Internet grows rapidly since it was created. Via the Internet infrastructure, hosts can not only share their information, but also complete tasks cooperatively by contributing their computing resources. Moreover, an end host can easily join the network and communicate with any other host by exchanging packets. These are encouraging features of the Internet, openness and scalability. However, attackers can also take these advantages to prevent legitimate users of a service from using that service by flooding messages to the corresponding server, which forms a Denial of Service (DoS) attack.
There are several types of such attacks. An attacker can possibly launch aDoSattack by studying the flaws of network protocols or applications and then sending malformed packets which might cause the corresponding protocols or applications getting into a faulty state. An example of such attacks is Teardrop attack, which is sending incorrect IP fragments to the target. The target machine may crash if it does not implement TCP/IP fragmentation reassembly code properly. This kind of attacks can be prevented by fixing the corresponding bugs in the protocols or applications.
However, the attacker does not always have to do its best to study the service if it wants to make it unavailable. It can just flood packets to keep the server busy with processing packets or cause congestion in the victim's network, so that the server might not have the ability to handle the packets from legitimate hosts or even cannot receive packets from them. In order to deplete the victim's key resources (such as bandwidth and CPU time), the attacker has to aggregate a big volume of malicious traffic. Most of the time, the attacker collects many (could be millions) of zombie machines or bots to flood packets simultaneously, which forms a Distributed Denial of Service(DDoS) attack.
Most of the methods that protect systems from DoS and DDoS attacks focus on mitigating malicious bandwidth consumption caused by packets flooding, as that is the most simple and common method adopted by attackers. Those methods may mitigate DDoS attacks reactively by identifying the malicious traffic and informing the upstream routers to filter or rate-limit the corresponding traffic.
When considering network-based applications, a particularly weak point in this context is that they commonly provide some open port(s) for communication, making themselves targets for DoS attacks. Adversaries that have the ability of eavesdropping messages exchanged by the application can identify open ports and launch directed attacks to those ports-as opposed to blind attacks that can be launched to arbitrary ports, even by noneavesdropping adversaries. This problem was also posed earlier in the literature and a simple and useful approach was proposed, namely, port-hopping.
with the synchronization issue in mind, our goals in this work are to support port-hopping 1) in the presence of timing uncertainty, i.e., clock-rate drifts, implying that clock values can vary arbitrarily much with time; and 2) in multiparty communication. in order to deal with hopping in the presence of clock-rate drifts, we propose the hopping-period-alignand- adjust algorithm, or hoperaa for brevity, which is an adaptive algorithm, executed by each client to adjust its hopping period length and align its hopping time with the server. to enable multiparty communication with porthopping, we propose the bigwheel algorithm for a server to support hopping with many clients, without the server needing to keep state for each client individually.
Aims
The aim of project is to mitigating distributed denial of service attacks using BigWheel and HOPERAA algorithm.
DOS Attacks
A Denial of Service(DoS) attack is an attempt by the attacker to prevent the legitimate users of a service from using that service.
One of the main methods that the attacker will use is depleting the computational resources, such as bandwidth, disk space, or CPU time. The situation is even worse with distributed denial of service(DDoS)attacks, where multiple compromised machines or zombie agents flood messages or requests of a specific service to the corresponding server in order to make the service unavailable.
DOS ATTACKS MODEL
CHAPTER 2
Literature SurveY
Literature Surve1:
A Denial-of-Service-Resistant IP Traceback Approach
Distributed Denial-of- Service (DDoS) attack is among the hardest research topics in the Internet security area, due to the stateless nature of IP networks and to the confusing and dffising effect of DDoS attacks. In this paper, we select ten essential factors to analyze a newly-designed Dos-resistant ICMP messaging scheme and demonstrate its feasibility, effectiveness, security, and iminunity to Denial-ofiservice (DOS) attacks.
A Denial-of-Service (DOS) attack is designed to render a computer or network incapable of providing normal service to legitimate users. DDoS (Distributed DOS) attacks employ many computers to launch a coordinated DOS attack, which produces and sends attack packets from hundreds of different networks or IP addresses rather than just one. IP traceback is a technique attempting to identify the origin of a specific IP packet.
However, most of them and our approach are actually designed for DOS attacks and are only feasible to trace DOS attacks because we assume that the victim or attack tracer should receive a large number of packets from attack sources when it's under siege.Even though each approach has solved some essential IP traceback difficulties, sometimes they also introduce new problems.
For instance, the route reference approach does not require ISPs to participate in the traceback process, but in fact, originates a new DOS attack on its own network. Theoretically, the SPIE can achieve the ultimate goal of the IP traceback - the single-packet IP Traceback - and reduce the storage requirement significantly, but the overhead is still considerable, particularly for routers in the core of the Internet.
Therefore, we consider the following requirements for our IP traceback scheme:
1. Incremental deployment. Due to the cost and time required for upgrading network equipment, it is not practical to assume that most equipment can be updated with new hardware or software promptly. Therefore, incremental deployment is essential to all pragmatic new designs.
2. Workload equilibrium. Some network equipment, particular those devices at the core of the Internet, is time-sensitive and incapable of performing additional functionalities; hence, new designs should draw on edges routers rather than core routers.
3. Security. One of the most common problems of all proposed mechanisms is the mark or message authentication; but only one method explicitly consider cryptographic algorithms to verify the marks or information, since those algorithms are relatively expensive.
4. Robustness. Savage et al.'s PPM seems to be the most elegant IP traceback scheme because routers continue to be stateless and the sizes of the marked packets remain unchanged. However, due to very limited available space in the IP packet header, the PPM breaks information into pieces, but that causes - very high rate of false positives for path reconstruct.
5. Bandwidth overhead. For most methods, a cri' 1' issue is whether or not extra traffic load consume: significant bandwidth. However, without sufficient space for adding information to IP packet headers, producing extra messages seems inevitable, but the number of additional messages for IP traceback should be restricted.
6. Computational overhead. Except for the authenticating process, the most significant computational overhead is the attack path construction process, which needs to gather and assemble scattered information in considerable numbers of packets or messages received by the victim or trace agents.
7. Storage overhead. Besides the SPIE storing information at forwarding routers, the PPM and the iTrace also consume a lot of memory space at the victim or trace agents, which collect and store information for later path reconstruction.
8. Dos-resistance. Ironically, although IP traceback mechanisms are designed to defend against (identify the sources of) DoS/DDoS attacks, most of them suffer from DoS/DDoS attacks as well because they do not prevent information from tampering with and they need to consume resources, such as network bandwidth, computation power, and memory space, even when no attack is involved.
In this paper, analyze a new ICMP message - the ICMP Caddie messages scheme - which provides a simple and straightforward solution for IP Traceback. While the proposed scheme still needs some router modifications, the potential overhead on routers has been minimized. For example, our approach has very low network bandwidth and router storage overhead and supports incremental deployment. Compared to other methods, the Caddie messages scheme has higher precision and lower computation overhead. Particularly, it balances the workload in the network. Furthermore, the scheme cannot be the target of a DOS attack.
Literature Surve2:
Network Support for IP Traceback
It describes a technique for tracing anonymous packet flooding attacks in the Internet back toward their source. This work is motivated by the increased frequency and sophistication of denial-of-service attacks and by the difficulty in tracing packets with incorrect, or "spoofed," source addresses. In this paper, we describe a general purpose traceback mechanism based on probabilistic packet marking in the network.
Our approach allows a victim to identify the network path(s) traversed by attack traffic without requiring interactive operational support from Internet Service Providers (ISPs). Moreover, this traceback can be performed "post mortem"-after an attack has completed. We present an implementation of this technology that is incrementally deployable, (mostly) backward compatible, and can be efficiently implemented using conventional technology.
Denial of service attacks consume the resources of a remote host or network, thereby denying or degrading service to legitimate users. Such attacks are among the hardest security problems to address because they are simple to implement, difficult to prevent, and very difficult to trace. In the last several years, Internet denial-of-service attacks have increased in frequency, severity, and sophistication. Howard reports that between the years of 1989 and 1995, the number of such attacks reported to the Computer Emergency Response Team (CERT) increased by 50% per year.
More recently, a 1999 CSI/FBI survey reports that 32% of respondents detected denial-of-service attacks directed against their sites.Even more worrying, recent reports indicate that attackers have developed tools to coordinate distributed attacks from many separate sites.
A perfect solution to this problem is complicated by the potential use of indirection to "launder" the true causal origin of an attack. For example, an attack may consist of packets sent from many different slave machines, themselves under the control of a remote master machine.
In this paper, we present a new approach to the traceback problem that addresses the needs of both victims and network operators. Our solution is to probabilistically mark packets with partial path information as they arrive at routers. This approach exploits the observation that attacks generally comprise large numbers of packets. While each marked packet represents only a "sample" of the path it has traversed, by combining a modest number of such packets a victim can reconstruct the entire path. This allows victims to locate the approximate source of attack traffic without requiring the assistance of outside network operators. Moreover, this determination can be made even after an attack has completed. Both facets of our solution represent substantial improvements over existing capabilities for dealing with flooding-style denial-of-service attacks.
we have argued that denial-of-service attacks motivate the development of improved traceback capabilities and we have explored traceback algorithms based on packet marking in the network. We have shown that this class of algorithm, best embodied in edge sampling, can enable efficient and robust multiparty traceback that can be incrementally deployed and efficiently implemented. As well, we have developed variant algorithms that sacrifice convergence time and robustness for reduced per-packet space requirements. Finally, we have suggested one potential deployment strategy using such an algorithm based on overloading existing IP header fields and we have demonstrated that this implementation is capable of fully tracing an attack after having received only a few thousand packets. We believe our solution represents a valuable first step toward an automated network-wide traceback facility. Several areas remain to be addressed in future work, such as improving robustness under distributed attacks and tracing past points of indirection such as reflectors.
Literature Surve3:
Optimal Frequency Hopping Sequences: A Combinatorial Approach
Frequency hopping multiple access (FHMA) spreadspectrum communication systems employing multiple frequencyshift keying (MFSK) as data modulation technique are investigated from a combinatorial approach. A correspondence between optimal frequency hopping (FH) sequences and partition-type difference packings is first established. By virtue of this correspondence, FHMA systems with a single optimal FH sequence each are constructed from various combinatorial structures such as affine geometries, cyclic designs, and difference families.
In this paper, we are concerned with frequency hopping multiple access (FHMA) spread-spectrum communication systems, employing multiple frequency-shift keying (MFSK) as data modulation technique. Detailed description for such a system can be found.Let be a set of frequencies called a frequency library and , where , be a sequence of frequencies called a frequency hopping (FH) sequence of length over . In an FHMA system, each sender transmits a message along with switching frequencies in every time slot according to an FH sequence provided to him. In practice, the switching occurs very frequently, say, 1600 times per second in "Bluetooth" wireless technology (for detailed technical information about Bluetooth,. FH sequences are used iteratively, i.e., they appear as . The corresponding receiver then dehops the received signals using the same hopping pattern
Combinatorial recursive constructions are also presented. Many new infinite series of optimal FH sequences are thus obtained. These new FH sequences are also useful in ultra wideband (UWB) communication systems.In this paper, we investigate FHMA systems with a single FH sequence each from the standpoint of combinatorial designs. A correspondence between FH sequences and combinatorial structures called partition-type difference packings is established. This correspondence reveals that in order to construct optimal FH sequences,need only construct their corresponding difference packings.It is shown that a geometrical construction can produce optimal FH sequences with the same parameters.
Then devoted to direct algebraic constructions, by which many new optimal FH sequences are produced. These new optimal FH sequences can be used as ingredients in our combinatorial recursive constructions presented. Many new infinite series of optimal FH sequences are thus obtained due to this completely new approach.
In this paper, investigated frequency hopping multiple access (FHMA) systems with a single optimal frequency hopping (FH) sequence each from a combinatorial design-theoretic point of view.Here,established a connection between FH sequences and partition-type difference packings. This connection allowed us to obtain optimal FH sequences by constructing their corresponding difference packings of partition type. various combinatorial structures such as affine geometries , cyclic Steiner -designs, cyclically resolvable Steiner -designs , and difference packings and families were utilized to construct optimal FH sequences.
Literature Surve4:
Perimeter-Based Defense against High Bandwidth DDoS Attacks
Distributed denial of service (DDoS) is a major threat to the availability of Internet services. The anonymity allowed by IP networking, together with the distributed, large scale nature of the Internet, makes DDoS attacks stealthy and difficult to counter. To make the problem worse, attack traffic is often indistinguishable from normal traffic. As various attack tools become widely available and require minimum knowledge to operate, automated anti-DDoS systems become increasingly important. Many current solutions are either excessively expensive or require universal deployment across many administrative domains.
This paper proposes two perimeter-based defense mechanisms for Internet service providers (ISPs) to provide the anti-DDoS service to their customers. These mechanisms rely completely on the edge routers to cooperatively identify the flooding sources and establish rate-limit filters to block the attack traffic. The system does not require any support from routers outside or inside of the ISP, which not only makes it locally deployable, but also avoids the stress on the ISP core routers. We also study a new problem of perimeter-based IP traceback and provide three solutions. We demonstrate analytically and by simulations that the proposed defense mechanisms react quickly in blocking attack traffic while achieving high survival ratio for legitimate traffic. Even when 40 percent of all customer networks attack, the survival ratio for traffic from the other customer networks is still close to 100 percent.
This paper proposes a class of perimeter-based defense mechanisms, which allows Internet service providers (ISP) to provide an anti-DDoS service to its customers. The edge routers of an ISP form a perimeter separating the customer networks from the rest of the Internet.Our first, contribution is to study how to turn the ISP perimeter into a defense barrier against DDoS attacks. Depending on how the edge routers communicate with each other,
Present two defense mechanisms, DPM (defense perimeter based on multicast) and DPIT (defense perimeter based on IP traceback). Our second contribution is to design an IP traceback scheme that is deployed only along a perimeter to suit the perimeter-based defense solutions. This traceback scheme is more practical as it can be locally deployed; it is also more efficient than the existing ones as it specializes to the task of identifying the entry points instead of the paths of an DDoS attack. Our third contribution is to provide an evaluation framework to study the perimeter-based defense analytically and by simulations. Several performance metrics are proposed and studied.
The edge routers form a natural boundary between the ISP network and the rest of the Internet. This boundary, called the ISP perimeter, can be turned into a defense barrier against network intrusions. We proposed two perimeterbased defense mechanisms, DPM and DPIT, which mitigate DDoS attacks by blocking the flooding sources while allowing most legitimate traffic to reach the destination. To the best of our knowledge, this is also the first work that studied perimeter-based IP traceback and proposed three solutions. Our analysis and simulations demonstrated that DPM and DPIT selectively block out the attack traffic and quickly converge to the desirable rate. We also discussed how neighboring ISPs can cooperate to improve the performance.
Literature Surve5:
GONE: an Infrastructure Overlay for Resilient, DoS-Limiting Networking
With today's penetration in volume and variety of information flowing across the Internet, data and services are experiencing various issues with the TCP/IP infrastructure, most notably availability, reliability and mobility. Therefore, a critical infrastructure is highly desireable, in particular for multimedia streaming applications. So far the proposed approaches have focused on applying application-layer routing and path monitoring for reliability and on enforcing stateful packet filters in hosts or network to protect against Denial of Service (DoS) attacks. Each of them solves its own aspect of the problem, trading scalability for availability and reliability among a relatively small set of nodes, yet there is no single overall solution available which addresses these issues in a large scale.
We propose an alternative overlay network architecture by introducing a set of generic functions in network edges and end hosts. We conjecture that the network edge constitutes a major source of DoS, resilience and mobility issues to the network, and propose a new solution to this problem, namely the General Internet Signaling Transport (GIST) Overlay Networking Extension, or GONE. The basic idea of GONE is to create a half-permanent overlay mesh consisting of GONE-enabled edge routers, which employs capability-based DoS prevention and forwards endto- end user traffic using the GIST messaging associations.
GONE's use of GIST on top of SCTP allows multi-homing, multi-streaming and partial reliability, while only a limited overhead for maintaining the messaging association is introduced. In addition, upon the services provided by GONE overlays, hosts are identified by their unique host identities independent of their topologies location, and simply require (de-)multiplexing instead of the traditional connection management and other complex functionality in the transport layer.
As a result, this approach offers a number of advantages for upper layer end-to-end applications, including intrinsic provisioning of resilience and DoS prevention in a dynamic and nomadic environment. In this paper, we presented GONE, an overlay architecture intended to be self-organized, scalable, DoS-limiting and robust wide-area infrastructure that efficiently routes traffic in the presence of path faults and node mobility. We showed how a GONE overlay network can be efficiently constructed and employ capability-based DoS prevention to enhance resilience and availability in dynamic and mobile environments. provide self-management, robustness, dynamic routing detection and recovery in the presence of failures and high load by lower layer functions.
Moreover, GONE provides a plausible solution for customizing the network edge, where most fancy functions such as peer-to-peer, VoIP or NAT traversal are located. This paper presents such a use for dynamic overlay routing that need to deliver messages across ISP networks in a location independent manner, using usually pre-established messaging associations and without centralized services. GONE does this, in part, by using HIP host identifiers, capability concepts, as well as soft state and reuse of standard common signaling component in the network edge to achieve both mobility and enhanced service availability and network resilience.
CHAPTER 3
SYSTEM ANALYSIS
3.1 Existing System:
In Existing System,analyze a new ICMP message - the ICMP Caddie messages scheme - which provides a simple and straightforward solution for IP Traceback. While the proposed scheme still needs some router modifications, the potential overhead on routers has been minimized. For example, our approach has very low network bandwidth and router storage overhead and supports incremental deployment.
It have argued that denial-of-service attacks motivate the development of improved traceback capabilities and we have explored traceback algorithms based on packet marking in the network. We have shown that this class of algorithm, best embodied in edge sampling, can enable efficient and robust multiparty traceback that can be incrementally deployed and efficiently implemented. As well, we have developed variant algorithms that sacrifice convergence time and robustness for reduced per-packet space requirements.
Finally,have suggested one potential deployment strategy using such an algorithm based on overloading existing IP header fields and we have demonstrated that this implementation is capable of fully tracing an attack after having received only a few thousand packets. We believe our solution represents a valuable first step toward an automated network-wide traceback facility.
The edge routers form a natural boundary between the ISP network and the rest of the Internet. This boundary, called the ISP perimeter, can be turned into a defense barrier against network intrusions. Then proposed two perimeter based defense mechanisms, DPM and DPIT, which mitigate DDoS attacks by blocking the flooding sources while allowing most legitimate traffic to reach the destination.
Presented GONE, an overlay architecture intended to be self-organized, scalable, DoS-limiting and robust wide-area infrastructure that efficiently routes traffic in the presence of path faults and node mobility. We showed how a GONE overlay network can be efficiently constructed and employ capability-based DoS prevention to enhance resilience and availability in dynamic and mobile environments.
GONE provides a plausible solution for customizing the network edge, where most fancy functions such as peer-to-peer, VoIP or NAT traversal are located. This paper presents such a use for dynamic overlay routing that need to deliver messages across ISP networks in a location independent manner, using usually pre-established messaging associations and without centralized services. GONE does this, in part, by using HIP host identifiers, capability concepts, as well as soft state and reuse of standard common signaling component in the network edge to achieve both mobility and enhanced service availability and network resilience.
Drawbacks:
It is only implemented for single client server.so,can not communicate with multiple client.
Adversary may hack the data.
3.2 PROPOSED SYSTEM:
In proposed system, port number dynamically change while transferring a data. Here HOPERAA algorithm is used fro single client server communication. The whole port hopping mechanism consists of some parts: the contact-initiation part,the data transmission part.In the first phase, a time interval is selected initially.After that the server initiates the contact with its clients by sending initiation message.
The options for the adversary to launch a directed attack to the application's ports after eavesdropping is minimal, since the port hopping period of the protocol is fixed. Another main conclusion is that the adaptive method can work under timing uncertainty and specifically fixed clock driftsAn interesting issue to investigate further is to address variable clock drifts and variable hopping frequencies as well.
The clients involved in this communication must be within the time-interval.The server divides the range of port numbers into k intervals.Next is the Data transmission phase in which Client sends data messages to the worker ports of Server.After receive the data from client server send reply message to the client.This will be implemented for multiple client single server communication by using bigwheel algorithm.
Advantages
Enables multiparty communications
Uses port-hopping with time property
Server does not need to keep state for each client individually
No need for group synchronization
CHAPTER 4
System requirements specification
4.1 Software Requirements
• Operating System : Windows XP
• Language : Core Java
• Version : JDK 1.5
• IDE : Net beans 6.2
• Database : My-Sql
4.2 Hardware Requirements
• Processor : PENTIUM IV
• Clock speed : 2.7 Ghz
• Ram capacity : 1 GB
• Hard disk drive : 200 GB
CHAPTER 5
System Design Specification
Port-Hopping & HOPERAA Algorithm
Encrypt Data
Data Transfer
Contact Initiation
Client-Server Connection
Client-Server Initiation
Decrypt Data
BIGWHEEL Algorithm
Multi client Connection5.1 system architecture MODEL
Port-Hopping & HOPERAA Algorithm
Encrypt Data
5.2 SOFTWARE DESCRIPTION
5.2.1Java
Java is a programming language originally developed by James Gosling at Sun Microsystems (now a subsidiary of Oracle Corporation) and released in 1995 as a core component of Sun Microsystems' Java platform. The language derives much of its syntax from C and C++ but has a simpler object model and fewer low-level facilities. Java applications are typically compiled to bytecode (class file) that can run on any Java Virtual Machine (JVM) regardless of computer architecture. Java is a general-purpose, concurrent, class-based, object-oriented language that is specifically designed to have as few implementation dependencies as possible. It is intended to let application developers "write once, run anywhere." Java is currently one of the most popular programming languages in use, particularly for client-server web applications.
The original and reference implementation Java compilers, virtual machines, and class libraries were developed by Sun from 1995. As of May 2007, in compliance with the specifications of the Java Community Process, Sun relicensed most of its Java technologies under the GNU General Public License. Others have also developed alternative implementations of these Sun technologies, such as the GNU Compiler for Java and GNU Classpath.
5.2.2Java Platform:
One characteristic of Java is portability, which means that computer programs written in the Java language must run similarly on any hardware/operating-system platform. This is achieved by compiling the Java language code to an intermediate representation called Java bytecode, instead of directly to platform-specific machine code. Java bytecode instructions are analogous to machine code, but are intended to be interpreted by a virtual machine (VM) written specifically for the host hardware. End-users commonly use a Java Runtime Environment (JRE) installed on their own machine for standalone Java applications, or in a Web browser for Java applets.
Standardized libraries provide a generic way to access host-specific features such as graphics, threading, and networking.
A major benefit of using bytecode is porting. However, the overhead of interpretation means that interpreted programs almost always run more slowly than programs compiled to native executables would. Just-in-Time compilers were introduced from an early stage that compile bytecodes to machine code during runtime.
Just as application servers such as GlassFish provide lifecycle services to web applications, the NetBeans runtime container provides them to Swing applications. Application servers understand how to compose web modules, EJB modules, and so on, into a single web application, just as the NetBeans runtime container understands how to compose NetBeans modules into a single Swing application.
Modularity offers a solution to "JAR hell" by letting developers organize their code into strictly separated and versioned modules. Only those that have explicitly declared dependencies on each other are able to use code from each other's exposed packages. This strict organization is of particular relevance to large applications developed by engineers in distributed environments, during the development as well as the maintenance of their shared codebase.
End users of the application benefit too because they are able to install modules into their running applications, since modularity makes them pluggable. In short, the NetBeans runtime container is an execution environment that understands what a module is, handles its lifecycle, and enables it to interact with other modules in the same application.
Registration of various objects, files and hints into layer is pretty central to the way NetBeans based applications handle communication between modules. This page summarizes the list of such extension points defined by modules with API.
Context menu actions are read from the layer folder Loaders/text/x-ant+xml/Actions.
Keymaps folder contains subfolders for individual keymaps (Emacs, JBuilder, NetBeans). The name of keymap can be localized. Use "SystemFileSystem.localizingBundle" attribute of your folder for this purpose. Individual keymap folder contains shadows to actions. Shortcut is mapped to the name of file. Emacs shortcut format is used, multikeys are separated by space chars ("C-X P" means Ctrl+X followed by P). "currentKeymap" property of "Keymaps" folder contains original (not localized) name of current keymap.
This folder contains registration of shortcuts. Its supported for backward compatibility purpose only. All new shortcuts should be registerred in "Keymaps/NetBeans" folder. Shortcuts installed ins Shortcuts folder will be added to all keymaps, if there is no conflict. It means that if the same shortcut is mapped to different actions in Shortcut folder and current keymap folder (like Keymap/NetBeans), the Shortcuts folder mapping will be ignored.
* DatabaseExplorerLayerAPI in Database Explorer
* Loaders-text-dbschema-Actions in Database Explorer
* Loaders-text-sql-Actions in Database Explorer
* PluginRegistration in Java EE Server Registry
XML layer contract for registration of server plugins and instances that implement optional capabilities of server plugins. Plugins with server-specific deployment decriptor files should declare the full list in XML layer as specified in the document plugin-layer-file.html from the above link.
"Projects/org-netbeans-modules-java-j2seproject/Customizer" folder's content is used to construct the project's customizer. It's content is expected to be ProjectCustomizer.CompositeCategoryProvider instances. The lookup passed to the panels contains an instance of Project and org.netbeans.modules.java.j2seproject.ui.customizer.J2SEProjectProperties Please note that the latter is not part of any public APIs and you need implementation dependency to make use of it.
"Projects/org-netbeans-modules-java-j2seproject/Nodes" folder's content is used to construct the project's child nodes. It's content is expected to be NodeFactory instances.
"Projects/org-netbeans-modules-java-j2seproject/Lookup" folder's content is used to construct the project's additional lookup. It's content is expected to be LookupProvider instances. J2SE project provides LookupMergers for Sources, PrivilegedTemplates and RecommendedTemplates. Implementations added by 3rd parties will be merged into a single instance in the project's lookup.
Use OptionsDialog folder for registration of custom top level options panels. Register your implementation of OptionsCategory there (*.instance file). Standard file systems sorting mechanism is used.
Use OptionsDialog/Advanced folder for registration of custom panels to Miscellaneous Panel. Register your implementation of AdvancedCategory there (*.instance file). Standard file systems sorting mechanism is used.
Use OptionsExport/<MyCategory> folder for registration of items for export/import of options. Registration in layers looks as follows
Source files must be named after the public class they contain, appending the suffix .java, for example, HelloWorldApp.java. It must first be compiled into bytecode, using a Java compiler, producing a file named HelloWorldApp.class. Only then can it be executed, or 'launched'. The Java source file may only contain one public class but can contain multiple classes with less than public access and any number of public inner classes.
A class that is not declared public may be stored in any .java file. The compiler will generate a class file for each class defined in the source file. The name of the class file is the name of the class, with .class appended. For class file generation, anonymous classes are treated as if their name were the concatenation of the name of their enclosing class, a $, and an integer.
The keyword public denotes that a method can be called from code in other classes, or that a class may be used by classes outside the class hierarchy. The class hierarchy is related to the name of the directory in which the .java file is located.
The keyword static in front of a method indicates a static method, which is associated only with the class and not with any specific instance of that class. Only static methods can be invoked without a reference to an object. Static methods cannot access any class members that are not also static.
The keyword void indicates that the main method does not return any value to the caller. If a Java program is to exit with an error code, it must call System.exit() explicitly.
The method name "main" is not a keyword in the Java language. It is simply the name of the method the Java launcher calls to pass control to the program. Java classes that run in managed environments such as applets and Enterprise JavaBean do not use or need a main() method. A Java program may contain multiple classes that have main methods, which means that the VM needs to be explicitly told which class to launch from.
The main method must accept an array of String objects. By convention, it is referenced as args although any other legal identifier name can be used. Since Java 5, the main method can also use variable arguments, in the form of public static void main(String... args), allowing the main method to be invoked with an arbitrary number of String arguments. The effect of this alternate declaration is semantically identical (the args parameter is still an array of String objects), but allows an alternative syntax for creating and passing the array.
The Java launcher launches Java by loading a given class (specified on the command line or as an attribute in a JAR) and starting its public static void main(String[]) method. Stand-alone programs must declare this method explicitly. The String[] args parameter is an array of String objects containing any arguments passed to the class. The parameters to main are often passed by means of a command line.
Printing is part of a Java standard library: The System class defines a public static field called out. The out object is an instance of the PrintStream class and provides many methods for printing data to standard out, including println(String) which also appends a new line to the passed string.
5.2.3Java =>High-level Language:
A high-level programming language developed by Sun Microsystems. Java was originally called OAK, and was designed for handheld devices and set-top boxes. Oak was unsuccessful so in 1995 Sun changed the name to Java and modified the language to take advantage of the burgeoning World Wide Web.
Java is an object-oriented language similar to C++, but simplified to eliminate language features that cause common programming errors. Java source code files (files with a .java extension) are compiled into a format called bytecode (files with a .class extension), which can then be executed by a Java interpreter. Compiled Java code can run on most computers because Java interpreters and runtime environments, known as Java Virtual Machines (VMs), exist for most operating systems, including UNIX, the Macintosh OS, and Windows. Bytecode can also be converted directly into machine language instructions by a just-in-time compiler (JIT).
Java is a general purpose programming language with a number of features that make the language well suited for use on the World Wide Web. Small Java applications are called Java applets and can be downloaded from a Web server and run on your computer by a Java-compatible Web browser, such as Netscape Navigator or Microsoft Internet Explorer.
Object-oriented software development matured significantly during the past several years. The convergence of object-oriented modeling techniques and notations, the development of object-oriented frameworks and design patterns, and the evolution of object-oriented programming languages have been essential in the progression of this technology.
Object-Oriented Software Development using Java: Principles, Patterns, and Frameworks contains a very applied focus that develops skills in designing software-particularly in writing well-designed, medium-sized object-oriented programs. It provides a broad and coherent coverage of object-oriented technology, including object-oriented modeling using the Unified Modeling Language (UML) object-oriented design using Design Patterns, and object-oriented programming using Java.
5.2.4NetBeans
The NetBeans Platform is a reusable framework for simplifying the development of Java Swing desktop applications. The NetBeans IDE bundle for Java SE contains what is needed to start developing NetBeans plugins and NetBeans Platform based applications; no additional SDK is required.
Applications can install modules dynamically. Any application can include the Update Center module to allow users of the application to download digitally-signed upgrades and new features directly into the running application. Reinstalling an upgrade or a new release does not force users to download the entire application again.
The platform offers reusable services common to desktop applications, allowing developers to focus on the logic specific to their application. Among the features of the platform are:
User interface management (e.g. menus and toolbars)
User settings management
Storage management (saving and loading any kind of data)
Window management
Wizard framework (supports step-by-step dialogs)
NetBeans Visual Library
Integrated Development Tool
5.2.5Wamp Server
WAMPs are packages of independently-created programs installed on computers that use a Microsoft Windows operating system. WAMP is an acronym formed from the initials of the operating system Microsoft Windows and the principal components of the package:Apache, MySQL and one of PHP, Perl or Python. Apache is a web server. MySQL is an open-source database. PHP is a scripting language that can manipulate information held in a database and generate web pages dynamically each time content is requested by a browser. Other programs may also be included in a package, such as phpMyAdmin which provides a graphical user interface for the MySQL database manager, or the alternative scripting languages Python or Perl. Equivalent packages are MAMP (for the Apple Mac) and LAMP (for the Linux operating system).
5.3 MODULE DESCRIPTION
Modules:
Client/Server Initiation
Encrypt Data
Data transfer
HOPERRA algorithm
Multiclient connection
Module Description:
5.3.1 Client-Server Initiation:
In this module,first present the protocol for communication between a single client and a server . In the subsequent section, we describe the BIGWHEEL algorithm that enables multiparty communication. Without loss of generality, one server is considered throughout the presentation for readability issues. For the situation of multiclient and multiserver, clients and servers follow the algorithms for the clients and servers, respectively.
Client in the contact initiation part is, Client has succeeded in finding the first port to contact Server, without the need of having Server keep some "wellknown" ports open, nor Client relying on a third party to get the port information; and Client gets the seed from Server for the pseudorandom function to compute the port sequence. After the contact-initiation part, the application data from Client to S is sent out to the open ports of Server that change every time.
5.3.2Encrypt Data:
Client server initiation can be done by port hopping algorithm. Here sending and receiving time of contact initiation message is stored in the server.Intervals of Port number select randomly. Send contact initiation message to each of the port in the chosen interval.The data to be transferred is selected from the existing files.One of the encryption algorithm, that is RSA is used to encrypt the data into unknown format.Then the encrypted data will be send through different port and it reach server.
5.3.3Data Transfer:
In this Module, Client sends data messages to the worker ports of Server. After Client gets the reply from the server in the contact-initiation part, Client has the seed for the pseudorandom function to generate the sequence of the worker ports. The open interval of the worker ports is time unit. The new worker port will be opened time units earlier than the closing time of the old one.
When Server receives the contact-initiation messages from Client, it will send the reply message at the time when the next worker port is opened,and then generating next port.When client gets the reply from server immediately it aill send the data. The encrypted data is chosen to send from the client to the server.During data transfer client port number automatically change with respect to the time interval.The data is transferred through various ports and reaches the server.
5.3.4 HOPERAA Algorithm:
In this Module, Client executes the HOPERAA algorithm to adjust its hopping period. Roughly speaking, S and C attach timestamps in the contactinitiation messages during the contact-initiation part and the Hopping Period Alignment and Adjustment part. C uses the timestamps to estimate its clock drift. According to the estimation, C decides the next time to run the HOPERAA algorithm. C also adjust its hopping period according to the estimation to deal with its clock drift and thus avoid sending messages to closed ports.
The HOPERAA execution interval is initiated to 0. In the contact-initiation part, every contact-initiation message and reply message will be attached with the timestamp of its sending time. The reply message also includes the timestamp and the arrival time of the first contact-initiation message received by the server. When the client receives the reply message, it will store and and keep their values unchanged. When C executes HOPERAA, it will execute the same operations as in the contact-initiation part, the server will add a timestamp of the sending time to every reply message.The client will record the arrival time.
5.3.5 Multi client Connection:
The extension to multiple clients per server is based on a simple idea: since each client considers the server's clock as the reference clock, it can interact with the server independently of the other clients. For scalability reasons it is desirable that the server has more than one worker ports open in each time period (but still a small constant number of those), so as to balance the load among them. Moreover, by having the same hopping period but different phases in the corresponding hopping sequences, such a method can manage to bound better the time it takes for each client to initiate contact with the server. In this phase, the server uses the multiple hopping sequences to transfer the data.
Problem Definition:
First,analyze a new ICMP message - the ICMP Caddie messages scheme - which provides a simple and straightforward solution for IP Trace back.It need router modification. The potential deployment strategy using such an algorithm based on overloading existing IP header fields and we have demonstrated that this implementation is capable of fully tracing an attack after having received only a few thousand packets.
In existing System,its only for single client server communication.An attacker can possibly launch aDoSattack by studying the flaws of network protocols or applications and then sending malformed packets.which might cause the corresponding protocols or applications getting into a faulty state.which is sending incorrect IP fragments to the target.The target machine may crash if it does not implement TCP/IP fragmentation reassembly code properly. This kind of attacks can be prevented by fixing the corresponding bugs in the protocols or applications. However,the attacker does not always have to do its best to study the service if it wants to make it unavailable.
To overcome these problem, port number dynamically change while transferring a data. Here HOPERAA algorithm is used fro single client server communication. The whole port hopping mechanism consists of some parts: the contact-initiation part,the data transmission part.In the first phase, a time interval is selected initially.After that the server initiates the contact with its clients by sending initiation message. The clients involved in this communication must be within the time-interval.The server divides the range of port numbers into k intervalsNext is the Data transmission phase in which Client sends data messages to the worker ports of Server.After receive the data from client server send reply message to the client. This will be implemented for multiple client single server communication by using bigwheel algorithm.