Professional Documents
Culture Documents
REPORT2
REPORT2
A PROJECT REPORT
OF
SUBMITTED BY
GEETANJALI 71845915G
MAITHILI 71845752J
SHRUTI 71937410D
PRAGATI 71937419H
CERTIFICATE
Submitted by
GEETANJALI 71845915G
MAITHILI 71845752J
SHRUTI 71937410D
PRAGATI 71937419H
is a bona fide student of this institute and the work has been carried out by him/her under the
supervision of Prof. Vandana Chavan and it is approved for the partial fulfillment of the
requirement of Savitribai Phule Pune University, for the award of the degree of Bachelor of
Engineering (Computer Engineering).
Place: Pune
Date:17/06/2021
ACKNOWLEDGEMENT
With immense pleasure, we present the project report as part of the curriculum of the
B.E. Computer Engineering. We wish to thank and express deep sense of gratitude to
our guide Prof. Vandana Chavan for their consistent guidance, inspiration and
sympathetic attitude throughout the project work. Without their help, this project could
This project would not have been feasible without encouragement and guidance of our
guide. We are heavily indebted to them. They patiently discussed ideas with us and gave
indispensable suggestions.
D.Y.P.S.O.E. for always being ready to help with the most diverse problems that we
have encountered along the way. We express our sincere thanks to all our staff and
GEETANJALI 71845915G
MAITHILI 71845752J
SHRUTI 71937410D
PRAGATI 71937419H
ABSTRACT
Data-Security generally refers to the protective measures of securing data from unapproved
access and data corruption throughout the data lifecycle. It measures not only helps avoid
data breaches but also shields your organization against unnecessary financial costs, loss of
public trust and potential threats to brand reputation and future profits too. Nowadays, the
data is stored in the cloud. Thus, Cloud-Computing is the delivery of different services
throughout the internet. These resources include tools and applications like data storage,
servers, databases and networking. As long as an electronic device has access to the web, it
has access to the data and software programs to run it. Cloud storage technology develops
very fast, and cloud storage security technology is facing unprecedented Challenges.
However, cloud storage security is not just a technical issue [5]. Now, in the fifth generation
increase in the use of cloud computing, lead to the demand of CLOUD-SECURITY. Cloud-
security have security principles applied to protect the data, applications and infrastructure
associated within the cloud computing technology. Thus, we are developing an application to
secure the cloud. The evaluation system includes security scanning engine, security recovery
engine, security quantifiable evaluation model, visual display module and etc. The security
evaluation model composes of a set of evaluation elements corresponding different fields,
such as computing, storage, network, maintenance, application security and etc [4].
In order to effectively manage the networks for administrators within limited time and
energy, we are going to develop a hierarchical framework which detects the malicious attacks
and prevent our data from those attacks. Thus, in our application we are using two
algorithms, firstly IDS (Intrusion Detection System) to detect the attack, provide the
information of the hacker to the administrator and the second algorithm used is named as IPS
(Intrusion Prevention System) to prevent our data from the hacker. We are also going to
retrieve the data of the hacker by using support vector machine (SVM).
TABLE OF CONTENTS
LIST OF ABBREVATIONS i
LIST OF FIGURES ii
LIST OF TABLES iii
6.3.1 IDS 44
6.3.2 IPS 45
6.3.3 SVM 46
A1 Polynomial time 58
A2 NP Hard problem 59
B1 Paper ss 61
C1 Plagiarism 66
2.1 Literature 13
1.1 OVERVIEW
What is Data-Security?
Data-Security refers to the protective measures of securing data from unapproved access and data
corruption throughout the data lifecycle.
What is Cloud?
The cloud is made up of servers in data centers all over the world.
Moving to the cloud can save companies money and add convenience for users.
What is Cloud-Computing?
Cloud-Computing is the delivery of different services throughout the internet. These resources
include tools and applications like data storage , servers, databases and networking. As long as an
electronic device has access to the web, it has access to the data and software programs to run it
Now, in the fifth generation increase in the use of cloud computing, lead to the demand of
CLOUD-SECURITY.
What is CLOUD-SECURITY?
Cloud-security is security principles applied to protect data , applications and infrastructure
associated within the cloud computing technology.
1] We have seen that personal computer’s data and the cloud data are hacked due to less security
provided by the user.
2] This Data and the information is hacked or changed by the hacker , So we need to recover the
hacked data or the retrieved data.
3] So in the current system, we use IDS and IPS techniques for detecting and preventing the data
from the hacker.
Identify The Hacker Using IDS and Prevent the Hacker Using IPS to secure the cloud data:
1] In order to effectively manage the networks for administrators within limited time and energy,
we develop a hierarchical framework which detects the malicious attacks and prevent our data
from those attacks.
2] Thus, in our application we are using two algorithms, firstly IDS (Intrusion Detection System)
to detect the attack, provide the information of the hacker to the administrator and the second
algorithm used is named as IPS (Intrusion Prevention System) to prevent our data from the hacker.
3]We are also going to retrieve the data of the hacker by using support vector machine (SVM).
In the proposed system, we are aiming to provide the security to our data stored in the cloud
server, so that we can prevent our data from any malicious activity.
1] Goals = To create an application which detect and prevents our system from malicious
attacks.
Limitations:
1] If sometime user forgets the password, then the need faces some difficulty.
4] More maintenance.
2. An Effective High Threating Alarm Introduction of IPS and IDS discuss of the
Mining Method for Cloud Security various threats to prevent them [2].
Management
4 Design of a new Intrusion Detection In this paper a new Intrusion Detection System
System of WSNs of WSNs is designed, its detection work is based
on selective available information of every node in
the network [4].
6 Study on Data Security Policy Based The purpose of this paper is to achieve data
On Cloud Storage security of cloud storage and to formulate
corresponding cloud storage security policy.
Capturing and analyzing the abnormal behavior is one of the most critical issues in keeping a
network, data center or cloud under control. Firewall, Intrusion Detection System (IDS) and
Intrusion Prevention System (IPS) are regarded as the most important devices for security
management [1-4]. IDS and IPS are mainly used to detect whether there are ongoing attacks or not
by comparing the packet payload with some specific signatures [5]. Usually, one attack will
generate many packets and one packet will generate one alarm, thus there will be many alarms
corresponding to one attack. Also, the packets having strings with same signature will also
generate alarm. Thus, due to the running mechanism, equipment such as IPS will generate many
false alarms, which greatly reduce its usability for actual applications, it is very difficult for
administrators to utilize those massive alarms for security management policy design. How to
mine useful information from the massive IPS alarms is a challenging task. Furthermore, generally
there are thousands of alarms generated per second in a middle size network or cloud and it is very
difficult to decide which one should be processed first. To solve these problems, we develop a
hierarchical framework to perform high threat mining and ranking based on their processing
urgencies, in turn, reduce the operating difficulties for network administrators. Firstly, based on the
operation experience of network management we divide the alarms into two parts: first part
consists of some famous attacks. The attacks selected include the Denial-of-Service (DoS), SQL
injection, Buffer overflow, Login attempt and Apache structs. To rank those attacks with
processing urgencies, we develop a new alarm similarity calculation method based on clustering
which add all the similar alarms into one cluster, and the alarms are ranked according to the
clustering results. To perform efficiency clustering, we select the time stamp, Source IP address
and Destination IP address as the features for specific alarm. For different features we design
different methods to calculate their similarity. As each cluster contains many alarms, we select the
time stamp of the first alarm record found in the cluster as the start time of the corresponding
cluster. While that of the last alarm as the end time. We employ those two-time stamps to calculate
time similar degree. For IP similarity, the similar degree is defined as the number of 1 in the subnet
i) The system will provide access control over the functionality according to the hacker’s role, if
login attempt for the first attempt fails system will capture face and send it on user’s mail.
ii) User interface can provide user-friendly as well as secure environment for retrieving data of the
user.
Eclipse Luna:
Eclipse Luna is an open-source community whose project building tools and frameworks are used
for creating general purpose application. The most popular usage of Eclipse is as a Java
development environment. These projects are focused on building an open development platform
comprised of extensible frameworks, tools and runtimes for building, deploying and managing
software across the lifecycle. In Eclipse Luna Foundation member supported corporation hosts the
Eclipse projects and helps cultivate both an open-source community and an ecosystem of
complementary products and service.
i) The independent not-for-profit corporation was created to allow a vendor to open, transparent
community to be established around Eclipse. Today, the Eclipse community consists of
individuals and organizations from across section of the software industry.
ii) Eclipse Luna is an open-source community, whose projects are focused on building an open
development platform comprised of extensible frameworks, tools and runtimes for building,
deploying and managing software across the lifecycle. The Eclipse Luna Foundation is a not-for-
profit, member supported corporation that hosts the Eclipse projects and helps cultivate both an
open-source community and an ecosystem of complementary products and service.
i) What is not in doubt though is that it is currently one of the most widely used application
servers in the market. As a matter of fact, many of today’s applications and virtually all web
services can be built on top of Tomcat with a variety of add-ons and pluggable services readily
available in the market. It is no secret that many developers acknowledge that Tomcat is usually a
much better choice to build today’s deployment and development architectures than other servers.
ii) To put it simply, Tomcat provides the environment in which Java servlets are executed and web
page client requests are processed. Another main advantage of the product is the ease of installing
and configuring the application. Typically, this can be done in less than twenty (20) minutes. It is
also worth mentioning that deploying web applications to Tomcat is also very easy and simple.
Apache Tomcat is an open-source web server that is developed by the Apache software
foundation.
iii) It is designed to run all Java web applications completely produced and taken care by Apache
System. It offers HTTP protocol through users from anywhere can connect with the server by its
URL and access the Java application which is deployed in it. There is a built-in web container
called Catalina in the tomcat bin directory. It loads all HTTP related request and has the privilege
to instantiate the GET and POST method’s object.
iv) It basically makes our Java Web applications to run on host and server-based system and it is
configured on localhost port 8080. It generally runs JSP, Servlet etc. Hosting Tomcat on the
dedicated server isn’t better just because it offers superior customization and control – some of the
other advantages of private Tomcat are:
a) Availability: When you have your own instance of Tomcat, you don’t have to worry about other
applications hogging the servlet container and slowing it down. The only Java application that will
be running is your own.
b) Manager Access: You have full access to administrative and managerial functions, giving you
full control over individual applications.
d) Flexibility: Private Tomcat hosting gives you the freedom to choose whichever version of
Tomcat you want to host with so that you can guarantee the best possible hosting environment for
your Java application.
MYSQL Database
i) Java web application will require storing large amounts of metadata and keep data organized.
Therefore, there was a need to host a Java web application with MySQL. A few other benefits of
using MySQL as opposed to other database software for your Java hosting include:
ii) State-of-the-art security: MySQL’s reputation as the safest relational database currently in use
makes it ideal for e-commerce sites that handle frequent online transactions and other sensitive
data.
iii) High-quality performance: Built to handle the most demanding websites with the heaviest
traffic, it’s not bogged down by high usage. Even when it’s used by traffic-heavy sites like Twitter
and Facebook, MySQL maintains its lightning-fast performance speeds.
iv) More uptime: MySQL guarantees 100% uptime so that you never have to worry about surprise
software crashes.
v) Easy maintenance: Because it’s open-source, the software is constantly being upgraded and
debugged, which means less maintenance for you to worry about all you have to worry about your
Java site or web application.
vi) It’s used everywhere: MySQL’s popularity actually doubles as a benefit – because it’s an
industry standard, it’s compatible with almost any operating system you can think of. Following
are the basic steps that are needed to follow for setting up dedicated hosting Server:
High Speed:
The system should process the requested task in parallel for various activities to give
quick response then the system must wait for process completion.
Accuracy:
The system should correctly execute the process. Finally, the original pre-recorded data from labs
is first pre-processed and then analysis is performed for transaction of blockchain.
System should have the ability to exchange information and communicate with internal and
external applications and systems. It must be able exchange information both internally and
externally.
Response Time:
The response time of the system should be deterministic at all times and very low,
i.e., it should meet every deadline. Thus, the system will work in real time.
i) The data safety must be ensured by arranging for a secure and reliable transmission media. The
source and destination information must be entered correctly to avoid any misuse or
malfunctioning.
ii) The source and destination information must be entered correctly to avoid any misuse or
malfunctioning.
i) All the user details shall be accessible to only high authority persons.
ii) Access will be controlled with usernames and passwords.
iii) To evaluate the performance of complete setup, need to deploy resource monitoring and load
balancing tools on test bed and evaluate need of available resources.
Standard Processor, RAM of 512 will be required, Hard Drive of 20 GB will be needed , Webcam
of 640*480 Resolution.
1) Requirement Gathering: All the functional and non-functional requirements of the project were
identified. Interaction with the users and all other stakeholders of the project was conducted to
identify all the requirements starting from important features like maintaining audit trail, security
parameters etc. to the very basic features like the look and the feel of user interface.
– User interface
• Design: The first step was database design. A complete database required for the
implementation of this project was designed. The second step was project design. The
project was designed based on a framework. The framework uses
three layers:
– Business entities layer: It identifies all the entities used in the project.
– Business logic layer: This layer operates on the business entity to achieve the goals.
– Data access layer: This layer serves as an interface between backend and
the services.
• Construction: All modules and user interface was built in this step. Development was done
using Java. Database was constructed in MySQL.
• Integration and system testing: All the modules were integrated together. The user interface
was integrated with the modules which made the use web services. Data flow originated
from the database built in MySQL. In testing phase project was tested and debugged.
Various test cases were developed and the project was tested at the developers end as well
as users end. Debugging was done to discover errors and exception which were corrected.
• Installation and maintenance: Our system is installed on one dedicated machine and it is
accessible to admin and all authenticated users. Maintenance of our system is done on
regular basis. New requirements and features can be added as and when required as long as
they do not conflict with the existing
Features.
A system architecture is the conceptual model that defines the structure of our system. In our
system objects involved are the users, hacker, cloud service and the system. Firstly, the user is
going to save the data on the cloud. Now if the hacker attack the data stored in the cloud then our
system will detect the attack using IDS algorithm. Then it will capture the image of the hacker and
prevent the attack using IPS algorithm. If in any case, hacker changed the data then, we can
retrieve our data using SVM algorithm. In our system we are going to use 3 algorithm IDS, IPS
and SVM which are going to be explained in the further slides.
Where,
Output: System captures the hacker's face, retrieve the data and block the system.
Let us consider, H as hacker who can make login attempt on user's PC and change the data.
Where,
* Functions: Functions implemented to get the businessman original data and detect the hacker
face.
* Failure Condition:
1. Huge data can lead to more time consumption to get the information.
2. Hardware failure.
3. Software failure.
* Time Complexity: Check No. of patterns available in the database = n. If (n > 1) then
retrieving of information can be time consuming. So, the time complexity of this algorithm is
O(n^n)
A data flow diagram (DFD) is a graphical representation of the “flow” of data through an
information system, modeling its process aspects. It shows data is processed by a system in terms
of inputs and outputs.
The DFD shown in the figure depicts the overview of the proposed system. It shows the input
and the output of the system.
It expands the DFD 1 and shows the detailed flow in the proposed system. It shows the different
processes that take place to perform the authentication.
Sequence diagram is an interaction diagram that shows how processes operate with one another
and in what order. A sequence diagram shows object interactions arranged in time sequence. It
depicts the objects and classes involved in the scenario and the sequence of messages exchanged
between the objects needed to carry out the
functionality of the scenario.
Activity diagrams are graphical representations of work flows of stepwise activities and actions
with support for choice, iteration and concurrency. Activity diagrams are intended to model both
computational and organizational processes. Activity diagrams show the overall flow of control.
A component diagram depicts how components are wired together to form larger components and
or software systems. A component is something required to execute a
stereotype function.
Reconciliation is the process of matching transactions that have been recorded internally against
monthly statements from external sources
such as banks to see if there are differences in the records and to correct any discrepancies.
The document review method involves reviewing existing or documents to make sure that the
amount recorded is the amount that was actually spent.
1] Hardware Requirement=
2] Software Requirement=
3] Human Resources:
1. -Developer
2. -Tester
Monitor failure: monitor fails due to damage of display sensors responsible for displaying or
voltage problem.
Project team organization is one of the key constraints to project success. If the project has no
productive and well-organized team, there’s an increased probability that this project will be
failed at the very beginning because initially the team is unable to do the project in the right
manner. Without right organization of teamwork, people who form the team will fail with
performing a number of specific roles and carrying out a variety of group/individual
responsibilities. Hence, when you plan for a new project, first you must take care of the best
project team organization through team building activities.
- Programmatic based, in which project managers have authority only within the program focus
or area
A group of people turns into a team when every person of the group is capable of meeting the
following conditions:
Management reporting:
Refers to providing a high-level overview that offers the critical data the project generates
in a simple, easy-to-use format. Project reporting is essential to project management success
since it provides a window into what’s happening and what to do about it for the entire team.
Shows the project management team what’s working, so they can explain why it’s working and
focus more on it.
Uncovers what’s not working so the team can investigate and determine on an appropriate
course of action i.e., what to do about it.
Management communication:
Communications technology has a major impact on how you keep people in the loop. Methods
of communicating can take many forms, such as written reports, conversations, email, formal
status reports, meetings, online databases, online schedules, and project websites.
Audio conference: Like a conference call, but conducted online using software like Skype.
Computer-assisted conference: Audio conference with a connection between computers that can
display a document or spreadsheet that can be edited by both parties.
IM (instant messaging): Exchange of text or voice messages using pop-up windows on the
participants’ computer screens.
Texting: Exchange of text messages between mobile phones, pagers, or personal digital
assistants (PDAs)—devices that hold a calendar, a contact list, a task list, and other support
programs.
Where,
6.1.2 Model 2
Let us consider, H as hacker who can make login attempt on user's PC and change the data.
H = { U,CD,CD }
Where,
U = { H,CD,RD }
Where,
6.1.3 MODEL 3
Output : System captures the hacker's face, retrieve the data and block the system.
Steps:
Tools: -
Technologies: -
Ide: eclipse
Database: MySQL
Intrusion detection system (IDS) is a system that monitors and analyzes data to detect any intrusion
in the system or network. High volume, variety and high speed of data generated in the network
have made the data analysis process to detect attacks by traditional techniques very difficult.
Intrusion detection system for detecting an attempt to undermine the integrity of computer
resources, authenticity and availability of software behaviour, it can real-time monitoring system
activities, real-time discovery of aggressive behaviour and take appropriate measures to avoid or
minimize the occurrence of attacks generated by attack hazard[1].
The IDS has three methods for detecting attacks; Signature-based detection, Anomaly-based
detection, and Hybrid-based detection. An Intrusion Detection System (IDS) is a system that
monitors network traffic for suspicious activity and issues alerts when such activity is discovered.
It is a software application that scans a network or a system for harmful activity or policy
breaching. Any malicious venture or violation is normally reported either to an administrator or
collected centrally using a security information and event management (SIEM) system. A SIEM
Although intrusion detection systems monitor networks for potentially malicious activity, they are
also disposed to false alarms. Hence, organizations need to fine-tune their IDS products when they
first install them. It means properly setting up the intrusion detection systems to recognize what
normal traffic on the network looks like as compared to malicious activity.
Intrusion Prevention Systems are an important component of IT systems defense, and without this
technology our data and our networks are much more susceptible to malicious activities.Intrusion
Prevention Systems, a more advanced version of Intrusion Detection Systems, are now making
their mark on the IT industry reaching a new level of network security. An IPS (Intrusion
Prevention System) is any device (hardware or software) that has the ability to detect attacks, both
known and unknown, and prevent the attack from being successful. Basically an IPS is a firewall
There are many reasons why someone would want to use an IPS, among these are extra protection
from denial of service attacks and protection from many critical exposures found in software such
as Microsoft Windows. The capabilities of IPSs are already in use by large organizations and in the
near future we will more than likely see private home users utilizing a variation of IPS.IPS
typically record information related to observed events, notify security administrators of important
observed events and produce reports. Many IPS can also respond to a detected threat by attempting
to prevent it from succeeding. They use various response techniques, which involve the IPS
stopping the attack itself, changing the security environment or changing the attack’s content.
The objective of the support vector machine algorithm is to find a hyperplane in an N-dimensional
space (N — the number of features) that distinctly classifies the data points. An SVM model is
basically a representation of different classes in a hyperplane in multidimensional space. The hyper
plane will be generated in an iterative manner by SVM so that the error can be minimized. The
1.Support Vectors − Data Points that are closest to the hyperplane are called support vectors.
Separating line will be defined with the help of these data points.
2.Hyperplane − As we can see in the above diagram, it is a decision plane or space which is
divided between a set of objects having different classes.
3.Margin − It may be defined as the gap between two lines on the closest data points of different
classes. It can be calculated as the perpendicular distance from the line to the support vectors.
1] Unit Testing
=It focuses on the smallest unit of software design. In this, we test an individual unit or group of
interrelated units. It is often done by the programmer by using sample input and observing its
corresponding outputs.
Example:
c) Incorrect initialization.
2. Integration Testing
=The objective is to take unit tested components and build a program structure that has been
dictated by design. Integration testing is testing in which a group of components is combined to
produce output.
(i) Top-down
(ii) Bottom-up
(iii) Sandwich
(iv) Big-Bang
(a) Black Box testing: - It is used for validation. In this we ignore internal working mechanism
and focus on what is the output?
(b) White Box testing: - It is used for verification. In this we focus on internal mechanism i.e. How
the output is achieved?
3. Regression Testing
Every time a new module is added leads to changes in the program. This type of testing makes sure
that the whole component works properly even after adding components to the complete program.
Example
In school record suppose we have module staff, students and finance combining these modules and
checking if on integration these module works fine is regression testing.
4. Smoke Testing
This test is done to make sure that software under testing is ready or stable for further testing. It is
called a smoke test as the testing an initial pass is done to check if it did not catch the fire or smoke
in the initial switch on.
Example:
If project has 2 modules so before going to module make sure that module 1 works properly.
5. Alpha Testing
This is a type of validation testing. It is a type of acceptance testing which is done before the
product is released to customers. It is typically done by QA people.
Example:
6. Beta Testing
The beta test is conducted at one or more customer sites by the end-user of the software. This
version is released for a limited number of users for testing in a real-time environment .
Example:
7. System Testing
This software is tested such that it works fine for the different operating systems. It is covered
under the black box testing technique. In this, we just focus on the required input and output
without focusing on internal working. In this, we have security testing, recovery testing, stress
testing, and performance testing .
Example:
8. Stress Testing
In this, we give unfavorable conditions to the system and check how they perform in those
conditions.
Example:
(a) Test cases that require maximum memory or other resources are executed.
(b) Test cases that may cause thrashing in a virtual operating system.
It is designed to test the run-time performance of software within the context of an integrated
system. It is used to test the speed and effectiveness of the program. It is also called load testing. In
it we check, what is the performance of the system in the given load.
Example:
This testing is a combination of various testing techniques that help to verify and validate object-
oriented software. This testing is done in the following manner:
Software testing can be stated as the process of verifying and validating that a software or
application is bug free, meets the technical requirements as guided by it’s design and development
and meets the user requirements effectively and efficiently with handling all the exceptional and
boundary cases.The process of software testing aims not only at finding faults in the existing
software but also at finding measures to improve the software in terms of efficiency, accuracy and
usability. It mainly aims at measuring specification, functionality and performance of a software
program or application.
1. Verification:
It refers to the set of tasks that ensure that software correctly implements a specific function.
It refers to a different set of tasks that ensure that the software that has been built is traceable to
customer requirements.
1. Manual Testing:
Manual testing includes testing a software manually, i.e., without using any automated tool or any
script. In this type, the tester takes over the role of an end-user and tests the software to identify
any unexpected behavior or bug. There are different stages for manual testing such as unit testing,
integration testing, system testing, and user acceptance testing.Testers use test plans, test cases, or
test scenarios to test a software to ensure the completeness of testing. Manual testing also includes
exploratory testing, as testers explore the software to identify errors in it.
2. Automation Testing:
Automation testing, which is also known as Test Automation, is when the tester writes scripts and
uses another software to test the product. This process involves automation of a manual process.
Automation Testing is used to re-run the test scenarios that were performed manually, quickly, and
repeatedly.Apart from regression testing, automation testing is also used to test the application
from load, performance, and stress point of view. It increases the test coverage, improves accuracy,
and saves time and money in comparison to manual testing.
The technique of testing in which the tester doesn’t have access to the source code of the software
and is conducted at the software interface without concerning with the internal logical structure of
2. White-Box Testing:
The technique of testing in which the tester is aware of the internal workings of the product, have
access to it’s source code and is conducted by making sure that all internal operations are
performed according to the specifications is known as white box testing.
TEST CASE:
1)Capture Image
2)Retrive Data
3)Block System
Expected Outcome:
1)When Hacker trying to attempted for Login the system at first time then system will be capture
the image and send that image and warning notification to User.
2)When Hacker trying to attempted for Login the system at second time and Hacker will be
successfully Login the system and Hacker change our data or meeting schedule then User can
retrive the original data.
3)When Hacker trying to attempted for Login the system at third time then system will be block
automatically.
Actual Outcome:
1)Hacker are try to Login the system at first time then system is capture the image and send that
image and warning notification to admin.
2)Hacker trying to attemptes for login the system at second time and hacker are successfully login
the system and Hacker change our data or meeting schedule then User can retrive the original data.
3)Hacker trying to attemptes for login the system at third time then system automatically block.
8 RESULTS
8.1 OUTCOMES:
The outcome of our system is that we are identifying the malicious attack, capturing the face image
of the hacker, retrieving the data and preventing the system by blocking the malicious attack.
9.1 CONCLUSION:
In order to effectively manage the networks for administrators within limited time and energy, we
develop a hierarchical framework to secure the data of the user by detecting and preventing any
malicious attack. With the help of IDS and IPS our data is highly secure. We can also get image of
the person who is unauthorizedly accessing our data. If our data is hacked then we can also retrieve
it. We can also block the system if hacker is repeatedly trying to attempt the login. Thus, we find
that the accuracy of our proposed method is larger than 97%, the analysis results verify that our
proposed methods is more effective compare with other methods .
1] Malware targeting virtual machines: “Many breeds of malware today can detect if they are
running within virtual machines and make adjustments or shut down altogether in order to evade
detection, but only a few proof of concept viruses have actually attempted to break free into the
host machine,” explained Fred Touchette, senior security analyst at AppRiver. “We expect to see
more of these in the near future.”
2] ATM-like hardware hacks: “We've seen criminals physically walk in to stores and replace credit
card terminals with working replacements that had been modified to contain a 3G modem, which
transmitted payment details directly back to them,” said Lyne. “This high scale, intelligent
hardware hacking demonstrates that the threat is not just impacting the conventional PC.”
3] RAM scraping: “For years everyone has been locking down databases since they are the source
of information, but now hackers that can breach a server can get an application less than 1MB in
size on the server and capture all the data as it is written to RAM before it goes to a database,” said
9.3 APPLICATIONS
1]Small business : The reason being, many large companies have the infrastructure in place
to guard against cyber-attacks. Small businesses, however, either don’t have the proper
resources to thwart an attack or they don’t take cybersecurity as seriously as they should.
2]Healthcare : The healthcare industry is another prime target for ransomware attacks
because of the sheer amount of patient data stored by healthcare entities. Health information
is some of the most valuable data on the dark web because it can be used to commit insurance
fraud.
3]Higher Education : When you think of potential targets for hackers, colleges and
universities probably aren’t the first to come to mind, however, the higher education industry
is another mecca of personal data. From social security numbers, addresses and passwords to
loan and bank information, it’s no wonder attacks on colleges and universities are becoming
more prevalent.
4]Energy : Last, but by no means least, is the energy sector. Here, things like the electric
power grid and power generation facilities are controlled by technology and communication
systems that could be disrupted, hacked or taken over during a cyber-attack to put our
economy in serious danger.
NP-Hard problem:
• What is P?
deterministic.
time.
What is NP? ”NP” means ”we can solve it in polynomial time if we can break the normal rules of
step-by-step computing”.
What is NP Hard?
A problem is NP-hard if an algorithm for solving it can be translated into one for solving any NP-
problem (nondeterministic polynomial time) problem. NP-hard therefore means ”at least as hard
as any NP-problem,” although it might, in fact, be harder. NP Hard:
In this study, we focus on the security issue and deal with fake passwords or accounts as a
simple and cost effective solution to detect compromise of passwords. Honeypot is one of the
methods to identify occurrence of a password database breach. In this approach, the administrator
purposely creates deceit user accounts to lure adversaries and detects a password disclosure, if any
one of the honeypot passwords get What
Is NP-Complete?
• Since this amazing ”N” computer can also do anything a normal computer can, we know
that ”P” problems are also in ”NP”.
• So, the easy problems are in” P” (and” NP”), but the really hard ones are *only* in” NP”,
and they are called” NP-complete”.
• It is like saying there are things that People can do (” P”), there are things that Super
People can do (” SP”), and there are things *only* Super People can do (” Complete”).
NP Complete:
We have study carefully the security of the honeyword system and introduce a number of
defect that need to be fitted with before successful realization of the scheme. In this respect, we
have pointed out that the strong point of the honeyword system directly depends on the
generation algorithm Finally, we have presented a new approach to make the generation
algorithm as close as to human nature by generating honeywords with randomly picking
passwords that belong to other users in the system. We present a standard approach to securing
personal and business data in the system.
[2] Rittinghouse, John W., and James F. Ransome. Cloud computing: implementation,
management, and security. CRC press, 2016.
[3] Ahmed, Monjur, and Mohammad Ashraf Hossain. "Cloud computing and security issues in the
cloud." International Journal of Network Security & Its Applications 6.1 (2014): 25.
[4] Carlin, Sean, and Kevin Curran. "Cloud computing security." (2011)
[9] Lee, Texas, Deng Xiaohui. Network virus against the status quo and Countermeasure
technology. Network Security Technology Operation and applications, 2001,8 (2) :96-100
[10] Wu occasion, Huang Chuan-he, WANG Li-Na and so on. Based on data mining intrusion
detection system. Computer and Applications, 2003,10 (4) :48-54