Menu

THREAT INTELLIGENCE PREPARED BY

THREAT INTELLIGENCE
PREPARED BY:
KRUNAL BAPODARA (160353107003)
ANKUR SAVALIYA (150350116003)
DHAVAL ZALA (150350107004)
Guided By
Prof. Daxa Vekariya

Department of Computer Engineering
Faculty of Engineering,
Noble Group of Institutes, Junagadh

Affiliated to

Gujarat Technological University

A
Project Report
On
Threat Intelligence

Submitted By
Krunal Bapodara(160353107003)
Ankur Savaliya(150350116003)
Dhaval Zala(150350107004)

As a fulfillment of Project
B.E. Computer Engineering, Semester-VIII
Guided By
Prof. Daxa Vekariya

Developed At
Department of Computer Engineering
Faculty of Engineering,
Noble Group of Institutions, Junagadh

III

NOBLE GROUP OF INSTITUTIONS, JUNAGADH
FACULTY OF ENGINEERING,
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

CERTIFICATE

This is to certify that the project entitled “Threat Intelligence” is a benefited report of
the work carried out by Mr. Krunal Bapodara (160353107003), Mr. Ankur Savaliya
(150350116003) and Mr. Dhaval Zala (150350107004) under the guidance and supervision of
Prof. Daxa Vekariya for the partial of fulfillment for the Degree of Bachelor in Computer
Engineering at Noble Engineering College, Junagadh, Gujarat.

To the best of my knowledge and belief, this work embodies the work of candidate
herself, has duly been completed, fulfills the requirement of the ordinance relating to the
Bachelor degree of the university and is up to the standard in respect of content, presentation and
language for being referred to the examiner.

Internal Guide Head of Dept.
Prof. Daxa Vekariya Dr. Vipul Vekariya

IV

Industry Latter

V

VI

VII

NOBLE GROUP OF INSTITUTIONS, JUNAGADH
FACULTY OF ENGINEERING,
DEPARTMENT OF COMPUTER SCIENCE AND ENGINEERING

CANDIDATE’S DECLARATION

I declare that final year report entitled “Threat Intelligence” is our own work conducted
underthe supervision of the guide Prof..Daxa Vekariya.

I further declare that to the best of my knowledge the report for B.E. Finalyear does not
contain part of the work which has been submitted for the award of B.E. Degree either in this or
any other university without propercitation.

—————————-
Krunal Bapodara (160353107003)
Ankur Savaliya (150350116003)
Dhaval Zala (150350107004)
7th /CSE-IT,
NGI, Junagadh.

VIII

ACKNOWLEGEMENT
We would like to acknowledge the contribution of certain distinguished people,
without their support and guidance this project work would not have been completed.
I take this opportunity to express my sincere thanks and deep sense of gratitude to our
project guide Prof. Daxa Vekariya, our professor Prof. Ashutosh Abhangi as well as our external
guide Mr. Nikhil Malaviya for their guidance and moral support during the course of preparation
of this project report.
I really thank them from the rock bottom of my heart for always being there with their
extreme knowledge and kind nature.
I take this opportunity to thank all my friends and colleagues who started me out on the
topic and provided extremely useful review feedback and for their all time support and help in
each and every aspect of the course of my project preparation. I am grateful to my college Noble
Group of Instritution, Junagadh for providing me all required staff and good working
environment.
I feel a deep sense of gratitude for our Principal, Dr. Vipul Vekariya who formed part of
my vision and taught me the good things that really matter in life.
Acknowledgements and thanks are also extended to all the authors whose articles have
been referred to for the completion of this report.

Thank You!
Krunal Bapodara (160353107003)
Ankur Savaliya (150350116003)
Dhaval Zala (150350107004)

IX

ABSTRACT
Core Objective of the Threat Intelligence is overall conservation of Computer Networks.
This project will give access of information related to different kinds of attacks doing by hackers
and security information thieves.
Proposed system having user friendly interface which help network administrator to
manage their network and monitor each and every devices belong to that particular network
easily and efficiently. Our project definition can easily maintain detailed information of threats,
threats location from the attack is happening, generation of reports of infected systems in the
network, different syslog devices and job running for doing some task, analysis of threats, better
usermanagement, user centric log files, server management and so on, thus a user can easily find
out the information of which device is infected in the system without going through huge number
of complex logs as per their requirement. Also it gives time to time alert messages of infected
systems and reports to get work efficient and take a good care of network.

X

List of Figures
No. Fig. Name Page No.
Fig 2.1 SDLC Life Cycle 6
Fig 3.1 Gantt Chart 11
Fig 4.1 Class Diagram 13
Fig 4.2 ER-Diagram 14
Fig 4.3(a) DFD Level 0 15
Fig 4.3(2) DFD level 1 15
Fig 4.4 Use Case Diagram 16
Fig 4.5 Activity Diagram 17
Fig 4.6 Sequence Diagram 18
Fig 5.2.1 Create User Validation 21
Fig 5.2.2 Change Password Validation 22
Fig 5.2.3 Login page validation 22
Fig 5.3.1 Client Login 23
Fig 5.3.2(a)/(b) Dashboard 24
Fig 5.3.3(a)/(b) Analysis 25
Fig 5.3.4(a)/(b) Infections 26
Fig 5.3.5(a)/(b) Reports 27
Fig 5.3.6(a)/(b) Integration 28
Fig 5.3.7 System Logs 29
Fig 5.3.8(a) Users 29
Fig 5.3.8(b)/(c) Users 30
Fig 5.3.9(a)/(b) Client System 31

XI

Fig 5.3.10(a)/(b) Profile 32
Fig 9.1 AEIOU Summary Framework 39
Fig 9.1 Ideation Canvas 40
Fig 9.3 Empathy Mapping Canvas 41
Fig 9.4 Product Development Canvas 42

XII

List of Tables

No. Fig. Name Page No.
Table 3.1 Project Schedule 11
Table 5.1 User 19
Table 5.2 Client 19
Table 5.3 Subscription 20
Table 5.4 Users 20
Table 5.5 Account 20

XIII

Abbreviations

Name Full Form
HTML Hypertext Markup Language
CSS Cascading Stylesheet
JSP Java Server Pages
SQL Structure Query Language
GUI Graphical User Interface
GB/TB Giga Byte/ Tera Byte
DFD Data Flow Diagram
RAM Random Access Memory
XML Extensible Markup Language
HTTP/s Hypertext Transfer Protocol/Secure
ASP Active Server Pages
XHTML Extensible HTML
SDLC Software Development Life Cycle
OS Operating System
DB Database
IE Internet Explorer
DOS Daniel of Service
IDS Intruder Detection System
DNS Domain Name System

XIV

INDEX

Sr. No. Topic Name Page No.
Certificate III
IDP Letter IV
Candidate’s declaration VII
Acknowledgement VIII
Abstract IX
List of figures X
List of tables XII
Abbreviation XIII
Index XIV
1 Introduction 1
1.1 Project Profile 1
1.2 Definition 1
1.3 Purpose 1
1.4 Scope 1
1.5 About technology 1
2 System Profile 6
2.1 System Analysis 6
2.2 Feasibility study 7
2.3 System Requirements 8
2.4 User Requirements 8
3 Project Management 10
3.1 Project planning 10

XV

3.2 Project Scheduling 11
3.3 Cost Estimation 11
4 Design Analysiss 12
4.1 Class Diagram 13
4.2 ER-diagram 14
4.3 DFD 15
4.4 Use case Diagram 16
4.5 Activity Diagram 17
4.6 Sequence Diagram 18
5 Implementation 19
5.1 Data Dictionary 19
5.2 Validation 21
5.3 Screenshot 23
5.4 Application 33
5.5 Security 33
5.6 Requirements 33
5.7 Advantages 33
6 Testing 34
6.1 Testing Principle 34
6.2 Testing Methods 36
7 Conclusion 37
8 Bibliography/Refference 38
9 Design Canvases 39

Threat Intelligence

NGI, Junagadh Page 1

CH-1: INTRODUCTION
1.1 Project Profile
Project title : Threat Intelligence
Platform : Windows OS(V10)
Front-end system : Node.JS(10.1.x), JAVA(Eclipse 2018, JDK 1.8)
Back-end system : MySQL(version 8), MongoDB(Version 3.6)
Project Duration : July 2018 to October 2018
Project guide : Prof. Daxa Vekariya
Submitted by : Krunal Bapodara (160353107003)
Ankur Savaliya (150350116003)
Dhaval Zala (150350107004)
Submitted to : Noble Group of Institution, Junagadh

1.2 Definition
Threat Intelligence provides access of information related to threats and each and every
types of attack occurred in the network. It provides easy maintenance of detailed information of
infections, reports of infections, analysis of threats, usermanagement, user readable logs, and so
on. It also notifies staff about timely reports of infections and new attacks in the network devices.
1.3 Purpose/ Objective
Purpose of ‘Threat Intelligence’ is to provide a way of monitoring devices available in
networks and get information about which device get infected by the security attacks by the
hackers to steel information and make crim.
1.4 Scope
Scope of this system will always rise, because in this new era of the world, crime is rising
and organizations want to make sure that their data stay secure, so, by applying this system, they
will get each and every information of different kinds of signatures of attacks might be done
using computers.
1.5 About Technology
For any project or software technologies used to develop are need to be observed
carefully. Before adopting any technology we can review past system or projects. By carrying
out those kinds of activities at last we finalize some technologies which are best option for
developing this project.

Threat Intelligence

NGI, Junagadh Page 2

? Front End:
o Java
? Java has many features that attracted us to choose it as a front end. Java
provides more security then other languages. Apart from that there are
many features of java which are useful for any project. Few features which
are relevant to our system are:
? Java is open source.
? Java provides more security.
? Java is Platform Independent.
? Java is Object-Oriented & Robust.
? Java is Architecture neutral & portable. For designing of Threat-
Intelligence we have choose HTML, CSS and Java Script.
? JSP:
? Java Server Pages (JSP) is a technology that helps software
developers create dynamically generated web pages based on
HTML, XML, or other document types.
? Released in 1999 by Sun Microsystems, JSP is similar to PHP, but
it uses the Java programming language.
? To deploy and run Java Server Pages, a compatible web server
with a servlet container, such as Apache Tomcat or Jetty, is
required.
? JSP Stands for “Java Server Page.” This standard was developed
by Sun Microsystems as an alternative to Microsoft’s active server
page (ASP) technology.
? JSP pages are similar to ASP pages in that they are compiled on
the server, rather than in a user’s Web browser. After all, they don’t
call them “server pages” for nothing. However, JSP is Java-based,
whereas ASP is Visual Basic-based.
? JSP pages are useful for building dynamic Web sites and accessing
database information on a Web server. Though JSP pages may
have Java interspersed with HTML, all the Java code is parsed on
the server.
? Servlets:
? Servlets are based on the Java Sun platform technology of choice
for extending and improving web servers and they provide a
componentbased, platform independent method for creating web
applications, without the limitations of the performance of CGI
programs.

Threat Intelligence

NGI, Junagadh Page 3

? An HTTP servlet is a special type of servlet that handles an HTTP
request and supplies an HTTP response, commonly in the form of
an HTML page. The most common use of Web Logic HTTP
Servlets is to create interactive applications that use standard Web
browsers for the client-side presentation while Web Logic Server
handles the business logic as a server-side process.
? Servlets are most often used to:
o 1) Process or store data that was submitted from an HTML
form.
o 2) Provide dynamic content such as the results of a
database query
o 3) Manage state information that does not exist in the
stateless HTTP protocol, such as filling the articles into the
shopping cart of the appropriate customer
? JavaScript:
? JavaScript was originally developed by Brendan Eich, while
working for Netscape Communications Corporation.
? Although it was developed under the name Mocha, the language
was officially called LiveScript when it first shipped in beta
releases of Netscape Navigator 2.0 in September 1995, but it was
renamed JavaScriptwhen it was deployed in the Netscape browser
version 2.0B3.
? JavaScript is a lightweight, interpreted programming language with
object-oriented capabilities that allows you to build interactivit y
into otherwise static HTML pages. Using JavaScript one can
validate user input before sending the page off to the server. This
saves server traffic, which means less load on your server.
? One can create interfaces that react when the user hovers over
them with a mouse or activates them via the keyboard.
? One can use JavaScript to include such items as drag-and-drop
components and sliders to give a Rich Interface to your site
visitors.
? Html:
? HTML is not a programming language, it is a markup language. A
markup language is a set of markup tags. HTML uses markup tags
to describe web pages.
? HTML5 is a core technology markup language of the Internet used
for structuring and presenting content for the World Wide Web.

Threat Intelligence

NGI, Junagadh Page 4

? As of October 2014 this is the final and complete fifth revision of
the HTML standard of the World Wide Web Consortium The
previous version, HTML 4, was standardized in 1997.
? Its core aims have been to improve the language with support for
the latest multimedia while keeping it easily readable by humans
and consistently understood by computers and devices (web
browsers, parsers, etc.).
? CSS:
? Cascading Style Sheets (CSS) is a style sheet language used for
describing the look and formatting of a document written in a
markup language.
? Most often used to change the style of web pages and user
interfaces written in HTML and XHTML, the language can be
applied to any kind of XML document, including plain XML, SVG
and XUL.
? Along with HTML and JavaScript, CSS is a cornerstone
technology used by most websites to create visually engaging
webpages, user interfaces for web applications, and user interfaces
for many mobile applications.
o Node.JS:
? Node.js is an open-source, cross-platform JavaScript run-time
environment that executes JavaScript code outside of a browser.
Historically, JavaScript was used primarily for client-side scripting, in
which scripts written in JavaScript are embedded in a webpage’s HTML
and run client-side by a JavaScript engine in the user’s web browser.
Node.js lets developers use JavaScript to write Command Line tools and
for server-side scripting—running scripts server-side to produce dynamic
web page content beforethe page is sent to the user’s web browser.
Consequently, Node.js represents a “JavaScript everywhere”
paradigm,6 unifying web application development around a single
programming language, rather than different languages for server side and
client side scripts.
? Express.JS:
? Express provides a minimal interface to build our applications. It
provides us the tools that are required to build our app. It is
flexible as there are numerous modules available on npm, which
can be directly plugged into Express.

Threat Intelligence

NGI, Junagadh Page 5

? Express was developed by TJ Holowaychuk and is maintained by
the Node.js foundation and numerous open source contributors.
? EJS:
? EJS is a simple templating language that lets you generate HTML
markup with plain JavaScript.
? Backend:
o MongoDB:
? MongoDB is an open-source document database and leading NoSQL
database. MongoDB is written in C++. This tutorial will give you great
understanding on MongoDB concepts needed to create and deploy a
highly scalable and performance-oriented database.
? MongoDB is a cross-platform, document oriented database that provides,
high performance, high availability, and easy scalability. MongoDB works
on concept of collection and document.
? Database
? Database is a physical container for collections. Each database
gets its own set of files on the file system. A single MongoDB
server typically has multiple databases.
? Collection
? Collection is a group of MongoDB documents. It is the equivalent
of an RDBMS table. A collection exists within a single database.
Collections do not enforce a schema. Documents within a
collection can have different fields. Typically, all documents in a
collection are of similar or related purpose.
? Document
? A document is a set of key-value pairs. Documents have dynamic
schema. Dynamic schema means that documents in the same
collection do not need to have the same set of fields or structure,
and common fields in a collection’s documents may hold different
types of data.
o MySQL:
? MySQL is the most popular Open Source Relational SQL Database
Management System. MySQL is one of the best RDBMS being used for
developing various web-based software applications. MySQL is
developed, marketed and supported by MySQL AB, which is a Swedish
company. This tutorial will give you a quick start to MySQL and make
you comfortable with MySQL programming.

Threat Intelligence

NGI, Junagadh Page 6

CH-2: SYSTEM PROFILE
2.1 System Analysis
2.1.1 System Development life cycle

fig: 2.1 SDLC
2.2.2 Study about project requirement
Requirement specification plays an important part in the analysis of a system. Only when
the requirement specifications are properly given, it is possible to design a system, which will fit
into required environment.
The requirement specification for any system can be broadly stated as given below:
1. The system should be able to interface with the existing system.
2. The system should be accurate.
3. The system should be better than the existing system.
Performance is measured in terms of the output provided by the application. Proposed
system have user friendly interface which is helpful in zoo or any wild life sanctuary to keep and
access their data with ease and secure. Also People will get information about zoo and animals
life.

Threat Intelligence

NGI, Junagadh Page 7

2.2 Feasibility Study
Feasibility study is the main core of system analysis phase in software
development. It actually calculates the feasibility of all the requirements gathered from the users
and those documented in SRS. This is of very prime necessary because before developing a new
system or replacing an existing system, it should be known well in advance whether the
requirements to develop a system are feasible considered to various aspects.
One important activity of any project developing team is to check the feasibility of
the software of they are the building. Feasibility study gives us more knowledge about the actual
behavior of environmental factors that are going to affect after or during the project developing.
2.2.1 Technical Feasibility
Project is technically feasible. Here the study available resources, existing software
technology are to be considered. At develop the project, sufficient resources like computers,
software tools are available. Study of resources availability may affect the ability to achieve an
acceptable system. It is essential that the process analysis and definition be conducted in parallel
with an assessment of Technical feasibility.
2.2.2 Economical Feasibility
Project is also economical feasible. This doesn’t require any costly software or any
hardware tools. Software tools which are required for this project are freely available.
2.2.3 Operational Feasibility
Application has such a user friendly GUI that any person having a sound knowledge of
computer can operate the system.
2.2.4 Schedule Feasibility
A project will fail if it takes too long to be completed before it is useful. Typically this
means estimating how long the system will take to develop, and if it can be completed in a given
time period using some methods like payback period. Schedule feasibility is a measure of how
reasonable the project timetable is.
2.2.5 Cultural Feasibility
In this stage, the project’s alternatives are evaluated for their impact on the local and
general culture. For example, environmental factors need to be considered and these factors are
to be well known.

Threat Intelligence

NGI, Junagadh Page 8

2.3 System Requirements
2.3.1 Software Requirements
For determination of the system software to be used for reparation of the system, the
following consideration has been investigated.
Operating System : Windows OS 10
Coding Language : Java, JavaScript
IDE : Eclipse2018, VS-Code
Database : MongoDB, MySQL
Server : Apache tomcat 3.0, node server 10.1.x
Architecture : 3-tier Architecture
Document : MS-Office, MS-Visio

2.3.2 Hardware Requirements
RAM : 512 MB
Hard Disk : 160GB HDD
Processor : Intel®Core2Duo

2.4 User Requirements
2.4.1 Functional Requirements
? Physical external/perimetral exposure
? Servers facing external network:
? What services are publicly exposed? What OS version do they run? What DB +
version? Etc. (selecting those of major importance first)
? Which devices are reachable from the outside?
? E.g. printers with remote maintenance access.

? Physical internal exposure
? What systems do you use internally (i.e. that have access to the internal network)?
? Windows / OSX / *nix ? Which version?
? Mobile?
? What software/version do you use internally? (IE, Outlook, Flash, etc.). Are there
unpatched vulnerabilities to be monitored? Are any of those being exploited in the
wild?
? What type of attachments do you allow? What types of file are allowed to be
downloaded from the internal network?
? Network infrastructure (yes, that famous diagram no one ever has)

Threat Intelligence

NGI, Junagadh Page 9

? What type of attacks/threats does your organization fear most?
? DoS attacks
? Banking Trojan
? Drive-by / EK
? Credentials’ Phishing
? Intellectual Property (IP) exfiltration
? Etc.

2.4.2 Capability/Visibility Requirements
? Email logs
? As basic requirements, it is of paramount importance being able to access all email
logs containing timestamp, sender, recipient, subject, attachment(s) name,
attachment(s) hash value.
? Being able to access the quarantined attachments, or having an address were to
forward malicious emails for automatic processing in a safe environment;
? Having access to the email header as well would be a great plus.

? Network: Proxylogs, Firewall logs, IDS logs, DNS logs, etc.

? Passive DNS
? Another must have is a passive DNS: collect all DNS resolutions ever made by any
machine within your network;
? Third-party pDNS: always useful to get a broader view.

? Endpoint visibility
? Being able to search/collect information and artifacts from endpoints (i.e. memory,
registry hives, running processes, etc.)

? External feeds and sources
? Free/Paid feeds of indicators
? Hopefully each analyst belongs to one or more trusted sharing communities, which
are usually not public. If not, create your network of trusted peers, this is a must have
for an analyst.

? Centralized storage and correlation
? This may be full-fledged Threat Intelligence Platform (TIP) or an Excel spreadsheet
? Useful as central collection point of the collected intel.
? Ideally can be integrated with other internal tools to allow automation

Threat Intelligence

NGI, Junagadh Page 10

CH-3: PROJECT MANAGEMENT

3.1 Project Planning
A project plan is “A formal, approved document used to guide both project execution and
project control. The primary uses of the project plan are to document planning assumptions and
decisions, facilitate communication among stakeholders, and document approved scope, and
schedule baselines. Project plan may be summary or detailed.”
Project Plan can also be defined more precisely as: “A statement of how and when a
project’s objectives are to be achieved, by showing the major products, milestones, activities and
resources required on the project.”
At a minimum, a project plan answers basic questions about the project:
o Why? ? to secure information of organization networks.
o What?? Access of information related to every attacks on devices belongs to
network.
o Who? ? Krunal Bapodara, Ankur Savaliya and Dhaval Zala.
o When? ? After 7 month’s we deliver this system to the Noble Group of
Institution, Junagadh.

The project must strictly follow the Software Development Life Cycle.

o 1) Planning? Establishing the plans for creating a system by defining the system
be developed based on the requirements.
o 2) Analysis? the users and IT specialists collaborates to collect and
formalize business requirement by gathering the business requirements.
o 3) Designing? Designing the technical architecture and graphically creating a
system model from GUI.
o 4) Development? It executes the design into physical system by technical
architecture and builds the database and programs.
o 5) Testing? Testing the developed system.
o 6) Maintenance? The system keeping up to date with the changes in the
organization and building a help desk to support the system users.

Threat Intelligence

NGI, Junagadh Page 11

3.2 Project Schedule
Project scheduling is one of the key aspects of any project. Any project must be schedule
before developing it. It describes dependency between activities. The estimated time required to
allocation of people’s activities. This describes the way in which the development team is
organized the people involved and their roles in team.
3.2.1 Project Schedule
Activity Time Days
Preliminary Investigation 14th July 2018 to 25th July 2018 12
Analysis 25th July 2018 to 16th Aug 2018 22
System Design 16th Aug 2018 to 30th Aug 2018 15
Database Design 30thAug 2018 to 20th Sept 2018 20
Implementation 20th Sept 2018 to 03rd Oct 2018 13
Integration Testing 3rd Oct 2018 to 17th Oct 2018 15
Documentation 17thOct 2018 to 10th Nov 2018 25
Table 3.1 Project schedule
3.2.2 Gantt Chart

Fig 3.1 Gantt chart
3.3 Cost Estimation
Development in such applications requires programming skills and sound knowledge in
the tools and various functionalities. The cost spent in the making of the project is categorized
into two parts.

Threat Intelligence

NGI, Junagadh Page 12

? Direct Cost:
o This is in terms of money. In this project in terms of cost is
? Hardware
? Software
? System Study
? Indirect Cost:
o This is in terms of labor or the manual work. In this project in terms of
cost is:
? Time spent in system analysis and design
? Managing time for coding
? Cost Estimation Technique:
o Cocomo Model:
? Cocomo (Constructive Cost Model) is a regression model based on
LOC, i.e number of Lines of Code. It is a procedural cost
estimate model for software projects and often used as a process of
reliably predicting the various parameters associated with making a
project such as size, effort, cost, time and quality. It was proposed
by Barry Boehm in 1970 and is based on the study of 63 projects,
which make it one of the best-documented models.
? The key parameters which define the quality of any software
products, which are also an outcome of the Cocomo are primarily
Effort & Schedule:
? Effort: Amount of labor that will be required to complete a task. It
is measured in person-months units.
? Schedule: Simply means the amount of time required for the
completion of the job, which is, of course, proportional to the
effort put. It is measured in the units of time such as weeks,
months.
o Types:
Boehm’s type of cocomo systems:
o Organic
o Semi-detached
o Embedded

Threat Intelligence

NGI, Junagadh Page 13

CH-4: DESIGN ANALYSIS
4.1 Class Diagram

fig 4.1 Class diagram

Threat Intelligence

NGI, Junagadh Page 14

4.2 ER-Diagram

fig 4.2 ER-Diagram

Threat Intelligence

NGI, Junagadh Page 15

4.3 Dataflow-diagram

fig 4.3(a) DFD level 0
fig 4.3(b) DFD level 1

Threat Intelligence

NGI, Junagadh Page 16

4.4 Usecase Diagram

fig 4.4 Usecase Diagram

Threat Intelligence

NGI, Junagadh Page 17

4.5 Activity Diagram

fig 4.5 Activity diagram

Threat Intelligence

NGI, Junagadh Page 18

4.6 Sequence Diagram

fig 4.6 Sequence Diagram

Threat Intelligence

NGI, Junagadh Page 19

CH-5: IMPLEMENTATION
5.1 Data Dictionary
? Server Side
? USER
Query:create table user(id bigint(20),email varchar(255), first_name varchar(255),
last_name varchar(255), prefix varchar(255), contact_num varchar(255), attempt
int(11),password varchar(255),role varchar(255), status bit(1), token varchar(255),
last_login datetime);

Table 5.1- User
? CLIENT
Query:create table client(id bigint(20),email varchar(255), authority_name varchar(255),
organization_name varchar(255), contact varchar(255), token varchar(255), address
varchar(255));

Table 5.2- Client

Threat Intelligence

NGI, Junagadh Page 20

? SUBSCRIPTION
Query:create table subscription (id bigint(20), cid bigint (20), expire_date datetime,
last_dump_time datetime,last_fetch_time datetime, last_update datetime, purchase_date
datetime, status bit(1),configure bit(1));

Table 5.3-Subscription

? Client Side
? USER
Query:db.createCollection(“users”);
FIELD DATA TYPE DESCRIPTION
User_status Boolean User active or block
Login_attempt Int32 Number of attempt to login
Theme String Theme of whole system
Name String User name
Email String Email address of user
Contact String Contact number
Role String Role for giving privilege
Designation String Chosen profile
Password String Security code for valid user login
Last_login Date Time of last login
Table 5.4-User

? ACCOUNTS
Query:db.createCollection(“accounts”);
FIELD DATA TYPE DESCRIPTION
Cust_id String Customer id
Cust_name String Name of customer
Address String Customer address
Authority_name String Name of Author
Email String Email address of customer

Threat Intelligence

NGI, Junagadh Page 21

Contact String Contact number
Prc_date Date Purchase date
Exp_date Date Expire date
Table 5.5 -Accounts

5.2 Validation
? Required Field Validater:
o It indicates field must be required to enter.
? Create User form validation

Fig. 5.2.1 – Create User validation

Threat Intelligence

NGI, Junagadh Page 22

? Change Password Form validation

Fig.5.2.2- Change Password validation

? RegularExpressionValidator:
o It indicates the regular expression.(eg. Emailid)
? Login Form Validation

Fig. 5.2.3 –Login page validation

Threat Intelligence

NGI, Junagadh Page 23

? RangeValidator:
o It indicates the range and shows that field must be entering between the
ranges which are given.
5.3 ScreenShots
? Client Side
5.3.1 Login

Fig. 5.3.1- Client Login

Threat Intelligence

NGI, Junagadh Page 24

5.3.2 Dashboard

Fig. 5.3.2(a) – Client Dashboard

Fig. 5.3.2(b) – Client Dashboard

Threat Intelligence

NGI, Junagadh Page 25

5.3.3 Analysis

Fig. 5.3.3(a) – Client Analysis

Fig. 5.3.3(b) – Client Analysis

Threat Intelligence

NGI, Junagadh Page 26

5.3.4 Infections

Fig. 5.3.4(a) – Client Infection

Fig. 5.3.4(b) – Client Infection

Threat Intelligence

NGI, Junagadh Page 27

5.3.5 Reports

Fig. 5.3.5(a) – Client Reports

Fig. 5.3.5(b) – Client Reports

Threat Intelligence

NGI, Junagadh Page 28

5.3.6 Integration

Fig. 5.3.6(a) – Client Integration

Fig. 5.3.6(b) – Client Integration

Threat Intelligence

NGI, Junagadh Page 29

5.3.7 Logs

Fig. 5.3.7 – System logs
5.3.8 Users

Fig. 5.3.8(a) – Client Users

Threat Intelligence

NGI, Junagadh Page 30

Fig. 5.3.8(b) – Client Users

Fig. 5.3.8(c) – Client Users

Threat Intelligence

NGI, Junagadh Page 31

5.3.9 System

Fig. 5.3.9(a) – Client System

Fig. 5.3.9(b) – Client System

Threat Intelligence

NGI, Junagadh Page 32

5.3.10 Profile

Fig. 5.3.10(a) – Client Profile

Fig. 5.3.10(b) – Client Profile

Threat Intelligence

NGI, Junagadh Page 33

5.4 Application
? Network Security
? Information Security
? Log Parsing
? Cyber Security
5.5 Security
Security is of prime concern while carrying out this online system. This system has
implemented proper security measures such as creating secure space between client machine and
proper access rights control is been implemented, So the system will provide the secure
environment to each system user on terminal to make work easily as well as return required
information in easiest way.
For security purpose, we have used “Session Tracking”. The HTTP session API is an
essential component in constructing interactive web sites. This is required because the Hypertext
Transfer Protocol (HTTP) employed for web browser to web server requests is a stateless
protocol.
As a result, a web server has no means of associating a series of requests with a specific
browser or user. We also use HTTPS for better security of web browser to web server requests.
5.6 Requirements
1. Login (system should be able to give authentication to user).
2. System should be able to prompt user to enter password and code.
3. System should be able to retrieved information and also able to check code and password.
4. System should be able to store new information the new user.
5. System should be able to search all the infections, threats and profiles.
6. System should be able to send syslog log file.
7. System should be check to validation.
5.7 Advantages
? Easy to Maintenance.
? Easy to use for all Users.
? Easy to maintain whole system through one user.
? Easy to identify threat in system.
? Notify to user if any system are infected by threat.
? Easy to identify how many system are infected by threats.
? Secure the system from the threats.

Threat Intelligence

NGI, Junagadh Page 34

CH-6: TESTING
6.1 Testing Principle
Following are the testing principles, which are used:
All tests should be traceable to user requirements.
Tests should be planned long before testing begins. Testing should begin in small and progress
toward testing in the large.
Exhaustive testing is not possible.
To be most effective testing should be conducted by an independent third party.
Testability: Software testability is simply how easily a computer program can be tested. The
checklist that follows provides a set of characteristics that lead to test able software.
1. Operability
2. Observable
3. Controllability
4. Decomposability
5. Simplicity
6. Stability
7. Understandability
Models of Testing: There are several models for testing module some of them are as follows:
1. WhiteBox Testing:
White-box testing, sometimes called glass-box testing is a test case design that
uses the control structure described as part of component level design to derive the test
cases. As per our project, we have used White Box Testing Model because Independent
Paths of .jsp files and loop are the cornerstones of the majority of all algorithms
implemented in the software.
There are five different classes of the loops, which can be defined as follows:
1. Simple Loops
2. Nested Loops
3. Concatenated Loops
4. Unstructured Loops

Threat Intelligence

NGI, Junagadh Page 35

5. Continuous Loops
As per our project, we have used simple loops. The concatenate loops can be
tested with the different jsp files of the project; all in dependent of each other.
2. BlackBox Testing:
White-box testing, also called behavioral testing, focuses on the functional
requirements of the software. Black-box testing is not an alternative to white-box testing.
Black-box testing attempts to find errors in following categories:
1. Incorrect or missing function
2. Interface errors
3. Errors in fetching external data
4. Behavior or performance errors
5. Initialization and terminal errors Black-box testing is implementing on our
project through test each and every independent jsp file. For dependent files, we check
the dependency and interface after integrating all the files. For behavior or performance
testing we first made demo give it to our project guide and some employees to use and
check performance.

3. Testing Strategies:
A strategy provides a roadmap that describes the step to be undertaken, and how
much effort, time and resources will be required. A testing strategy must incorporate test
planning, test design, test execution, and resultant data collection and evaluation. The
testing strategy followed by us constituted the following component parts as: To
accomplish this there are some methods defined. They are:
A) Equivalence Partitioning:
This method divides the input domain of a program into classes of data from
which test cases can be derived. These classes, known as Equivalence Classes,
represent a set of valid or invalid input conditions. It helps in a manner that one
test case alone uncovers number of errors that might otherwise require more
number of cases.
B) Test Strategies:
Testing is a set of activities that can be planned in advance and conducted
systematically, for this reason a template for software testing, consisting a set of
steps into which we can place specific test cases & testing methods, should be
defined. Testing is just like assurance to review of software product and related
documents for correctness, completeness, reliability, and maintainability and it
includes assurance that the system meets the specification and requirements for its
intended use and performance. The common view of the testing is to prove that
are no error. System testing is too much expensive as well as it is not possible for
analyst to prove that software is free and clear of error. We can use various kinds
of test strategies.

Threat Intelligence

NGI, Junagadh Page 36

6.2 Testing Methods
Various testing strategies that were use for testing the modules are as follows:
A) Unit Testing:
The testing that is performed on smallest piece of software.

B) Unit Test Plan:
A Unit test plan is used as a guide for testing. It contains detailed test cases should be
designed to insure the completeness of the test & provide highest like hood for
uncovering error. Unit test plan was drafted based on Program specification. The
Programmer did testing based on UTP first. All Defects marked on UTP. The
programmer is modified to remove errors. Errors are handled by the Programmer. Unit
testing plan is subdivided into following parts:
1. Functional Test
2. Code Test
3. Navigational Test
4. Cosmetic Test

Various Level Testing:-
1) Field Level Testing
2) Query Level Testing
Various Test Cases: Testing which find out the most errors, is consider as the most
successful testing but for that it has to depend on carefully chosen test cases. A good guideline
that we follow during selecting test cases is to choose test cases depend on carefully chosen test
cases.

Threat Intelligence

NGI, Junagadh Page 37

CH-7: CONCLUSION
7.1 Conclusion
Threat Intelligence provides access of information related to threats and each and every
types of attack occurred in the network. It provides easy maintenance of detailed information of
infections, reports of infections, analysis of threats, usermanagement, user readable logs, and so
on. It also notifies staff about timely reports of infections and new attacks in the network devices.

7.2 Future Enhancement
In ‘Threat Intelligence’ we can add more functionalities like:
? Add response functionality to system which give response to different attacks like
o Block particular port
o Block attack
o Block attacker
? Report generating functionality which responses of different attack and infections.

Threat Intelligence

NGI, Junagadh Page 38

CH-8: REFERENCES
1 https://mvnrepository.com/
2 https://spring.io/documentation
3 ExpressJS Tutorial 14: Hello World – YouTube
4 Manage session using Node.js and Express 4 | Codeforgeek
5 https://docs.npmjs.com/
6 https://dev.mysql.com/doc/
7 https://github.com/d3/d3/wiki
8 https://www.tutorialspoint.com/json/
9 https://www.eclipse.org/documentation/
10 https://www.npmjs.com/package/agenda
11 https://nodejs.org/en/docs/
12 https://expressjs.com/en/api.html
13 https://expressjs.com/en/guide/routing.html

Threat Intelligence

NGI, Junagadh Page 39

CH-9: DESIGN CANVASES
9.1 AEIOU

fig 9.1 AEIOU Summary framework

Threat Intelligence

NGI, Junagadh Page 40

9.2 Ideation Canvas

fig 9.2 Ideation canvas

Threat Intelligence

NGI, Junagadh Page 41

9.3 Empathy mapping canvas

fig 9.3 Empathy mapping canvas

Threat Intelligence

NGI, Junagadh Page 42

9.4 Product development canvas

fig 9.4 Product development canvas