.5dbc0dbcDriverX#O 3onnection c H [email protected]"XjdbcModbcMnymbX#O !tatement st H c.create!tatement"#O st.e)ecuteJpdate"Xdelete from fileX#O st.close"#O c.close"#O W catch "!EC:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O
%G
Wcatch"3lass7ot-ound:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W W void vi"# V for"int jH/>OjZ>Oj # V try V jTe)t-ield8.setTe)t"!tring.value0f"j##O !ystem.out.println"j#O Thread.sleep"/>>>#O W catch "(nterrupted:)ception e)# V Cogger.getCogger"servername.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W W try V 3onnection cO !tatement stO 3lass.for7ame"Xsun.jdbc.odbc.5dbc0dbcDriverX#O c H [email protected]"XjdbcModbcMnymbX#O st H c.create!tatement"#O !tring iH jTe)t-ieldB.getTe)t"#O
%L
9esult!et rs H st.e)ecuteEuery"Xselect S from file/ where fp8H\XPiPX\X#O if "rs.ne)t"## V << jTe)t-ield/.setTe)t"rs.get!tring"XsnoX##O <<jCist/.add"this,rs.get!tring"XipaddX##O <<list/.add(tem"rs.get!tring"Xfp?X##O !tring rtH"rs.get!tring"Xfp?X##O int yuHrt.length"#O jTe)t-ield%.setTe)t"!tring.value0f"yu##O W st.close"#O c.close"#O << W catch "(nterrupted:)ception e)# V << Cogger.getCogger"servername.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W catch "!EC:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W catch "3lass7ot-ound:)ception e)# V Cogger.getCogger"nymbmanager.class.get7ame"##.log"Cevel.!:N:9:, null, e)#O W W <SS S Uparam args the command line arguments S<
'>
public static void main"!tring args$&# V java.awt.:ventEueue.invokeCater"new 9unnable"# V public void run"# V new servername"#.setNisible"true#O W W#O W << Nariables declaration do not modify private java).swing.54utton j4utton8O private java).swing.5-ile3hooser j-ile3hooser/O private java).swing.5Cabel jCabel/O private java).swing.5Cabel jCabel/>O private java).swing.5Cabel jCabel8O private java).swing.5Cabel jCabel?O private java).swing.5Cabel jCabel%O private java).swing.5Cabel jCabel'O private java).swing.5Cabel jCabelBO private java).swing.50ption1ane j0ption1ane/O private java).swing.5Te)t-ield jTe)t-ield/O private java).swing.5Te)t-ield jTe)t-ield8O private java).swing.5Te)t-ield jTe)t-ield?O private java).swing.5Te)t-ield jTe)t-ield%O public java).swing.5Te)t-ield jTe)t-ieldBO private java.awt.Cist list/O << :nd of variables declarationW
'/
=.2 Out,ut An# S$reen S1ots =.2.1 User #etails
-ig G./ Jser Details The fig G./ represents if the user is a new user, this form enters the details and store the user details in the database.
'8
?.2.1.1 A0ter $reation o0 ne! user
-ig G.8 After creation of new user The fig G.8 represents the creation of new user in the database.
'?
=.2.2 Sear$1in) o0 IP A##ress
-ig G.? !earching of 7eighbor (1 address This fig G.? represents that it will display all the (1 address within the location when the workgroup name is given.
'%
=.2.- Sear$1in) t1e Client
-ig G.% client (dentification This fig G.% involves client identification and gets the authority to transfer the data.
''
=.2.. Dete$tion o0 t1e atta$"e# 0ile
-ig G.' Detection of attacked file This fig G.' helps us to detect the file which has been attacked, and helps us to prevent the file from any type of attack.
'A
?. CONCLUSION @ (UTURE EN2ANCE%ENT 1acket classification is essential for most network system functionality and services, but it is comple), since it involves comparing multiple fields in a packet header against entries in the filter data set to decide the proper rule to apply for handling the packet. This paper has considered a rapid packet classification mechanism realized by able to not only e)hibit high scalability in terms of both the classification time and the !9A@ size involved, but also effectively handle incremental updates to the filter data sets. 4ased on a single set associative hash table to support two staged search, promises to enjoy better classification performance than its known software oriented counterpart, because the table narrows the search scope effectively based on the source and the destination (1 addresses of an arrival packet during the first stage, leading to fast search in the second stage. With its re.uired !9A@ size lowered considerably, makes it possible to hold entire search data structures in the local cache of each core within a contemporary processor, further elevating its classification performance. The table admits each filter rule in a set with lightest occupancy among all those inde)ed by hash"round down sip# and hash"round down dip#, under. Jtilizing the first F bits of an (1 prefi) with l bits as the key to the hash function "instead of using the original (1 prefi)#, this way lowers substantially the likelihood of set overflow, which occurs only when all inde)ed sets are full, attaining high !9A@ storage utilization. (t also leads to great scalability, even for small table set associatively and a small table dilation factor.
'B
0ur evaluation results have shown that with the set associative degree of %, generally e)periences very rare set overflow instances. :mpirical assessment of has been conducted on an A@D % way server with the 8.G K*z 0ption processor. A simple hashing function was employed for our implementation. :)tensive measured results demonstrate that *arp outperforms *3 to e)hibit throughput of .B to ?.A times, on an average, under the si) databases e)amined, when its table is with ] /M> and there are five D1C treads. 4esides its efficient support for incremental rule updates, our proposed also enjoys far better classification performance than previous software based techni.ues. 7ote that theoretically pathological cases may occur despite encouraging pragmatic results by ] /M>, as we have witnessed in this study. -or e)ample, a large number of "hosts on the same subnet with# prefi)es 1jw can differ only in a few bits. There are possible ways to deal with such cases and to avoid overwhelming the inde)ed set. A possible way is to use one and only one entry to keep the round down prefi) 1jli, as opposed to holding all 1jw6s in individual entries under the current design. !ubse.uently, the round down bits can form a secondary inde)ing structure to provide the differentiation "among rules specific to each host# and<or the round down bits can be mingled with the remaining fields of the filter rules. Thus, each stage narrows the search range by small and manageable structures. These possible options are being e)plored.
'G
1A. RE(ERENCES [/& W. Ru, W. Trappe, and 2. [hang. Anti jamming timing channels for 7etworks. (n 1roceedings of Wi!ec, pages 8>?Q8/?, 8>>G. $8& D. Thuente and@. Acharya. (ntelligent jamming in wireless networks with applications to G>8.// b and other networks. (n 1roceedings of the (::: @ilitary 3ommunications 3onference @(C30@, 8>>A. $?& @.!trasser, 3. 1^opper, !. 3apkun, and @. 3agalj. 5amming resistant key establishment using uncoordinated fre.uency hopping. (n 1ro ceedings of (::: !ymposium on !ecurity and 1rivacy, 8>>G. $%& C.Cazos, !. Ciu, and @. Drunz. @itigating control channel jamming attacks in multi channel ad hoc networks. (n 1roceedings of the 8nd A3@ conference on wireless network security, pages /ALQ/G>, 8>>L. $'& K. 7oubir and K. Cin. Cow power Do! attacks in data wireless lans and countermeasures. @obile 3omputing and 3ommunications 9eview, B"?#M8LQ?>, 8>>?. $A& 4.Thapa, K. 7oubir, 9. 9ajaramanand, and 4. !heng. 0n the robustness of (:::G>8.// rate adaptation algorithms against smart jamming. (n 1roceedings of Wi!ec, 8>//.
'L
$B&
@. Wilhelm, (. @artinovic, 5. !chmitt, and N. Cenders. 9eactive jamming in wireless networksM *ow realistic is the threat_ (n 1roceedings of Wi!ec, 8>//.
$G&
T.R. 4rown,5. :. 5ames, and A.!ethi. 5amming and sensing of :ncrypted wireless ad hoc networks. (n 1roceedings of @obi*oc, pages /8>Q/?>, 8>>A.
$L&
W.Ru, W. Trappe, 2. [hang, and T.Wood. The feasibility of launching and detecting jamming attacks in wireless networks. (n 1roceedings of @obi*oc, pages %AQ'B, 8>>'.
$/>& 0. Koldreich. -oundations of cryptographyM 4asic applications. 3ambridge Jniversity 1ress, 8>>%. s
A>
