In this paper, we present a distributed structured approach to Sybil attack. This is derived from the fact that our approach is based on the neighbor similarity trust relationship among the neighbor peers. Given a P2P e-commerce trust relationship based on interest, the transactions among peers are flexible as each peer can decide to trade with another peer any time. A peer doesn’t have to consult others in a group unless a recommendation is needed. This approach shows the advantage in exploiting the similarity trust relationship among peers in which the peers are able to monitor each other.
Our contribution in this paper is threefold:
1) We propose SybilTrust that can identify and protect honest peers from Sybil attack. The Sybil peers can have their trust canceled and dismissed from a group.
2) Based on the group infrastructure in P2P e-commerce, each neighbor is connected to the peers by the success of the transactions it makes or the trust evaluation level. A peer can only be recognized as a neighbor depending on whether or not trust level is sustained over a threshold value.
3) SybilTrust enables neighbor peers to
carry recommendation identifiers among the peers in a group. This ensures that
the group detection algorithms to identify Sybil attack peers to be efficient
and scalable in large P2P e-commerce networks.
The goal of trust systems is to ensure that honest peers are accurately identified as trustworthy and Sybil peers as untrustworthy. To unify terminology, we call all identities created by malicious users as Sybil peers. In a P2P e-commerce application scenario, most of the trust considerations depend on the historical factors of the peers. The influence of Sybil identities can be reduced based on the historical behavior and recommendations from other peers. For example, a peer can give positive a recommendation to a peer which is discovered is a Sybil or malicious peer. This can diminish the influence of Sybil identities hence reduce Sybil attack. A peer which has been giving dishonest recommendations will have its trust level reduced. In case it reaches a certain threshold level, the peer can be expelled from the group. Each peer has an identity, which is either honest or Sybil.
A Sybil identity can be an identity owned
by a malicious user, or it can be a bribed/stolen identity, or it can be a fake
identity obtained through a Sybil attack. These Sybil attack peers are employed
to target honest peers and hence subvert the system. In Sybil attack, a single
malicious user creates a large number of peer identities called sybils. These
sybils are used to launch security attacks, both at the application level and
at the overlay level, application level, sybils can target other honest peers
while transacting with them, whereas at the overlay level, sybils can disrupt
the services offered by the overlay layer like routing, data storage, lookup,
etc. In trust systems, colluding Sybil peers may artificially increase a
(malicious) peer’s rating (e.g., eBay).
1.2 INTRODUCTION:
P2P networks range from communication systems like email and instant messaging to collaborative content rating, recommendation, and delivery systems such as YouTube, Gnutela, Facebook, Digg, and BitTorrent. They allow any user to join the system easily at the expense of trust, with very little validation control. P2P overlay networks are known for their many desired attributes like openness, anonymity, decentralized nature, self-organization, scalability, and fault tolerance. Each peer plays the dual role of client as well as server, meaning that each has its own control. All the resources utilized in the P2P infrastructure are contributed by the peers themselves unlike traditional methods where a central authority control is used. Peers can collude and do all sorts of malicious activities in the open-access distributed systems. These malicious behaviors lead to service quality degradation and monetary loss among business partners. Peers are vulnerable to exploitation, due to the open and near-zero cost of creating new identities. The peer identities are then utilized to influence the behavior of the system.
However, if a single defective entity can present
multiple identities, it can control a substantial fraction of the system,
thereby undermining the redundancy. The number of identities that an attacker
can generate depends on the attacker’s resources such as bandwidth, memory, and
computational power. The goal of trust systems is to ensure that honest peers
are accurately identified as trustworthy and Sybil peers as untrustworthy. To
unify terminology, we call all identities created by malicious users as Sybil
peers. In a P2P e-commerce application scenario, most of the trust
considerations depend on the historical factors of the peers. The influence of Sybil
identities can be reduced based on the historical behavior and recommendations
from other peers. For example, a peer can give positive a recommendation to a
peer which is discovered is a Sybil or malicious peer. This can diminish the
influence of Sybil identities hence reduce Sybil attack. A peer which has been
giving dishonest recommendations will have its trust level reduced. In case it
reaches a certain threshold level, the peer can be expelled from the group.
Each peer has an identity, which is either honest or Sybil. A Sybil identity can be an identity owned by a malicious user, or it can be a bribed/stolen identity, or it can be a fake identity obtained through a Sybil attack. These Sybil attack peers are employed to target honest peers and hence subvert the system. In Sybil attack, a single malicious user creates a large number of peer identities called sybils. These sybils are used to launch security attacks, both at the application level and at the overlay level at the application level, sybils can target other honest peers while transacting with them, whereas at the overlay level, sybils can disrupt the services offered by the overlay layer like routing, data storage, lookup, etc. In trust systems, colluding Sybil peers may artificially increase a (malicious) peer’s rating (e.g., eBay). Systems like Credence rely on a trusted central authority to prevent maliciousness.
Defending against Sybil attack is quite
a challenging task. A peer can pretend to be trusted with a hidden motive. The peer
can pollute the system with bogus information, which interferes with genuine
business transactions and functioning of the systems. This must be counter
prevented to protect the honest peers. The link between an honest peer and a
Sybil peer is known as an attack edge. As each edge involved resembles a
human-established trust, it is difficult for the adversary to introduce an
excessive number of attack edges. The only known promising defense against
Sybil attack is to use social networks to perform user admission control and
limit the number of bogus identities admitted to a system. The use of social
networks between two peers represents real-world trust relationship between
users. In addition, authentication-based mechanisms are used to verify the
identities of the peers using shared encryption keys, or location information.
1.3 LITRATURE SURVEY:
KEEP YOUR FRIENDS CLOSE: INCORPORATING TRUST INTO SOCIAL NETWORK-BASED SYBIL DEFENSES
AUTHOR: A. Mohaisen, N. Hopper, and Y. Kim
PUBLISH: Proc. IEEE Int. Conf. Comput. Commun., 2011, pp. 1–9.
EXPLANATION:
Social network-based Sybil defenses
exploit the algorithmic properties of social graphs to infer the extent to
which an arbitrary node in such a graph should be trusted. However, these
systems do not consider the different amounts of trust represented by different
graphs, and different levels of trust between nodes, though trust is being a
crucial requirement in these systems. For instance, co-authors in an academic
collaboration graph are trusted in a different manner than social friends.
Furthermore, some social friends are more trusted than others. However,
previous designs for social network-based Sybil defenses have not considered
the inherent trust properties of the graphs they use. In this paper we introduce
several designs to tune the performance of Sybil defenses by accounting for
differential trust in social graphs and modeling these trust values by biasing
random walks performed on these graphs. Surprisingly, we find that the cost
function, the required length of random walks to accept all honest nodes with
overwhelming probability, is much greater in graphs with high trust values,
such as co-author graphs, than in graphs with low trust values such as online
social networks. We show that this behavior is due to the community structure
in high-trust graphs, requiring longer walk to traverse multiple communities.
Furthermore, we show that our proposed designs to account for trust, while
increase the cost function of graphs with low trust value, decrease the
advantage of attacker.
FOOTPRINT: DETECTING SYBIL ATTACKS IN URBAN VEHICULAR NETWORKS
AUTHOR: S. Chang, Y. Qi, H. Zhu, J. Zhao, and X. Shen
PUBLISH: IEEE Trans. Parallel Distrib. Syst., vol. 23, no. 6, pp. 1103–1114, Jun. 2012.
EXPLANATION:
In urban vehicular networks, where
privacy, especially the location privacy of anonymous vehicles is highly
concerned, anonymous verification of vehicles is indispensable. Consequently,
an attacker who succeeds in forging multiple hostile identifies can easily launch
a Sybil attack, gaining a disproportionately large influence. In this paper, we
propose a novel Sybil attack detection mechanism, Footprint, using the
trajectories of vehicles for identification while still preserving their
location privacy. More specifically, when a vehicle approaches a road-side unit
(RSU), it actively demands an authorized message from the RSU as the proof of
the appearance time at this RSU. We design a location-hidden authorized message
generation scheme for two objectives: first, RSU signatures on messages are
signer ambiguous so that the RSU location information is concealed from the
resulted authorized message; second, two authorized messages signed by the same
RSU within the same given period of time (temporarily linkable) are recognizable
so that they can be used for identification. With the temporal limitation on
the linkability of two authorized messages, authorized messages used for
long-term identification are prohibited. With this scheme, vehicles can
generate a location-hidden trajectory for location-privacy-preserved
identification by collecting a consecutive series of authorized messages.
Utilizing social relationship among trajectories according to the similarity
definition of two trajectories, Footprint can recognize and therefore dismiss
“communities” of Sybil trajectories. Rigorous security analysis and extensive
trace-driven simulations demonstrate the efficacy of Footprint.
SYBILLIMIT: A NEAROPTIMAL SOCIAL NETWORK DEFENSE AGAINST SYBIL ATTACK
AUTHOR: H. Yu, P. Gibbons, M. Kaminsky, and F. Xiao
PUBLISH: IEEE/ACM Trans. Netw., vol. 18, no. 3, pp. 3–17, Jun. 2010.
EXPLANATION:
Decentralized distributed systems
such as peer-to-peer systems are particularly vulnerable to sybil attacks,
where a malicious user pretends to have multiple identities (called sybil
nodes). Without a trusted central authority, defending against sybil attacks is
quite challenging. Among the small number of decentralized approaches, our
recent SybilGuard protocol [H. Yu et al., 2006] leverages a key insight on
social networks to bound the number of sybil nodes accepted. Although its
direction is promising, SybilGuard can allow a large number of sybil nodes to
be accepted. Furthermore, SybilGuard assumes that social networks are fast
mixing, which has never been confirmed in the real world. This paper presents
the novel SybilLimit protocol that leverages the same insight as SybilGuard but
offers dramatically improved and near-optimal guarantees. The number of sybil
nodes accepted is reduced by a factor of ominus(radicn), or around 200 times in
our experiments for a million-node system. We further prove that SybilLimit’s
guarantee is at most a log n factor away from optimal, when considering
approaches based on fast-mixing social networks. Finally, based on three
large-scale real-world social networks, we provide the first evidence that
real-world social networks are indeed fast mixing. This validates the
fundamental assumption behind SybilLimit’s and SybilGuard’s approach.
CHAPTER 2
2.0 SYSTEM ANALYSIS
2.1 EXISTING SYSTEM:
Existing work on Sybil attack makes use of social networks to eliminate Sybil attack, and the findings are based on preventing Sybil identities. In this paper, we propose the use of neighbor similarity trust in a group P2P ecommerce based on interest relationships, to eliminate maliciousness among the peers. This is referred to as SybilTrust. In SybilTrust, the interest based group infrastructure peers have a neighbor similarity trust between each other, hence they are able to prevent Sybil attack. SybilTrust gives a better relationship in e-commerce transactions as the peers create a link between peer neighbors. This provides an important avenue for peers to advertise their products to other interested peers and to know new market destinations and contacts as well. In addition, the group enables a peer to join P2P e-commerce network and makes identity more difficult.
Peers use self-certifying identifiers that are
exchanged when they initially come into contact. These can be used as public
keys to verify digital signatures on the messages sent by their neighbors. We
note that, all communications between peers are digitally signed. In this kind
of relationship, we use neighbors as our point of reference to address Sybil
attack. In a group, whatever admission we set, there are honest, malicious, and
Sybil peers who are authenticated by an admission control mechanism to join the
group. More honest peers are admitted compared to malicious peers, where the
trust association is aimed at positive results. The knowledge of the graph may
reside in a single party, or be distributed across all users.
2.1.0 DISADVANTAGES:
Sybil peer trades with very few unsuccessful transactions, we can deduce the peer is a Sybil peer. This is supported by our approach which proposes peers existing in a group have six types of keys.
The keys which exist mostly are pairwise keys supported by the group keys. We also note if an honest group has a link with another group which has Sybil peers, the Sybil group tend to have information which is not complete.
2.2 PROPOSED SYSTEM:
In this paper, we assume there are three kinds of peers in the system: legitimate peers, malicious peers, and Sybil peers. Each malicious peer cheats its neighbors by creating multiple identity, referred to as Sybil peers. In this paper, P2P e-commerce communities are in several groups. A group can be either open or restrictive depending on the interest of the peers. We investigate the peers belonging to a certain interest group. In each group, there is a group leader who is responsible for managing coordination of activities in a group.
The principal building block of Sybil Trust approach is the identifier distribution process. In the approach, all the peers with similar behavior in a group can be used as identifier source. They can send identifiers to others as the system regulates. If a peer sends less or more, the system can be having a Sybil attack peer. The information can be broadcast to the rest of the peers in a group. When peers join a group, they acquire different identities in reference to the group. Each peer has neighbors in the group and outside the group. Sybil attack peers forged by the same malicious peer have the same set of physical neighbors that a malicious peer has.
Each neighbor is connected to the peers
by the success of the transaction it makes or the trust evaluation level. To
detect the Sybil attack, where a peer can have different identity, a peer is
evaluated in reference to its trustworthiness and the similarity to the
neighbors. If the neighbors do not have same trust data as the concerned peer,
including its position, it can be detected that the peer has multiple identity
and is cheating
2.2.0 ADVANTAGES:
Our perception is that, the attacker controls a number of neighbor similarity peers, whereby a randomly chosen identifier source is relatively “far away” from most Sybil attack peer relationship. Every peer uses a “reversed” routing table. The source peer will always send some information to the peers which have neighbor similarity trust. However, if they do not reply, it can black list them. If they do reply and the source is overwhelmed by the overhead of such replies, then the adversary is effectively launching a DoS attack. Notice that the adversary can launch a DoS attack against the source. This enables two peers to propagate their public keys and IP addresses backward along the route to learn about the peers.
2.3.0 HARDWARE REQUIREMENT:
CHAPTER 3
3.0 SYSTEM DESIGNS
3.1 ARCHITECTURE DIAGRAM:
3.2 DATAFLOW DIAGRAM:
LEVEL 0:
Neighbor Nodes |
Source |
LEVEL 1:
P2P Sybil Trust Mode |
Send Data Request |
LEVEL 2:
Data Receive |
P2P ACK |
Active Attack (Malicious Node) |
Send Data Request |
LEVEL 3:
3.3 UML DIAGRAMS
3.3.0 USECASE DIAGRAM:
SERVER CLIENT
3.3.1 CLASS DIAGRAM:
3.3.2 SEQUENCE DIAGRAM:
3.4 ACITVITY DIAGRAM:
CHAPTER 4
4.0 IMPLEMENTATION:
In this paper, P2P e-commerce communities are in several groups. A group can be either open or restrictive depending on the interest of the peers. We investigate the peers belonging to a certain interest group. In each group, there is a group leader who is responsible for managing coordination of activities in a group peers join a group; they acquire different identities in reference to the group. Each peer has neighbors in the group and outside the group. Sybil attack peers forged by the same malicious peer have the same set of physical neighbors that a malicious peer has. Each neighbor is connected to the peers by the success of the transaction it makes or the trust evaluation level. To detect the Sybil attack, where a peer can have different identity, a peer is evaluated in reference to its trustworthiness and the similarity to the neighbors. If the neighbors do not have same trust data as the concerned peer, including its position, it can be detected that the peer has multiple identity and is cheating. The method of detection of Sybil attack is depicted in Fig. 2. A1 and A2 refer to the same peer but with different identities.
Our approach, the identifiers are only propagated by the peers who exhibit neighbor similarity trust. Our perception is that, the attacker controls a number of neighbor similarity peers, whereby a randomly chosen identifier source is relatively “far away” from most Sybil attack peer relationship. Every peer uses a “reversed” routing table. The source peer will always send some information to the peers which have neighbor similarity trust. However, if they do not reply, it can black list them. If they do reply and the source is overwhelmed by the overhead of such replies, then the adversary is effectively launching a DoS attack. Notice that the adversary can launch a DoS attack against the source. This enables two peers to propagate their public keys and IP addresses backward along the route to learn about the peers. SybilTrust proposes that an honest peer should not have an excessive number of neighbors. The neighbors we refer should be member peers existing in a group. The restriction helps to bind the number of peers against any additional attack among the neighbors. If there are too many neighbors, SybilTrust will (internally) only use a subset of the peer’s edges while ignoring all others. Following Liben-Nowell and Kleinberg, we define the attributes of the given pair of peers as the intersection of the sets of similar products.
4.1 MODULES:
SIMILARITY TRUST RELATIONSHIP:
NEIGHBOR SIMILARITY TRUST:
DETECTION OF SYBIL ATTACK:
SECURITY
AND PERFORMANCE:
4.2 MODULES DESCRIPTION:
SIMILARITY TRUST RELATIONSHIP:
We focus on the active attacks in P2P e-commerce. When a peer is compromised, all the information will be extracted. In our work, we have proposed use of SybilTrust which is based on neighbor similarity relationship of the peers. SybilTrust is efficient and scalable to group P2P e-commerce network. Sybil attack peers may attempt to compromise the edges or the peers of the group P2P e-commerce. The Sybil attack peers can execute further malicious actions in the network. The threat being addressed is the identity active attacks as peers are continuously doing the transactions in the peers to show that each controller only admitted the honest peers.
Our method makes assumptions that the controller undergoes synchronization to prove whether the peers which acted as distributor of identifiers had similarityor not. If a peer never had similarity, the peer is assumed to have been a Sybil attack peer. Pairing method is used to generate an expander graph with expansion factor of high probability. Every pair of neighbor peers share a unique symmetric secret key (the edge key), established out of band for authenticating each other peers may deliberately cause Byzantine faults in which their multiple identity and incorrect behavior ends up undetected.
The Sybil attack peers can
create more non-existent links. The protocols and services for P2P, such as
routing protocols must operate efficiently regardless of the group size. In the
neighbor similarity trust, peers must have a self-healing in order to recover
automatically from any state. Sybil attack can defeat replication and fragmentation
performed in distributed hash tables. Geographic routing in P2P can also be a
routing mechanism which can be compromised by Sybil peers.
NEIGHBOR SIMILARITY TRUST:
We present a Sybil
identification algorithm that takes place in a neighbor similarity trust. The
directed graph has edges and vertices. In our work, we assume V is the set of
peers and E is the set of edges. The edges in a neighbor similarity have attack
edges which are safeguarded from Sybil attacks. A peer u and a Sybil peer v can
trade whether one is Sybil or not. Being in a group, comparison can be done to
determine the number of peers which trade with peer. If the peer trades with
very few unsuccessful transactions, we can deduce the peer is a Sybil peer.
This is supported by our approach which proposes a peer existing in a group has
six types of keys. The keys which exist mostly are pairwise keys supported by
the group keys. We also note if an honest group has a link with another group
which has Sybil peers, the Sybil group tend to have information which is not
complete. Our algorithm adaptively tests the suspected peer while maintaining
the neighbor similarity trust connection based on time.
DETECTION OF SYBIL ATTACK:
Sybil attack, a malicious peer must try to present multiple distinct identities. This can be achieved by either generating legal identities or by impersonating other normal peers. Some peers may launch arbitrary attacks to interfere with P2P e-commerce operations, or the normal functioning of the network. According to an attack can succeed to launch a Sybil attack by:
_ Heterogeneous configuration: in this case, malicious peers can have more communication and computation resources than the honest peers.
_ Message manipulation: the attacker can eavesdrop on nearby communications with other parties. This means a attacker gets and interpolates information needed to impersonate others. Major attacks in P2P e-commerce can be classified as passive and active attacks.
_ Passive attack: It listens to incoming and outgoing messages, in order to infer the relevant information from the transmitted recommendations, i.e., eavesdropping, but doesn’t harm the system. A peer can be in passive mode and later in active mode.
_ Active attack: When a
malicious peer receives a recommendation for forwarding, it can modify, or when
requested to provide recommendations on another peer, it can inflate or bad
mouth. The bad mouthing is a situation where a malicious peer may collude with
other malicious peers to revenge the honest peer. In the Sybil attack, a
malicious peer generates a large number of identities and uses them together to
disrupt normal operation.
SECURITY AND PERFORMANCE:
We evaluate the performance of the proposed SybilTrust. We measure two metrics, namely, non-trustworthy rate and detection rate. Non-trustworthy rate is the ratio of the number of honest peers which are erroneously marked as Sybil/malicious peer to the number of total honest peers. Detection rate is the proportion of detected Sybil/ malicious peers to the total Sybil/malicious peers. Communication Cost. The trust level is sent with the recommendation feedback from one peer to another. If a peer is compromised, the information is broadcasted to all peers as revocation of the trust level is being done. Computation Cost. The sybilTrust approach is efficient in the computation of polynomial evaluation. The calculation of the trust level evaluation is based on a pseudo-random function (PRF). PRF is a deterministic function.
In our simulation, we use C# .NET tool. Each honest and malicious peer interacted with a random number of peers defined by a uniform distribution. All the peers are restricted to the group. Our approach, P2P e-commerce community has a total of 3 different categories of interest. The transaction interactions between peers with similar interest can be defined as successful or unsuccessful, expressed as positive or negative respectively. The impact of the first two parameters on performance of the mechanism is evaluated in the percentage of malicious peers replied is randomly chosen by each malicious peer. Transactions with 10 to 40 percent malicious peers are done.
Our SybilTrust approach
detects more malicious peers compared to Eigen Trust and Eigen Group Trust [26]
as shown in Fig. 4. Fig. 4. shows the detection rates of the P2P when the number
of malicious peers increases. When the number of deployed peers is small, e.g.,
40 peers, the chance that no peers are around a malicious peer is high. Fig. 4
illustrates the variation of non-trustworthy rates of different numbers of
honest peers as the number of malicious peer increases. It is shown that the
non-trustworthy rate increases as the number of honest peers and malicious
peers increase. The reason is that when there are more malicious peers, the number
of target groups is larger. Moreover, this is because neighbor relationship is
used to categorize peers in the
We proposed approach. The number of target-groups also increases when the number of honest peers is higher. As a result, the honest peers are examined more times, and the chance that an honest peer is erroneously determined as a Sybil/malicious peer increases, although more Sybil attack peer can also be identified. Fig. 4 displays the detection rate when the reply rate of each malicious peer is the same. The detection rate does not decrease when the reply rate is more than 80 percent, because of the enhancement.
The enhancement could
still be found even when a malicious peer replies to almost all of its Sybil
attack peer requests. Furthermore, the detection rate is higher as the number
of malicious peers becomes more, which means the proposed mechanism is able to
resist the Sybil attack from more malicious peers. The detection rate is still
more than 80 percent in the sparse network, which according to the definition
of a sparse network detection rate reaches 95 percent when the number of
legitimate nodes is 300. It is also because the number of target groups
increases as the number of malicious peer’s increases and the honest peers are
examined more times. Therefore, the rate that an honest peer is erroneously
identified as a Sybil/malicious peer also increases.
CHAPTER 5
5.0 SYSTEM STUDY:
5.1 FEASIBILITY STUDY:
The feasibility of the project is analyzed in this phase and business proposal is put forth with a very general plan for the project and some cost estimates. During system analysis the feasibility study of the proposed system is to be carried out. This is to ensure that the proposed system is not a burden to the company. For feasibility analysis, some understanding of the major requirements for the system is essential.
Three key considerations involved in the feasibility analysis are
5.1.1 ECONOMICAL FEASIBILITY:
This study is carried out to check the economic impact that the system will have on the organization. The amount of fund that the company can pour into the research and development of the system is limited. The expenditures must be justified. Thus the developed system as well within the budget and this was achieved because most of the technologies used are freely available. Only the customized products had to be purchased.
This study is carried out to check the technical feasibility, that is, the technical requirements of the system. Any system developed must not have a high demand on the available technical resources. This will lead to high demands on the available technical resources. This will lead to high demands being placed on the client. The developed system must have a modest requirement, as only minimal or null changes are required for implementing this system.
5.1.3 SOCIAL FEASIBILITY:
The aspect of study is to check the level of
acceptance of the system by the user. This includes the process of training the
user to use the system efficiently. The user must not feel threatened by the
system, instead must accept it as a necessity. The level of acceptance by the
users solely depends on the methods that are employed to educate the user about
the system and to make him familiar with it. His level of confidence must be
raised so that he is also able to make some constructive criticism, which is
welcomed, as he is the final user of the system.
5.2 SYSTEM TESTING:
Testing is a process of checking whether the developed system is working according to the original objectives and requirements. It is a set of activities that can be planned in advance and conducted systematically. Testing is vital to the success of the system. System testing makes a logical assumption that if all the parts of the system are correct, the global will be successfully achieved. In adequate testing if not testing leads to errors that may not appear even many months. This creates two problems, the time lag between the cause and the appearance of the problem and the effect of the system errors on the files and records within the system. A small system error can conceivably explode into a much larger Problem. Effective testing early in the purpose translates directly into long term cost savings from a reduced number of errors. Another reason for system testing is its utility, as a user-oriented vehicle before implementation. The best programs are worthless if it produces the correct outputs.
5.2.1 UNIT TESTING:
A program represents the
logical elements of a system. For a program to run satisfactorily, it must
compile and test data correctly and tie in properly with other programs.
Achieving an error free program is the responsibility of the programmer.
Program testing checks
for two types
of errors: syntax
and logical. Syntax error is a
program statement that violates one or more rules of the language in which it
is written. An improperly defined field dimension or omitted keywords are
common syntax errors. These errors are shown through error message generated by
the computer. For Logic errors the programmer must examine the output
carefully.
UNIT TESTING:
Description | Expected result |
Test for application window properties. | All the properties of the windows are to be properly aligned and displayed. |
Test for mouse operations. | All the mouse operations like click, drag, etc. must perform the necessary operations without any exceptions. |
5.1.3 FUNCTIONAL TESTING:
Functional testing of an
application is used to prove the application delivers correct results, using
enough inputs to give an adequate level of confidence that will work correctly
for all sets of inputs. The functional testing will need to prove that the
application works for each client type and that personalization function work
correctly.When a program is tested, the actual output is compared with
the expected output. When there is a discrepancy the sequence of instructions
must be traced to determine the problem.
The process is facilitated by breaking the program into self-contained
portions, each of which can be checked at certain key points. The idea is to
compare program values against desk-calculated values to isolate the problems.
FUNCTIONAL TESTING:
Description | Expected result |
Test for all modules. | All peers should communicate in the group. |
Test for various peer in a distributed network framework as it display all users available in the group. | The result after execution should give the accurate result. |
5.1. 4 NON-FUNCTIONAL TESTING:
The Non Functional software testing encompasses a rich spectrum of testing strategies, describing the expected results for every test case. It uses symbolic analysis techniques. This testing used to check that an application will work in the operational environment. Non-functional testing includes:
5.1.5 LOAD TESTING:
An important tool for implementing system tests is a Load generator. A Load generator is essential for testing quality requirements such as performance and stress. A load can be a real load, that is, the system can be put under test to real usage by having actual telephone users connected to it. They will generate test input data for system test.
Load Testing
Description | Expected result |
It is necessary to ascertain that the application behaves correctly under loads when ‘Server busy’ response is received. | Should designate another active node as a Server. |
5.1.5 PERFORMANCE TESTING:
Performance tests are
utilized in order to determine the widely defined performance of the software
system such as execution time associated with various parts of the code,
response time and device utilization. The intent of this testing is to identify
weak points of the software system and quantify its shortcomings.
PERFORMANCE TESTING:
Description | Expected result |
This is required to assure that an application perforce adequately, having the capability to handle many peers, delivering its results in expected time and using an acceptable level of resource and it is an aspect of operational management. | Should handle large input values, and produce accurate result in a expected time. |
5.1.6 RELIABILITY TESTING:
The software reliability
is the ability of a system or component to perform its required functions under
stated conditions for a specified period of time and it is being ensured in
this testing. Reliability can be expressed as the ability of the software to
reveal defects under testing conditions, according to the specified
requirements. It the portability that a software system will operate without
failure under given conditions for a given time interval and it focuses on the
behavior of the software element. It forms a part of the software quality
control team.
RELIABILITY TESTING:
Description | Expected result |
This is to check that the server is rugged and reliable and can handle the failure of any of the components involved in provide the application. | In case of failure of the server an alternate server should take over the job. |
5.1.7 SECURITY TESTING:
Security testing evaluates
system characteristics that relate to the availability, integrity and
confidentiality of the system data and services. Users/Clients should be
encouraged to make sure their security needs are very clearly known at
requirements time, so that the security issues can be addressed by the
designers and testers.
SECURITY TESTING:
Description | Expected result |
Checking that the user identification is authenticated. | In case failure it should not be connected in the framework. |
Check whether group keys in a tree are shared by all peers. | The peers should know group key in the same group. |
5.1.7 WHITE BOX TESTING:
White box
testing, sometimes called glass-box
testing is a test case
design method that uses
the control structure
of the procedural design to
derive test cases. Using
white box testing
method, the software engineer
can derive test
cases. The White box testing focuses on the inner structure of the
software structure to be tested.
5.1.8 WHITE BOX TESTING:
Description | Expected result |
Exercise all logical decisions on their true and false sides. | All the logical decisions must be valid. |
Execute all loops at their boundaries and within their operational bounds. | All the loops must be finite. |
Exercise internal data structures to ensure their validity. | All the data structures must be valid. |
5.1.9 BLACK BOX TESTING:
Black box testing, also
called behavioral testing, focuses on the functional requirements of the
software. That is,
black testing enables
the software engineer to derive
sets of input
conditions that will
fully exercise all
functional requirements for a
program. Black box testing is not
alternative to white box techniques.
Rather it is
a complementary approach that
is likely to
uncover a different class
of errors than
white box methods. Black box
testing attempts to find errors which focuses on inputs, outputs, and principle
function of a software module. The starting point of the black box testing is
either a specification or code. The contents of the box are hidden and the
stimulated software should produce the desired results.
5.1.10 BLACK BOX TESTING:
Description | Expected result |
To check for incorrect or missing functions. | All the functions must be valid. |
To check for interface errors. | The entire interface must function normally. |
To check for errors in a data structures or external data base access. | The database updation and retrieval must be done. |
To check for initialization and termination errors. | All the functions and data structures must be initialized properly and terminated normally. |
All
the above system testing strategies are carried out in as the development,
documentation and institutionalization of the proposed goals and related
policies is essential.
CHAPTER 7
7.0 SOFTWARE SPECIFICATION:
7.1 FEATURES OF .NET:
Microsoft .NET is a set of Microsoft software technologies for rapidly building and integrating XML Web services, Microsoft Windows-based applications, and Web solutions. The .NET Framework is a language-neutral platform for writing programs that can easily and securely interoperate. There’s no language barrier with .NET: there are numerous languages available to the developer including Managed C++, C#, Visual Basic and Java Script.
The .NET framework provides the foundation for components to interact seamlessly, whether locally or remotely on different platforms. It standardizes common data types and communications protocols so that components created in different languages can easily interoperate.
“.NET” is
also the collective name given to various software components built upon the
.NET platform. These will be both products (Visual Studio.NET and Windows.NET
Server, for instance) and services (like Passport, .NET My Services, and so
on).
7.2 THE .NET FRAMEWORK
The .NET Framework has two main parts:
1. The Common Language Runtime (CLR).
2. A hierarchical set of class libraries.
The CLR is described as the “execution engine” of .NET. It provides the environment within which programs run. The most important features are
Managed Code
The code
that targets .NET, and which contains certain extra Information – “metadata” –
to describe itself. Whilst both managed and unmanaged code can run in the
runtime, only managed code contains the information that allows the CLR to
guarantee, for instance, safe execution and interoperability.
Managed Data
With Managed Code comes Managed Data. CLR provides memory allocation and Deal location facilities, and garbage collection. Some .NET languages use Managed Data by default, such as C#, Visual Basic.NET and JScript.NET, whereas others, namely C++, do not. Targeting CLR can, depending on the language you’re using, impose certain constraints on the features available. As with managed and unmanaged code, one can have both managed and unmanaged data in .NET applications – data that doesn’t get garbage collected but instead is looked after by unmanaged code.
Common Type System
The CLR uses something called the Common Type System (CTS) to strictly enforce type-safety. This ensures that all classes are compatible with each other, by describing types in a common way. CTS define how types work within the runtime, which enables types in one language to interoperate with types in another language, including cross-language exception handling. As well as ensuring that types are only used in appropriate ways, the runtime also ensures that code doesn’t attempt to access memory that hasn’t been allocated to it.
Common Language Specification
The CLR provides built-in support for language interoperability. To ensure that you can develop managed code that can be fully used by developers using any programming language, a set of language features and rules for using them called the Common Language Specification (CLS) has been defined. Components that follow these rules and expose only CLS features are considered CLS-compliant.
7.3 THE CLASS LIBRARY
.NET provides a single-rooted hierarchy of classes, containing over 7000 types. The root of the namespace is called System; this contains basic types like Byte, Double, Boolean, and String, as well as Object. All objects derive from System. Object. As well as objects, there are value types. Value types can be allocated on the stack, which can provide useful flexibility. There are also efficient means of converting value types to object types if and when necessary.
The set of classes is pretty comprehensive, providing collections, file, screen, and network I/O, threading, and so on, as well as XML and database connectivity.
The class library is subdivided into a number of sets (or namespaces), each providing distinct areas of functionality, with dependencies between the namespaces kept to a minimum.
7.4 LANGUAGES SUPPORTED BY .NET
The multi-language capability of the .NET Framework and Visual Studio .NET enables developers to use their existing programming skills to build all types of applications and XML Web services. The .NET framework supports new versions of Microsoft’s old favorites Visual Basic and C++ (as VB.NET and Managed C++), but there are also a number of new additions to the family.
Visual Basic .NET has been updated to include many new and improved language features that make it a powerful object-oriented programming language. These features include inheritance, interfaces, and overloading, among others. Visual Basic also now supports structured exception handling, custom attributes and also supports multi-threading.
Visual Basic .NET is also CLS compliant, which means that any CLS-compliant language can use the classes, objects, and components you create in Visual Basic .NET.
Managed Extensions for C++ and attributed programming are just some of the enhancements made to the C++ language. Managed Extensions simplify the task of migrating existing C++ applications to the new .NET Framework.
C# is Microsoft’s new language. It’s a C-style language that is essentially “C++ for Rapid Application Development”. Unlike other languages, its specification is just the grammar of the language. It has no standard library of its own, and instead has been designed with the intention of using the .NET libraries as its own.
Microsoft Visual J# .NET provides the easiest transition for Java-language developers into the world of XML Web Services and dramatically improves the interoperability of Java-language programs with existing software written in a variety of other programming languages.
Active State has created Visual Perl and Visual Python, which enable .NET-aware applications to be built in either Perl or Python. Both products can be integrated into the Visual Studio .NET environment. Visual Perl includes support for Active State’s Perl Dev Kit.
Other languages for which .NET compilers are available include
ASP.NET XML WEB SERVICES | Windows Forms |
Base Class Libraries | |
Common Language Runtime | |
Operating System |
Fig1 .Net Framework
C#.NET is also compliant with CLS (Common Language Specification) and supports structured exception handling. CLS is set of rules and constructs that are supported by the CLR (Common Language Runtime). CLR is the runtime environment provided by the .NET Framework; it manages the execution of the code and also makes the development process easier by providing services.
C#.NET is
a CLS-compliant language. Any objects, classes, or components that created in
C#.NET can be used in any other CLS-compliant language. In addition, we can use
objects, classes, and components created in other CLS-compliant languages in
C#.NET .The use of CLS ensures complete interoperability among applications,
regardless of the languages used to create the application.
CONSTRUCTORS AND DESTRUCTORS:
Constructors are used to initialize objects, whereas destructors are used to destroy them. In other words, destructors are used to release the resources allocated to the object. In C#.NET the sub finalize procedure is available. The sub finalize procedure is used to complete the tasks that must be performed when an object is destroyed. The sub finalize procedure is called automatically when an object is destroyed. In addition, the sub finalize procedure can be called only from the class it belongs to or from derived classes.
GARBAGE COLLECTION
Garbage Collection is another new feature in C#.NET. The .NET Framework monitors allocated resources, such as objects and variables. In addition, the .NET Framework automatically releases memory for reuse by destroying objects that are no longer in use.
In C#.NET, the garbage collector checks for the objects that are not currently in use by applications. When the garbage collector comes across an object that is marked for garbage collection, it releases the memory occupied by the object.
OVERLOADING
Overloading is another feature in C#. Overloading enables us
to define multiple procedures with the same name, where each procedure has a
different set of arguments. Besides using overloading for procedures, we can
use it for constructors and properties in a class.
MULTITHREADING:
C#.NET also supports multithreading. An application that supports multithreading can handle multiple tasks simultaneously, we can use multithreading to decrease the time taken by an application to respond to user interaction.
STRUCTURED EXCEPTION HANDLING
C#.NET supports structured handling, which enables us to
detect and remove errors at runtime. In C#.NET, we need to use
Try…Catch…Finally statements to create exception handlers. Using
Try…Catch…Finally statements, we can create robust and effective exception
handlers to improve the performance of our application.
7.5 THE .NET FRAMEWORK
The .NET Framework is a new computing platform that simplifies application development in the highly distributed environment of the Internet.
OBJECTIVES OF .NET FRAMEWORK
1. To provide a consistent object-oriented programming environment whether object codes is stored and executed locally on Internet-distributed, or executed remotely.
2. To provide a code-execution environment to minimizes software deployment and guarantees safe execution of code.
3. Eliminates the performance problems.
There are
different types of application, such as Windows-based applications and Web-based
applications.
7.6 FEATURES OF SQL-SERVER
The OLAP Services feature available in SQL Server version 7.0 is now called SQL Server 2000 Analysis Services. The term OLAP Services has been replaced with the term Analysis Services. Analysis Services also includes a new data mining component. The Repository component available in SQL Server version 7.0 is now called Microsoft SQL Server 2000 Meta Data Services. References to the component now use the term Meta Data Services. The term repository is used only in reference to the repository engine within Meta Data Services
SQL-SERVER database consist of six type of objects,
They are,
1. TABLE
2. QUERY
3. FORM
4. REPORT
5.
MACRO
7.7 TABLE:
A database is a collection of data about a specific topic.
VIEWS OF TABLE:
We can work with a table in two types,
1. Design View
2. Datasheet View
Design View
To build or modify the structure of a table we work in the table design view. We can specify what kind of data will be hold.
Datasheet View
To add, edit or analyses the data itself we work in tables datasheet view mode.
QUERY:
A query is a question that has to be asked the data. Access gathers data that answers the question from one or more table. The data that make up the answer is either dynaset (if you edit it) or a snapshot (it cannot be edited).Each time we run query, we get latest information in the dynaset. Access either displays the dynaset or snapshot for us to view or perform an action on it, such as deleting or updating.
CHAPTER 7
APPENDIX
7.1 SAMPLE SOURCE CODE
7.2
SAMPLE OUTPUT
CHAPTER 8
8.0 CONCLUSION AND FUTURE:
We presented SybilTrust, a defense against Sybil attack in P2P e-commerce. Compared to other approaches, our approach is based on neighborhood similarity trust in a group P2P e-commerce community. This approach exploits the relationship between peers in a neighborhood setting. Our results on real-world P2P e-commerce confirmed fastmixing property hence validated the fundamental assumption behind SybilGuard’s approach. We also describe defense types such as key validation, distribution, and position verification. This method can be done at in simultaneously with neighbor similarity trust which gives better defense mechanism. For the future work, we intend to implement SybilTrust within the context of peers which exist in many groups. Neighbor similarity trust helps to weed out the Sybil peers and isolate maliciousness to specific Sybil peer groups rather than allow attack in honest groups with all honest peers.