Updates
05/15/08 - Final report is due, and the research project is concluded.
05/03/08 - Everybody is writing the final report of the research project.
05/02/08 - College of Science Student Research Day showcase. Picture of poster we made for the showcase.
04/15/08 - Everybody finishes the implementation and is preparing for the College of Science Student Research Day.
03/01/08 - Ashira and Falguni are working on the worm detection.
03/01/08 - Soid and Ervi gathered data from WireShark.
02/05/08 - Falguni finished the matrix multiplication implementation.
Soid is integrating it with the 3D-array process code.
02/02/08 - Ervi finished working on the result-elimination code that only outputs [1][0][1] = 38, instead of the whole process while the array is incremented.
The outputs can be seen on WireShark data and NS2 data.
01/28/08 - Falguni is implementing the algorithm for matrix multiplication code as a part of the flashworm detection.
Soid is testing the current existing code.
01/26/08 - Ervi finished implementing the 3D-array process for both WireShark data and NS2 data.
Both results have duplicates, for example:
[1][0][1] = 1
[1][0][1] = 2
...
If the data is encountered 38 times of the source 0 and destination 1, then the result is going to have: [1][0][1] = 1, [1][0][1] = 2, ..., [1][0][1] = 38 displayed in the text file.
01/22/08 - Soid implements GUI for the Input/Output processing.
01/05/08 - Ervi modified the 3D-array based on the time interval. Each time interval is 0.5 seconds.
12/31/07 - Soid integrates the code that Ervi has with the code that filters data from WireShark and NS2 written by Falguni
12/27/07 - Falguni starts implementing the IP address conversion code for WireShark data. Initially, IP addresses are stored as 256.256.256.21, 152.432.344.22, etc.
To better store the addresses, the first IP address is replaced as a 0, second one as a 1, third one as a 2, etc. The result can be seen on outputWS.txt.
As for the NS2 data, there's no conversion needed, so the output can be put to outputNS2.txt directly.
12/24/07 - Ervi finished implementing the code that reads all sample data and stores them into the 3D-array.
Sample text file of data used for code, click for a screen capture of what the data looks like.
Sample of the output given by the code, click for a screen capture of what the data looks like.
12/10/07 - Ervi and Soid worked on the detection program using the three-dimensional array.
They take x-axis as time interval, y-axis as the source, and z-axis as the destination.
To show the example on the table, they change the first column of the table (y-axis) and first row of the table (z-axis) into per host.
Whenever the host in y-axis communicates with the host in z-axis, a 1 is filled in.
Example:
| Host | A | B | C | D |
|---|---|---|---|---|
| A | 0
|
0
|
1
|
0
|
| B | 0
|
1
|
0
|
0
|
| C | 1
|
0
|
0
|
0
|
| D | 0
|
0
|
0
|
0
|
12/07/07 - Ervi and Soid worked on the design for the detection program using the graph method.
The way to do it is:
- read all data retrieved from NS2
- put all possible combination of hosts onto the first column of the table
- have the first row of the table to be the time interval
- fill in 1 for the time slot that the hosts are currently talking
| Time | 1 | 2 | 3 | 4 | 5 |
|---|---|---|---|---|---|
| AB | 1
|
0
|
1
|
0
|
1
|
| BC | 0
|
1
|
0
|
1
|
1
|
| CD | 0
|
0
|
1
|
0
|
1
|
| DE | 0
|
0
|
1
|
0
|
1
|
11/15/07 - Ervi and Soid worked on the algorithm for the flash worm detection program. They have designed a tree that reads the information, that was produced with WireShark.
11/02/07 - Ashira and Falguni have obtained sample data that will be incorporated into the code that will be able to detect a flashworm. The data was captured from WireShark.
The data has 3 fields: time, source, and target.
The code to filter out the 3 fields are implemented.
10/22/07 - Falguni extracted data from NS2 into a text file [ns2_data.txt].
Data was created using 10 nodes can be seen in the following screen captures creted by NAM. Picture 1, Picture 2
10/02/07 - Falguni extracted data from WireShark into a text file[wireshark_data_v1.txt].Screen capture.
09/27/07 - Falguni sets up the server so that version control problems can be avoided.
09/26/07 - Ashira retrieved data from WireShark
08/20/07 - We analyzed the existing code from Kim.
08/14/07 - We continue to meet periodically to discuss updates and inform each other of problems, progress, and set new tasks.
08/12/07 - Some of the members attended Defcon to learn more about network security.
Picture of the members who attended, view.
07/15/07 - We worked on getting our environments set up. We will be using WireShark for live network data captures (previously known as Ethereal). NS2 to create network simulated data. Eclipse for our code.
06/30/07 - We met for the first time. We discuss Kim's thesis and what tools we would need for the project. We also exchanged contact information and made arrangements for future meeting dates.