ENHANCING CYBER SECURITY

CHAPTER 1
INTRODUCTION

1.1 DOMAIN OVERVIEW

The Internet of Things (IoT) is a developing global trend in the internet-based data
architecture facilitating the exchange of goods and services in the global supply chain network.
IoT is an application domain integrating diverse technologies and social arenas. has described
IoT as “A network of things, every one of them embedded with wireless sensors and connected
through the world wide web”.
The fundamental aim is to ensure diverse range of things that can be connected and operated
such that they can interact with themselves and users. It is an active IT infrastructure having self-
configuring ability for establishing interoperable communication protocols between physical and
virtual identities of things through intelligent interfaces.IoT supports bilateral continuous
exchange of sensed data and information about the environment and automatically triggering
actions as per the real-world events One of the major challenges faced by IoT world is not
expansion but its security.
The conventional protocols of wired networks are not suitable to implement in the ad-hoc
environment, where the topology of the nodes changes frequently, the communication links
between network nodes are wireless and there is no centralized control in the network . So, it is
necessary for each communicating node to incorporate some kind of security.

1.2 SCOPE/MOTIVATION OF THE PROJECT

The use of internet in its facilitation along with the enhance online security of
transactions and sensitive information has been the core reasons for this project and avoids
DDOS of attack. The user can deposit or withdraw amount securely with clerk.The user sends
request to clerk to deposit and to withdraw amount.Admin can track the user IP address. After
login user can view IP address and login time.

1.3 METHODOLOGY
Thisproject describes how to manage good performance and better services to user. the
admin adds user with encryption, each user aregiven 3 unsuccessful attempts for login and once
login is successful the admin can view the user Ipaddress. After three unsuccessful login
attempts user is blocked. The user sends request for clerk to deposit and withdraw amount both
the user and clerk can view user balance and transaction history. In this project DDOS attack is
prevented.

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 1

Mysore.
 ENHANCING CYBER SECURITY

1. Data encryption

2. Tracking of Ip address

3. Email swifting

4. Account blocking

5. DDOS Attacks

1.4 PROBLEM STATEMENT

In a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the
victim originates from many different sources. This effectively makes it impossible to stop the
attack simply by blocking a single source. A DoS or DDoS attack is analogous to a group of
people crowding the entry door of a shop, making it hard for legitimate customers to enter, thus
disrupting trade.
Criminal perpetrators of DoS attacks often target sites or services hosted on high-
profile web servers such as banks or credit card payment gateways. Revenge, blackmail and
activism can motivate these attacks.

1.5 EXISTING SYSTEM:

• Static threshold: We set a threshold value on number of requests a node can service. If
requests are more than threshold mark as malicious, care should be taken because it might be
flash crowd also.
• Behavioral analysis: Here we suspect of attacks based on behaviori.e if a pdf file is
downloaded more than usual suspect it.
• Challenge response: Using captcha test, since bots does not have image processing
capabilities, it cannot type the distorted or tilted letters.

Disadvantages of existing system:

• Existing systems does not have fast response time and does not respond quickly to any
changes in attack traffic pattern.

• It will not provide mechanisms for retaining the attack evidence for any future legal
proceedings

• It does not identify the attack at the victim and prevent the attack near to the attacking
source Does not provide confidentiality and integrity for the exchanged messages
betweendefensenodes.

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 2

Mysore.
 ENHANCING CYBER SECURITY

1.6 PROPOSED SYSTEM:

In the proposed system we have developed an application for preventing web servers
from DDOS attacks from hackers. Hackers can send more user requests to the web server of
admin to block and hack the web server of admin using DDOS attack and in other approach of
hacking the web, hackers can use SQL injection where hacker can directly login into admin but
in the proposed system we have provided an encrypt key for admin and user which will not be
known by the hacker so he could not login into the system. This avoids the reverse calculation of
malicious hosts and thus greatly improves the efficiency of the system. In summary, we make the
following major contributions in this paper:
• we propose a sketch-based anomaly detection scheme for app-layer DDoS attacks. The
scheme utilizes the divergence of sketches in two consecutive detection cycles to detect the
occurrence of an anomaly.

• We design an effective attack mitigation scheme without the need of reverse calculation
or storage of malicious hosts. The scheme exploits the detected abnormal sketch to identify
malicious hosts directly. This avoids the computation-intensive process to infer the malicious
hosts and thus greatly improves the efficiency of the system.

• We develop an adaptive mitigation scheme which dynamically determines the number

of malicious hosts according to the volume of requests. Basically, it will discriminate more hosts
as suspicious if the load of the server is heavy and regard fewer hosts as suspicious if the load is
moderate and tolerable. This scheme well balances the trade-off between attack mitigation speed
and accuracy.

• We develop a prototype of Sky Shield and evaluate its effectiveness using real attack
data collected from a largescale web server cluster. The experimental results show that Sky
Shield can quickly mitigate app-layer DDoS attacks with a limited impact on legitimate users.

Advantages:
- Security
- Confidentiality

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 3

Mysore.
 ENHANCING CYBER SECURITY

CHAPTER-2

LITERATURE SURVEY
2.1 Literature review

1] DDoS Attacks: Tools, Mitigation Approaches, and Probable Impact on Private Cloud
Environment(R. K. Deka, D. K. Bhattacharyya and J. Kalita)-2017
The future of the Internet is predicted to be on the cloud, resulting in more complex and
more intensive computing, but possibly also a more insecure digital world. The presence of a
large amount of resources organized densely is a key factor in attracting DDoS attacks. Such
attacks are arguably more dangerous in private individual clouds with limited resources. This
paper discusses several prominent approaches introduced to counter DDoS attacks in private
clouds. We also discuss issues and challenges to mitigate DDoS attacks in private clouds.

2] Analysis of DDOS attack Detection and Prevention in Cloud Environment(ArtiVerma,

Mohammad Arif)-April 2018
The cloud environment is a largescale dynamic distributed emerging technology and
popularized with the communication, networking, storage theorizes and power. Human being
share digital information to new demands which are growing rapidly with respect to time. Cloud
is very challenging internet-based computing infrastructure. DDoS (Distributed Denial of
Services) is one of the main attack occurred in cloud environment. This leads to financial harms
or influences the reputation. Survey statics shows that DDoS attack is rapidly growing attack that
targets two major components. In this paper we surveyed different scenarios of DDoS attack. We
have focused on different methods classification, detection and defense of DDoS attack, and
compared different learning approaches for DDoS. The machine learning is efficiently used for
DDoS attack defense.
Sketch techniques have already been widely used in the detection of DDoS attacks.
Barford et al. found that the detection of a sharp increase in the local variance of the filtered
network traffic is an effective way of exposing anomalies. proposed a novel sketch based data-
streaming algorithm for robust and real-time DDoS attack detection in large ISP networks.
developed an efficient online flooding attack detection scheme by integrating the sketch
techniques with Hellinger distance. proposed a weighted k-NN clustering method to detect DoS
attacks in real time. They employed a different genetic algorithm to select significant features to
discriminate malicious requests.However, those studies focus on detecting anomalies without
considering the mitigation of attacks.

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 4

Mysore.
 ENHANCING CYBER SECURITY

3] D-FAC: A novel ϕ-Divergence based distributed DDoSdefense system Authors: Sunny

behal, Monika sachdeva, Krishankumarsaleja Publishing year-March 2018
A Distributed Denial of Service (DDoS) attack is an austere menace to extensively used
Internet-based services and applications. Despite the presence of enormous DDoSdefense
solutions, the in-time detection of DDoS attacks poses a stiff challenge to network security
professionals. The problem turns further crucial when such attacks are amalgamated with
behaviorally similar flash events (FEs) wherein a large number of legitimate users starts
accessing a particular service concurrently leading to the denial of service. This paper proposes
an anomaly based distributed defense system called D-FAC that not only detect different type
OfDDoSattacks with efficacy but also efficiently mitigate their impact. D-FAC computes the
information distance between legitimate and anomalous network traffic flows using information
theory-based ϕ-Divergence metric to detect different types of DDoS attacks and efficiently
discriminate them from FEs. D-FAC distribute the computational and storage complexity of
computing ϕ-Divergence detection metric to the nearest point of presence (POP) routers.

2.2 MODULES

There are three MODULES in this project

1. ADMIN

2. OFFICER

3. USER

ADMIN

- Admin Login
- Admin add/update/view/delete clerk
- Admin add user details with encryption
- Admin view IP address of user, when user logins in
- Logout

OFFICER

- Officer login
- Officer deposit amount of the particular user
- Officer withdraws the amount of the user
- Officer view balance of user
- Officer view all transaction details
- Logout

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 5

Mysore.
 ENHANCING CYBER SECURITY

USER

- Login
- User is given three attempts for unsuccessful login
- User adds account details
- User request clerk to deposit amount
- User request clerk to withdraw amount
- User view transaction history
- Logout

2.3 DEVELOPMENT TOOLS

1. HARDWARE REQUIREMENTS:

Processor - i3 or i4
Speed - 1.1 Ghz
Ram - 2GB
Hard Disk - 20 GB

2. SOFTWARE REQUIREMENTS:

• Operating System: Windows XP and above

• Programming Language: J2EE
• Storage:MySQL
• Front end language:HTML,CSS,JAVASCRIPT,BOOTSTRAP

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 6

Mysore.
 ENHANCING CYBER SECURITY

CHAPTER 3

TECHNOLOGY USED
3.1 JAVA TECHNOLOGY

❖ Java technology is both a programming language and a platform.

❖ The Java Programming Language
❖ The Java programming language is a high-level language that can be characterized by all
of the following buzzwords:
➢ Simple
➢ Architecture neutral
➢ Object oriented
➢ Portable
➢ Distributed
➢ High performance
➢ Interpreted
➢ Multithreaded
➢ Robust
➢ Dynamic
➢ Secure

With most programming languages, you either compile or interpret a program so that you
can run it on your computer. The Java programming language is unusual in that a program is
both compiled and interpreted. With the compiler, first you translate a program into an
intermediate language called Java byte codes —the platform-independent codes interpreted by
the interpreter on the Java platform. The interpreter parses and runs each Java byte code
instruction on the computer. Compilation happens just once; interpretation occurs each time the
program is executed. The following figure illustrates how this works.

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 7

Mysore.
 ENHANCING CYBER SECURITY

You can think of Java byte codes as the machine code instructions for the Java Virtual
Machine (Java VM). Every Java interpreter, whether it’s a development tool or a Web browser
that can run applets, is an implementation of the Java VM. Java byte codes help make “write
once, run anywhere” possible. You can compile your program into byte codes on any platform
that has a Java compiler. The byte codes can then be run on any implementation of the Java VM.
That means that as long as a computer has a Java VM, the same program written in the Java
programming language can run on Windows 2000, a Solaris workstation, or on an iMac.

3.2 JAVA PLATFORM

A platform is the hardware or software environment in which a program runs. We’ve

already mentioned some of the most popular platforms like Windows 2000, Linux, Solaris, and
Mac OS. Most platforms can be described as a combination of the operating system and
hardware. The Java platform differs from most other platforms in that it’s a software-only
platform that runs on top of other hardware-based platforms.

The Java platform has two components:

1.The Java Virtual Machine (Java VM)

2.The Java Application Programming Interface (Java API)

You’ve already been introduced to the Java VM. It’s the base for the Java platform and is
ported onto various hardware-based platforms. The Java API is a large collection of ready-made
software components that provide many useful capabilities, such as graphical user interface
(GUI) widgets. The Java API is grouped into libraries of related classes and interfaces; these

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 8

Mysore.
 ENHANCING CYBER SECURITY

libraries are known as packages. The next section, What Can Java Technology Do? Highlights
what functionality some of the packages in the Java API provide.

The following figure depicts a program that’s running on the Java platform. As the figure
shows, the Java API and the virtual machine insulate the program from the hardware.

Native code is code that after you compile it, the compiled code runs on a specific
hardware platform. As a platform-independent environment, the Java platform can be a bit
slower than native code. However, smart compilers, well-tuned interpreters, and just-in-time byte
code compilers can bring performance close to that of native code without threatening
portability.

The Java platform gives you the following features:

1.The essentials: Objects, strings, threads, numbers, input and output, data structures, system
properties, date and time, and so on.

2.Applets: The set of conventions used by applets.

3.Networking: URLs, TCP (Transmission Control Protocol), UDP (User Data gram Protocol)
sockets, and IP (Internet Protocol) addresses.

4.Internationalization: Help for writing programs that can be localized for users worldwide.
Programs can automatically adapt to specific locales and be displayed in the appropriate
language.

5.Security: Both low level and high level, including electronic signatures, public and private key
management, access control, and certificates.

6.Software components: Known as JavaBeans TM, can plug into existing component
architectures.

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 9

Mysore.
 ENHANCING CYBER SECURITY

7.Object serialization: Allows lightweight persistence and communication via Remote Method
Invocation (RMI).

8.Java Database Connectivity (JDBCTM): Provides uniform access to a wide range of

relational databases.

3.3 ANDROID

Android is a buzzword that change the smartphone view from past few years. It holds the
largest part of the smartphone world and which is growing larger and larger every day. Figure
2.2 shows the logo of Android Operating System.Android is an operating system based on the
Linux kernel, and designed primarily for touchscreen mobile devices such as smartphones and
tablet computers. Initially developed by Android, Inc., which Google backed financially and later
bought in 2005, android was unveiled in 2007 along with the founding of the Open Handset
Alliance a consortium of hardware, software, and telecommunication companies devoted to
advancing open standards for mobile devices.
The user interface of Android is based on direct manipulation, using touch inputs that
loosely correspond to real world actions, like swiping, tapping, pinching and reverse pinching to
manipulate on-screen objects. Internal hardware such as accelerometers, gyroscopes and
proximity sensors are used by some applications to respond to additional user actions, for
example adjusting the screen from portrait to landscape depending on how the device is oriented.
Android allows users to customize their home screens with shortcuts to applications and widgets,
which allow users to display live content, such as emails and weather information, directly on the
home screen. Applications can further send notifications to the user to inform them of relevant
information, such as new emails and text messages.

Android is popular with technology companies which require a ready-made, low-cost and
customizable operating system for high-tech devices. Despite being primarily designed for
phones and tablets, it also has been used in televisions, games consoles, digital cameras and other
electronics. Android's open nature has encouraged a large community of developers and
enthusiasts to use the open-source code as a foundation for community driven projects, which

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 10

Mysore.
 ENHANCING CYBER SECURITY

add new features for advanced users or bring Android to devices, which were officially released
running other operating systems.

Application Development in Android:

Android software development is the process by which new applications are created for
the Android operating system. Applications are usually developed in the Java programming
language using the Android Software Development Kit, but other development tools are
available.
The Android Software Development Kit (Android SDK) provides all necessary tools to
develop Android applications. This includes a compiler, debugger and a device emulator, as well
as its own virtual machine to run Android programs. The Android SDK includes a mobile device
emulator, a virtual mobile device that runs on your computer. The emulator lets you develop and
test Android applications without using a physical device.

Enhancements to Android's SDK go hand in hand with the overall Android platform
development. The SDK also supports older versions of the Android platform in case developers
wish to target their applications at older devices. Development tools are downloadable
components, so after one has downloaded the latest version and platform, older platforms and
tools can also be downloaded for compatibility testing.

3.4 WEB ARCHITECTURE

Web browsers on the client side for rendering data presentation coded in HTML, a web
server program that generates data presentation, an application server program that computes
business logic, and a database server program that provides data persistency. The three types of
server programs may run on the same or different server machines. Web browsers can run on
most operating systems with limited hardware or software requirement. They are the graphic user
interface for the clients to interact with web applications. A typical web application involves four
tiers as depicted in the following web architecture figure:

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 11

Mysore.
 ENHANCING CYBER SECURITY

3.5 MYSQL

MySQL is an open source Relational Database Management System. MySQL is very fast
reliable and flexible Database Management System. It provides a very high performance and it is
multi-threaded and multi user Relational Database management system. MySQL is one of the
most popular relational databases Management System on the web. The MySQL Database has
become the world's most popular open source Database, because it is free and available on
almost all the platforms.
The MySQL can run on UNIX, window, and Mac OS. MySQL is used for the internet
applications as it provides good speed and is very secure. MySQL was developed to manage
large volumes of data at very high speed to overcome the problems of existingsolutions. MySQL
can be used for verity of applications but it is mostly used for the web applications on the
internet.

MySQL Features:

▪ MySQL are very fast and much reliable for any type of application.
▪ MySQL is very Lightweight application.
▪ MySQL command line tool is very powerful and can be used to run SQL queries against
database.
▪ MySQL supports indexing and binary objects.
▪ It is allow changes to structure of table while server is running.
▪ MySQL Written in C and C++ language.
▪ MySQL code is tested with different compilers.
▪ MySQL is available as a separate program for use in a client/server network environment.
▪ The MySQL available for the most UNIX operating platform.
▪ MySQL are the available for window operating system window NT, window 95, and
window 98.
Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 12
Mysore.
 ENHANCING CYBER SECURITY

CHAPTER 4
SYSTEM REQUIREMENTS SPECIFICATION

4.1 FUNCTIONAL REQUIREMENTS:

A functional requirement document defines the functionality of a system or one of its
subsystems. It also depends upon the type of software, expected users and the type of system
where the software is used.
Functional user requirements may be high-level statements of what the system should do
but functional system requirements should also describe clearly about the system services in
detail.
The functional requirements are:

- The admin/user /clerk login

- Add user with encryption
- Add clerk
- View Ip address
- Deposit amount
- Withdraw amount
- View transaction history

4.2 NON-FUNCTIONAL REQUIREMENTS:

Non-functional requirements are constraints that must be adhered to during development.
They limit what resources can be used and set bounds on aspects of the software’s quality. One
of the most important things about non-functional requirements is to make them verifiable. The
verification is normally done by measuring various aspects of the system and seeing if the
measurements confirm to the requirements.
Non-functional requirements are divided into several groups: The first group of categories
reflects the four qualities attributes
1.Usability: The application which we are developing is going to be used by user to deposit and
withdraw amount securely.
2.Efficiency: Our application takes less time to accomplish a particular task such as deposit and
withdraw amount which also reduces time complexity. It reduces the complications when an
information has several functionalities thus increases the efficiency.
3.Reliability: The application that we are developing is designed to deliver set of services as
expected by the user. The application provides many modules and each module is developed
satisfy the non-functional requirements of the user. This allows gives three unsuccessful attempts
to login.
4.Maintainability: The application that we are developing is going to provide a high
performance measures such as the data updates are done automatically without loss of data that
already exists.
Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 13
Mysore.
 ENHANCING CYBER SECURITY

CHAPTER 5
SYSTEM ANALYSIS
5.1 PROBLEM ANALYSIS
The security of systems is a serious issue due to the increasing numbers of services and
users in a networks.However, the impacts of security vulnerabilities are very dangerous in
critical smart environments used in fields such as banking, medicine and industry.
Confidentiality, integrity, and availability are three important security concepts of applications
and services in internet. The creation of smart environments in the real world faces two notable
barriers: the security of systems and the complexity and compatibility of the environments.
Attacks such as DoS or DDoS attacks on networks affects of services and thus affect the services
provided by smart environments.
1.Feasibility Study:
A feasibility study is part of the initial design stage of any project/plan. It is conducted in
order to objectively uncover the strengths and weaknesses. In addition, a of a proposed project or
an existing business.
2.Economical feasibility
The economic feasibility step of business development is that period during which a
break-even financial model of the business venture is developed based on all costs associated
with taking the product from idea to market and achieving sales sufficient to satisfy debt or
investment requirements.
3.Operational feasibility
Operational feasibility is the measure of how well a proposed system solves the
problems, and takes advantage of the opportunities identified during scope definition and how it
satisfies the requirements identified in the requirements analysis phase of system development.
4.Technical feasibility
A technical feasibility study assesses the details of how you intend to deliver a product or
service to customers. Think materials, labor, transportation, where your business will be located,
and the technology that will be necessary to bring all this together

.
5.2 SYSTEM DESIGN
A Data Flow Diagram (DFD) is a diagram that describes the flow of data and the
processes that change data throughout a system. A structured analysis and design tool can be
used for flowcharting in place of or in association with information. Oriented and process
oriented system flowcharts. When analysts prepare the Data Flow Diagram, they specify the user
needs at a level of detail that virtually determines the information flow into and out of the system
and the required data resources. This network is constructed by using a set of symbols that do not
imply physical implementations.
Data flow diagrams (DFDs) reveal relationships among and between the various
components in a program or system. DFDs are an important technique for modelling a system’s
Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 14
Mysore.
 ENHANCING CYBER SECURITY

high-level detail by showing how input data is transformed to output results through a sequence
of functional transformations. DFDs consist of four major components: entities, processes, data
stores, and data flows. The symbols used to depict how these components interact in a system are
simple and easy to understand; however, there are several DFD models to work from, each
having its own symbology. DFD syntax does remain constant by using simple verb and noun
constructs. Such a syntactical relationship of DFDs makes them ideal for object-oriented analysis
and parsing functional specifications into precise DFDs for the systems analyst.

Data Flow Diagram Symbols:

NAME SYMBOL

Entity

Data flow

Processor

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 15

Mysore.
 ENHANCING CYBER SECURITY

5.3 SYSTEM ARCHITECTURE

5.4 MODULE DESIGN

▪ Admin module use case

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 16

Mysore.
 ENHANCING CYBER SECURITY

▪ Clerk module use case

▪ User moduleusecase

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 17

Mysore.
 ENHANCING CYBER SECURITY

5.5 SEQUENCE DAIGRAM

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 18

Mysore.
 ENHANCING CYBER SECURITY

CHAPTER 6

IMPLEMENTATION

6.1 FLOW CHART OF THE SYSTEM

Flowcharts use special shapes to represent different types of actions or steps in a process.
Lines and arrows sed. For example, a data flow diagram may contain an Input/output Symbol
(also known as an I/show the sequence of the steps, and the relationships among them. These are
known as flowchart symbols.

The type of diagram dictates the flowchart symbols that are uO Symbol), but you would
not expect to see it in most process flow diagrams.

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 19

Mysore.
 ENHANCING CYBER SECURITY

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 20

Mysore.
 ENHANCING CYBER SECURITY

CHAPTER 7

7.1 TESTING

Testing defines the status of the working functionalities of any particular system.
Through testing particular software, one cannot identify the defects in it but can analyses the
performance of software and its working behavior. By testing the software, we can find the
limitations that become the conditions on which the performance is measured on that particular
level. In order to start the testing process the primary thing is requirements of software
development cycle. Using this phase, the testing phase will be easier for testers. The capacity of
the software can be calculated by executing the code and inspecting the code in different
conditions such as testing the software by subjecting it to different sources as input and
examining the results with respect to the inputs.

The purpose of testing is to discover errors. Testing is the process of trying to discover
every conceivable fault or weakness in a work product. It provides a way to check the
functionality of components, sub-assemblies, assemblies and/or a finished product it is the
process of exercising software with the intent of ensuring that the Software system meets its
requirements and user expectations and does not fail in an unacceptable manner. There are
various types of test. Each test type addresses a specific testing requirement.

7.2 TYPES OF TESTS

1.Unit testing:Unit testing involves the design of test cases that validate that the internal
program logic is functioning properly, and that program inputs produce valid outputs. All
decision branches and internal code flow should be validated. It is the testing of individual
software units of the application .it is done after the completion of an individual unit before
integration. This is a structural testing, that relies on knowledge of its construction and is
invasive. Unit tests perform basic tests at component level and test a specific business process,
application, and/or system configuration. Unit tests ensure that each unique path of a business
process performs accurately to the documented specifications and contains clearly defined inputs
and expected results.

2. Integration testing:Integration tests are designed to test integrated software components to

determine if they actually run as one program. Testing is event driven and is more concerned
with the basic outcome of screens or fields. Integration tests demonstrate that although the
components were individually satisfaction, as shown by successfully unit testing, the
combination of components is correct and consistent. Integration testing is specifically aimed at
exposing the problems that arise from the combination of components.

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 21

Mysore.
 ENHANCING CYBER SECURITY

3.Functional test:Functional tests provide systematic demonstrations that functions tested are
available as specified by the business and technical requirements, system documentation, and
user manuals.

Functional testing is centered on the following items:

1. Valid Input: Identified classes of valid input must be accepted.
2. Invalid Input: identified classes of invalid input must be rejected.
3. Functions: identified functions must be exercised.
4. Output: identified classes of application outputs must be exercised.
5. Systems/Procedures: interfacing systems or procedures must be invoked.

Organization and preparation of functional tests is focused on requirements, key

functions, or special test cases. In addition, systematic coverage pertaining to identify Business
process flows; data fields, predefined processes, and successive processes must be considered for
testing. Before functional testing is complete, additional tests are identified and the effective
value of current tests is determined.

4. System Test:System testing ensures that the entire integrated software system meets
requirements. It tests a configuration to ensure known and predictable results. An example of
system testing is the configuration oriented system integration test. System testing is based on
process descriptions and flows, emphasizing pre-driven process links and integration points.

5. White Box Testing:White Box Testing is a testing in which the software tester has knowledge
of the inner workings, structure and language of the software, or at least its purpose. It is
purpose. It is used to test areas that cannot be reached from a black box level.

6.Black Box Testing:Black Box Testing is testing the software without any knowledge of the
inner workings, structure or language of the module being tested. Black box tests, as most other
kinds of tests, must be written from a definitive source document, such as specification or
requirements document, such as specification or requirements document. It is a testing in which
the software under test is treated, as a black box you cannot “see” into it. The test provides inputs
and responds to outputs without considering how the software works.

7. Unit Testing:Unit testing is usually conducted as part of a combined code and unit test phase
of the software lifecycle, although it is not uncommon for coding and unit testing to be
conducted as two distinct phases.

8. Test strategy and approach:Field-testing will be performed manually and functional tests
will be written in detail.

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 22

Mysore.
 ENHANCING CYBER SECURITY

9.Test objectives:

1.All field entries must work properly.

2.Pages must be activated from the identified link.
3.The entry screen, messages and responses must not be delayed.

10. Features to be tested:

1.Verify that the entries are of the correct format

2.No duplicate entries should be allowed
3.All links should take the user to the correct page.

11. Integration Testing: Software integration testing is the incremental integration testing of
two or more integrated software components on a single platform to produce failures caused by
interface defects.

12. Acceptance Testing: User Acceptance Testing is a critical phase of any project and requires
significant participation by the end user. It also ensures that the system meets the functional
requirements.

13. Test Results: All the test cases mentioned above passed successfully. No defects
encountered.

Test Test Test case Test steps Test

case case description status
ID name Step I/p given Expected Actual o/p P/F
o/p

TC01 Login To verify Login Email id Login Login Pass

Admin &Pswd Successfully Successfully
clerk/user

Login To verify Non Email id Login Error un- Fail

Admin Registered &Pswd Successfully Registered
clerk/user login
are not
allowed

TC02 Add To enter user Add user User User added User added Pass
user details details

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 23

Mysore.
 ENHANCING CYBER SECURITY

Add To enter user Add user User User added User details Fail
user details details missing

TC03 View view the View View List of List of Pass

clerks complete clerks clerks entered entered
clerks clerks
Details Clerks
details

TC04 View View the View user View List of List of Pass
user complete user user entered user entered user

7.3 Methodology:
It’s a common practice to encrypt the data before it is been stored. Access control is
another added security upon the encrypted data to be strongly stored. At the start of the module
while company adding employee the employee data encrypted for security. The company articles
are shared among managers and its further shared to only company groups not outside. For more
secured data if employee fails to login more than thrice then the employee is blocked only the
company has the right to unblock the employee.
Attribute Based Encryption- ABE is finding its existence in cloud technology since it can
deliver data privacy with one-to-many, fine grained and non-interactive access control There
square measure already well-known existing security solutions in the main specialize in the
authentication to appreciate that a user’s privative information cannot be unauthorized accessed,
however neglect a refined privacy issue throughout a user difficult the cloud server to request
different users for information sharing.
7.3.1 RSA Algorithm
7.3.2 Three Time Account Blocking System

6.1.1 RSA Algorithm

RSA algorithm is asymmetric cryptography algorithm. Asymmetric actually means that it works on
two different keys i.e. Public Key and Private Key. As the name describes that the Public Key is
given to everyone and Private key is kept private.

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 24

Mysore.
 ENHANCING CYBER SECURITY

Fig 6.1: RSA Algorithm

7.3.2 Three Time Account Blocking System

A process that is blocked is one that is waiting for some event such as a resource being available
for the completion of an input output operation. In this it attempts for 3 times, if the input is given
wrong continuously it automatically blocks for the third time. If input is correct, then it accepts
the command and continues the process. In this system employee login with user name and
password in case if the employees fails to login then the employee is given three chances to login
if the employee takes more than thrice chances to login then the employee is blocked by the
company for the security purpose only the company has the right to view the blocked employee
details and only the employee has the right to unblock the employee.

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 25

Mysore.
 ENHANCING CYBER SECURITY

7.3 CODE

1. Admin login.java

import CyberSec_Package_Db.CyberSec_Db;

import java.io.IOException;

import java.io.PrintWriter;

import java.sql.PreparedStatement;

import java.sql.ResultSet;

import javax.servlet.ServletException;

import javax.servlet.annotation.WebServlet;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

@WebServlet(name = "AdminLogin", urlPatterns = {"/AdminLogin"})

public class AdminLogin extends HttpServlet {

Protected void processRequest(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException {

response.setContentType("text/html;charset=UTF-8");

try (PrintWriter out = response.getWriter()) {

CyberSec_Db db = new CyberSec_Db();

java.sql.Connection c = db.getConnection();

String aname = request.getParameter("aname");

String apassword = request.getParameter("apassword");

System.out.println(aname);

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 26

Mysore.
 ENHANCING CYBER SECURITY

System.out.println(apassword);

PreparedStatement ps = c.prepareStatement("SELECT * FROM admin where `aname` = '" +

aname + "' and `apassword` = '" + apassword + "' ");

ResultSet rs = ps.executeQuery();

if (rs.next()) {

response.sendRedirect("Admin/AdminHome.jsp");

} else {

out.print("<script>alert(\"Login Failed\");window.location.href=\"AdminLogin.jsp\";</script>");

}} catch (Exception e) {

e.printStackTrace();

}}

// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the

left to edit the code.">

protected void doGet(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException {

processRequest(request, response);

protected void doPost(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException {

processRequest(request, response);

public String getServletInfo() {

return "Short description";

}// </editor-fold>

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 27

Mysore.
 ENHANCING CYBER SECURITY

2. Officer login.java

import CyberSec_Package_Db.CyberSec_Db;

import java.io.IOException;

import java.io.PrintWriter;

import java.sql.PreparedStatement;

import java.sql.ResultSet;

import javax.servlet.ServletException;

import javax.servlet.annotation.WebServlet;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

@WebServlet(name = "OfficerLogin", urlPatterns = {"/OfficerLogin"})

public class OfficerLogin extends HttpServlet {

protected void processRequest(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException {

response.setContentType("text/html;charset=UTF-8");

try (PrintWriter out = response.getWriter()) {

CyberSec_Db db = new CyberSec_Db();

java.sql.Connection c = db.getConnection();

String oemail = request.getParameter("oemail");

String opassword = request.getParameter("opassword");

System.out.println(oemail);

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 28

Mysore.
 ENHANCING CYBER SECURITY

System.out.println(opassword);

PreparedStatement ps = c.prepareStatement("SELECT * FROM Officer where `oemail` = '" +

oemail + "' and `opassword` = '" + opassword + "' ");

ResultSet rs = ps.executeQuery();

if (rs.next()) {

response.sendRedirect("Officer/OfficerHome.jsp");

} else {

out.print("<script>alert(\"Login

Failed\");window.location.href=\"OfficerLogin.jsp\";</script>");

} catch (Exception e) {

e.printStackTrace();

} }

// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the

left to edit the code.">

protected void doGet(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException {

processRequest(request, response);

protected void doPost(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException {

processRequest(request, response);

public String getServletInfo() {

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 29

Mysore.
 ENHANCING CYBER SECURITY

return "Short description";

}// </editor-fold>

2. User login.java

import CyberSec_Package_Db.CyberSec_Db;

import java.io.IOException;

import java.io.PrintWriter;

import java.security.KeyPair;

import java.security.KeyPairGenerator;

import java.security.PrivateKey;

import java.security.PublicKey;

import java.sql.PreparedStatement;

import java.sql.ResultSet;

import java.util.HashMap;

import java.util.Map;

import javax.servlet.ServletException;

import javax.servlet.annotation.WebServlet;

import javax.servlet.http.HttpServlet;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import javax.servlet.http.HttpSession;

@WebServlet(name = "UserLogin", urlPatterns = {"/UserLogin"})

public class UserLogin extends HttpServlet {

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 30

Mysore.
 ENHANCING CYBER SECURITY

protected void processRequest(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException {

response.setContentType("text/html;charset=UTF-8");

try (PrintWriter out = response.getWriter()) {

CyberSec_Db db = new CyberSec_Db();

java.sql.Connection c = db.getConnection();

RSAAALGORITHM rsa = new RSAAALGORITHM();

HttpSession session = request.getSession();

String uemail = request.getParameter("uemail");

String upassword = request.getParameter("upassword");

System.out.println(uemail);

System.out.println(upassword);

int attempt = 0;

Map<String, Object> keys = getRSAKeys();

PrivateKey privateKey = (PrivateKey) keys.get("private");

PublicKey publicKey = (PublicKey) keys.get("public");

String encr_email = rsa.encrypt(uemail, privateKey.toString());

String encr_password = rsa.encrypt(upassword, privateKey.toString());

PreparedStatement ps = c.prepareStatement("SELECT * FROM user where `uemail` = '" +

encr_email + "' and `upassword` = '" + encr_password + "' and status = '1' ");

ResultSet rs = ps.executeQuery();

if (rs.next()) {

session.setAttribute("UID", rs.getString("pkid"));

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 31

Mysore.
 ENHANCING CYBER SECURITY

response.sendRedirect("User/UserHome.jsp");

} else {

// session.setAttribute("count", null);

System.out.println("Block Attempts Started!");

System.out.println(session.getAttribute("count") == null ||
session.getAttribute("count").toString().equals("null"));

// sess.getAttribute("count") == null ||
sess.getAttribute("count").toString().equals("null")

if (session.getAttribute("count") == null || session.getAttribute("count").toString().equals("null"))

{

System.out.println("1");

session.setAttribute("count", "1");

out.print("<script>alert(\"invalid details\");window.location.href=\"UserLogin.jsp\";</script>");

} else if (session.getAttribute("count").toString().equals("1")) {

System.out.println("2");

session.setAttribute("count", "2");

out.print("<script>alert(\"invalid details\");window.location.href=\"UserLogin.jsp\";</script>");

} else if (session.getAttribute("count").toString().equals("2")) {

System.out.println("3");

session.setAttribute("count", "3");

out.print("<script>alert(\"invalid details\");window.location.href=\"UserLogin.jsp\";</script>");

} else if (session.getAttribute("count").toString().equals("3")) {

System.out.println("Account Blocked!");

String str2 = "UPDATE `user` SET `status`='2' WHERE `uemail` = '" + encr_email + "'";

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 32

Mysore.
 ENHANCING CYBER SECURITY

PreparedStatement ps1 = c.prepareStatement(str2);

ps1.executeUpdate();

session.setAttribute("count", null);

out.print("<script>alert(\"Account
Blocked\");window.location.href=\"UserLogin.jsp\";</script>");

}}

} catch (Exception e) {

e.printStackTrace();

private static Map<String, Object> getRSAKeys() throws Exception {

KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA");

keyPairGenerator.initialize(2048);

KeyPair keyPair = keyPairGenerator.generateKeyPair();

PrivateKey privateKey = keyPair.getPrivate();

PublicKey publicKey = keyPair.getPublic();

Map<String, Object> keys = new HashMap<String, Object>();

keys.put("private", privateKey);

keys.put("public", publicKey);

return keys;

// <editor-fold defaultstate="collapsed" desc="HttpServlet methods. Click on the + sign on the

left to edit the code.">

protected void doGet(HttpServletRequest request, HttpServletResponse response)

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 33

Mysore.
 ENHANCING CYBER SECURITY

throws ServletException, IOException {

processRequest(request, response);

protected void doPost(HttpServletRequest request, HttpServletResponse response)

throws ServletException, IOException {

processRequest(request, response);

public String getServletInfo() {

return "Short description";

}// </editor-fold>

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 34

Mysore.
 ENHANCING CYBER SECURITY

7.4 SNAP SHOTS

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 35

Mysore.
 ENHANCING CYBER SECURITY

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 36

Mysore.
 ENHANCING CYBER SECURITY

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 37

Mysore.
 ENHANCING CYBER SECURITY

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 38

Mysore.
 ENHANCING CYBER SECURITY

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 39

Mysore.
 ENHANCING CYBER SECURITY

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 40

Mysore.
 ENHANCING CYBER SECURITY

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 41

Mysore.
 ENHANCING CYBER SECURITY

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 42

Mysore.
 ENHANCING CYBER SECURITY

CONCLUSION

The Magnitude of DDoS and therefore harm as escalated with the inclusion of various different
attack sources and therefore creating suitable environment for harming the security and
performance of the IoT technology. The influence of attack and its frequency can further worsen
the network performance and prevent the legitimate users of the network from accessing the
network services. This article stresses in the possible security technique and proposed a
prevention scheme that is favorable to be applied in IoT networks that are vulnerable to DDoS
attacks. Based on the basic structure and functions of existing IDS, we have sued results in the
proposed algo in a manner pertaining to time. Proposed prevention algo is a multiway adaptable
administratively and technically for various security needs and is also adjustable according to the
existing information simultaneously updatable blacklist table. Following this can lead to generate
recommendation for reaction module and thus approaching to assure the network performance,
security and survivability at the time of attack occurrence.

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 43

Mysore.
 ENHANCING CYBER SECURITY

FUTURE ENHANCEMENT

Nothing is perfect in this world. Therefore, we are also no exception. Although, we have tried ou
r best to present the information effectively, yet, there can be further enhancement in
the Application. We have taken care of all the critical aspects, which need to take care during the
development of the Project. Like the things, this project also has some limitations and can be
further enhanced. The current system is offline system, so this current system can be made online
and enhance the features by making an android app so that the customer can buy the product
online with ease.

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 44

Mysore.
 ENHANCING CYBER SECURITY

BIBLIOGRAPHY

[1] T. A. Ahanger and A. Aljumah, "Internet of Things: A Comprehensive Study of Security

Issues and Defense Mechanisms," in IEEE Access. doi: 10.1109/ACCESS.2018.2876939 URL:
http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnum ber=8519613&isnumber=6514899

[2] AhamadAhanger, Tariq. (2018). Defense Scheme to Protect IoT from Cyber Attacks using AI
Principles.International Journal of Computers Communications & Control. 13. 915-926.
10.15837/ijccc.2018.6.3356.

[3] K. Rose, S. Eldridge, and L. Chapin, “THE INTERNET OF THINGS: AN OVERVIEW,

Understanding the Issues and Challenges of a More Connected World,” 2015.

[4] R. H. Weber, “Internet of Things – New security and privacy challenges,” Comput. lawSecur.
Rev., vol. 26, pp. 23–30, 2010.

[5] IEEE, “Towards a definition of the Internet of Things (IoT),” 2015.

[6] L. Catarinucci et al., “An IoT-Aware Architecture for Smart Healthcare Systems,” IEEE,
2015.

[7] J. Zhou, Z. Cao, X. Dong, and A. V. Vasilakos, “Security and Privacy for Cloud-Based IoT:
Challenges,” IEEE Commun.Mag., vol. 55, no. 1, pp. 26–33, Jan. 2017.

[8] E. Oriwoh, H. M. al-Khateeb, and M. Conrad, “Responsibility and Non-repudiation in

resource-constrained Internet of Things scenarios,” in Conference: Conference: International
Conference on Computing and Technology Innovation, 2015.

Dept. of CSE, Govt CPC Polytechnic, 2021-2022 Page 45

Mysore.