Showing posts with label Project Ideas. Show all posts
Showing posts with label Project Ideas. Show all posts
Saturday, December 29, 2012
3
Saturday, December 29, 2012
prakash chalumuri
H/W System
Configuration:-
IEEE Java Project - Detecting and Resolving Firewall Policy Anomalies
Detecting
and Resolving Firewall Policy Anomalies
ABSTRACT:
The advent of emerging computing
technologies such as service-oriented architecture and cloud computing has
enabled us to perform business services more efficiently and effectively.
However, we still suffer from unintended security leakages by unauthorized
actions in business services. Firewalls are the most widely deployed security
mechanism to ensure the security of private networks in most businesses and
institutions. The effectiveness of security protection provided by a firewall
mainly depends on the quality of policy configured in the firewall.
Unfortunately, designing and managing firewall policies are often error prone
due to the complex nature of firewall configurations as well as the lack of
systematic analysis mechanisms and tools. In this paper, we represent an
innovative policy anomaly management framework for firewalls, adopting a
rule-based segmentation technique to identify policy anomalies and derive
effective anomaly resolutions. In particular, we articulate a grid-based
representation technique, providing an intuitive cognitive sense about policy
anomaly. We also discuss a proof-of-concept implementation of a
visualization-based firewall policy analysis tool called Firewall Anomaly
Management Environment (FAME). In addition, we demonstrate how efficiently our approach
can discover and resolve anomalies in firewall policies through rigorous
experiments.
EXISTING
SYSTEM:
Firewall policy management is a
challenging task due to the complexity and interdependency of policy rules.
This is further exacerbated by the continuous evolution of network and system
environments.
The process of configuring a
firewall is tedious and error prone. Therefore, effective mechanisms and tools
for policy management are crucial to the success of firewalls.
Existing policy analysis tools, such
as Firewall Policy Advisor and FIREMAN, with the goal of detecting policy
anomalies have been introduced. Firewall Policy Advisor only has the capability
of detecting pair wise anomalies in firewall rules. FIREMAN can detect anomalies
among multiple rules by analyzing the relationships between one rule and the
collections of packet spaces derived from all preceding rules.
However, FIREMAN also has limitations
in detecting anomalies. For each firewall rule, FIREMAN only examines all
preceding rules but ignores all subsequent rules when performing anomaly analysis.
In addition, each analysis result from FIREMAN can only show that there is a misconfiguration
between one rule and its preceding rules, but cannot accurately indicate all rules
involved in an anomaly.
PROPOSED
SYSTEM:
In this paper, we represent a novel
anomaly management framework for firewalls based on a rule-based segmentation technique
to facilitate not only more accurate anomaly detection but also effective
anomaly resolution.
Based on this technique, a network
packet space defined by a firewall policy can be divided into a set of disjoint
packet space segments. Each segment associated with a unique set of firewall
rules accurately indicates an overlap relation (either conflicting or redundant)
among those rules.
We also introduce a flexible conflict
resolution method to enable a fine-grained conflict resolution with the help of
several effective resolution strategies with respect to the risk assessment of
protected networks and the intention of policy definition.
System Configuration:-
H/W System
Configuration:-
ü Processor -Pentium –III
ü Speed - 1.1 Ghz
ü RAM - 256 MB(min)
ü Hard
Disk - 20 GB
ü Floppy
Drive - 1.44 MB
ü Key
Board - Standard Windows Keyboard
ü Mouse - Two or Three Button Mouse
ü Monitor - SVGA
S/W System Configuration:-
v
Operating System :
Windows95/98/2000/XP
v
Front End :
Java
REFERENCE:
Hongxin Hu, Student Member, IEEE, Gail-Joon
Ahn, Senior Member, IEEE, and Ketan Kulkarni,” Detecting and Resolving Firewall
Policy Anomalies”, IEEE TRANSACTIONS ON
DEPENDABLE AND SECURE COMPUTING, VOL. 9, NO. 3, MAY/JUNE 2012.
Friday, December 28, 2012
2
Friday, December 28, 2012
prakash chalumuri
IEEE Java Project - Design and Implementation of TARF: A Trust-Aware Routing Framework for WSNs
Design
and Implementation of TARF:
A Trust-Aware Routing
Framework for WSNs
ABSTRACT:
The multihop routing in wireless
sensor networks (WSNs) offers little protection against identity deception
through replaying routing information. An adversary can exploit this defect to
launch various harmful or even devastating attacks against the routing protocols,
including sinkhole attacks, wormhole attacks, and Sybil attacks. The situation
is further aggravated by mobile and harsh network conditions. Traditional
cryptographic techniques or efforts at developing trust-aware routing protocols
do not effectively address this severe problem. To secure the WSNs against
adversaries misdirecting the multihop routing, we have designed and implemented
TARF, a robust trust-aware routing framework for dynamic WSNs. Without tight
time synchronization or known geographic information, TARF provides trustworthy
and energy-efficient route. Most importantly, TARF proves effective against
those harmful attacks developed out of identity deception; the resilience of
TARF is verified through extensive evaluation with both simulation and
empirical experiments on large-scale WSNs under various scenarios including
mobile and RF-shielding network conditions. Further, we have implemented a
low-overhead TARF module in TinyOS; as demonstrated, this implementation can be
incorporated into existing routing protocols with the least effort. Based on
TARF, we also demonstrated a proof-of-concept mobile target detection application
that functions well against an anti-detection mechanism.
EXISTING
SYSTEM:
In the existing system, the
multihop routing of WSNs often becomes the target of malicious attacks. An
attacker may tamper nodes physically, create traffic collision with seemingly
valid transmission, drop or misdirect messages in routes, or jam the
communication channel by creating radio interference.
PROPOSED
SYSTEM:
In the proposed system , to secure
the WSNs against adversaries misdirecting the multihop routing, we have
designed and implemented TARF, a robust trust-aware routing framework for
dynamic WSNs.
SYSTEM
REQUIREMENTS:
HARDWARE REQUIREMENTS:
•
System : Pentium IV 2.4 GHz.
•
Hard
Disk : 40 GB.
•
Floppy
Drive : 1.44 Mb.
•
Monitor : 15 VGA Colour.
•
Mouse : Logitech.
•
Ram : 512 Mb.
SOFTWARE REQUIREMENTS:
•
Operating system : - Windows XP
•
Coding Language :- JAVA
REFERENCE:
Guoxing Zhan, Weisong Shi, and
Julia Deng, “Design and Implementation of TARF: A Trust-Aware Routing Framework
for WSNs”, IEEE TRANSACTIONS ON
DEPENDABLE AND SECURE COMPUTING, VOL. 9, NO. 2, MARCH/APRIL 2012.
10
prakash chalumuri
IEEE Java Project - Cut Detection in Wireless Sensor Networks
ABSTRACT
A wireless sensor network can get separated into multiple connected
components due to the failure of some of its nodes, which is called a “cut”. In
this article we consider the problem of detecting cuts by the remaining nodes
of a wireless sensor network. We propose an algorithm that allows (i) every
node to detect when the connectivity to a specially designated node has been
lost, and (ii) one or more nodes (that are connected to the special node after
the cut) to detect the occurrence of the cut. The algorithm is distributed and
asynchronous: every node needs to communicate with only those nodes that are
within its communication range. The algorithm is based on the iterative
computation of a fictitious “electrical potential” of the nodes. The
convergence rate of the underlying iterative scheme is independent of the size
and structure of the network.
EXISTING SYSTEM
Wireless Multimedia Sensor
Networks (WMSNs) has many challenges such as nature of wireless media and
multimedia information transmission. Consequently traditional mechanisms for
network layers are no longer acceptable or applicable for these networks. Wireless sensor network can get separated
into multiple connected components due to the failure of some of its nodes,
which is called a “cut”. Existing cut detection system deployed only for
wired networks.
Disadvantages
1.
Unsuitable for dynamic network reconfiguration.
2. Single
path routing approach.
PROPOSED SYSTEM
Wireless
sensor networks (WSNs) are a promising technology for monitoring large regions
at high spatial and temporal resolution .Failure of a set of nodes will reduce
the number of multi-hop paths in the network. Such failures can cause a subset
of nodes – that have not failed – to become disconnected from the rest,
resulting in a “cut”. Two nodes are said to be disconnected if there is no path
between them. We consider the problem of detecting cuts by the nodes of a
wireless network. We assume that there is a specially designated node in the
network, which we call the source nodeSince
a cut may or may not separate a node from the source node, we distinguish
between two distinct outcomes of a cut for a particular node. When a node u is
disconnected from the source, we say that a DOS (Disconnected from Source) event
has occurred for u. When a cut occurs in the network that does not separate a
node u from the source node, we say that CCOS (Connected, but a Cut
Occurred Somewhere) event has occurred for u. By cut detection we mean (i) detection
by each node of a DOS event when it occurs, and (ii) detection of CCOS
events by the nodes close to a cut, and the approximate location of the cut. In
this article we propose a distributed algorithm to detect cuts, named the Distributed Cut Detection (DCD)
algorithm. The algorithm allows each node to detect DOS events and a subset of
nodes to detect CCOS events. The algorithm we propose is distributed and asynchronous:
it involves only local communication between neighboring nodes, and is robust
to temporary communication failure between node pairs The convergence rate of
the computation is independent of the size and structure of the network.
MODULE DESCRIPTION:
DISTRIBUTED CUT DETECTION:
The algorithm allows each node
to detect DOS events and a subset of nodes to detect CCOS events. The algorithm
we propose is distributed and asynchronous: it involves only local
communication between neighboring nodes, and is robust to temporary communication
failure between node pairs. A key component of the DCD algorithm is a
distributed iterative computational step through which the nodes compute their
(fictitious) electrical potentials. The convergence rate of the computation is
independent of the size and structure of the network.
CUT:
Wireless sensor networks
(WSNs) are a promising technology for
monitoring large regions at high spatial and temporal resolution. In
fact, node failure is expected to be quite common due to the typically limited
energy budget of the nodes that are powered by small batteries. Failure of a
set of nodes will reduce the number of multi-hop paths in the network. Such
failures can cause a subset of nodes – that have not failed – to become
disconnected from the rest, resulting in a “cut”. Two nodes are said to be
disconnected if there is no path between them.
SOURCE NODE:
We
consider the problem of detecting cuts by the nodes of a wireless network. We
assume that there is a specially designated node in the network, which we call
the source node. The source node may be a base station that serves as an
interface between the network and its users.Since a cut may or may not separate
a node from the source node, we distinguish between two distinct outcomes of a
cut for a particular node.
CCOS AND DOS:
When a
node u is disconnected from the source, we say that a DOS (Disconnected
frOm Source) event has occurred for u. When a cut occurs in the network that does
not separate a node u from the source node, we say that CCOS (Connected, but a Cut
Occurred Somewhere) event has occurred for u. By cut detection
we mean (i) detection by each node of a DOS event when it occurs, and (ii)
detection of CCOS events by the nodes close to a cut, and the approximate
location of the cut.
NETWORK SEPARATION:
Failure of a set of
nodes will reduce the number of multi-hop paths in the network. Such failures
can cause a subset of nodes – that have not failed – to become disconnected
from the rest, resulting in a “cut”. Because of cut, some nodes may separated
from the network, that results the separated nodes can’t receive the data from
the source node.
System
Configuration:-
H/W System
Configuration:-
Processor - Pentium –III
Speed - 1.1 Ghz
RAM - 256
MB(min)
Hard
Disk - 20 GB
Floppy
Drive - 1.44 MB
Key
Board - Standard Windows Keyboard
Mouse - Two or Three Button Mouse
Monitor - SVGA
S/W System
Configuration:-
Operating
System :Windows XP
Front
End : JAVA,RMI, SWING
CONCLUSION
The DCD
algorithm we propose here enables every node of a wireless sensor network to
detect DOS (Disconnected frOm Source) events if they occur. Second, it enables
a subset of nodes that experience CCOS (Connected, but Cut Occurred Somewhere)
events to detect them and estimate the approximate location of the cut in the
form of a list of active nodes that lie at the boundary of the cut/hole. The
DOS and CCOS events are defined with respect to a specially designated source node.
The algorithm is based on ideas from electrical network theory and parallel
iterative solution of linear equations. Numerical simulations, as well as
experimental evaluation on a real WSN system consisting of micaZ motes, show
that the algorithm works effectively with a large classes of graphs of varying
size and structure, without requiring changes in the parameters. For certain
scenarios, the algorithm is assured to detect connection and disconnection to
the source node without error. A key strength of the DCD algorithm is that the
convergence rate of the underlying iterative scheme is quite fast and independent
of the size and structure of the network, which makes detection using this
algorithm quite fast. Application of the DCD algorithm to detect node
separation and re-connection to the source in mobile networks is a topic of
ongoing research.
3
prakash chalumuri
IEEE Java Project - Clustering with Multi-Viewpoint based Similarity Measure
Clustering
with Multi-Viewpoint based
Similarity Measure
ABSTRACT:
All clustering methods have to assume some cluster relationship among the
data objects that they are applied on. Similarity between a pair of objects can
be defined either explicitly or implicitly. In this paper, we introduce a novel
multi-viewpoint based similarity measure and two related clustering methods.
The major difference between a traditional dissimilarity/similarity measure and
ours is that the former uses only a single viewpoint, which is the origin,
while the latter utilizes many different viewpoints, which are objects assumed
to not be in the same cluster with the two objects being measured. Using
multiple viewpoints, more informative assessment of similarity could be achieved.
Theoretical analysis and empirical study are conducted to support this claim.
Two criterion functions for document clustering are proposed based on this new
measure. We compare them with several well-known clustering algorithms that use
other popular similarity measures on various document collections to verify the
advantages of our proposal.
EXISTING SYSTEMS
·
Clustering is one of the most interesting and important
topics in data mining. The aim of clustering is to find intrinsic structures in
data, and organize them into meaningful subgroups for further study and
analysis. There have been many clustering algorithms published every year.
·
Existing Systems greedily picks the next frequent item set
which represent the next cluster to minimize the overlapping between the
documents that contain both the item set and some remaining item sets.
·
In other words, the clustering result depends on the order of
picking up the item sets, which in turns depends on the greedy heuristic. This
method does not follow a sequential order of selecting clusters. Instead, we
assign documents to the best cluster.
PROPOSED SYSTEM
·
The main work is to develop a
novel hierarchal algorithm for document clustering which provides maximum
efficiency and performance.
·
It is particularly focused in
studying and making use of cluster overlapping phenomenon to design cluster
merging criteria. Proposing a new way to compute the overlap rate in order to
improve time efficiency and “the veracity” is mainly concentrated. Based on the
Hierarchical Clustering Method, the usage of Expectation-Maximization (EM)
algorithm in the Gaussian Mixture Model to count the parameters and make the
two sub-clusters combined when their overlap is the largest is narrated.
·
Experiments in both public data
and document clustering data show that this approach can improve the efficiency
of clustering and save computing time.
Given a data set satisfying the
distribution of a mixture of Gaussians, the degree of overlap between
components affects the number of clusters “perceived” by a human operator or
detected by a clustering algorithm. In other words, there may be a significant
difference between intuitively defined clusters and the true clusters
corresponding to the components in the mixture.
MODULES
·
HTML PARSER
·
CUMMULATIVE DOCUMENT
·
DOCUMENT SIMILARITY
·
CLUSTERING
MODULE DESCRIPTION:
HTML Parser
·
Parsing is the first step done when the document enters the
process state.
·
Parsing is defined as the separation or identification of
meta tags in a HTML document.
·
Here, the raw HTML file is read and it is parsed through all
the nodes in the tree structure.
Cumulative Document
·
The cumulative document is the sum of all the documents,
containing meta-tags from all the documents.
·
We find the references (to other pages) in the input base
document and read other documents and then find references in them and so on.
·
Thus in all the documents their meta-tags are identified,
starting from the base document.
Document Similarity
·
The similarity between two documents is found by the
cosine-similarity measure technique.
·
The weights in the cosine-similarity are found from the
TF-IDF measure between the phrases (meta-tags) of the two documents.
·
This is done by computing the term weights involved.
·
TF = C / T
·
IDF = D / DF.
D à quotient of the total number of
documents
DF à number of times each word is found
in the entire corpus
C à quotient of no of times a word
appears in each document
T à total number of words in the document
· TFIDF = TF *
IDF
Clustering
·
Clustering is a division of data into groups of similar
objects.
·
Representing the data by fewer clusters necessarily loses
certain fine details, but achieves simplification.
The similar
documents are grouped together in a cluster, if their cosine similarity measure
is less than a specified threshold
SYSTEM REQUIREMENTS:
HARDWARE REQUIREMENTS:
•
System : Pentium IV 2.4 GHz.
•
Hard
Disk : 40 GB.
•
Floppy
Drive : 1.44 Mb.
•
Monitor : 15 VGA Colour.
•
Mouse : Logitech.
•
Ram : 512 Mb.
SOFTWARE REQUIREMENTS:
•
Operating system : - Windows XP.
•
Coding Language : - JAVA
REFERENCE:
Duc Thang Nguyen, Lihui Chen and Chee Keong Chan, “Clustering with
Multi-Viewpoint based Similarity Measure”, IEEE
TRANSACTIONS ON KNOWLEDGE AND DATA ENGINEERING, VOL. 24, NO. 6, JUNE 2012.
Thursday, December 27, 2012
2
Thursday, December 27, 2012
prakash chalumuri
Fig. 1
IEEE Dot Net Project- BECAN: A Bandwidth-Efficient Cooperative Authentication Scheme for Filtering Injected False Data in Wireless Sensor Networks
BECAN: A Bandwidth-Efficient
Cooperative Authentication Scheme for Filtering Injected False Data in Wireless
Sensor Networks
Abstract
Injecting false data attack is a well
known serious threat to wireless sensor network, for which an adversary reports
bogus information to sink causing error decision at upper level and
energy waste in en-route nodes. In this paper, we propose a novel
bandwidth-efficient cooperative authentication (BECAN) scheme for filtering
injected false data. Based on the random graph characteristics of sensor node
deployment and the cooperative bit-compressed authentication technique, the
proposed BECAN scheme can save energy by early detecting and filtering
the majority of injected false data with minor extra overheads at the en-route
nodes. In addition, only a very small fraction of injected false data needs to
be checked by the sink, which thus largely reduces the burden of the sink.
Both theoretical and simulation results are given to demonstrate the
effectiveness of the proposed scheme in terms of high filtering probability and
energy saving.
Architecture
Fig. 1
Existing System
Wireless sensor networks are usually
deployed at unattended or hostile environments. Therefore, they are very
vulnerable to various security attacks, such as selective forwarding,
wormholes, and sybil attacks. In addition, wireless sensor networks may also
suffer from injecting false data attack. For an injecting false data attack, an
adversary first compromises several sensor nodes, accesses all keying materials
stored in the compromised nodes, and then controls these compromised nodes to
inject bogus information and send the false data to the sink to cause
upper level error decision, as well as energy wasted in en-route nodes.
Disadvantages
1. Energy
wasted in en-route nodes.
2. Heavy
verification burdens.
3. Gang
injecting false data attack.
4. No
Cooperative Authentication.
Proposed
System
In this paper, we propose a novel
bandwidth-efficient cooperative authentication (BECAN) scheme for filtering
injected false data. Based on the random graph characteristics of sensor node
deployment and the cooperative bit-compressed authentication technique, the
proposed BECAN scheme can save energy by early detecting and filtering
the majority of injected false data with minor extra overheads at the en-route
nodes. In addition, only a very small fraction of injected false data needs to
be checked by the sink, which thus largely reduces the burden of the sink.
Both theoretical and simulation results are given to demonstrate the
effectiveness of the proposed scheme in terms of high filtering probability and
energy saving.
Advantages
1.
High filtering
probability and energy saving.
2.
Detect injecting false
data attack.
3.
BECAN Scheme in terms
of en-routing filtering probability and false negative rate on true reports.
4.
Early detecting the injected false data by the en-route sensor nodes.
5.
Sink Verification
6.
Prevent/Mitigate the gang
injecting false data attack from mobile compromised sensor nodes.
Modules
1. BECAN Scheme
A
novel bandwidth-efficient cooperative authentication (BECAN) scheme for
filtering injected false data in wireless sensor networks. Compared with the
previously reported mechanisms, the BECAN scheme achieves not only high
filtering probability but also high reliability.
•) First, we study the random graph characteristics of
wireless sensor node deployment, and estimate the probability of k-neighbors, which provides the necessary
condition for BECAN authentication;
•) Second, we propose the
BECAN scheme to filter the injected false data with cooperative bit-compressed authentication
technique. With the proposed mechanism, injected false data can be early
detected and filtered by the en-route sensor nodes. In addition, the
accompanied authentication information is bandwidth-efficient; and
•) Third, we develop a custom simulator to demonstrate
the effectiveness of the proposed BECAN scheme in terms of en-routing filtering
probability and false negative rate on true reports.
2. Early detecting the injected false data by the en-route sensor nodes
The
sink is a powerful data collection device. Nevertheless, if all
authentication tasks are fulfilled at the sink, it is undoubted that the
sink becomes a bottleneck. At the same time, if too many injected false
data flood into the sink, the sink will surly suffer from the
Denial of Service (DoS) attack. Therefore, it is critical to share the authentication
tasks with the en-route sensor nodes such that the injected false data can be
detected and discarded early. The earlier the injected false data are detected,
the more energy can be saved in the whole network.
3.
Gang Injecting False
Data Attack
We
introduce a new stronger injecting false data attack, called gang injecting
false data attack, in wireless sensor networks. This kind of attack is usually launched
by a gang of compromised sensor nodes controlled and moved by an adversary A. As shown in Fig.
2, when a compromised source node is ready to send a false data, several
compromised nodes will first move and aggregate at the source node, and then
collude to inject the false data. Because of the mobility, the gang injecting
false data attack is more challenging and hard to resist.
Fig.
4. Reliability
of the BECAN scheme
In
addition to the high (en-routing) filtering probability, the BECAN scheme also
has high reliability, i.e., even though some sensor nodes are compromised, the
true event reports still can reach the sink with high probability. Let
FNR be the false negative rate on the true reports and tested as
If
FNR is small, the BECAN scheme is demonstrated high reliability.
HARDWARE & SOFTWARE
REQUIREMENTS
HARDWARE REQUIREMENTS
·
System : Pentium IV 2.4 GHz.
·
Hard Disk : 40 GB.
·
Floppy Drive : 1.44 Mb.
·
Monitor : 15 VGA Color.
SOFTWARE REQUIREMENTS
·
Operating system : Windows XP Professional.
·
Coding Language : C#.NET
Subscribe to:
Posts (Atom)