Download Test Plan - People - Kansas State University

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
Document related concepts
no text concepts found
Transcript 
Test Plan
Using CLIPS to Detect Network Intrusions - (CLIPNIDS)
Submitted in partial fulfillment of the requirements of the degree of
MSE
Sripriya Marry
CIS 895 – MSE Project
Computing and Information Sciences
Kansas State University
Committee Members
Dr. David Gustafson (Major Professor)
Dr. Rodney Howell
Dr. Mitchell Nielsen.
1
Change Log
Version #
Changed By
Release Date
Change Description
-----------------------------------------------------------------------------------------------------------------Version 1.0
Sripriya Marry
04/03/2014
2
Initial Release
Table of Contents
1. Test Plan Identifier .......................................................................................................................... 4
2. Introduction ..................................................................................................................................... 4
2.1 Objective .................................................................................................................................. 4
2.2 Background ............................................................................................................................... 4
2.3 Scope.......................................................................................................................................... 4
2.4. References ................................................................................................................................. 4
2.5. Definitions ................................................................................................................................ 4
3. Test Items ......................................................................................................................................... 5
4. Features To Be Tested .................................................................................................................... 5
5. Approach .......................................................................................................................................... 6
5.1 Functional Testing ..................................................................................................................... 6
5.2 Usability Testing ....................................................................................................................... 6
5.3 Performance Testing.................................................................................................................. 7
5.4 Tools for Testing ....................................................................................................................... 7
6. Test Deliverables ............................................................................................................................. 7
7. Environment..................................................................................................................................... 7
7.1 Hardware ................................................................................................................................... 7
7.2 Software .................................................................................................................................... 8
8. Pass or Fail Criteria.......................................................................................................................... 8
9. Suspension Criteria and Resumption Requirements ........................................................................ 8
9.1 Suspension Criteria.................................................................................................................... 8
9.2 Resumption Requirements ........................................................................................................ 8
3
1. Test Plan Identifier
Clipnids - Validation-V-1.0
2. Introduction
2.1 Objective
The main objective of the test plan for the Clipnids is to specify the testing details of the use cases of the
Clipnids. The software project test plan also describes the objective, scope, approach, on identifying and
defining the test tools and environment of the software testing effort for the Clipnids.
2.2 Background
Motivation and purpose of this project is to study the performance of CLIPS in network intrusion detection
system (NIDS) with latest intrusion signatures. Clipnids was built in the year 2003 and has been equipped
with the attack signatures which were prevailing at that time. However, network attacks are constantly
evolving and the nature of attacks are also changing hence it is mandatory to update Clipnids with latest
attack signatures in order to pursue the motivation.
2.3 Scope
This test plan specifies the mechanisms that will be used to test the Clipnids. Clipnids is categorized into
three functional modules based on its components. Integration and System Testing will be performed to
verify the coupling and cohesion of decoder, preprocessors and Clips detection engine.
2.4 References
The following documents will be used as a reference for this test plan:

IEEE Standard for Software Test Documentation Std 829-1998

Deliverables of the Phase I for Clipnids

Vision Document version 2.0

Project Plan version 2.0
2.5 Definitions
The following are some of the terms and definitions that are related to the Clipnids

Pass/Fail criteria: Decision rules that are used to determine whether a software item passes or
fails a test.

Test: A collection of one or more test cases
4

Test Item: A software item that is an objective of testing.

Test Plan: A document describing the scope, approach, resources and schedule of the intended
testing activities.

Test Summary Report: A document summarizing the testing activities and results.

Testing: The process of analyzing a software item to detect the differences between the existing
and required conditions
3. Test Items
This section of the test plan lists all the items of the Clipnids that will be tested:
•
Data Acquisition Component
•
Decoder
•
Fragmentation preprocessor
•
Http Inspect preprocessor
•
Clips Detection Engine
•
Alert system
4. Features to be tested
As per the vision document 2.0 following features will be tested.
Data Acquisition Capability (DAQ Module)
SR1 – Clipnids should be able to read packet information from a pcap file.
SR2 – Clipnids should be able to capture live traffic in the network.
SR3 – Clipnids should be able to take input in the tcpdump file.
Decoder
SR4 – Clipnids should be able to decode all Data link layer protocols using Decoder module.
SR5 – Clipnids should be able to decode all Network layer protocols using Decoder module.
SR6 – Clipnids should be able to decode all Transport layer protocols using Decoder module.
SR7 – Clipnids should be able to decode all application layer protocols using Decoder module.
Fragmentation Preprocessor
SR8 – Clipnids should be able to identify IP fragmentation attacks using this preprocessor.
SR9 – Clipnids should be able to identify Denial of service attacks.
SR10 – Clipnids should be able to identify Teardrop attacks.
SR11 – Clipnids should be able to identify Overlapping Fragmentation attacks.
5
HTTP Inspect Preprocessor
SR12 – Clipnids should be able to identify application layer attacks using this preprocessor.
SR13 – Clipnids should be able to normalize HTTP traffic.
Clips Detection Engine
SR14 – Clipnids should be able to identify worms that try to enter hosts connected in a network.
SR15 – Clipnids should be able to identify Viruses that try to enter hosts connected in a network.
SR16 – Clipnids should be able to identify all attacks whose signature are defined in the Clips Engine.
Alert System
SR17 – Clipnids should be able to display source IP address of the malicious Packet.
SR18 – Clipnids should be able to display destination IP address of the malicious Packet.
SR19 – Clipnids should be able to display destination port numbers of the malicious Packet.
SR20 – Clipnids should be able to display about the network attack carried by the malicious Packet.
5. Approach
This section of the test plan describes the overall approach for testing the Clipnids. The types of testing
carried out are Functional testing and usability testing. Apart from these, tools like Ping utility, Scapy will
be used also used. Functional testing tests whether the system satisfies the basic requirements listed in the
vision document. For each of these tests there will be pass/fail criteria which determines whether the
requirement is satisfied of not by the system. Usability testing is a quality testing which determines the
overall usability and efficiency of Clipnids with various about of network traffic.
5.1 Functional Testing
The functional testing is mainly done on the whole integrated system to test functionality and make sure
that the project that has been developed meets all the requirements. The test cases for the system testing
will be the combination of unit and integration tests. After conducting unit test module wise, Black Box
Testing will be performed on the system as a whole. Tester inputs data into the application and records
the output from the system.
5.2 Usability Testing
Sensor’s real-time performance will be tested under Usability Testing. The main goal will be to find how
many rules could be supported by the sensor without packet drops. Clipnids is a Linux operating system
based network intrusion detection system and it can prevent those systems against network attacks which
are running on Linux operating system
6
5.3 Performance Testing
The number of false-positive alarms issued by the sensor is usually used as a performance measure.
Various number of packets at various speeds will be given as input to Clipnids to test the performance and
efficiency in detecting network attacks.
5.4 Tools for Testing.
Various tools like Nmap, Scapy and Ping utilities will be used to test the performance of the Clipnids.
6. Test Deliverables
•
Test design specification
•
Test case specification
•
Test procedure
•
Test Log
•
Test summary report
Schedule
The testing is carried out at various phases of the project and the respective deliverables for that
particular phase. The test log will contain the record of all test cases along with pass/fail status. If a test
case fails it will be logged in the test log. The test log will also contain the suggested solution for the
failed test cases. Other independent test cases can be run in parallel but the failed test cases are rerun after
the possible workarounds are carried out.
Software Development Lifecycle Phase
Activity
Inception Phase
Test plan proposed
Elaboration Phase
Test plan approved and test cases are designed.
Construction Phase
Test case execution
Transition Phase
Alpha and Beta level testing.
7. Environment
This section describes the necessary infrastructure required for the test environment for Clipnids.
7.1 Hardware
The testing will be done on at least two computer systems running Linux operating system.
7.2 Software
7
•
Operating system: Linux.
•
Databases: Clips rules file.
•
Data Acquisition library.
8. Pass or Fail Criteria
The test cases executed on Clipnids will pass if they meet the specific requirements mentioned in the
Vision document of the project. A test case is said to fail, if the desired functionality is not satisfied by the
system.
9. Suspension Criteria and Resumption Requirements
9.1 Suspension Criteria
Testing for all the dependent features will be suspended if a test case fails. The failed test case will be
logged onto the test log which contains the description for the error.
9.2 Resumption Requirement
The test cases which are not dependent on the case where the bug is reported will be executed in parallel
with the bug fixing. Once the failed test case has been taken note of and has been identified and fixed then
the testing for the failed test case will resume.
8
Related documents
No Slide Title
No Slide Title
Honeynet Project
Honeynet Project
Malicious code, Mobile Code and Denial of Service attacks
Malicious code, Mobile Code and Denial of Service attacks
crocodile clips
crocodile clips
IIDPS: An Internal Intrusion Detection and
IIDPS: An Internal Intrusion Detection and
William Stallings, Cryptography and Network Security 5/e
William Stallings, Cryptography and Network Security 5/e
CS 494/594 Computer and Network Security - UTK-EECS
CS 494/594 Computer and Network Security - UTK-EECS
It`s all about the data and what you do with it.
It`s all about the data and what you do with it.
template
template
Changes in Library Usage, Usability, & User Support Denise A. Troll
Changes in Library Usage, Usability, & User Support Denise A. Troll
Computer Security Incident Handling Guide (Chapters 4, 5, 6 and 8
Computer Security Incident Handling Guide (Chapters 4, 5, 6 and 8
The Internet and Security
The Internet and Security
What is the MyLaps RC4 system all about?
What is the MyLaps RC4 system all about?
s-cab_quickstart - the NCE Information Station
s-cab_quickstart - the NCE Information Station
DCC Explained Simply Part 1
DCC Explained Simply Part 1