EXPERIMENT NO.

1
Problem Identification /Project Title

1.1 Introduction
1.2 Background
1.3 Motivation
1.4 Problem Statement
1.5 Objective and Scope

1.1 INTRODUCTION: AN OVERVIEW OF THE SYSTEM

Network monitoring is very crucial for any business. Today, networks span globally,
having multiple links established between geographically separated data centers,
public and private clouds. This creates multifield challenges in network management.
Network admins need to be more proactive and agile in monitoring network
performance.

Our Network Monitoring System system that allows users to keep track of their
network's activity and ensure its security. It provides features such as website
blocking, session time monitoring, and even key logging. These features enable
individuals and businesses to have better control over their networks, limit the access
of unwanted sites or users, and prevent unauthorized access to sensitive data.

1.2 BACKGROUND: EXISTING SYSTEM

 Freemium Version
 Monitor your devices and interfaces using our free network monitoring
software.
 Full-stack Monitoring
 Full-fledged Server Monitoring with more than 60 performance metrics for
your physical, virtual, and cloud servers
 Abuse of account privileges.
 From honest mistakes to misuse of account privileges and intentional leaks, to
identity theft, or any other engineering attack to compromise the security of
user account data; individuals inside your premises are among your major
security problems.
 Insufficient IT security management
 Even with the most reliable cyber-security solutions, most organizations may
still face threats since they lack enough skilled workforce to manage the
resources well. As a result, you may miss crucial security alerts, and any
successful attack may not be countered early enough to minimize the damage.
1.2 MOTIVATION

The seamless operation of the Internet requires being able to monitor and to visualize
the actual behaviour of the network. Today, IP network operators usually collect
network flow statistics from critical points of their network infrastructure. Whereas
network problems or attacks that significantly change traffic patterns are relatively
easy to identify, it tends to be much more challenging to identify creeping changes or
attacks and faults that manifest themselves only by very careful analysis of initially
seemingly unrelated traffic patterns and their changes. There are currently no
deployable good network visualization solutions supporting this kind of network
analysis, and research in this area is just starting. In addition, the large volume of flow
data on high-capacity networks and exchange points requires moving to probabilistic
sampling techniques, which require new analysis techniques to calculate and also to
visualize the uncertainty attached to data sets

1.3 PROBLEM STATEMENT

1. Real Time Monitoring: -

 Employers to observe employees' computer activities;
 Device owners to track possible unauthorized activity on their devices.
2. User management: -
 User management describes the ability for administrators to manage devices,
systems, applications, storage systems, networks and user access to other
various IT resources.
3. Key Logger: -
 Key loggers also known as keystroke loggers, may be defined as the recording
of the key pressed on a system and saved it to a file, and the that file is
accessed by the person using this malware.
1.5 OBJECTIVE AND SCOPE OF THE PROJECT
Security monitoring is a key cloud security strategy that has several important
purposes, these include:

O Threat Detection Some exploits may not be preventable and some threats may not
be anticipated, and in this sense, monitoring is the last line of defence. But there is a
difference between detecting a security situation and doing something about it.

O Verification of Security Controls Although most security controls are oriented

toward enforcing security policy, monitoring is used to verify the correct operation of
other security controls. If events which indicate actions prohibited by policy appear in
the security event stream, this would indicate that policy is not being correctly
enforced by security controls.

O A Legal Record of Activity Security event data can form a legal record of actions
that users or processes performed. To be used in a legal proceeding, this data must
have verifiable integrity (records have not been altered and they comprise a complete
record) and the organization must be able to demonstrate chain of custody over the
data.
 EXPERIMENT NO. 2

LITERATURE SURVEY FOR

PROBLEM IDENTIFICATION AND SPECIFICATION

2.1 Introduction

2.2 Research Papers

2.1 INTRODUCTION

Network monitoring is very crucial for any business. Today, networks span globally,
having multiple links established between geographically separated data centers,
public and private clouds. This creates multifield challenges in network management.
Network admins need to be more proactive and agile in monitoring network
performance.

Our Network Monitoring System system that allows users to keep track of their
network's activity and ensure its security. It provides features such as website
blocking, session time monitoring, and even key logging. These features enable
individuals and businesses to have better control over their networks, limit the access
of unwanted sites or users, and prevent unauthorized access to sensitive data.

2.2 Objectives

 Gaining an understanding on the fundamentals and state-of-the art of the area.

 Learning the definitions of the concepts.
 Access to latest approaches, methods and theories.
 Discovering research topics based on the existing research
 Concentrate on your own field of expertise: Even if another field uses the same
words, they usually mean
 completely different thing.
 It improves the quality of the literature survey to exclude side-tracks–
Remember to explicate what is exclude
2.2 RESEARCH PAPER
1. Network Security and Technology Research
Abstract:
The rapid development of computer network system brings both a great convenience
and new security threats for users. Network security problem generally includes
network system security and data security. Specifically, it refers to the reliability of
network system, confidentiality, integrity and availability of data information in the
system. Network security problem exists through all the layers of the computer
network, and the network security objective is to maintain the confidentiality,
authenticity, integrity, dependability, availability and audit-ability of the network.
This paper introduces the network security technologies mainly in detail, including
authentication, data encryption technology, firewall technology, intrusion detection
system (IDS), antivirus technology and virtual private network (VPN). Network
security problem is related to every network user, so we should put a high value upon
network security, try to prevent hostile attacks and ensure the network security.
Published in: 2015 Seventh International Conference on Measuring Technology and
Mechatronics Automation
Publisher: IEEE

2. A Formal Model for Network-Wide Security Analysis

Abstract:
Network designers perform challenging tasks with so many configuration options that
it is often hard or even impossible for a human to predict all potentially dangerous
situations. In this paper, we introduce a formal method approach for verification of
security constraints on networks with dynamic routing protocols in use. A unifying
model based on packet-filters is employed for modelling of network behaviour. Over
this graph model augmented with filtering rules over edges verification of reach
ability properties can be made. In our approach we also consider topology changes
caused by dynamic routing protocols.
Published in: 15th Annual IEEE International Conference and Workshop on the
Engineering of Computer Based Systems (ecbs 2008)
Publisher: IEEE
3. Enabling Cyber Security Data Sharing for Large-scale
Enterprises Using Managed Security Services
Abstract:
Large enterprises and organizations from both private and public sectors typically
outsource a platform solution, as part of the Managed Security Services (MSSs), from
3rd party providers (MSSPs) to monitor and analyse their data containing cyber
security information. Sharing such data among these large entities is believed to
improve their effectiveness and efficiency at tackling cybercrimes, via improved
analytics and insights. However, MSS platform customers currently are not able or not
willing to share data among themselves because of multiple reasons, including privacy
any proposed mechanism or technique to address such a challenge need to ensure that
sharing is achieved in a secure and controlled way. In this paper, we propose a new
architecture and use case driven designs to enable confidential, flexible and
collaborative data sharing among such organizations using the same MSS platform.
MSS platform is a complex environment where different stakeholders, including
authorized MSSP personnel and customers' own users, have access to the same
platform but with different types of rights and tasks.
Published in: 2018 IEEE Conference on Communications and Network Security
(CNS)
Publisher: IEEE

4. Security-aware Software Development Life Cycle (SaSDLC) -

Processes and tools
Abstract:
Today an application is secured using invitro perimeter security. In Next Generation
Internet (NGI), where all applications will be networked, security needs to be in-vivo;
security must be functions within the application. Applications running on any device,
be it on a mobile or on a fixed platform - need to be security-aware using Security
aware Software Development Life Cycle (SaSDLC), which is the focus of this paper.
We also present a tool called Suraksha that comprises of Security Designers'
Workbench and Security Testers' Workbench that helps a developer to build Security-
aware applications.
Published in: 2009 IFIP International Conference on Wireless and Optical
Communications Networks
Publisher: IEEE
5. Information Security Monitoring System Based on Data
Mining
Abstract:
Some heterogeneous security equipment’s such as firewalls, intrusion detection
systems, and anti-virus gateways, can produce massive security events which are
difficult to manage efficiently. So, a log-based mining, distributed, and multi-protocol
supported framework of security monitoring system is proposed. Security event
correlation based on data mining analysis can automatically extract association rules,
analyse alarming and found new invasion model, so it is a highly intelligent solution.
Published in: 2009 Fifth International Conference on Information Assurance and
Security
Publisher: IEEE

6. Study on data acquisition solution of network security

monitoring system
Abstract:
With the demands for network security, some heterogeneous security equipment’s
such as firewalls, intrusion detection systems, and anti-virus gateways are widely
deployed in network, and produce massive security events which need to be merged
and analysed. Therefore, a distributed and multi-protocol supported network security
monitoring system is proposed. The paper describes the architecture of the network
security monitoring system. Focusing on the system acquisition layer, two methods
are designed for monitoring data collection: syslog-based collection and real-time
traffic-based collection. The ActiveMQ which based on the JMS specification was
adopted for data transmission…
Published in: 2010 IEEE International Conference on Information Theory and
Information Security
Publisher: IEE

7. Network Security Monitoring

Chapter Abstract:
Network security monitoring remains a vital component for incident response, threat
hunting, and network security in general. This chapter focuses on network activity and
explores the Elastic Stack and ways to integrate host‐based data to provide enhanced
visibility across the network. It examines the architecture for deployment of Security
Onion in an enterprise and each of the major tools integrated into the platform. The
chapter outlines basic skills to facilitate effective incident response for those situations
where the critical data that reader need has not been conveniently placed into Elastic
Stack or another analysis platform. The Elastic Stack provides an amazing platform to
support incident response, but readers occasionally will need to access other data
sources directly on a host or that otherwise have not been ingested into a centralized
analysis platform. Web servers, nix systems, and other applications store many of
their logs in a text‐based format.
Publisher: Wiley Data and Cyber security
Publisher: IEEE

8. Integrated workstations for reliable, site-independent security

monitoring and control
Abstract:
The Security Console Project at Lawrence Livermore National Laboratory has
designed and implemented a series of security communications command centres for
monitoring and controlling its physical security systems. The author discusses the
important aspects of this project that address reliable, site-independent operation.
Major concepts presented include the use of operator workstations, map-based alarm
displays, rule-based incident assessment, and computer-aided configuration
management.
Published in: Proceedings Institute of Electrical and Electronics Engineers 1988
International Carnahan Conference on Security Technology, Crime Countermeasures
Publisher: IEEE

9. Design of security integrated monitoring system

Abstract:
The development of Internet of things technology has brought about changes in the
monitoring industry. The integration of video monitoring and defence monitoring
system based on video technology and sensor technology becomes possible. In this
paper, combined with the widely used video monitoring equipment and defence
monitoring equipment in the current market, as well as the corresponding software
interface, a set of integrated security monitoring software system with defence
monitoring and video monitoring functions is designed, which can quickly make video
response in the defence alarm. At the same time, this paper discusses the key technical
problems that need to be solved in the practical application of the system.
Published in: 2021 IEEE 4th International Conference on Information Systems and
Computer Aided Education (ICISCAE)
Publisher: IEEE

10. The research on data flow technology in computer network

security monitoring
Abstract:
With the rapid development of computer technology and application of Internet is
becoming more and more widely, the Internet plays a more and more important role in
people's life. At the same time, all kinds of network security events emerge in
endlessly, seriously threaten the application and development of the Internet. With the
purpose of safety, network monitoring, have more and more important significance in
the maintenance of normal efficiently network run, key facilities, information system
security, etc., How to realize effective network transmission and efficient online
analysis to a huge number of distributed network security monitoring data so as to
provide further support for a variety of applications become a major challenge in the
field of network security and data processing.
Published in: 2014 IEEE Workshop on Advanced Research and Technology in
Industry Applications (WARTIA)
Publisher: IEEE

11.Component Based Security Control for Information Network

Abstract:
It is a complex engineering to protect the security of information network (info-net),
so it is necessary to study out a new security control architecture and model in the
view of systemic control. According to the characteristics and security demands of
info-net, a new security control viewpoint and its architecture based on components is
proposed, the security control system is built, and details about the structure of control
framework, its various types, and functions and propagation modes of security control
components are introduced, then the features of the control system are summarized in
the end
Published in: The Proceedings of the Multiconference on "Computational
Engineering in Systems Applications"
Publisher: IEEE(Yu Wang; Jun Lu; Zhongwang Wu; Yu Lu)

12. Construction of Network Security Perception System Using

Elman Neural Network
Abstract:
the purpose of the study is to improve the security of the network, and make the state
of network security predicted in advance. First, the theory of neural networks is
studied, and its shortcomings are analysed by the standard Elman neural network.
Second, the layers of the feedback nodes of the Elman neural network are improved
according to the problems that need to be solved. Then, a network security perception
system based on GA-Elman (Genetic Algorithm-Elman) neural network is proposed to
train the network by global search method. Finally, the perception ability is compared
and analysed through the model. The results show that the model can accurately
predict network security based on the experimental charts and corresponding
evaluation indexes. The comparative experiments show that the GA-Elman neural
network security perception system has a better prediction ability. Therefore, the
model proposed can be used to predict the state of network security and provide early
warnings for network security administrators.
Published in: 2021 2nd International Conference on Computer Communication and
Network Security (CCNS)
Publisher: Yun; Huang Qiang; Ma Yixuan

13. Network Security Situation Prediction in Software Defined

Networking Data Plane
Abstract:
Software-Defined Networking (SDN) simplifies network management by separating
the control plane from the data forwarding plane. However, the plane separation
technology introduces many new loopholes in the SDN data plane. In order to
facilitate taking proactive measures to reduce the damage degree of network security
events, this paper proposes a security situation prediction method based on particle
swarm optimization algorithm and long-short-term memory neural network for
network security events on the SDN data plane. According to the statistical
information of the security incident, the analytic hierarchy process is used to calculate
the SDN data plane security situation risk value. Then use the historical data of the
security situation risk value to build an artificial neural network prediction model.
Finally, a prediction model is used to predict the future security situation risk value.
Experiments show that this method has good prediction accuracy and stability.
Published in: 2020 IEEE International Conference on Advances in Electrical
Engineering and Computer Applications ( AEECA)
Publisher: Mingren Sheng; Hongri Liu; Xu Yang; Wei Wang; Junheng
Huang; Bailing Wang

14. Research on the Application of Intelligent Learning

Algorithms in Network Security Situation Awareness and
Prediction Methods
Abstract:
As the core hotspot of network information security, network security situational
awareness has received more and more attention. In order to explore the application
effect of intelligent learning algorithm, this study takes Radial Basis Function (RBF)
as the main research object, optimizes RBF by Simulated Annealing (SA) algorithm
and Hybrid Hierarchy Genetic Algorithm (HHGA), constructs RBF neural network
prediction model based on SA-HHGA optimization, and carries out relevant
experiments. The results show that the predicted situation value of the optimized RBF
in 15 samples is very close to the realistic situation value. RBF has good prediction
effect and can provide assistance for the maintenance of network security.
Published in: 2021 5th Asian Conference on Artificial Intelligence Technology
(ACAIT)
Publisher: Zhihua Chen

15. Research on Network Security Situation Prediction-Oriented

Adaptive Learning Neuron
Abstract:
Network security situation perception is to predict the probability of attacks, may
occur in the future, by a variety of predicting methods, by recent network attacking
data obtained from IDS (Intrusion Detection System). Neural Network model has
many features, high degree of fault tolerance, associability, self-organizing and self-
learning ability, and strong nonlinear mapping and generalization for a complex
system, for example. Therefore, Neural Network was applied to the field of network
security situation prediction. Adaptive Learning of neuron was introduced. It will be
more flexibility to meet changing security environment of such a complex system
requirement. The design and achievement of the adaptive learning neuron was stated
in detail.
Published in: 2010 Second International Conference on Networks Security, Wireless
Communications and Trusted Computing
Publisher: Jing Li; Chunbo Dong

16. Security Model Based on Network Business Security

Abstract:
Enterprise Network Information System is not only the platform for information
sharing and information exchanging, but also the platform for Enterprise Production
Automation System and Enterprise Management System working together. As a
result, the security defence of Enterprise Network Information System does not only
include information system network security and data security, but also include the
security of network business running on information system network, which is the
confidentiality, integrity, continuity and real-time of network business. According to
the security defence of Enterprise Network Information System, this paper proposes
the "network business security" concept. In this paper, the object of information
security is defined in three parts - - data security, network system security and
network business security, and the network business security model is described. The
proposal of the concept "network business security" provides theoretical basis for
security defence of enterprise automatic production system and enterprise
management information system.
Published in: 2009 International Conference on Computer Technology and
Development
Publisher: Wu Kehe; Zhang Tong; Li Wei; Ma Gang

17. Network Security Risk Assessment and Situation Analysis

Abstract:
With the development of computer networks, the spread of malicious network
activities poses great risks to the operational integrity of many organizations and
imposes heavy economic burdens on life and health. Therefore, risk assessment is
very important in network security management and analysis. Network security
situation analysis not only can describe the current state but also project the next
behaviour of the network. Alerts coming from IDS, Firewall, and other security tools
are currently growing at a rapid pace. In this paper, we described cyberspace
situational awareness from formal and visual methods. Next, to make security
administrator comprehend security situation and project the next behaviours of the
whole network, we present using parallel axes view to give expression clearly of
security events correlations.
Published in: 2007 International Workshop on Anti-Counterfeiting, Security and
Identification (ASID)
Publisher: Liu Mixia; Yu Dongmei; Zhang Qiuyu; Zhu Honglei

18. Network management security

Abstract:
A review is given of network management security issues and the authors explain how
ISO's SC21/WG4 is currently addressing these. Aspects covered include: what
network management security is, why it needs to be considered and what issues need
to be resolved to achieve this. Within this overall structure, specific details covered
include: management as a means of attack on managed system security; management
of security services; current trends that increase the need for network management
security; implementation difficulties arising from technical characteristics and
operational requirements; and ISO standards view. < >
Published in: [1990] Proceedings of the Sixth Annual Computer Security
Applications Conference
Publisher: R. Ward; P. Skeffington

19. Analysis of Computer Network Security Technology and

Preventive Measures under the Information Environment
Abstract:
This paper first summarizes what informatization is, and then analyses the service of
informatization computer network security management system in detail. Then, it
analyses the specific application and problems of informatization in computer network
security management system, including hash function to protect network information
transmission security, symmetric encryption strategy to protect computer network
information security and establishment of computer network security protection
system in information environment. Finally, it expounds the relevant countermeasures
to solve the network security threats under the information environment, including
comprehensively strengthening the computer network security management under the
information environment, establishing and perfecting the computer network security
protection system under the information environment, and strengthening the research
on the black and evil prevention mechanism under the information environment to
protect the computer network information security. In this paper, under the
background of Informa ionization, people pay more attention to the security
technology of computer network and related preventive measures.
Published in: 2020 5th International Conference on Mechanical, Control and
Computer Engineering (ICMCCE)
Publisher: Bin Ge; Jin Xu

20.Research on enterprise network security system

Abstract:
With the development of openness, sharing and interconnection of computer network,
the architecture of enterprise network becomes more and more complex, and various
network security problems appear. Threat Intelligence (TI) Analysis and situation
awareness (SA) are the prediction and analysis technology of enterprise security risk,
while intrusion detection technology belongs to active defence technology. In order to
ensure the safe operation of computer network system, we must establish a multi-level
and comprehensive security system. This paper analyses many security risks faced by
enterprise computer network and other technologies to build a comprehensive
enterprise security system to ensure the security of large enterprise network.
Published in: 2021 2nd International Conference on Computer Science and
Management Technology (ICCSMT)
Publisher: Jundan Hou; Xiang Jia

21. Research about solution for network security based on

security domain
Abstract:
The typical security solution can only ensure the security of the network boundary, but
not involve the internal security. According to different types of applications and
secrets that it provides, the network can be divided into a number of logical security
domains. Furthermore, the access control of the network could be realized by applying
dynamical VLAN technology, and the filtration and audit of the information exchange
between security domains is realized by mandatory access control policies, and the
unified identity authentication and access control is realized by applying SSL VPN
technology.
Published in: 2010 International Conference on Computer Design and Applications
Publisher: Yan Hui; Han Weijie; Wang Yu
 EXPERIMENT NO. 3

Project
Proposal

3.1 System Planning

3.2 System Design
3.3 System Requirement
3.4 Implementation Tools
3.1 SYSTEM PLANNING

STEPS INVOLVED IN THE SYSTEM DEVELOPMENT

LIFE CYCLE:

Below are the steps involved in the System Development Life Cycle. Each phase
within the overall cycle may be made up of several steps.

Step 1: Software Concept

The first step is to identify a need for the new system. This will include
determining whether a business problem or opportunity exists, conducting a
feasibility study to determine if the proposed solution is cost effective, and
developing a project plan.

This process may involve end users who come up with an idea for improving their
work. Ideally, the process occurs in tandem with a review of the organization's
strategic plan to ensure that IT is being used to help the organization achieve its
strategic objectives. Management may need to approve concept ideas before any
money is budgeted for its development
 Step 2: Requirements Analysis:

Requirement’s analysis is the process of analyzing the information needs of the end
users, the organizational environment, and any system presently being used,
developing the functional requirements of a system that can meet the needs of the
users. The requirements documentation should be referred to throughout the rest of
the system development process to ensure the developing project aligns with user
needs and requirements.

Professionals must involve end users in this process to ensure that the new system
will function adequately and meets their needs and expectations.

Step 3: Architectural Design:

After the requirements have been determined, the necessary specifications for the
hardware, software, people, and data resources, and the information products that
will satisfy the functional requirements of the proposed system can be determined.

The design will serve as a blueprint for the system and helps detect problems
before these errors or problems are built into the final system. Professionals create
the system design, but must review their work with the users to ensure the design
meets users’ needs.

Step 4: Coding and Debugging

Coding and debugging are the act of creating the final system. This step is done by
software developer.

Step 5: System Testing

The system must be tested to evaluate its actual functionality in relation to
expected or intended functionality. Some other issues to consider during this stage
would be converting old data into the new system and training employees to use
the new system. End users will be key in determining whether the developed
system meets the intended requirements, and the extent to which the system is
 used.

Step 6: Maintenance

Inevitably the system will need maintenance. Software will definitely undergo
change once it is delivered to the customer. There are many reasons for the change.
Change could happen because of some unexpected input values into the system. In
addition, the changes in the system could directly affect the software operations.
The software should be developed to accommodate changes that could happen
during the post implementation period.

There are various software process models like

o Prototyping Model
o RAD Model
o The Spiral Model
o The Waterfall Model
o The Iterative Model

Of all these process models we’ve used the Iterative model (The Linear Sequential
Model) for the development of our project.

3.2 The Iterative model

Iterative process starts with a simple implementation of a subset of the software

requirements and iteratively enhances the evolving versions until the full system is
implemented. At each iteration, design modifications are made and new functional
capabilities are added. The basic idea behind this method is to develop a system
through repeated cycles (iterative) and in smaller portions at a time (incremental)

The model consists of six distinct stages, namely

 1. In the requirements analysis phase

(a) The problem is specified along with the desired service objectives(goals)

(b) The constraints are identified

2. In the specification phase the system specification is produced from the

detailed definitions of (a) and (b) above. In the system and software design
phase, the system specifications are translated into a software representation.
The software engineer at this stage is concerned with: Data structure, Software
architecture, Algorithm, ic detail, Interface, representations The hardware
requirements are also determined at this stage along with a picture of the overall
system architecture. By the end of this stage should the software engineer
should be able to identify the relationship between the hardware, software and
the associated interfaces. Any faults in the specification should ideally not be
passed down stream.

3. In the implementation and testing phase stage the designs are translated into the
software domain. Detailed documentation from the design phase can
significantly reduce the coding effort. Testing at this stage focuses on making
sure that any errors are identified and that the software meets its required
specification.
4. In the integration and system testing phase all the program units are integrated
and tested to ensure that the complete system meets the software requirements.
After this stage the software is delivered to the customer [Deliverable – The
software product is delivered to the client for acceptance testing.]
5. The maintenance phase the usually the longest stage of the software. In this
phase the software is updated to: Meet the changing customer needs, adapted to
accommodate changes in the external environment, Correct errors and
oversights previously undetected in the testing phases enhancing the efficiency
of the software
Observe that feedback loops allow for corrections to be incorporated into the model.
For example, a problem /update in the design phase requires a ‘revisit’ to the
specifications phase. When changes are made at any phase, the relevant
documentation should be updated to reflect that change.

Advantages of the Iterative Model: -

Testing is inherent to every phase of the

Iterative model It is an enforced disciplined

approach It is documentation driven, that is,

documentation is produced at every stage

Disadvantages of the Iterative Model: -

The waterfall model is the oldest and the most widely used paradigm.
However, many projects rarely follow its sequential flow. This is due to the
inherent problems associated with its rigid format. Namely:

It only incorporates iteration indirectly, thus changes may cause

considerable confusion as the project progresses

3.3 SYSTEM DESIGN

There are two models to collect data, push and pull. In monitoring system, I would

always go with pull model, and the reason is as below:

1. Scalability Concern. Our infrastructure will keep growing, and we many have
hundreds or thousands of services in the coming years. And our service usage,
user base will grow too. If we go with the push model, then all these services will
keep hitting our monitor service. If we have a service which processes 1M
requests per second, and this service push the metrics to our monitoring service
 upon every request, then we will suffer from scalability issue frequently as we
grow. So instead of getting called to get metrics, I would prefer to actively pull the
data from the services.

2. Automatic Upness Monitoring — By pulling the data proactively, we can

directly know if the service is alive or not. For example, if one service is not
reachable, we can be aware of it immediately.

3. Easier Horizontal Monitoring — If we have two independent systems A and B,

but one day we need to monitor some service in system B from system A. We can
pull metrics from system B directly, no need to configure system B to push to
system A.

4. Easier for Testing — We can simply spin up testing env, and copy the
configuration from production, then you can pull the same metrics as prod and do
testing.

5. Simpler High Availability — just spin up two servers with the same
configuration to pull the same data to achieve HA.

6. Less configuration, no need to configure every service.

Base on the analysis above, my design for the pull model is below:

1. Our service will pull the data from the services regularly (for example every
second). We need a real time monitoring system, but a lag of a couple of seconds
is totally fine.

2. Exporters — The services should not call our monitor service to send the data.
Instead, they can save the metrics to an exporter, and the data can be stored there
to get pulled. So that, our monitor service will not be exhausted from getting
 called, and it will be more scalable. Also, our monitoring system may need the
data in a specific format, and the services may be designed in different
technologies, and have data in different formats. So, we require an exporter
attached to each service, which reformats the data into the correct format for our
monitor services. And our monitor will pull the data from the exporters.

3. Push Gateway — For cron jobs, they are not service based, but we may need to
monitor the metrics from them too. So, we can have a push gateway, which lives
behind all the cron jobs, and the monitor can just pull the data from the gateway
directly.

Exporter Design

Since we discussed the components for the Pull model, i.e., Exporter, and Push

Gateway.

Some interview may question why not have multiple services hooked to one exporter.

And I would always prefer one service per exporter, and the argument is below:

1. Operational bottleneck — the exporter will become a bottleneck if we have too

many services behind it

2. Single point of failure, and one service pushes too much will block others

3. If I am only interested in the metrics of one service, I cannot get that only, I have
to read all

4. No upness monitoring — if one service is not reachable, we will not be able to

know.

5. Hard to get service metadata — we can store the service metadata in the exporter
Clustering?
Our monitoring system has to be very stable, so I would not go with the network
clustering approach for the monitoring service. The reason is, clustering is very
complicated, and easier to break. So it would be better to have on single solid node that
does not depend on network.

Also, for the monitoring data, we usually care more about recent data. We usually do
not care about metrics days or weeks ago. So we only need to store recent data instead
of all historical data. Then there is no reason for us to go with the clustering approach.

And we can simply run 2 servers in parallel, which will be sufficient enough for HA.

Design
Since we only care about more recent data in the monitoring. The data usage pattern
for monitor is like below:

1. recent data is very frequently accessed

2. historical data may be accessed occasionally

So, we can store the recent data in memory for faster reads, and older data in disk. If
we have 1M metrics to monitor, and for each metrics, there is a data point for every
second, which is 16 bytes (key-value pair). Then for a server with 128GB memory, we
can save around 2 hours of data. Which is good enough.
For the data in memory, we can save them in chunks, and once an older chunk is filled,
we can simply compress it and save it on to a disk. For these data, querying on them
will be slower, as we need to read from disk and decompress them. But I think
slowness on querying old data is acceptable.

For much older data, like data months ago, we can store the compress data into a
cheaper data storage offsite.

Since the recent monitored data are in memory, we will need a recovery system for
them. If the server crashes, in order not to lose all the data, we need to create snapshots
of the memory maybe every few minutes.

Also, we need to keep a monitor on the memory usage on the monitor service, in case
our server is running out of memory during peak usages. When the memory usage is
high, we may need to speed up the compress and save to disk process.

The DB we need to use for monitoring service would be time series DB.

Base on the discussion above, this is a high-level design for a monitor service.

 Exporter — Pulls metrics from targets and convert them to correct format

 Push Gateway — Kron jobs to push metrics to at exit, then we can pull metrics
from it.

 Data retrieval workers — pull data

 Time series storage — Local SSD / Remote Storage

 Query Service — visualize data

 Alert manager — to send alerts to different channels

 Service Discovery — Configuration for the targets to pull metrics from

3.4 TIMELINE CHART

A timeline chart is an effective way to visualize a process using chronological order.

Since details are displayed graphically, important points in time can be easy seen and
understood.
Often used for managing a project’s schedule, timeline charts function as a sort of
calendar of events within a specific period of time.
A Timeline chart is constructed with a horizontal axis representing the total time span
of the project, broken down into increments (for example, days, weeks, or months)
and a vertical axis representing the tasks that make up the project (for example, if the
project is outfitting your computer with new software, the major tasks involved might
be: conduct research, choose software, install software). Horizontal bars of varying
lengths represent the sequences, timing, and time span for each task. Using the same
example, you would put conduct research" at the top of the vertical axis and draw a
bar on the graph that represents the amount of time you expect to spend on the
research, and then enter the other tasks below the first one and representative bars at
the points in time when you expect to undertake them.
The bar spans may overlap, as, for example, you may conduct research and choose
software during the same time span. As the project progresses, secondary bars,
arrowheads, or darkened bars may be added to indicate completed tasks, or the
portions of tasks that have been completed. A vertical line is used to represent the
report date.
3.5 BLOCK DIAGRAM
Introduction: It is a process of collecting and interpreting facts, identifying the
problems, and decomposition of a system into its component. System analysis is
conducted for the purpose of studying a system or its parts in order to identify its
objectives. It is a problem-solving technique that improves the system and ensures that
all the components of the system work efficiently to accomplish their purpose.
Analysis specifies what the system should do. It is a process of planning a new
business system or replacing an existing system by defining its components or
modules to satisfy the specific requirements. Before planning, you need to understand
the old system thoroughly and determine how computers can best be used in order to
operate efficiently. System Design focuses on how to accomplish the objective of the
system.
3.6 SYSTEM REQUIREMENT
Hardware Requirement

 Ram: At Least128MB
 Processor: 300 MHz or higher processor (Pentium processor recommended)
 HDD: 20 GB or more

Software Requirement

 Docker
 MySqlServer

Languages used

 HTML
 CSS
 JavaScript
 Python

REFERENCES AND BIBLIOGRAPHY

https:/gongybable.medium.com/system-design-design-a-monitoring-
systemf0f0cbafc895
i) Google for problem-solving
ii) http://www.javaworld.com/javaworld/jw-01-1998/jw-01-Credentialreview.html
iii) Database Programming with JDBC and Java by O’Reilly
iv) Head First Java 2NdEdition
v) http://www.jdbc-tutorial.com/
vi) Java andhttps://www.javapoint.com/java-tutorial
vii) Software Design Concept byApress
viii) https://www.tutorialpoint.com/java/
ix) https://docs.oracle.com/javase/tutorial/
x) https://www.wampserver.com/en/
xi) https://www.JSP.net/
xii) https://www.tutorialspoint.com/mysql/
xiii) httpd.apache.org/docs/2.0/misc/tutorials.ht
 EXPERIMENT NO- 4

Anjuman-i-Islam’s
M.H. SABOO SIDDIK POLYTECHNIC
8, Saboo Siddik Polytechnic Road, Byculla
Mumbai- 400008
******

INFORMATION TECGNOLOGY

PROJECT DIARY
 Academic Session 2022-23

Programme DIPLOMA IN INFORMATION TECHNOLOGY

Course Code & Course IF-5I

Student Name MOHAMMED MUSAB

Student Roll no 20817

Guide Name Ms. KHAN SAMEERA

Project Title NETWORK SECURITY MONITORING SYSTEM

PROGRESSIVE ASSESSMENT (PA) SHEET

Sr. Marks
Criteria Max Marks
No Obtained

1 Problem Identification / Project Title

2 Industrial Survey / Literature Review

10  
3 Project Proposal

4 Project Diary

5 Report Writing including documentation 10  

6 Presentation 05

TOTAL 25  

Name and Signature of the Project Guide:

 PROJECT DIARY FORMAT

Week No :
1/2

Activities Planned:
Decided the number of members in the group and finalised the group members and submitted
it to our teacher

Activities Executed:
Discussions were done for deciding the group members and who will perform what kind of
role in the complete process of the CPP project development

Reason for delay if any:

-------------

Corrective Measured Adopted:

Earlier the number of group members werent appropriate, but then with the help of our
teacher, we finally came to conclusion and corrected the number of members in our group

Remark and Signature of the Guide:

Week No :
3/4

Activities Planned:
Discussed and finalised the topic for our final year project with which all the members as
well our teacher agreed and as well were satisfied

Activities Executed:
Our teacher guided/assisted us about what and what kind of topics we can take and are
eligible for our final year projects and then looking at the difficulty, time constraint, and
coordination levels in our group, we finally came to a conclusion and made a clear decision
on what topic we must opt for

Reason for delay if any:

-------------

Corrective Measured Adopted:

Earlier we had finalised a topic which was compatible for our final year project, but then
with the help of our teacher, we finally corrected our fundamentals and chose a correct and
eligible topic

Remark and Signature of the Guide:

Week No :
5/6/7

Activities Planned:
Started finding about what all resources we will be requiring for our project and its
successful completion

Activities Executed:
We looked at the internet and even talked with our seniors and our teacher for seeking help
regarding our project or our topic and then after a lot research and listening to the
experiences of our seniors, we listed down number of resources which may help us out in our
project development

Reason for delay if any:

-------------

Corrective Measured Adopted:

Earlier our list of resources which we finalised had contained a lot of resources, in which
some of them even didn’t had much contribution in our project, so we again went through
our list and then shortlisted some of the resources which had complete connection and
contribution with our project and then finally revised our list of resources and made it
checked and verified from our teacher as well

Remark and Signature of the Guide:

Week No :
8/9/10

Activities Planned:
Divided our complete project in parts and started off with the first part of our project
development

Activities Executed:
After making sure what resources we need for our project devlopment, we then divided our
project in parts for easy and effective development of our project and even divided what all
and what kind of tasks are required to be performed by the members of our group

Reason for delay if any:

-------------

Corrective Measured Adopted:

While implementing ang going on with the first part of our project development, we had
made some small mistakes whuch were then resolved by us only because of having good
coordination between us members

Remark and Signature of the Guide:

Week No :
11/12/13

Activities Planned:
We started with the development of other parts of our project development as well after
successful completion of our previous parts or implementations

Activities Executed:
After completing and succesfully implementing our project in our previous parts, we finally
managed to get further with our development, and now we started of with the next part of our
project development and had managed to complete almost more than half portion of our
project

Reason for delay if any:

-------------

Corrective Measured Adopted:

At some points, we did find some erros with our project with which we tried solving but
were unable to solve it, but then we took help of our seniors who made us understand with
what were we going wrong and even helped us in solving it in the correct way

Remark and Signature of the Guide:

Week No :
14/15/16

Activities Planned:
We almost completed our project and just a few minor touches in the UI and some other
parts were remaining including the testing of our project in various conditions as well

Activities Executed:
Till now we sucessfully completed our project and were omnly left with some minor changes
to our project in some parts like presentation, color scheme, etc which may enhance the look
and feel of our project to the user or anyone to whom our project may be presented to or used
by

Reason for delay if any:

-------------

Corrective Measured Adopted:

This time, we didn’t had any mistakes or errors to deal with, but just some minor confusions
regarding small things like colors which we made clear by taking help from other groups and
students of our class

Remark and Signature of the Guide:

 Experiment 5

Project Report

SR. NO. CHAPTER PAGE NO.

1. Certificate

2. Acknowledgement

3. Abstract

4. Content Page

Chapter 1:
5. Introduction and Background of the Industry or User Based
Problem
Chapter 2:
6.
Literature Survey for Problem Identification and Specification
Chapter 3:
7. Proposed Detail Methodology for Solving the identified
Problem with Action Plan

8. References and Bibliography

 CERTIFICATE

This is to certify that Mr. MOHAMMED MUSAB from M.H Saboo

Siddik Polytechnic College having Enrollment No: 2000020355 Has
Completed a Report on the Problem Definition/Semester V Project
Report / Final Project Report having Title Network Security
Monitoring System Individually in a group consisting of 4 Persons
under the Guidance of the Faculty Guide.

Name & Signature of Guide: Ms. Sameera Khan

________________

Name & Signature of HOD: Ms. Sameera Khan

________________
 ACKNOWLEDGMENT

The project title Network Security Monitoring System is a system where we provide
security to the network. The system provides Threat detection, Verification of
Security Controls, Legal record of Activity etc.

For the success of any project, they need hard work and dedication by every member
of that group. But it largely depends on the support and encouragement given to the
team members. We take this opportunity to express our gratitude to the people who
have been leading and guiding us in the completion of this project.

We are greatly thankful to our project guide Lecturer Ms. Sameera Khan for their kind
support and guidance involved in successful completion of this project. We have
highly benefited by this guidance and have found her suggestions helpful in various
phases of this project.

We are highly grateful to Dr. A.K. Kureshi, (Principal), Dr.Zaibunnisa Malik,

(Principal Of Un-Aided, H.O.D of Computer Dept.) and Ms.Sameera Khan (H.O.D of
Information Technology Dept, M.H Saboo Siddik Polytechnic, Byculla) for providing
all the necessary facilities and encouraging us during the course of work.

We would also like to thank the entire Teaching and Non-teaching staff of IT
Department for their constant assistance and cooperation.
 ABSTRACT

Main aim in developing this system is to monitor the network of other devices. The
system can monitor the users screen, it can know some of the actions performed by the
user or client. Our system can be used in many places for eg: Bank Security system,
Computer Lab system, Hospital security system etc.

Businesses rely on networks for all operations. Hence, network monitoring is very
crucial for any business. Today, networks span globally, having multiple links
established between geographically separated data centres, public and private clouds.
This creates multifield challenges in network management. Network admins need to
be more proactive and agile in monitoring network performance. However, this is
easier said than done.
 Content Page

Chapter 1: -Introduction & Background of Industry or User

based Problem
1.1 Introduction ………………………………...
1.2 Background ………………………………...
1.3 Motivation…………………………………..
1.4 Problem Statement …………………………
1.5 Objective and Scope ……………………….
Chapter 2: -Literature Survey for Problem Identification &
Specification
2.1 Introduction ……………………………......
2.2 Objectives ………………………………….
2.3 Research Papers ……………………………
Chapter 3: -Propose Detailed Methodology of Solving the
Identified Problem with Action Plan
3.1 System Planning …………………………….
3.2 System Design ………………………………
3.3 TimeLine Chart ……………………………..
3.4 Block Diagram ……………………………...
3. 5 System Requirement ……………………….
 CHAPTER 1
INTRODUCTION AND BACKGROUND OF INDUSTRY
OR
USER BASED PROBLEM

1.1 Introduction
1.2 Background
1.3 Motivation
1.4 Problem Statement
1.5 Objective and Scope

1.1 INTRODUCTION: AN OVERVIEW OF THE SYSTEM

Security Monitoring System sometimes referred to as "security information
monitoring (SIM)" or "security event monitoring (SEM)," involves collecting and
analysing information to detect suspicious behaviour or unauthorised system changes
on your network, defining which types of behaviour should trigger alerts, and taking
action on alerts as needed.
The means for security personnel to investigate and prosecute an unfolding incident or
simply to review logs to improve alerting mechanisms or to manually identify security
incidents.

1.2 BACKGROUND: EXISTING SYSTEM

 Freemium Version
 Monitor your devices and interfaces using our free network monitoring
software.
 Full-stack Monitoring
 Full-fledged Server Monitoring with more than 60 performance metrics for
your physical, virtual, and cloud servers
 Abuse of account privileges.
 From honest mistakes to misuse of account privileges and intentional leaks, to
identity theft, or any other engineering attack to compromise the security of
user account data; individuals inside your premises are among your major
security problems.
 Insufficient IT security management
 Even with the most reliable cyber-security solutions, most organizations may
still face threats since they lack enough skilled workforce to manage the
resources well. As a result, you may miss crucial security alerts, and any
successful attack may not be countered early enough to minimize the damage.

1.3 MOTIVATION
The seamless operation of the Internet requires being able to monitor and to visualize
the actual behaviour of the network. Today, IP network operators usually collect
network flow statistics from critical points of their network infrastructure. Whereas
network problems or attacks that significantly change traffic patterns are relatively
easy to identify, it tends to be much more challenging to identify creeping changes or
attacks and faults that manifest themselves only by very careful analysis of initially
seemingly unrelated traffic patterns and their changes. There are currently no
deployable good network visualization solutions supporting this kind of network
analysis, and research in this area is just starting. In addition, the large volume of flow
data on high-capacity networks and exchange points requires moving to probabilistic
sampling techniques, which require new analysis techniques to calculate and also to
visualize the uncertainty attached to data sets

1.4 PROBLEM STATEMENT

1. Real Time Monitoring: -

 Employers to observe employees' computer activities;
 Device owners to track possible unauthorized activity on their devices.
2. User management: -
 User management describes the ability for administrators to manage devices,
systems, applications, storage systems, networks and user access to other
various IT resources.
3. Key Logger: -
 Key loggers also known as keystroke loggers, may be defined as the recording
of the key pressed on a system and saved it to a file, and the that file is
accessed by the person using this malware.

1.5 OBJECTIVE AND SCOPE OF THE PROJECT

Security monitoring is a key cloud security strategy that has several important
purposes for CSPs and tenants, these include:

O Threat Detection Some exploits may not be preventable and some threats may not
be anticipated, and in this sense, monitoring is the last line of defence. But there is a
difference between detecting a security situation and doing something about it.

O Verification of Security Controls Although most security controls are oriented

toward enforcing security policy, monitoring is used to verify the correct operation of
other security controls. If events which indicate actions prohibited by policy appear in
the security event stream, this would indicate that policy is not being correctly
enforced by security controls.

O A Legal Record of Activity Security event data can form a legal record of actions
that users or processes performed. To be used in a legal proceeding, this data must
have verifiable integrity (records have not been altered and they comprise a complete
record) and the organization must be able to demonstrate chain of custody over the
data.
 CHAPTER 2

LITERATURE SURVEY FOR

PROBLEM IDENTIFICATION AND SPECIFICATION

2.1 Introduction

2.2 Objectives

2.3 Research Papers

2.1 INTRODUCTION

Security Monitoring System sometimes referred to as "security information

monitoring (SIM)" or "security event monitoring (SEM)," involves collecting and
analysing information to detect suspicious behaviour or unauthorized system changes
on your network, defining which types of behaviour should trigger alerts, and taking
action on alerts as needed.

The means for security personnel to investigate and prosecute an unfolding incident or
simply to review logs to improve alerting mechanisms or to manually identify security
incidents.

2.2 Objectives

 Gaining an understanding on the fundamentals and state-of-the art of the area.

 Learning the definitions of the concepts.
 Access to latest approaches, methods and theories.
 Discovering research topics based on the existing research
 Concentrate on your own field of expertise: Even if another field uses the same
words, they usually mean
 completely different thing.
 It improves the quality of the literature survey to exclude side-tracks–
Remember to explicate what is exclude

2.3 RESEARCH PAPER

1. Network Security and Technology Research
Abstract:
The rapid development of computer network system brings both a great convenience
and new security threats for users. Network security problem generally includes
network system security and data security. Specifically, it refers to the reliability of
network system, confidentiality, integrity and availability of data information in the
system. Network security problem exists through all the layers of the computer
network, and the network security objective is to maintain the confidentiality,
authenticity, integrity, dependability, availability and audit-ability of the network.
This paper introduces the network security technologies mainly in detail, including
authentication, data encryption technology, firewall technology, intrusion detection
system (IDS), antivirus technology and virtual private network (VPN). Network
security problem is related to every network user, so we should put a high value upon
network security, try to prevent hostile attacks and ensure the network security.
Published in: 2015 Seventh International Conference on Measuring Technology and
Mechatronics Automation
Publisher: IEEE

2. A Formal Model for Network-Wide Security Analysis

Abstract:
Network designers perform challenging tasks with so many configuration options that
it is often hard or even impossible for a human to predict all potentially dangerous
situations. In this paper, we introduce a formal method approach for verification of
security constraints on networks with dynamic routing protocols in use. A unifying
model based on packet-filters is employed for modelling of network behaviour. Over
this graph model augmented with filtering rules over edges verification of reach
ability properties can be made. In our approach we also consider topology changes
caused by dynamic routing protocols.
Published in: 15th Annual IEEE International Conference and Workshop on the
Engineering of Computer Based Systems (ecbs 2008)
Publisher: IEEE

3. Enabling Cyber Security Data Sharing for Large-scale

Enterprises Using Managed Security Services
Abstract:
Large enterprises and organizations from both private and public sectors typically
outsource a platform solution, as part of the Managed Security Services (MSSs), from
3rd party providers (MSSPs) to monitor and analyse their data containing cyber
security information. Sharing such data among these large entities is believed to
improve their effectiveness and efficiency at tackling cybercrimes, via improved
analytics and insights. However, MSS platform customers currently are not able or not
willing to share data among themselves because of multiple reasons, including privacy
any proposed mechanism or technique to address such a challenge need to ensure that
sharing is achieved in a secure and controlled way. In this paper, we propose a new
architecture and use case driven designs to enable confidential, flexible and
collaborative data sharing among such organizations using the same MSS platform.
MSS platform is a complex environment where different stakeholders, including
authorized MSSP personnel and customers' own users, have access to the same
platform but with different types of rights and tasks.
Published in: 2018 IEEE Conference on Communications and Network Security
(CNS)
Publisher: IEEE

4. Security-aware Software Development Life Cycle (SaSDLC) -

Processes and tools
Abstract:
Today an application is secured using invitro perimeter security. In Next Generation
Internet (NGI), where all applications will be networked, security needs to be in-vivo;
security must be functions within the application. Applications running on any device,
be it on a mobile or on a fixed platform - need to be security-aware using Security
aware Software Development Life Cycle (SaSDLC), which is the focus of this paper.
We also present a tool called Suraksha that comprises of Security Designers'
Workbench and Security Testers' Workbench that helps a developer to build Security-
aware applications.
Published in: 2009 IFIP International Conference on Wireless and Optical
Communications Networks
Publisher: IEEE

5. Information Security Monitoring System Based on Data

Mining
Abstract:
Some heterogeneous security equipment’s such as firewalls, intrusion detection
systems, and anti-virus gateways, can produce massive security events which are
difficult to manage efficiently. So, a log-based mining, distributed, and multi-protocol
supported framework of security monitoring system is proposed. Security event
correlation based on data mining analysis can automatically extract association rules,
analyse alarming and found new invasion model, so it is a highly intelligent solution.
Published in: 2009 Fifth International Conference on Information Assurance and
Security
Publisher: IEEE

6. Study on data acquisition solution of network security

monitoring system
Abstract:
With the demands for network security, some heterogeneous security equipment’s
such as firewalls, intrusion detection systems, and anti-virus gateways are widely
deployed in network, and produce massive security events which need to be merged
and analysed. Therefore, a distributed and multi-protocol supported network security
monitoring system is proposed. The paper describes the architecture of the network
security monitoring system. Focusing on the system acquisition layer, two methods
are designed for monitoring data collection: syslog-based collection and real-time
traffic-based collection. The ActiveMQ which based on the JMS specification was
adopted for data transmission…
Published in: 2010 IEEE International Conference on Information Theory and
Information Security
Publisher: IEE

7. Network Security Monitoring

Chapter Abstract:
Network security monitoring remains a vital component for incident response, threat
hunting, and network security in general. This chapter focuses on network activity and
explores the Elastic Stack and ways to integrate host‐based data to provide enhanced
visibility across the network. It examines the architecture for deployment of Security
Onion in an enterprise and each of the major tools integrated into the platform. The
chapter outlines basic skills to facilitate effective incident response for those situations
where the critical data that reader need has not been conveniently placed into Elastic
Stack or another analysis platform. The Elastic Stack provides an amazing platform to
support incident response, but readers occasionally will need to access other data
sources directly on a host or that otherwise have not been ingested into a centralized
analysis platform. Web servers, nix systems, and other applications store many of
their logs in a text‐based format.
Publisher: Wiley Data and Cyber security
Publisher: IEEE

8. Integrated workstations for reliable, site-independent security

monitoring and control
Abstract:
The Security Console Project at Lawrence Livermore National Laboratory has
designed and implemented a series of security communications command centres for
monitoring and controlling its physical security systems. The author discusses the
important aspects of this project that address reliable, site-independent operation.
Major concepts presented include the use of operator workstations, map-based alarm
displays, rule-based incident assessment, and computer-aided configuration
management.
Published in: Proceedings Institute of Electrical and Electronics Engineers 1988
International Carnahan Conference on Security Technology, Crime Countermeasures
Publisher: IEEE

9. Design of security integrated monitoring system

Abstract:
The development of Internet of things technology has brought about changes in the
monitoring industry. The integration of video monitoring and defence monitoring
system based on video technology and sensor technology becomes possible. In this
paper, combined with the widely used video monitoring equipment and defence
monitoring equipment in the current market, as well as the corresponding software
interface, a set of integrated security monitoring software system with defence
monitoring and video monitoring functions is designed, which can quickly make video
response in the defence alarm. At the same time, this paper discusses the key technical
problems that need to be solved in the practical application of the system.
Published in: 2021 IEEE 4th International Conference on Information Systems and
Computer Aided Education (ICISCAE)
Publisher: IEEE

10. The research on data flow technology in computer network

security monitoring
Abstract:
With the rapid development of computer technology and application of Internet is
becoming more and more widely, the Internet plays a more and more important role in
people's life. At the same time, all kinds of network security events emerge in
endlessly, seriously threaten the application and development of the Internet. With the
purpose of safety, network monitoring, have more and more important significance in
the maintenance of normal efficiently network run, key facilities, information system
security, etc., How to realize effective network transmission and efficient online
analysis to a huge number of distributed network security monitoring data so as to
provide further support for a variety of applications become a major challenge in the
field of network security and data processing.
Published in: 2014 IEEE Workshop on Advanced Research and Technology in
Industry Applications (WARTIA)
Publisher: IEEE

11.Component Based Security Control for Information Network

Abstract:
It is a complex engineering to protect the security of information network (info-net),
so it is necessary to study out a new security control architecture and model in the
view of systemic control. According to the characteristics and security demands of
info-net, a new security control viewpoint and its architecture based on components is
proposed, the security control system is built, and details about the structure of control
framework, its various types, and functions and propagation modes of security control
components are introduced, then the features of the control system are summarized in
the end
Published in: The Proceedings of the Multiconference on "Computational
Engineering in Systems Applications"
Publisher: IEEE(Yu Wang; Jun Lu; Zhongwang Wu; Yu Lu)

12. Construction of Network Security Perception System Using

Elman Neural Network
Abstract:
the purpose of the study is to improve the security of the network, and make the state
of network security predicted in advance. First, the theory of neural networks is
studied, and its shortcomings are analysed by the standard Elman neural network.
Second, the layers of the feedback nodes of the Elman neural network are improved
according to the problems that need to be solved. Then, a network security perception
system based on GA-Elman (Genetic Algorithm-Elman) neural network is proposed to
train the network by global search method. Finally, the perception ability is compared
and analysed through the model. The results show that the model can accurately
predict network security based on the experimental charts and corresponding
evaluation indexes. The comparative experiments show that the GA-Elman neural
network security perception system has a better prediction ability. Therefore, the
model proposed can be used to predict the state of network security and provide early
warnings for network security administrators.
Published in: 2021 2nd International Conference on Computer Communication and
Network Security (CCNS)
Publisher: Yun; Huang Qiang; Ma Yixuan

13. Network Security Situation Prediction in Software Defined

Networking Data Plane
Abstract:
Software-Defined Networking (SDN) simplifies network management by separating
the control plane from the data forwarding plane. However, the plane separation
technology introduces many new loopholes in the SDN data plane. In order to
facilitate taking proactive measures to reduce the damage degree of network security
events, this paper proposes a security situation prediction method based on particle
swarm optimization algorithm and long-short-term memory neural network for
network security events on the SDN data plane. According to the statistical
information of the security incident, the analytic hierarchy process is used to calculate
the SDN data plane security situation risk value. Then use the historical data of the
security situation risk value to build an artificial neural network prediction model.
Finally, a prediction model is used to predict the future security situation risk value.
Experiments show that this method has good prediction accuracy and stability.
Published in: 2020 IEEE International Conference on Advances in Electrical
Engineering and Computer Applications ( AEECA)
Publisher: Mingren Sheng; Hongri Liu; Xu Yang; Wei Wang; Junheng
Huang; Bailing Wang

14. Research on the Application of Intelligent Learning

Algorithms in Network Security Situation Awareness and
Prediction Methods
Abstract:
As the core hotspot of network information security, network security situational
awareness has received more and more attention. In order to explore the application
effect of intelligent learning algorithm, this study takes Radial Basis Function (RBF)
as the main research object, optimizes RBF by Simulated Annealing (SA) algorithm
and Hybrid Hierarchy Genetic Algorithm (HHGA), constructs RBF neural network
prediction model based on SA-HHGA optimization, and carries out relevant
experiments. The results show that the predicted situation value of the optimized RBF
in 15 samples is very close to the realistic situation value. RBF has good prediction
effect and can provide assistance for the maintenance of network security.
Published in: 2021 5th Asian Conference on Artificial Intelligence Technology
(ACAIT)
Publisher: Zhihua Chen

15. Research on Network Security Situation Prediction-Oriented

Adaptive Learning Neuron
Abstract:
Network security situation perception is to predict the probability of attacks, may
occur in the future, by a variety of predicting methods, by recent network attacking
data obtained from IDS (Intrusion Detection System). Neural Network model has
many features, high degree of fault tolerance, associability, self-organizing and self-
learning ability, and strong nonlinear mapping and generalization for a complex
system, for example. Therefore, Neural Network was applied to the field of network
security situation prediction. Adaptive Learning of neuron was introduced. It will be
more flexibility to meet changing security environment of such a complex system
requirement. The design and achievement of the adaptive learning neuron was stated
in detail.
Published in: 2010 Second International Conference on Networks Security, Wireless
Communications and Trusted Computing
Publisher: Jing Li; Chunbo Dong

16. Security Model Based on Network Business Security

Abstract:
Enterprise Network Information System is not only the platform for information
sharing and information exchanging, but also the platform for Enterprise Production
Automation System and Enterprise Management System working together. As a
result, the security defence of Enterprise Network Information System does not only
include information system network security and data security, but also include the
security of network business running on information system network, which is the
confidentiality, integrity, continuity and real-time of network business. According to
the security defence of Enterprise Network Information System, this paper proposes
the "network business security" concept. In this paper, the object of information
security is defined in three parts - - data security, network system security and
network business security, and the network business security model is described. The
proposal of the concept "network business security" provides theoretical basis for
security defence of enterprise automatic production system and enterprise
management information system.
Published in: 2009 International Conference on Computer Technology and
Development
Publisher: Wu Kehe; Zhang Tong; Li Wei; Ma Gang

17. Network Security Risk Assessment and Situation Analysis

Abstract:
With the development of computer networks, the spread of malicious network
activities poses great risks to the operational integrity of many organizations and
imposes heavy economic burdens on life and health. Therefore, risk assessment is
very important in network security management and analysis. Network security
situation analysis not only can describe the current state but also project the next
behaviour of the network. Alerts coming from IDS, Firewall, and other security tools
are currently growing at a rapid pace. In this paper, we described cyberspace
situational awareness from formal and visual methods. Next, to make security
administrator comprehend security situation and project the next behaviours of the
whole network, we present using parallel axes view to give expression clearly of
security events correlations.
Published in: 2007 International Workshop on Anti-Counterfeiting, Security and
Identification (ASID)
Publisher: Liu Mixia; Yu Dongmei; Zhang Qiuyu; Zhu Honglei

18. Network management security

Abstract:
A review is given of network management security issues and the authors explain how
ISO's SC21/WG4 is currently addressing these. Aspects covered include: what
network management security is, why it needs to be considered and what issues need
to be resolved to achieve this. Within this overall structure, specific details covered
include: management as a means of attack on managed system security; management
of security services; current trends that increase the need for network management
security; implementation difficulties arising from technical characteristics and
operational requirements; and ISO standards view. < >
Published in: [1990] Proceedings of the Sixth Annual Computer Security
Applications Conference
Publisher: R. Ward; P. Skeffington

19. Analysis of Computer Network Security Technology and

Preventive Measures under the Information Environment
Abstract:
This paper first summarizes what informatization is, and then analyses the service of
informatization computer network security management system in detail. Then, it
analyses the specific application and problems of informatization in computer network
security management system, including hash function to protect network information
transmission security, symmetric encryption strategy to protect computer network
information security and establishment of computer network security protection
system in information environment. Finally, it expounds the relevant countermeasures
to solve the network security threats under the information environment, including
comprehensively strengthening the computer network security management under the
information environment, establishing and perfecting the computer network security
protection system under the information environment, and strengthening the research
on the black and evil prevention mechanism under the information environment to
protect the computer network information security. In this paper, under the
background of Informa ionization, people pay more attention to the security
technology of computer network and related preventive measures.
Published in: 2020 5th International Conference on Mechanical, Control and
Computer Engineering (ICMCCE)
Publisher: Bin Ge; Jin Xu

20.Research on enterprise network security system

Abstract:
With the development of openness, sharing and interconnection of computer network,
the architecture of enterprise network becomes more and more complex, and various
network security problems appear. Threat Intelligence (TI) Analysis and situation
awareness (SA) are the prediction and analysis technology of enterprise security risk,
while intrusion detection technology belongs to active defence technology. In order to
ensure the safe operation of computer network system, we must establish a multi-level
and comprehensive security system. This paper analyses many security risks faced by
enterprise computer network and other technologies to build a comprehensive
enterprise security system to ensure the security of large enterprise network.
Published in: 2021 2nd International Conference on Computer Science and
Management Technology (ICCSMT)
Publisher: Jundan Hou; Xiang Jia

21. Research about solution for network security based on

security domain
Abstract:
The typical security solution can only ensure the security of the network boundary, but
not involve the internal security. According to different types of applications and
secrets that it provides, the network can be divided into a number of logical security
domains. Furthermore, the access control of the network could be realized by applying
dynamical VLAN technology, and the filtration and audit of the information exchange
between security domains is realized by mandatory access control policies, and the
unified identity authentication and access control is realized by applying SSL VPN
technology.
Published in: 2010 International Conference on Computer Design and Applications
Publisher: Yan Hui; Han Weijie; Wang Yu
 CHAPTER 3

PROPOSE DETAILED METHODOLOGY

OF
SOLVING THE IDENTIFIED PROBLEM WITH ACTION
PLAN

3.1 System Planning

3.2 System Design
3.3 System Requirement
3.4 Implementation Tools
3.1 SYSTEM PLANNING

STEPS INVOLVED IN THE SYSTEM DEVELOPMENT

LIFE CYCLE:

Below are the steps involved in the System Development Life Cycle. Each phase
within the overall cycle may be made up of several steps.

Step 1: Software Concept

The first step is to identify a need for the new system. This will include
determining whether a business problem or opportunity exists, conducting a
feasibility study to determine if the proposed solution is cost effective, and
developing a project plan.

This process may involve end users who come up with an idea for improving their
work. Ideally, the process occurs in tandem with a review of the organization's
strategic plan to ensure that IT is being used to help the organization achieve its
strategic objectives. Management may need to approve concept ideas before any
money is budgeted for its development
 Step 2: Requirements Analysis:

Requirement’s analysis is the process of analyzing the information needs of the end
users, the organizational environment, and any system presently being used,
developing the functional requirements of a system that can meet the needs of the
users. The requirements documentation should be referred to throughout the rest of
the system development process to ensure the developing project aligns with user
needs and requirements.

Professionals must involve end users in this process to ensure that the new system
will function adequately and meets their needs and expectations.

Step 3: Architectural Design:

After the requirements have been determined, the necessary specifications for the
hardware, software, people, and data resources, and the information products that
will satisfy the functional requirements of the proposed system can be determined.

The design will serve as a blueprint for the system and helps detect problems
before these errors or problems are built into the final system. Professionals create
the system design, but must review their work with the users to ensure the design
meets users’ needs.

Step 4: Coding and Debugging

Coding and debugging are the act of creating the final system. This step is done by
software developer.

Step 5: System Testing

The system must be tested to evaluate its actual functionality in relation to
expected or intended functionality. Some other issues to consider during this stage
would be converting old data into the new system and training employees to use
the new system. End users will be key in determining whether the developed
system meets the intended requirements, and the extent to which the system is
used.
 Step 6: Maintenance

Inevitably the system will need maintenance. Software will definitely undergo
change once it is delivered to the customer. There are many reasons for the change.
Change could happen because of some unexpected input values into the system. In
addition, the changes in the system could directly affect the software operations.
The software should be developed to accommodate changes that could happen
during the post implementation period.

There are various software process models like

o Prototyping Model
o RAD Model
o The Spiral Model
o The Waterfall Model
o The Iterative Model

Of all these process models we’ve used the Iterative model (The Linear Sequential
Model) for the development of our project.

3.2 The Iterative model

Iterative process starts with a simple implementation of a subset of the software

requirements and iteratively enhances the evolving versions until the full system is
implemented. At each iteration, design modifications are made and new functional
capabilities are added. The basic idea behind this method is to develop a system
through repeated cycles (iterative) and in smaller portions at a time (incremental)

The model consists of six distinct stages, namely

1. In the requirements analysis phase
 (a) The problem is specified along with the desired service objectives(goals)

(b) The constraints are identified

2. In the specification phase the system specification is produced from the

detailed definitions of (a) and (b) above. In the system and software design
phase, the system specifications are translated into a software representation.
The software engineer at this stage is concerned with: Data structure, Software
architecture, Algorithm, ic detail, Interface, representations The hardware
requirements are also determined at this stage along with a picture of the overall
system architecture. By the end of this stage should the software engineer
should be able to identify the relationship between the hardware, software and
the associated interfaces. Any faults in the specification should ideally not be
passed down stream.

3. In the implementation and testing phase stage the designs are translated into
the software domain. Detailed documentation from the design phase can
significantly reduce the coding effort. Testing at this stage focuses on making
sure that any errors are identified and that the software meets its required
specification.
4. In the integration and system testing phase all the program units are integrated
and tested to ensure that the complete system meets the software requirements.
After this stage the software is delivered to the customer [Deliverable – The
software product is delivered to the client for acceptance testing.
5. The maintenance phase the usually the longest stage of the software. In this
phase the software is updated to: Meet the changing customer needs, adapted
to accommodate changes in the external environment, Correct errors and
oversights previously undetected in the testing phases enhancing the efficiency
of the software.
6. Observe that feedback loops allow for corrections to be incorporated into the
model. For example, a problem /update in the design phase requires a ‘revisit’
to the specifications phase. When changes are made at any phase, the relevant
 documentation should be updated to reflect that change.

Advantages of the Iterative Model: -

Testing is inherent to every phase of the

Iterative model It is an enforced disciplined

approach It is documentation driven, that is,

documentation is produced at every stage

Disadvantages of the Iterative Model: -

The waterfall model is the oldest and the most widely used paradigm. However,
many projects rarely follow its sequential flow. This is due to the inherent
problems associated with its rigid format. Namely:

It only incorporates iteration indirectly, thus changes may cause

considerable confusion as the project progresses

3.3 SYSTEM DESIGN

There are two models to collect data, push and pull. In monitoring system, I would

always go with pull model, and the reason is as below:

1. Scalability Concern. Our infrastructure will keep growing, and we many have
hundreds or thousands of services in the coming years. And our service usage,
user base will grow too. If we go with the push model, then all these services
will keep hitting our monitor service. If we have a service which processes 1M
requests per second, and this service push the metrics to our monitoring service
upon every request, then we will suffer from scalability issue frequently as we
 grow. So instead of getting called to get metrics, I would prefer to actively pull
the data from the services.
2. Automatic Upness Monitoring — By pulling the data proactively, we can
directly know if the service is alive or not. For example, if one service is not
reachable, we can be aware of it immediately.
3. Easier Horizontal Monitoring — If we have two independent systems A and
B, but one day we need to monitor some service in system B from system A.
We can pull metrics from system B directly, no need to configure system B to
push to system A.
4. Easier for Testing — We can simply spin up testing env, and copy the
configuration from production, then you can pull the same metrics as prod and
do testing.
5. Simpler High Availability — just spin up two servers with the same
configuration to pull the same data to achieve HA.
6. Less configuration, no need to configure every service.

Base on the analysis above, my design for the pull model is below:

1. Our service will pull the data from the services regularly (for example every
second). We need a real time monitoring system, but a lag of a couple of
seconds is totally fine.
2. Exporters — The services should not call our monitor service to send the data.
Instead, they can save the metrics to an exporter, and the data can be stored
there to get pulled. So that, our monitor service will not be exhausted from
getting called, and it will be more scalable. Also, our monitoring system may
need the data in a specific format, and the services may be designed in different
technologies, and have data in different formats. So, we require an exporter
attached to each service, which reformats the data into the correct format for our
monitor services. And our monitor will pull the data from the exporters.
 3. Push Gateway — For cron jobs, they are not service based, but we may need to
monitor the metrics from them too. So, we can have a push gateway, which lives
behind all the cron jobs, and the monitor can just pull the data from the gateway
directly.

Exporter Design

Since we discussed the components for the Pull model, i.e., Exporter, and Push

Gateway.

Some interview may question why not have multiple services hooked to one exporter.

And I would always prefer one service per exporter, and the argument is below:

1. Operational bottleneck — the exporter will become a bottleneck if we have too

many services behind it
2. Single point of failure, and one service pushes too much will block others
3. If I am only interested in the metrics of one service, I cannot get that only, I
have to read all
4. No upness monitoring — if one service is not reachable, we will not be able to
know.
5. Hard to get service metadata — we can store the service metadata in the
exporter
Clustering?

Our monitoring system has to be very stable, so I would not go with the network

clustering approach for the monitoring service. The reason is, clustering is very

complicated, and easier to break. So it would be better to have on single solid node that

does not depend on network.

Also, for the monitoring data, we usually care more about recent data. We usually do

not care about metrics days or weeks ago. So we only need to store recent data instead

of all historical data. Then there is no reason for us to go with the clustering approach.

And we can simply run 2 servers in parallel, which will be sufficient enough for HA.

Design

Since we only care about more recent data in the monitoring. The data usage pattern

for monitor is like below:

1. recent data is very frequently accessed

2. historical data may be accessed occasionally

So, we can store the recent data in memory for faster reads, and older data in disk. If

we have 1M metrics to monitor, and for each metrics, there is a data point for every

second, which is 16 bytes (key-value pair). Then for a server with 128GB memory, we

can save around 2 hours of data. Which is good enough.

For the data in memory, we can save them in chunks, and once an older chunk is filled,

we can simply compress it and save it on to a disk. For these data, querying on them

will be slower, as we need to read from disk and decompress them. But I think

slowness on querying old data is acceptable.

For much older data, like data months ago, we can store the compress data into a

cheaper data storage offsite.

Since the recent monitored data are in memory, we will need a recovery system for

them. If the server crashes, in order not to lose all the data, we need to create snapshots

of the memory maybe every few minutes.

Also, we need to keep a monitor on the memory usage on the monitor service, in case

our server is running out of memory during peak usages. When the memory usage is

high, we may need to speed up the compress and save to disk process.

The DB we need to use for monitoring service would be time series DB.
HIGH LEVEL DESIGN
Base on the discussion above, this is a high-level design for a monitor service.

 Exporter — Pulls metrics from targets and convert them to correct format

 Push Gateway — Kron jobs to push metrics to at exit, then we can pull metrics
from it.

 Data retrieval workers — pull data

 Time series storage — Local SSD / Remote Storage

 Query Service — visualize data

 Alert manager — to send alerts to different channels

 Service Discovery — Configuration for the targets to pull metrics from

3.4 TIMELINE CHART

A timeline chart is an effective way to visualize a process using chronological order.

Since details are displayed graphically, important points in time can be easy seen and
understood.
Often used for managing a project’s schedule, timeline charts function as a sort of
calendar of events within a specific period of time.
A Timeline chart is constructed with a horizontal axis representing the total time span
of the project, broken down into increments (for example, days, weeks, or months)
and a vertical axis representing the tasks that make up the project (for example, if the
project is outfitting your computer with new software, the major tasks involved might
be: conduct research, choose software, install software). Horizontal bars of varying
lengths represent the sequences, timing, and time span for each task. Using the same
example, you would put conduct research" at the top of the vertical axis and draw a
bar on the graph that represents the amount of time you expect to spend on the
research, and then enter the other tasks below the first one and representative bars at
the points in time when you expect to undertake them.
The bar spans may overlap, as, for example, you may conduct research and choose
software during the same time span. As the project progresses, secondary bars,
arrowheads, or darkened bars may be added to indicate completed tasks, or the
portions of tasks that have been completed. A vertical line is used to represent the
report date.
3.5 BLOCK DIAGRAM
Introduction: It is a process of collecting and interpreting facts, identifying the
problems, and decomposition of a system into its component. System analysis is
conducted for the purpose of studying a system or its parts in order to identify its
objectives. It is a problem-solving technique that improves the system and ensures that
all the components of the system work efficiently to accomplish their purpose.
Analysis specifies what the system should do. It is a process of planning a new
business system or replacing an existing system by defining its components or
modules to satisfy the specific requirements. Before planning, you need to understand
the old system thoroughly and determine how computers can best be used in order to
operate efficiently. System Design focuses on how to accomplish the objective of the
system.
3.6 SYSTEM REQUIREMENT
Hardware Requirement

 Ram: At Least128MB
 Processor: 300 MHz or higher processor (Pentium processor recommended)
 HDD: 20 GB or more

Software Requirement

 Docker
 MySqlServer

Languages used

 HTML
 CSS
 JavaScript
 Python

REFERENCES AND BIBLIOGRAPHY

https:/gongybable.medium.com/system-design-design-a-monitoring-
systemf0f0cbafc895
i. Google for problem-solving
ii. http://www.javaworld.com/javaworld/jw-01-1998/jw-01-Credentialreview.html
iii. Database Programming with JDBC and Java by O’Reilly
iv. Head First Java 2NdEdition
v. http://www.jdbc-tutorial.com/
vi. Java andhttps://www.javapoint.com/java-tutorial
vii. Software Design Concept byApress
viii. https://www.tutorialpoint.com/java/
ix. https://docs.oracle.com/javase/tutorial/
x. https://www.wampserver.com/en/
xi. https://www.JSP.net/
xii. https://www.tutorialspoint.com/mysql/
xiii. httpd.apache.org/docs/2.0/misc/tutorials.ht