snips implementation and gui 3 rd presentation
DESCRIPTION
SnIPS Implementation and GUI 3 rd Presentation. Tsung-Hsi Wu, M.S.E. Department of Computing and Information Science Kansas State University. Outline. Action Item Final Software Production Demo Component Design Assessment Evaluation Project Evaluation. Outline. Action Item - PowerPoint PPT PresentationTRANSCRIPT
1
SnIPS Implementation and GUI
3rd PresentationTsung-Hsi Wu, M.S.E.
Department of Computing and Information Science
Kansas State University
2
Outline
Action Item Final Software Production Demo Component Design Assessment Evaluation Project Evaluation
3
Outline
Action Item Final Software Production Demo Component Design Assessment Evaluation Project Evaluation
4
Action Item Item to be inspected (Previously…) :
UML Diagrams: package, component, deploy class, sequence diagrams
Item to be inspected Formal Requirement Specification: USE/OCL
5
Action Item
6
Outline
Action Item Final Software Production Demo Component Design Assessment Evaluation Project Evaluation
7
Final Software Production Demo What are the new features ?
Synchronous -> Asynchronous XSB Query Option
8
Outline
Action Item Final Software Production Demo Component Design Assessment Evaluation Project Evaluation
9
Component Design Component Diagram
10
Component Design Reactor Pattern Structure
11
Component Design Command Pattern Structure
12
Component Design Command Pattern Structure: Set Time Button
13
Component Design Command Pattern Structure: Start Snort Button
14
Component Design Command Pattern Structure: RadioBox
15
Component Design Parser:
16
Component Design Parser: Result.txt int(probeOtherMachine('192.168.10.80',external),c,range(1904834156,0)) strengthenedPf int(probeOtherMachine('192.168.10.80',external),l,range(1904834156,0)) summarizedFact skolem(0)
obsMap.P obsList(obsFacts(0),[oid_1299,oid_1405,oid_1442,oid_1476,oid_1488,oid_1520,oid_1790,oid_6851]).
obs.P obs(oid_1299, snort('1:1201', '192.168.10.80', '128.111.43.65', 1039206341)). obs(oid_1405, snort('1:1201', '192.168.10.80', '128.111.43.65', 1039206357)). obs(oid_1442, snort('1:1201', '192.168.10.80', '128.111.43.65', 1039206358)).
17
Outline
Action Item Final Software Production Demo Component Design Assessment Evaluation Project Evaluation
18
Assessment Evaluation Test Suite 1: Operating Snort
Test # SR # Description Expected Outcome Actual Outcome
TS1.1 SR2.1SR2.5
The user will click the Start Snort button to start Snort.
Snort status table will display “Snort Started”. The Start Snort button will change to Stop Snort button.
Same as Expected
TS1.2 SR2.2SR2.5
The user will click the Stop Snort button to stop Snort.
Snort status table will display “Snort Stopped”. The Stop Snort button will change to Start Snort button.
Same as Expected
19
Assessment Evaluation Test Suite 2: Operating SnIPS
Test # SR # Description Expected Outcome Actual Outcome
TS2.1 SR3.4SR3.7SR3.10SR4.2
The user will click the Set Time Frame button to set the start and end time for SnIPS and click Ok button after the start and end time is selected.
SnIPS status table will display the start and end time. Pre-processing and DoAll button is now enabled.
Same as Expected
TS2.2 SR3.4SR3.10SR4.2
The user can cancel setting the start and end time by clicking the Cancel button in the pop-up frame from Set Time Frame button
No Change Same as Expected
TS2.3 SR3.1 The user will click the Pre-processing button based on the time frame in TS2.1 for running SnIPS pre-processing.
A pop-up message box will show up displaying the “obs_xxx.P” file name is created. Summarization button is enabled at this time.
Same as Expected
20
Assessment Evaluation Test Suite 2: Operating SnIPS
Test # SR # Description Expected Outcome Actual Outcome
TS2.4 SR3.2 The user will click the Summarization button based on the time frame in TS2.1 for running SnIPS summarization.
A pop-up message box will show up displaying the “summ_xxx.P” file name is created. Trace button is enabled at this time.
Same as Expected
TS2.5 SR3.3 The user will click the Trace button based on the time frame in TS2.1 and select optional query for XSB engine for running SnIPS trace.
A pop-up message box will show up displaying the “result.txt” file name is created. Backtrack Output button is enabled at this time.
Pop-up message didn’t show up. Error Message: unexpected input.
Solved !
TS2.6 SR3.8SR4.1SR4.2
The user will click the Back Track button to show the SnIPS proof strengthening results.
The proof strengthening results are shown in web-based by the browser.
Same as Expected
TS2.7 SR3.5 The user will click the DoAll button to show the resunt SnIPS operation for SR3.1 ~ 3.3 and SR 3.8
The proof strengthening results are shown in web-based by the browser.
Same as Expected
21
Assessment Evaluation Test Suite 3: Trace Output Webpage
Test # SR # Description Expected Outcome Actual Outcome
TS3.1 SR5.1 The user will click the links provided in web-based proof strengthening result to show primitively summarized alerts.
Primitively summarized alerts for each proof strengthened result will be shown.
Same as Expected
TS3.2 SR6.1 The user will click the links next to the primitively summarized alerts provided in web-based proof strengthening result to show alert payload.
Payload for each alert will be shown.
Same as Expected
TS3.3 SR7.1 The user will click the links named with SID provided in web-based proof strengthening result to show triggered Snort rule.
The Snort rule triggered by the SID alert will be shown.
Same as Expected
TS3.4 SR7.2 The user will click the Snort rule description link provided in Snort rule webpage.
The Snort rule description will be shown with the same SID as in TS7.1
Same as Expected
22
Outline
Action Item Final Software Production Demo Component Design Assessment Evaluation Project Evaluation
23
Project Evaluation: SLOC
Actual SLOC: cloc-1.09
Program Language
File Blank Comment Code
Java 3 429 333 1765
PHP 5 177 54 455
JavaScript + Ajax 2 39 0 175
Total 10 645 387 2395 LOC
Project Plan 2.0 : Phase I : 1200 Phase II : 2020 (+ ~800 ) Phase III : 2700 (+ ~700 )
24
Project Evaluation: SLOC
25
Project Evaluation: Time Duration
Actual Duration
Programming Documentation Subtotal
Phase I 40 80 120
Phase II 80 107 187
Phase III 135 110 245
Total (hr): 550 255 hrs 295 hrs 550 hrs
Project Plan 2.0 :
Programming Document Meeting Reading Web Presentation Subtotal
Phase I (min) 2005 2240 480 295 405 120 92.42 hrs
Phase II (min) 3395 4925 375 0 70 195 149.33 hrs
Phase III (min) 2110 2455 180 0 50 120 81.92 hrs
Total (hr)323.66 hrs
7510 / 60 = 125.17
9620 / 60 = 160. 33
1035 / 60 = 17 .25
295 / 60 = 4.91
525 / 60 = 8.75
435 / 60 = 7.25323.66 hrs
26
Project Evaluation: Time Duration
27
Project Evaluation: Summarization Replace Linux Command to Simple Buttons
Convert Plain Text File to Webpage with Links Snort Rules & Description Payload
Current Users: System Administrators Researchers
28
Project Evaluation: Lesson Learnt Software Management and Software Engineering
Design
Flexibility of Architecture Design
Software Prototypes
29
Questions & Answers
SnIPS Implementation and GUI