Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
Project Report
Submitted in partial fulfillment of the requirements for the award of the degree of
MAY, 2018
DECLARATION
I hereby declare that the Report of the Major Project Work entitled “Security and
Compliance” which is being submitted to the National Institute of Technology
Karnataka, Surathkal for the award of the Degree of Master of Computer Applications in
the Department of Mathematical and Computational Sciences, is a bonafide report of the
work carried out by me. The material contained in this Report has not been submitted to any
University or Institution for the award of any degree.
I
CERTIFICATE
This is to certify that the project report entitled ‘Security and Compliance’ submitted by
RAOUSHAN KUMAR PASWAN (Registration Number: 15208615CA57) as the record
of the work carried out by him, is accepted as the P.G. Project work report submission in
partial fulfillment of the requirements for the award of degree of Master of Computer
Applications in the Department of Mathematical and Computational Sciences, National
Institute of Technology Karnataka, Surathkal.
Chairman DPGC
II
ACKNOWLEDGEMENT
It gives me great pleasure and deep satisfaction in presenting this report of my project work
undertaken at SysCloud Technologies Pvt. Ltd as a part of M.C.A. last semester from
NITK SURATHKAL, KARNATAKA arranged in order to gain the practical knowledge in
the Project Development. For all efforts, behind this successful project, I am highly grateful
to the following personalities without whom this project would not have been completed.
I am thankful to all the Professors and Faculty Members in the department for their
teachings.
I have of course, received help from a great many people during this project. I am extremely
thankful to all of them.
Lastly, I would like to thank my family, friends and colleagues who have always supported
me whenever I felt down. Without their continuous words of encouragement, it wouldn’t
have been possible to complete the project.
III
ABSTRACT
“Security and Compliance” is an application developed by “SysCloud Technologies Pvt Ltd.”
Through this application SysCloud provides security to various organizations. Basically
“Security and Compliance” prevents from uncertain activities. Using this application a
customer can scan their user domain’s data. If any data creates any violation, then automatically
initiates a notification to customer.
To achieve above objective, we have developed some tools. These tools are:
1) MailWatch Channel
2) Diagnostic Tool
3) Automation Tool and
4) Detection Tool,
These tools helps in finding offensive keywords and in turn certain algorithm are applied to
remove corresponding files and notify the administrator. These tools are developed using
technologies such as PHP, JAVA, SELENIUM, MicroSoft SQL Server, Apache tomcat,
NetBeans.
IV
TABLE OF CONTENTS
1 INTRODUCTION
1.1 About Organization 1
1.2. Work Done by Organization 1
1.3 Security and Compliance 2
1.4 Project Overview 5
2 SYSTEM DESIGN 13
2.1 Data Flow Diagram 13
2.2 Our Product Screenshots for Various Security 15
3 METHODOLOGY 23
3.1 PHP 23
3.2 JAVA 24
3.3 Tomcat 24
3.4 MicroSoft SQL Server 2017 25
3.5 Selenium 26
3.6 NetBeans V7.3 27
4 RESULT 32
4.1 WatchChannel 32
4.2 Diagnostic Tool 32
4.3 Automation 32
4.4 Detection Tools 38
5 CONCLUSION 48
5.1 Summary 48
5.2 Future Scope 48
5.3 Advantages 48
5.4 Disadvantages 48
6 REFERENCES 49
CHAPTER 1
INTRODUCTION
Massive explosion of data, cloud apps, users, devices, events has led to productivity and quality
of life improvements but also led to massive security and ransomware attacks. Traditional
security solutions which depend on blocking firewall ports and keyword phrases are no longer
sufficient and not relevant in a mobile first cloud first world.
SysCloud machine learning models contextually identify cyber threats and risks looking at an
organization’s data content, devices, users, apps, locations, access privileges and user behavior in
real time and creating threat matrix and cards. Our threat center gives details of high risk threats
and recommends policy actions which can be turned on with a single click.
1. Cyberbullying: Cyberbullying is bullying that takes place over digital devices like
cell phones, computers, and tablets. Cyberbullying can occur through SMS, Text, and
apps, or online in social media, forums, or gaming where people can view, participate
in, or share content. Cyberbullying includes sending, posting, or sharing negative,
harmful, false, or mean content about someone else. It can include sharing personal or
private information about someone else causing embarrassment or humiliation. Some
cyberbullying crosses the line into unlawful or criminal behavior.
1
2. FERPA (Family Educational Rights and Privacy Act): The Family Educational
Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal
law that protects the privacy of student education records. The law applies to all
schools that receive funds under an applicable program of the U.S. Department of
Education.
3. HIPPA (The Health Insurance Portability and Accountability Act): A US law
designed to provide privacy standards to protect patients' medical records and other
health information provided to health plans, doctors, hospitals and other health care
providers. Developed by the Department of Health and Human Services, these new
standards provide patients with access to their medical records and more control over
how their personal health information is used and disclosed. They represent a
uniform, federal floor of privacy protections for consumers across the country. State
laws providing additional protections to consumers are not affected by this new rule.
HIPAA took effect on April 14, 2003.
4. PCI (Payment Card Industry): Payment Card Industry Data Security Standard (PCI
DSS) compliance is adherence to the set of policies and procedures developed to
protect credit, debit and cash card transactions and prevent the misuse of cardholders'
personal information. PCI DSS compliance is required by all card brands. .
5. CIPA (Children's Internet Protection Act): The Children's Internet Protection Act
(CIPA) was enacted by Congress in 2000 to address concerns about children's access
to obscene or harmful content over the Internet. CIPA imposes certain requirements
on schools or libraries that receive discounts for Internet access or internal
connections through the E- rate program – a program that makes certain
communications services and products more affordable for eligible schools and
libraries. In early 2001, the FCC issued rules implementing CIPA and provided
updates to those rules in 2011.
1.3 Security and Compliance
The “digitization of everything” trend is forever changing our lives. The growth of mobile
devices along with their increasing capabilities result in people having instant access to
information on-the-go. They can conduct business wherever they are at any time, often
blurring the line between work and leisure. Because of the always-on, always accessible
2
nature of the digital economy, your customers expect a consistently excellent user
experience regardless of whether they are at home or at work.
But keeping organizations secure in this increasingly digital world has never been tougher.
The fast-paced demands of users put even more pressure on enterprises to prevent and stop
threats and data breaches, meet regulatory compliance requirements, and govern their
operations more efficiently.
What’s the best way for your organization to address this challenge? By developing
processes to meet new digital requirements for security and compliance and automating
those processes as effectively as possible. Automation should integrate the objectives and
activities of Security and Operations teams and enable them to protect the enterprise while
providing the performance and availability required for businesses to remain competitive.
Organizations who rely on manual administration of security and compliance find it
impossible to scale, which in turn limits their ability to keep up with business opportunities
and challenges in the growing digital economy. Plus, manual administration is also
particularly subject to human error, which makes it dangerous. Delays in responding to
security threats and compliance issues can lead to breaches, failed audits, financial loss, and
damage to a company’s reputation and other serious business consequences.
In this guide, you’ll learn about the security compliance audit process, security risk
management, and how to deal with persistent threats in the digital economy. The guide will
also describe how best-practice processes and automation can help organizations meet the
challenges of today and the future while also increasing collaboration between Security and
Operations. This unifying strategy can enable these teams to improve uptime, customer
satisfaction, and security.
Having an effective strategy is critical to success. This guide will help you understand the
risks that must be mitigated or eliminated. You’ll also learn important considerations for
developing a plan that focuses on integrating the roles of people, processes, and technology
to address the increasing challenges related to security and compliance in the digital
economy. As Figure 1 indicates, vulnerabilities and exposures to threats are increasing
rapidly. Organizations must prioritize efforts and focus on the most critical vulnerabilities.
3
1. The role of Operations in maintaining security, compliance and control: Maintaining a
secured environment not just the concern Security’s. Operations teams also play a critical role in
the process, however, they do not get appreciated for their role in the process. The Security team
identifies the risks, but Operation team must implement the changes to remediate those risks.
Officially the charter of the security team is to keep the organization secure while the operations
team works on supporting the business demand for high availability to avoid risking performance
or reliability on production systems.
This situation creates a gap between Security and Operations known as the SecOps Gap: Two
groups driven by competing priorities which ultimately result in long lag times to close security
vulnerabilities, business-system downtime, excessive labor costs and challenges in meeting
regulatory requirements.
Many attacks can be prevented by closing this gap. More than 80 percent of attacks target known
vulnerabilities and 99 percent of exploits were compromised over a year after the CVE was
published. According to Rob Joyce, Chief of NSA’s Tailored Access Operations, “There’re so
many more vectors that are easier, less risky and quite often more productive than going down
that route. This includes, of course, known vulnerabilities for which a patch is available, but the
owner hasn’t installed it.”
2. Closing the SecOps Gap protects company assets and reduces costs: The misalignment
between Security and Operations goes beyond poor communication paths and conflicting
objectives. A Forbes Insights survey commissioned by BMC reported that Operations and
Security teams have only a general or little understanding of each others requirements. So, they
are not even speaking the same language or providing one another with what they need to be
successful. Some examples include – Security runs a scan and delivers it to Operations and it is
sorted by IP address. If the Operations team does not use IP address as a reference point, they
must sort through the data line by line trying to figure out what it means. Going in the other
direction, Operations provides their plans to remediate vulnerabilities to Security based on server
group. Unless Security knows which servers are in the group and what role those servers play it
does not help in giving them a view into the security posture of the organization.
Breaches occur even when vulnerabilities and their remediation have been identified, but not yet
implemented, due to a lack of coordination between the teams. Half of the organizations that
4
experienced a breach in the last year also reported a loss of data, which can result in failing to
meet compliance requirements, fines, and impact the business by having to deal with this loss. It
can also cause customer dissatisfaction that leads to litigation.
Providing a secure environment involves a clear focus on people, processes, and technology to
address vulnerability remediation and compliance. This guide, which offers a comprehensive
overview of security and compliance, helps explain how best practices and automation can
enable organizations to optimize their resources, increase efficiency, reduce costs and improve
the quality of service while meeting security and compliance objectives.
Syscloud projects are created in google cloud platform. As we discussed earlier, our work
focuses on security and compliance. With the authentication oAuth 2.0 we ask to allow access of
customers’ data. Google provide the Domain Wide Delegation of Authority, so that an
authorized enterprise can access the data. In the following, the tools created for the purpose are
discussed in detail.
1.MailWatch: Putting in simple word, the purpose of this tool is to identify the users and also to
Admin faces any problem with their users.
5
If you click in the user Id, related id details will appear and we can see all the
details related to mailwatch.
2. Diagnostic tool: Since the tool has global users, aim of Diagnostic tool is to detect the issues
related to our application. We can detect by knowing whether any violation has happened or not.
If violation is happened then it implies that the application works fine. If not, it leads to questions
like whether application is not working or user is not creating any violation. To overcome with
this problem, Diagnostic tool is created. Following is the screenshot of the tool.
6
1. Click on the Diagnostic link, it will direct to information regarding user.
7
2. When you click on diagnostic link, it will direct to this page containing the user’s
information. In that page we can see the last violation time of drive and email.
8
3. Here in the previous screenshot you can see another link Policy Count. Here we can get the
last message and can access the last drive file information. So that it is helpful to know
whether the application well.
9
If you click on policy Id it will show the latest violated file details.
10
If you click on the Policy Id it will Show the latest mail or chat details.
4. In fig (2) if you click on Diagnostic it will show the users necessary details and whether the
latest drive file or mail file can be downloaded.
11
4. Detection application: Two detection applications are made to take input from csv file and
get some results and again put back into csv file. It works on several algorithms.
12
CHAPTER 2
SYSTEM DESIGN
2.1 Data Flow Diagram: A data flow diagram (DFD) maps out the flow of information for any
process or system. It uses defined symbols like rectangles, circles and arrows, plus short text
labels, to show data inputs, outputs, storage points and the routes between each destination. Data
flowcharts can range from simple, even hand-drawn process overviews, to in-depth, multi-level
DFDs that dig progressively deeper into how the data is handled. They can be used to analyze an
existing system or model a new one. Like all the best diagrams and charts, a DFD can often
visually “say” things that would be hard to explain in words, and they work for both technical
and nontechnical audiences.
13
1. For Trial Customers.
1.1. Google Apps marketplace: G Suite Marketplace (formerly Google Apps
Marketplace) is a product of Google Inc. It is an online store for web
applications that work with Google Apps (Gmail, Google Docs, Google
Sites, Google Calendar, Google Contacts, etc.) and with third party software. Some
Apps are free. Apps are based on Google APIs or on Google Apps Script.
1.2. Onboard Customer’s as Trial: Customers who is in trial version.
1.3. Landing app.syscloud.com for their respective domain: Customer loads the
application for the respective domain and start scanning for the users.
1.4. Start Fetching Users for Their Domain: Scan all the users for their domain.
1.5. Start threat scan: After fetching the user’s information it starts scanning for the
threats.
1.6. Authentication: Fetch the data of the users domain through oAuth 2.0
1.7. Scanning: Now data is scanned with our own rules and detect for threats. If threats
found then
1.8. Action: Threats is published and intimate to Admin.
2. For paid customers: Same process as for trial. Once the customer moved to paid then
2.1. Create a real time channels to monitor users email and drive.
2.2. Once the channel is created then, when user edit document or compose e-mail,
2.3. Google automatically notify to our server then
2.4. Catch those notification and again scan with our rules and detect threats, if found
2.5. Threats are published and intimate to Admin.
14
2.2 Our Product Screenshots for various security:
1. Cyberbullying screenshots of the product:
1.1 Threats Details: In this section you will be able to see an overview of the violation.
15
Now, if you click on Gmail icon. It will show the related threat details. Here is the screenshot
for Gmail threat and Google Drive.
16
If you click on the email id, it will give you whole details related to this email id.
17
If you click on Google Drive icon. It will show the related threat details. Here is the screenshot
for Gmail threat and Google Drive.
18
If you click on the email id for google drive, it will give you whole details related to this email
id.
19
1.2 Dashboard: Showing summary of the result.
20
1.3 History: Shows the history of the threats.
21
1.4 Setting: Shows the setting of the threats.
Note: Similarly for other policies. As in the case of security policies similar screenshots can be
produced for 1. FERPA (Family Educational Rights and Privacy Act) 2. HIPPA (The Health
Insurance Portability and Accountability Act) 3.PCI (Payment Card Industry) 4.CIPA (Children's
Internet Protection Act), same process is there as Cyberbullying. So, same screenshots will be
there for all other policies.
22
CHAPTER 3
METHODOLOGY
To develop “Security and Compliance” application there are several tools that has been used.
They are discussed in the following.
3.1 PHP (Programming Language): PHP (recursive acronym for PHP: Hypertext
Preprocessor) is a widely-used open source general-purpose scripting language that is
especially suited for web development and can be embedded into HTML.
<?php
echo "Hi, I'm a PHP script!";
?>
</body>
</html>
Instead of lots of commands to output HTML (as seen in C or Perl), PHP pages contain
HTML with embedded code that does "something" (in this case, output "Hi, I'm a PHP
script!"). The PHP code is enclosed in special start and end processing instructions <?php
and ?> that allow you to jump into and out of "PHP mode. “What distinguishes PHP
from something like client-side JavaScript is that the code is executed on the server,
generating HTML which is then sent to the client. The client would receive the results of
running that script, but would not know what the underlying code was. You can even
configure your web server to process all your HTML files with PHP, and then there is
really no possible way for users to track the code.
23
The best things in using PHP are that it is extremely simple for a newcomer, but offers
many advanced features for a professional programmer.
Although PHP's development is focused on server-side scripting, you can do much more
with it. Whole product program is written on PHP language.
3.2 JAVA( Programming Language): Java is a programming language and computing platform
first released by Sun Microsystems in 1995. There are lots of applications and websites that
will not work unless you have Java installed, and more are created every day. Java is fast,
secure, and reliable. From laptops to datacenters, game consoles to scientific supercomputers,
cell phones to the Internet, Java is everywhere!
3.3 Tomcat: The Apache Tomcat® software is an open source implementation of the Java
Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies. The
Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket
specifications are developed under the Java Communication Process..The Apache Tomcat
software is developed in an open and participatory environment and released under the
Apache License version 2. The Apache Tomcat project is intended to be a collaboration of
the best-of-breed developers from around the world. We invite you to participate in this open
development project. Apache Tomcat software powers numerous large-scale, mission-critical
web applications across a diverse range of industries and organizations. Some of these users
and their stories are listed on the PoweredBy wiki page.
Apache Tomcat, Tomcat, Apache, the Apache feather, and the Apache Tomcat project logo
are trademarks of the Apache Software Foundation.
24
3.4 Microsoft SQL Server 2017: Microsoft SQL Server is a relational database management
system, or RDBMS, that supports a wide variety of transaction processing, business
intelligence and analytics applications in corporate IT environments. It's one of the three
market-leading database technologies, along with Oracle Database and IBM's DB2. The core
component of Microsoft SQL Server is the SQL Server Database Engine, which controls data
storage, processing and security. It includes a relational engine that processes commands and
queries, and a storage engine that manages database files, tables, pages, indexes, data buffers
and transactions. Stored procedures, triggers, views and other database objects are also
created and executed by the Database Engine. The advanced security features supported in all
editions of Microsoft SQL Server starting with SQL Server 2016 SP1 include three
technologies added to the 2016 release: Always Encrypted, which lets user
update encrypted data without having to decrypt it first; row-level security, which enables
data access to be controlled at the row level in database tables; and dynamic data masking,
which automatically hides elements of sensitive data from users without full access
privileges.
25
3.5 Selenium: Selenium is an open source tool which is used for automating the tests carried out
on web browsers (Web applications are tested using any web browser).
Wait, before you get carried away, let me re-iterate that, only testing of web applications is
possible with Selenium. We can neither test any desktop (software) application nor test any
mobile application using Selenium.
It’ a bummer right? I can feel your pain. But don’t worry, there are many tools for testing
software and mobile applications like: IBM’s RFT, HP’s QPT, Appium and many more. But,
the focus of this blog is, testing dynamic web applications and why Selenium is the best for
that purpose.
26
We can use Selenium only to test web applications. We cannot test desktop applications
or any other software
There is no guaranteed support available for Selenium. We need to leverage on the
available customer communities
It is not possible to perform testing on images. We need to integrate Selenium with Sikuli
for image based testing
There is no native reporting facility. But we can overcome that issue by integrating it
with frameworks like TestNG or JUnit
3.5.1 Automation Testing Beats Manual Testing:
Automation testing beats manual testing every time. Why? Because it is faster, needs less
investment in human resource, it is not prone to errors, frequent execution of tests is
possible, supports lights out execution, supports regression testing and also functional
testing.
3.6 NetBeans V7.3 : NetBeans IDE lets you quickly and easily develop Java desktop, mobile,
and web applications, as well as HTML5 applications with HTML, JavaScript, and CSS. The
27
IDE also provides a great set of tools for PHP and C/C++ developers. It is free and open
source and has a large community of users and developers around the world.
3.6.1 Best Support for Latest Java and PHP Technologies: NetBeans IDE is the official
IDE for Java 8. With its editors, code analyzers, and converters, you can quickly and
smoothly upgrade your applications to use new Java 8 language constructs, such as
lambdas, functional operations, and method references. Batch analyzers and converters
are provided to search through multiple applications at the same time, matching patterns
for conversion to new Java 8 language constructs. With its constantly improving Java
Editor, many rich features and an extensive range of tools, templates and samples,
NetBeans IDE sets the standard for developing with cutting edge technologies out of the
box.
28
also provides code templates, coding tips, and code generators.
The editor supports many languages from Java, C/C++, XML and HTML, to PHP, Groovy,
Javadoc, JavaScript and JSP. Because the editor is extensible, you can plug in support for many
other languages.
29
Fig 3.6: NetBeans (Project Management)
3.6.4 Write Bug Free Code: The cost of buggy code increases the longer it remains
unfixed. NetBeans provides static analysis tools, especially integration with the widely
used FindBugs tool, for identifying and fixing common problems in Java code. In
addition, the NetBeans Debugger lets you place breakpoints in your source code, add
field watches, step through your code, run into methods, take snapshots and monitor
execution as it occurs.
The NetBeans Profiler provides expert assistance for optimizing your application's speed
and memory usage, and makes it easier to build reliable and scalable Java SE, JavaFX
and Java EE applications. NetBeans IDE includes a visual debugger for Java SE
applications, letting you debug user interfaces without looking into source code. Take
GUI snapshots of your applications and click on user interface elements to jump back
into the related source code.
30
Fig 3.7 NetBeans (Threads)
31
CHAPTER 4
RESULTS
As mentioned in Chapter 1, my contribution is towards developing application for Security and
Compliance. Since I do not have authorization to display actual database, I displayed the result
obtained using testing database.
Note: As per our company’s rule, I cannot share algorithms, code, table contents and any type of
confidential data. So I discuss only the final results of the application. But I am sharing that code,
which is used to help to make easy to implementation of algorithm. However codes for
Automation Tool and Detection tool
4.1. WatchChannel: Through this application now the domain owner can check how many
users they have and if there is any issues. Then we will be able to check regarding these
issues and take some actions. I discussed already in chapter 1.
4.2. Diagnostic Tool: Now through this application we are able to detect whether the domain
user is making any violation or not. If not then, may be they are not using our application
for a long time, or our application is not working properly. To detect this problem I
made a Diagnostic Tool. From this tool, we are able to watch their latest violation and
can download the latest file, so we can confirm there is no violation and there is no
issues with our application.
4.3. Automation: This tool is a testing tool, which test whether our application is working in
G Suite Marketplace or not. So, I am checking whether the application is got launched or
not. If it gets launched or not, an e-mail will be sent to the authorized person informing
about the application is working or not in G Suite Marketplace. I set the application into
the scheduler, so every day at certain time this application get triggered automatically
and check, our application is getting launched or not. I made this application in Java
1) Automation Code:
a) Automatin.java
package selenium;
import java.util.concurrent.TimeUnit;
import org.openqa.selenium.By;
import org.openqa.selenium.JavascriptExecutor;
32
import org.openqa.selenium.WebDriver;
import org.openqa.selenium.chrome.ChromeDriver;
/*
* This Function is Used for get connected to the Chrome Browser
*/
public void browserSetting() {
try {
System.setProperty("webdriver.chrome.driver",
"D:\\workspace\\Automation\\required\\chromedriver.exe");
driver = new ChromeDriver();
driver.manage().deleteAllCookies();
driver.manage().window().maximize();
driver.manage().timeouts().implicitlyWait(30,
TimeUnit.SECONDS);
driver.manage().timeouts().pageLoadTimeout(30,
TimeUnit.SECONDS);
System.out.println("=======Automation Is
Started=========");
driver.get("https://gsuite.google.com/marketplace/app/syscloud_backup_dlp_com
pliance/700764010405");
searchProduct();
System.out.println("=========Execution Successful..!!========");
} catch (Exception e) {
e.printStackTrace();
}
33
}
/*
* Login to google account and getting the Syscloud applications If there will
* be any exception then it will automatically send email to the user
*/
public void searchProduct() {
try {
driver.findElement(By.className("pANFDd")).click();
Thread.sleep(5000);
driver.findElement(By.id("identifierId")).sendKeys("adminEmail");
Thread.sleep(5000);
driver.findElement(By.id("identifierNext")).click();
Thread.sleep(5000);
driver.findElement(By.name("password")).sendKeys("adminpassowrd");
Thread.sleep(5000);
driver.findElement(By.id("passwordNext")).click();
Thread.sleep(2000);
driver.findElement(By.className("pANFDd")).click();
jse = (JavascriptExecutor) driver;
34
*/
Mailer.send("senderemail", "password", "receiver email,
"Automation Failure", "Permission denied please run the programm again");
}
}
}
}
b) Mail.java (to send automatic email)
package selenium;
import java.util.Properties;
import javax.mail.*;
import javax.mail.internet.*;
class Mailer {
35
// Get properties object
props.put("mail.smtp.host", "smtp.gmail.com");
props.put("mail.smtp.socketFactory.port", "465");
props.put("mail.smtp.socketFactory.class",
"javax.net.ssl.SSLSocketFactory");
props.put("mail.smtp.auth", "true");
props.put("mail.smtp.port", "465");
// get Session
});
// compose message
try {
// message.addRecipient(Message.RecipientType.TO,new
InternetAddress(to1));
36
// new InternetAddress(to4), new
InternetAddress(to5), new InternetAddress(to6)
};
message.addRecipients(Message.RecipientType.CC, cc);
message.setSubject(sub);
message.setText(msg);
// send message
Transport.send(message);
} catch (MessagingException e) {
37
4.4. Detection Tool: This tool is used to detect some keys to a context, and according to the
matching keywords, some rules are applied and the result is applied to the algorithm.
1) Code:
<?php
ini_set('max_execution_time', 864000);
//INTENT,ASSET,MONEY,THREAT
error_reporting(0);
$keyWordFile = "D:\\Users/raoushan/Desktop/Book4.csv";
$contextFile = "D:\\Users/raoushan/Desktop/Sample.csv";
$myKey = fopen($keyWordFile, "r");
while (!feof($myKey)) {
$a = explode(",", fgets($myKey));
if (count($a) == 4) {
if (trim($a[0]) != "") {
$intent[$i++] = trim($a[0]);
}
if (trim($a[1]) != "") {
$asset[$i++] = trim($a[1]);
}
if (trim($a[2]) != "") {
$money[$j++] = trim($a[2]);
}
if (trim($a[3]) != "") {
$threat[$j++] = trim($a[3]);
}
}
}
38
$intent_keywords = "/\b(" . implode("|", array_filter($intent)) . ")\b/i";
$asset_keywords = "/\b(" . implode("|", array_filter($asset)) . ")\b/i";
$money_keywords = "/\b(" . implode("|", array_filter($money)) . ")\b/i";
$threat_keywords = "/\b(" . implode("|", array_filter($threat)) . ")\b/i";
/*
* Finding matching keywords and offset from context for INTENT,ASSET,MONEY
and THREAT
*/
$intentMatches = array();
39
preg_match_all($intent_keywords, $string, $intentMatches,
PREG_OFFSET_CAPTURE);
$assetMatches = array();
preg_match_all($asset_keywords, $string, $assetMatches,
PREG_OFFSET_CAPTURE);
$moneyMatches = array();
preg_match_all($money_keywords, $string, $moneyMatches,
PREG_OFFSET_CAPTURE);
$threatMatches = array();
preg_match_all($threat_keywords, $string, $threatMatches,
PREG_OFFSET_CAPTURE);
/*
* Finding Intent Match Data
*/
$intentMatchData = array();
foreach ($intentMatches[0] as $match) {
$intentMatchData[] = array("keyword" => $match[0], "offset" => $match[1]);
}
$assetMatchData = array();
foreach ($assetMatches[0] as $match) {
$assetMatchData [] = array("keyword" => $match[0], "offset" => $match[1]);
}
$moneyMatchData = array();
foreach ($moneyMatches[0] as $match) {
40
$moneyMatchData [] = array("keyword" => $match[0], "offset" => $match[1]);
}
$threatMatchData = array();
foreach ($threatMatches[0] as $match) {
$threatMatchData [] = array("keyword" => $match[0], "offset" => $match[1]);
}
/*
* Intent related Combinations and Difference
*/
$intentToIntentDiff = array();
$intentToAssetDiff = array();
$intentToMoneyDiff = array();
$intentToThreatDiff = array();
$intentToIntent = array();
$intentToAsset = array();
$intentToMoney = array();
$intentToThreat = array();
41
for ($j = 0; $j < count($assetMatchData); $j++) {
$intentToAsset[][] = array($intentMatchData[$i]['keyword'],
$intentMatchData[$i]['offset'], $assetMatchData[$j]['keyword'],
$assetMatchData[$j]['offset']);
$intentToAssetDiff[][] = abs($intentMatchData[$i]['offset'] -
$assetMatchData[$j]['offset']);
}
for ($j = 0; $j < count($moneyMatchData); $j++) {
$intentToMoney[][] = array($intentMatchData[$i]['keyword'],
$intentMatchData[$i]['offset'], $moneyMatchData[$j]['keyword'],
$moneyMatchData[$j]['offset']);
$intentToMoneyDiff[][] = abs($intentMatchData[$i]['offset'] -
$moneyMatchData[$j]['offset']);
}
for ($j = 0; $j < count($threatMatchData); $j++) {
$intentToThreat[][] = array($intentMatchData[$i]['keyword'],
$intentMatchData[$i]['offset'], $threatMatchData[$j]['keyword'],
$threatMatchData[$j]['offset']);
$intentToThreatDiff[][] = abs($intentMatchData[$i]['offset'] -
$threatMatchData[$j]['offset']);
}
}
/*
* Finding Asset Matches Data
*/
$assetMatchData = array();
foreach ($assetMatches[0] as $match) {
$assetMatchData[] = array("keyword" => $match[0], "offset" => $match[1]);
42
}
$moneyMatchData = array();
foreach ($moneyMatches[0] as $match) {
$moneyMatchData [] = array("keyword" => $match[0], "offset" => $match[1]);
}
$threatMatchData = array();
foreach ($threatMatches[0] as $match) {
$threatMatchData [] = array("keyword" => $match[0], "offset" => $match[1]);
}
/*
* Asset related Combinationa And Difference
*/
$assetToAssetDiff = array();
$assetToMoneyDiff = array();
$assetToThreatDiff = array();
$assetToasset = array();
$assetToMoney = array();
$assetToThreat = array();
43
}
for ($j = 0; $j < count($moneyMatchData); $j++) {
$assetToMoney[][] = array($assetMatchData[$i]['keyword'],
$assetMatchData[$i]['offset'], $moneyMatchData[$j]['keyword'],
$moneyMatchData[$j]['offset']);
$assetToMoneyDiff[][] = abs($assetMatchData[$i]['offset'] -
$moneyMatchData[$j]['offset']);
}
for ($j = 0; $j < count($threatMatchData); $j++) {
$assetToThreat[][] = array($assetMatchData[$i]['keyword'],
$assetMatchData[$i]['offset'], $threatMatchData[$j]['keyword'],
$threatMatchData[$j]['offset']);
$assetToThreatDiff[][] = abs($assetMatchData[$i]['offset'] -
$threatMatchData[$j]['offset']);
}
}
/*
* Finding Money Match Data
*/
$moneyMatchData = array();
$threatMatchData = array();
foreach ($threatMatches[0] as $match) {
$threatMatchData [] = array("keyword" => $match[0], "offset" => $match[1]);
44
}
/*
* Money related Combination and Difference
*/
$moneyToMoneyDiff = array();
$moneyToThreatDiff = array();
$moneyToMoney = array();
$moneyToThreat = array();
/*
45
* Finding Threat Match Data
*/
$threatMatchData = array();
foreach ($threatMatches[0] as $match) {
$threatMatchData[] = array("keyword" => $match[0], "offset" => $match[1]);
}
/*
* Threat to Threatd related Combination and Difference
*/
$threatToThreatDiff = array();
$threatToThreat = array();
for ($i = 0; $i < count($threatMatchData); $i++) {
for ($j = $i + 1; $j < count($threatMatchData); $j++) {
$threatToThreat[][] = array($threatMatchData[$i]['keyword'],
$threatMatchData[$i]['offset'], $threatMatchData[$j]['keyword'],
$threatMatchData[$j]['offset']);
$threatToThreatDiff[][] = abs($threatMatchData[$i]['offset'] -
$threatMatchData[$j]['offset']);
}
}
/*
* Writing to csv file
*/
$max = 0;
46
$max = max(count($intentToIntent), count($intentToAsset), count($intentToMoney),
count($intentToThreat), count($assetToasset), count($assetToMoney),
count($assetToThreat), count($moneyToMoney), count($moneyToThreat),
count($threatToThreat));
for ($i = 0; $i < $max; $i++) {
fputcsv($outputfile, array($string,
implode(",", $intentToIntent[$i]),
implode(",", $intentToIntentDiff[$i]),
implode(",", $intentToAsset[$i][0]),
implode(",", $intentToAssetDiff[$i]),
implode(",", $intentToMoney[$i][0]),
implode(",", $intentToMoneyDiff[$i]),
implode(",", $intentToThreat[$i][0]),
implode(",", $intentToThreatDiff[$i]),
implode(",", $assetToasset[$i][0]),
implode(",", $assetToAssetDiff[$i]),
implode(",", $assetToMoney[$i][0]),
implode(",", $assetToMoneyDiff[$i]),
implode(",", $assetToThreat[$i][0]),
implode(",", $assetToThreatDiff[$i]),
implode(",", $moneyToMoney[$i][0]),
implode(",", $moneyToMoneyDiff[$i]),
implode(",", $moneyToThreat[$i][0]),
implode(",", $moneyToThreatDiff[$i]),
implode(",", $threatToThreat[$i][0]),
implode(",", $threatToThreatDiff[$i])
));
}}fclose($outputfile);
47
CHAPTER 5
CONCLUSIONS
5.1 Summary: The Mission of the Security and Compliance is to provide the security from
danger or threats. The threats are Cyberbullying, FERPA, HIPPA, PCI and CIPA. Through this
application an organization can secure their data as well as provide protection from threats.
If the policies are applied in every institution, then we can be able to stop many crimes.
As the fast growing internet and data, this application will help to secure it.
5.3 Advantages
Provides security.
Prevents from uncertain activities.
No need for manual check and take some action against the threat, it all done
automatically
5.4 Disadvantages
48
REFERENCES
1. https://www.w3schools.com/pHP/default.asp
2. http://tomcat.apache.org/
3. https://searchsqlserver.techtarget.com/definition/SQL-Server
4. https://netbeans.org/features/
5. https://www.edureka.co/blog/what-is-selenium/
6. https://www.javatpoint.com/java-mail-api-tutorial
7. https://www.techonthenet.com/sql_server/intersect.php
49