SnIPS Implementation and GUI
3rd Presentation
Tsung-Hsi Wu, M.S.E.
Department of Computing and Information Science
Kansas State University
1
Outline





Action Item
Final Software Production Demo
Component Design
Assessment Evaluation
Project Evaluation
2
Outline





Action Item
Final Software Production Demo
Component Design
Assessment Evaluation
Project Evaluation
3
Action Item

Item to be inspected (Previously…) :


UML Diagrams: package, component, deploy
class, sequence diagrams
Item to be inspected

Formal Requirement Specification: USE/OCL
4
Action Item
5
Outline





Action Item
Final Software Production Demo
Component Design
Assessment Evaluation
Project Evaluation
6
Final Software Production Demo

What are the new features ?


Synchronous -> Asynchronous
XSB Query Option
7
Outline





Action Item
Final Software Production Demo
Component Design
Assessment Evaluation
Project Evaluation
8
Component Design

Component Diagram
9
Component Design

Reactor Pattern Structure
10
Component Design

Command Pattern Structure
11
Component Design

Command Pattern Structure: Set Time Button
12
Component Design

Command Pattern Structure: Start Snort Button
13
Component Design

Command Pattern Structure: RadioBox
14
Component Design

Parser:
15
Component Design

Parser:

Result.txt
int(probeOtherMachine('192.168.10.80',external),c,range(1904834156,0)) strengthenedPf
int(probeOtherMachine('192.168.10.80',external),l,range(1904834156,0)) summarizedFact
skolem(0)









obsMap.P
obsList(obsFacts(0),[oid_1299,oid_1405,oid_1442,oid_1476,oid_1488,oid_1520,oid_1790,oid_6851]).
obs.P
obs(oid_1299, snort('1:1201', '192.168.10.80', '128.111.43.65', 1039206341)).
obs(oid_1405, snort('1:1201', '192.168.10.80', '128.111.43.65', 1039206357)).
obs(oid_1442, snort('1:1201', '192.168.10.80', '128.111.43.65', 1039206358)).
16
Outline





Action Item
Final Software Production Demo
Component Design
Assessment Evaluation
Project Evaluation
17
Assessment Evaluation

Test Suite 1: Operating Snort
Test #
SR #
Description
Expected Outcome
Actual
Outcome
TS1.1
SR2.1
SR2.5
The user will click the Start Snort
button to start Snort.
Snort status table
will display “Snort
Started”. The Start
Snort button will
change to Stop
Snort button.
Same as
Expected
TS1.2
SR2.2
SR2.5
The user will click the Stop Snort
button to stop Snort.
Snort status table
will display “Snort
Stopped”. The Stop
Snort button will
change to Start
Snort button.
Same as
Expected
18
Assessment Evaluation

Test Suite 2: Operating SnIPS
Test #
SR #
Description
Expected Outcome
Actual Outcome
TS2.1
SR3.4
SR3.7
SR3.10
SR4.2
The user will click the Set Time Frame
button to set the start and end time for
SnIPS and click Ok button after the start
and end time is selected.
SnIPS status table will
display the start and
end time. Preprocessing and DoAll
button is now enabled.
Same as Expected
TS2.2
SR3.4
SR3.10
SR4.2
The user can cancel setting the start and
end time by clicking the Cancel button in
the pop-up frame from Set Time Frame
button
No Change
Same as Expected
TS2.3
SR3.1
The user will click the Pre-processing
button based on the time frame in TS2.1
for running SnIPS pre-processing.
A pop-up message box
will show up
displaying the
“obs_xxx.P” file name
is created.
Summarization button
is enabled at this time.
Same as Expected
19
Assessment Evaluation

Test Suite 2: Operating SnIPS
Test #
SR #
Description
Expected Outcome
Actual Outcome
TS2.4
SR3.2
The user will click the Summarization
button based on the time frame in TS2.1
for running SnIPS summarization.
A pop-up message box
will show up
displaying the
“summ_xxx.P” file
name is created. Trace
button is enabled at
this time.
Same as Expected
TS2.5
SR3.3
The user will click the Trace button based
on the time frame in TS2.1 and select
optional query for XSB engine for
running SnIPS trace.
A pop-up message box
will show up
displaying the
“result.txt” file name is
created. Backtrack
Output button is
enabled at this time.
Pop-up message
didn’t show up.
Error Message:
unexpected input.
Solved !
TS2.6
SR3.8
SR4.1
SR4.2
The user will click the Back Track button
to show the SnIPS proof strengthening
results.
The proof
strengthening results
are shown in webbased by the browser.
Same as Expected
TS2.7
SR3.5
The user will click the DoAll button to
show the resunt SnIPS operation for
SR3.1 ~ 3.3 and SR 3.8
The proof
strengthening results
are shown in webbased by the browser.
Same as Expected
20
Assessment Evaluation

Test Suite 3: Trace Output Webpage
Test #
SR #
Description
Expected Outcome
Actual Outcome
TS3.1
SR5.1
The user will click the links provided in
web-based proof strengthening result to
show primitively summarized alerts.
Primitively
summarized alerts for
each proof
strengthened result will
be shown.
Same as Expected
TS3.2
SR6.1
The user will click the links next to the
primitively summarized alerts provided in
web-based proof strengthening result to
show alert payload.
Payload for each alert
will be shown.
Same as Expected
TS3.3
SR7.1
The user will click the links named with
SID provided in web-based proof
strengthening result to show triggered
Snort rule.
The Snort rule
triggered by the SID
alert will be shown.
Same as Expected
TS3.4
SR7.2
The user will click the Snort rule
description link provided in Snort rule
webpage.
The Snort rule
description will be
shown with the same
SID as in TS7.1
Same as Expected
21
Outline





Action Item
Final Software Production Demo
Component Design
Assessment Evaluation
Project Evaluation
22
Project Evaluation: SLOC

Project Plan 2.0 :




Phase I : 1200
Phase II : 2020 (+ ~800 )
Phase III : 2700 (+ ~700 )
Actual SLOC: cloc-1.09
Program
Language
File
Blank
Comment
Code
Java
3
429
333
1765
PHP
5
177
54
455
JavaScript + Ajax
2
39
0
175
Total
10
645
387
2395 LOC
23
Project Evaluation: SLOC
24
Project Evaluation: Time Duration

Project Plan 2.0 :
Programming
Documentation
Subtotal
Phase I
40
80
120
Phase II
80
107
187
Phase III
135
110
245
Total (hr): 550
255 hrs
295 hrs
550 hrs

Actual Duration
Programming
Document
Meeting
Reading
Web
Presentation
Subtotal
Phase I (min)
2005
2240
480
295
405
120
92.42 hrs
Phase II (min)
3395
4925
375
0
70
195
149.33 hrs
Phase III (min)
2110
2455
180
0
50
120
81.92 hrs
Total (hr)
323.66 hrs
7510 / 60 =
125.17
9620 / 60 =
160. 33
1035 / 60 =
17 .25
295 / 60 =
4.91
525 / 60 =
8.75
435 / 60 = 7.25
323.66 hrs
25
Project Evaluation: Time Duration
26
Project Evaluation: Summarization

Replace Linux Command to Simple Buttons

Convert Plain Text File to Webpage with Links



Snort Rules & Description
Payload
Current Users:


System Administrators
Researchers
27
Project Evaluation: Lesson Learnt

Software Management and Software Engineering
Design

Flexibility of Architecture Design

Software Prototypes
28
SnIPS Implementation and GUI
Questions & Answers
29