MultiStage Attack Detection Approach Completed

src/de/tudarmstadt/informatik/hostage/Hostage.java

@@ -44,6 +44,7 @@ import de.tudarmstadt.informatik.hostage.R;
 import de.tudarmstadt.informatik.hostage.location.MyLocationManager;
 import de.tudarmstadt.informatik.hostage.persistence.HostageDBOpenHelper;
 import de.tudarmstadt.informatik.hostage.protocol.Protocol;
+import de.tudarmstadt.informatik.hostage.services.MultiStageAlarm;
 import de.tudarmstadt.informatik.hostage.ui.activity.MainActivity;
 
 import static de.tudarmstadt.informatik.hostage.commons.HelperUtils.*;
@@ -61,6 +62,7 @@ import static de.tudarmstadt.informatik.hostage.commons.HelperUtils.*;
 public class Hostage extends Service {
 
 	private HashMap<String, Boolean> mProtocolActiveAttacks;
+	MultiStageAlarm alarm = new MultiStageAlarm();
 
 	public class LocalBinder extends Binder {
 		public Hostage getService() {
@@ -103,6 +105,7 @@ public class Hostage extends Service {
 	}
 
 	private static Context context;
+    Listener listener;
 
 	/**
 	 * Returns the application context.
@@ -289,9 +292,20 @@ public class Hostage extends Service {
 	public int onStartCommand(Intent intent, int flags, int startId) {
 		// We want this service to continue running until it is explicitly
 		// stopped, so return sticky.
+		startMultiStage();
 		return START_STICKY;
+
 	}
 
+	private void startMultiStage() {
+        Context context = this;
+        if (alarm != null) {
+            alarm.SetAlarm(context);
+        } else {
+            Toast.makeText(context, "Alarm is null", Toast.LENGTH_SHORT).show();
+        }
+    }
+
 	/**
 	 * Starts the listener for the specified protocol. Creates a new
 	 * HoneyService if no matching HoneyListener is found.

src/de/tudarmstadt/informatik/hostage/Listener.java

@@ -14,6 +14,7 @@ import javax.net.ssl.SSLSocketFactory;
 import android.content.Context;
 import android.content.SharedPreferences;
 import android.preference.PreferenceManager;
+import android.widget.Toast;
 
 import org.snmp4j.agent.BaseAgent;
 
@@ -21,6 +22,7 @@ import de.tudarmstadt.informatik.hostage.commons.HelperUtils;
 import de.tudarmstadt.informatik.hostage.location.MyLocationManager;
 import de.tudarmstadt.informatik.hostage.logging.AttackRecord;
 import de.tudarmstadt.informatik.hostage.logging.Logger;
+import de.tudarmstadt.informatik.hostage.logging.MessageRecord;
 import de.tudarmstadt.informatik.hostage.logging.NetworkRecord;
 import de.tudarmstadt.informatik.hostage.net.MyServerSocketFactory;
 import de.tudarmstadt.informatik.hostage.protocol.SMB;
@@ -28,6 +30,8 @@ import de.tudarmstadt.informatik.hostage.protocol.Protocol;
 import de.tudarmstadt.informatik.hostage.protocol.SNMP;
 
 import de.tudarmstadt.informatik.hostage.protocol.SSLProtocol;
+import de.tudarmstadt.informatik.hostage.services.MultiStage;
+import de.tudarmstadt.informatik.hostage.services.MultiStageAlarm;
 import de.tudarmstadt.informatik.hostage.system.Device;
 
 /**
@@ -41,379 +45,323 @@ import de.tudarmstadt.informatik.hostage.system.Device;
  */
 public class Listener implements Runnable {
 
-	public Listener getListener(){
+    public Listener getListener() {
-		return this;
+        return this;
-	}
+    }
+
+    private ArrayList<Handler> handlers = new ArrayList<Handler>();
 
-	private ArrayList<Handler> handlers = new ArrayList<Handler>();
+    private Protocol protocol;
 
-	private Protocol protocol;
+    MultiStageAlarm alarm;
 
-	private ServerSocket server;
+    private ServerSocket server;
-	private Thread thread;
+    private Thread thread;
-	private int port;
+    private int port;
     private Hostage service;
 
-	private ConnectionRegister conReg;
+    MultiStage multistage;
-	private boolean running = false;
+
-
+    private ConnectionRegister conReg;
-	private static Semaphore mutex = new Semaphore(1); // to enable atomic section in portscan detection
+    private boolean running = false;
-
+
-	/**
+    private static Semaphore mutex = new Semaphore(1); // to enable atomic section in portscan detection
-	 * Constructor for the class. Instantiate class variables.
+
-	 * 
+    /**
-	 * @param service
+     * Constructor for the class. Instantiate class variables.
-	 *            The Background service that started the listener.
+     *
-	 * @param protocol
+     * @param service  The Background service that started the listener.
-	 *            The Protocol on which the listener is running.
+     * @param protocol The Protocol on which the listener is running.
-	 */
+     */
-	public Listener(Hostage service, Protocol protocol) {
+    public Listener(Hostage service, Protocol protocol) {
-		this.service = service;
+        this.service = service;
-		this.protocol = protocol;
+        this.protocol = protocol;
-		port = protocol.getPort();
+        port = protocol.getPort();
-		conReg = new ConnectionRegister(service);
+        conReg = new ConnectionRegister(service);
-	}
+    }
-
+
-	public Listener(Hostage service, Protocol protocol, int port) {
+    public Listener(Hostage service, Protocol protocol, int port) {
-		this.service = service;
+        this.service = service;
-		this.protocol = protocol;
+        this.protocol = protocol;
-		this.port = port;
+        this.port = port;
-		conReg = new ConnectionRegister(service);
+        conReg = new ConnectionRegister(service);
-	}
+    }
-
+
-	/**
+    /**
-	 * Determines the amount of active handlers.
+     * Determines the amount of active handlers.
-	 * 
+     *
-	 * @return The number of active handlers.
+     * @return The number of active handlers.
-	 */
+     */
-	public int getHandlerCount() {
+    public int getHandlerCount() {
-		return handlers.size();
+        return handlers.size();
-	}
+    }
-
+
-	/**
+    /**
-	 * Return the port number on which the listener listening.
+     * Return the port number on which the listener listening.
-	 * 
+     *
-	 * @return Used port number.
+     * @return Used port number.
-	 */
+     */
-	public int getPort() {
+    public int getPort() {
-		return port;
+        return port;
-	}
+    }
-
+
-	/**
+    /**
-	 * Determine the name of the protocol the listener is running on.
+     * Determine the name of the protocol the listener is running on.
-	 * 
+     *
-	 * @return Name of the protocol
+     * @return Name of the protocol
-	 */
+     */
-	public String getProtocolName() {
+    public String getProtocolName() {
-		return protocol.toString();
+        return protocol.toString();
-	}
+    }
 
     public Protocol getProtocol() {
         return protocol;
     }
+
     public Hostage getService() {
         return service;
     }
 
-	/**
+    /**
-	 * Determines if the service is running.
+     * Determines if the service is running.
-	 * 
+     *
-	 * @return True if the service is running, else false.
+     * @return True if the service is running, else false.
-	 */
+     */
-	public boolean isRunning() {
+    public boolean isRunning() {
-		return running;
+        return running;
-	}
+    }
-
+
-	/**
+    /**
-	 * Remove all terminated handlers from its internal ArrayList.
+     * Remove all terminated handlers from its internal ArrayList.
-	 */
+     */
-	public void refreshHandlers() {
+    public void refreshHandlers() {
-		for (Iterator<Handler> iterator = handlers.iterator(); iterator.hasNext();) {
+        for (Iterator<Handler> iterator = handlers.iterator(); iterator.hasNext(); ) {
-			Handler handler = iterator.next();
+            Handler handler = iterator.next();
-			if (handler.isTerminated()) {
+            if (handler.isTerminated()) {
-				conReg.closeConnection();
+                conReg.closeConnection();
-				iterator.remove();
+                iterator.remove();
-			}
+            }
-		}
+        }
-	}
+    }
-
+
-	@Override
+    @Override
-	public void run() {
+    public void run() {
-		if (protocol.toString().equals("SMB")) return;
+
-
+
-				//||(protocol.toString().equals("SNMP"))) return;
+        if (protocol.toString().equals("SMB")) return;
-
+
-		while (!thread.isInterrupted()) {
+        //||(protocol.toString().equals("SNMP"))) return;
-			addHandler();
+
-		}
+        while (!thread.isInterrupted()) {
-		for (Handler handler : handlers) {
+            addHandler();
-			//TODO kann ConcurrentModificationException auslösen, da über collection iteriert wird während elemente entfernt werden
+        }
-			handler.kill();
+        for (Handler handler : handlers) {
-		}
+            //TODO kann ConcurrentModificationException auslösen, da über collection iteriert wird während elemente entfernt werden
-	}
+            handler.kill();
-
+        }
-	/**
+        //initMultiStage();
-	 * Starts the listener. Creates a server socket runs itself in a new Thread
+    }
-	 * and notifies the background service.
+
-	 */
+    /**
-	public boolean start() {
+     * Starts the listener. Creates a server socket runs itself in a new Thread
-        if(protocol.toString().equals("SMB")){
+     * and notifies the background service.
-			if (!Device.isPortRedirectionAvailable()) {
+     */
+    public boolean start() {
+
+        if (protocol.toString().equals("SMB")) {
+            if (!Device.isPortRedirectionAvailable()) {
 				/*
 				We can only use SMB with iptables since we can't transfer UDP sockets using domain sockets (port binder).
 				TODO: somehow communicate this limitation to the user. Right now SMB will simply just fail.
 				 */
-				return false;
+                return false;
-			}
+            }
-			if (Device.isPorthackInstalled()) {
+            if (Device.isPorthackInstalled()) {
 				/*
 				Currently the port binder is the preferred method for creating sockets.
 				If it installed, we can't use iptables to create UDP sockets.
 				@see MyServerSocketFactory
 				 */
-				return false;
+                return false;
-			}
+            }
             ((SMB) protocol).initialize(this);
         }
 
-	//	else if (protocol.toString().equals("SNMP")) {
 
-		//	if (!Device.isPortRedirectionAvailable()) {
+
-			//		return false;
+        try {
-		//	}
+            server = new MyServerSocketFactory().createServerSocket(port);
-		//	if (Device.isPorthackInstalled()) {
+            if (server == null)
-				/*
+                return false;
-				Currently the port binder is the preferred method for creating sockets.
+            (this.thread = new Thread(this)).start();
-				If it installed, we can't use iptables to create UDP sockets.
+            running = true;
-				@see MyServerSocketFactory
+            service.notifyUI(this.getClass().getName(),
-				 */
+                    new String[]{service.getString(R.string.broadcast_started), protocol.toString(), Integer.toString(port)});
-		//		return false;
+            return true;
-		//	}
+        } catch (IOException e) {
-		//	((SNMP) protocol).setUp();
+            return false;
-
+        }
-
+    }
-		//}
+
-
+    /**
-		try {
+     * Stops the listener. Closes the server socket, interrupts the Thread its
-			server = new MyServerSocketFactory().createServerSocket(port);
+     * running in and notifies the background service.
-			if (server == null)
+     */
-				return false;
+    public void stop() {
-			(this.thread = new Thread(this)).start();
+        try {
-			running = true;
+            if (protocol.toString().equals("SMB")) {
-			service.notifyUI(this.getClass().getName(),
-					new String[] { service.getString(R.string.broadcast_started), protocol.toString(), Integer.toString(port) });
-			return true;
-		} catch (IOException e) {
-			return false;
-		}
-	}
-
-	/**
-	 * Stops the listener. Closes the server socket, interrupts the Thread its
-	 * running in and notifies the background service.
-	 */
-	public void stop() {
-		try {
-            if(protocol.toString().equals("SMB")){
                 ((SMB) protocol).stop();
 
-		//if(protocol.toString().equals("SNMP")){
+            }
-		//	((SNMP)protocol).stop();
-		//	}
-         }
-
-			server.close();
-			thread.interrupt();
-			running = false;
-			service.notifyUI(this.getClass().getName(),
-					new String[] { service.getString(R.string.broadcast_stopped), protocol.toString(), Integer.toString(port) });
-		} catch (IOException e) {
-		}
-	}
-
-	/**
-	 * Waits for an incoming connection, accepts it and starts a {@link Handler}
-	 */
-	private void addHandler() {
-		if (conReg.isConnectionFree()) {
-			try {
-				final Socket client = server.accept();
-				if (ConnectionGuard.portscanInProgress()) {
-					// ignore everything for the duration of the port scan
-					client.close();
-					return;
-				}
-				new Thread( new Runnable() {
-				    @Override
-				    public void run() {
-				    	try {
-				    		String ip = client.getInetAddress().getHostAddress();
-
-							// the mutex should prevent multiple logging of a portscan
-							mutex.acquire();
-							if (ConnectionGuard.portscanInProgress()) {
-								mutex.release();
-								client.close();
-								return;
-							}
-				    		if (ConnectionGuard.registerConnection(port, ip)) { // returns true when a port scan is detected
-								logPortscan(client, System.currentTimeMillis());
-								mutex.release();
-								client.close();
-				    			return;
-				    		}
-							mutex.release();
-							Thread.sleep(100); // wait to see if other listeners detected a portscan
-							if (ConnectionGuard.portscanInProgress()) {
-								client.close();
-								return; // prevent starting a handler
-							}
-
-							if (protocol.isSecure()) {
-								startSecureHandler(client);
-							} else {
-								startHandler(client);
-							}
-							conReg.newOpenConnection();
-				    	} catch (Exception e) {
-				    		e.printStackTrace();
-				    	}
-				    }
-				}).start();
-			} catch (Exception e) {
-				e.printStackTrace();
-			}
-		}
-	}
-
-	/**
-	 * Creates a new instance of an {@link Handler}.
-	 * 
-	 * @param service
-	 *            The background service
-	 * @param listener
-	 *            The listener that created the handler
-	 * @param protocol
-	 *            The Protocol the handler will run on
-	 * @param client
-	 *            The Socket the handler uses
-	 * @return A Instance of a {@link Handler} with the specified parameter.
-	 */
-	private Handler newInstance(Hostage service, Listener listener, Protocol protocol, Socket client) {
-		return new Handler(service, listener, protocol, client);
-	}
-
-	/**
-	 * Starts a {@link Handler} with the given socket.
-	 * 
-	 * @param client
-	 *            The socket with the accepted connection.
-	 * @throws Exception
-	 */
-	private void startHandler(Socket client) throws Exception {
-		handlers.add(newInstance(service, this, protocol.toString().equals("CIFS") ? protocol : protocol.getClass().newInstance(), client));
-		//handlers.add(newInstance(service, this, protocol.toString().equals("SNMP") ? protocol : protocol.getClass().newInstance(), client));
-	}
-
-	/**
-	 * Creates a SSLSocket out of the given socket and starts a {@link Handler}.
-	 * 
-	 * @param client
-	 *            The socket with the accepted connection.
-	 * @throws Exception
-	 */
-	private void startSecureHandler(Socket client) throws Exception {
-		SSLContext sslContext = ((SSLProtocol) protocol).getSSLContext();
-		SSLSocketFactory factory = sslContext.getSocketFactory();
-		SSLSocket sslClient = (SSLSocket) factory.createSocket(client, null, client.getPort(), false);
-		sslClient.setUseClientMode(false);
-		handlers.add(newInstance(service, this, protocol.toString().equals("CIFS") ? protocol : protocol.getClass().newInstance(), sslClient));
-	}	
-	
-	/**
-	 * Logs a port scan attack and notifies ui about the portscan
-	 * @param client The socket on which a port scan has been detected.
-	 * @param timestamp Timestamp when the portscan has been detected.
-	 */
-	private void logPortscan(Socket client, long timestamp){
-		SharedPreferences pref = PreferenceManager.getDefaultSharedPreferences(service);
-		SharedPreferences connInfo = service.getSharedPreferences(service.getString(R.string.connection_info), Context.MODE_PRIVATE);
-
-		AttackRecord attackRecord = new AttackRecord(true);
-
-		attackRecord.setProtocol("PORTSCAN");
-		attackRecord.setExternalIP(connInfo.getString(service.getString(R.string.connection_info_external_ip), null));
-		attackRecord.setLocalIP(client.getLocalAddress().getHostAddress());
-		attackRecord.setLocalPort(0);
-		attackRecord.setRemoteIP(client.getInetAddress().getHostAddress());
-		attackRecord.setRemotePort(client.getPort());
-		attackRecord.setBssid(connInfo.getString(service.getString(R.string.connection_info_bssid), null));
-		
-		NetworkRecord networkRecord = new NetworkRecord();
-		networkRecord.setBssid(connInfo.getString(service.getString(R.string.connection_info_bssid), null));		
-		networkRecord.setSsid(connInfo.getString(service.getString(R.string.connection_info_ssid), null));		
-		if (MyLocationManager.getNewestLocation() != null) {
-			networkRecord.setLatitude(MyLocationManager.getNewestLocation().getLatitude());
-			networkRecord.setLongitude(MyLocationManager.getNewestLocation().getLongitude());
-			networkRecord.setAccuracy(MyLocationManager.getNewestLocation().getAccuracy());
-			networkRecord.setTimestampLocation(MyLocationManager.getNewestLocation().getTime());
-		} else {
-			networkRecord.setLatitude(0.0);
-			networkRecord.setLongitude(0.0);
-			networkRecord.setAccuracy(Float.MAX_VALUE);
-			networkRecord.setTimestampLocation(0);
-		}
-		Logger.logPortscan(Hostage.getContext(), attackRecord, networkRecord, timestamp);
-
-		// now that the record exists we can inform the ui
-		// only handler informs about attacks so its name is used here
-		service.notifyUI(Handler.class.getName(),
-                new String[]{service.getString(R.string.broadcast_started), "PORTSCAN",
-                        Integer.toString(client.getPort())});
-	}
 
+            server.close();
+            thread.interrupt();
+            running = false;
+            service.notifyUI(this.getClass().getName(),
+                    new String[]{service.getString(R.string.broadcast_stopped), protocol.toString(), Integer.toString(port)});
+        } catch (IOException e) {
+        }
+    }
 
+    /**
+     * Waits for an incoming connection, accepts it and starts a {@link Handler}
+     */
+    private void addHandler() {
+        if (conReg.isConnectionFree()) {
+            try {
+                final Socket client = server.accept();
+                if (ConnectionGuard.portscanInProgress()) {
+                    // ignore everything for the duration of the port scan
+                    client.close();
+                    return;
+                }
+                new Thread(new Runnable() {
+                    @Override
+                    public void run() {
+                        try {
+                            String ip = client.getInetAddress().getHostAddress();
+
+                            // the mutex should prevent multiple logging of a portscan
+                            mutex.acquire();
+                            if (ConnectionGuard.portscanInProgress()) {
+                                mutex.release();
+                                client.close();
+                                return;
+                            }
+                            if (ConnectionGuard.registerConnection(port, ip)) { // returns true when a port scan is detected
+                                logPortscan(client, System.currentTimeMillis());
+                                mutex.release();
+                                client.close();
+                                return;
+                            }
+                            mutex.release();
+                            Thread.sleep(100); // wait to see if other listeners detected a portscan
+                            if (ConnectionGuard.portscanInProgress()) {
+                                client.close();
+                                return; // prevent starting a handler
+                            }
+
+                            if (protocol.isSecure()) {
+                                startSecureHandler(client);
+                            } else {
+                                startHandler(client);
+                            }
+                            conReg.newOpenConnection();
+                        } catch (Exception e) {
+                            e.printStackTrace();
+                        }
+                    }
+                }).start();
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }
+    }
 
-	// to notify File Injection
+    /**
+     * Creates a new instance of an {@link Handler}.
+     *
+     * @param service  The background service
+     * @param listener The listener that created the handler
+     * @param protocol The Protocol the handler will run on
+     * @param client   The Socket the handler uses
+     * @return A Instance of a {@link Handler} with the specified parameter.
+     */
+    private Handler newInstance(Hostage service, Listener listener, Protocol protocol, Socket client) {
+        return new Handler(service, listener, protocol, client);
+    }
 
-	private void logFileInjection(Socket client, long timestamp){
+    /**
-		SharedPreferences pref = PreferenceManager.getDefaultSharedPreferences(service);
+     * Starts a {@link Handler} with the given socket.
-		SharedPreferences connInfo = service.getSharedPreferences(service.getString(R.string.connection_info), Context.MODE_PRIVATE);
+     *
+     * @param client The socket with the accepted connection.
+     * @throws Exception
+     */
+    private void startHandler(Socket client) throws Exception {
+        handlers.add(newInstance(service, this, protocol.toString().equals("CIFS") ? protocol : protocol.getClass().newInstance(), client));
+        //handlers.add(newInstance(service, this, protocol.toString().equals("SNMP") ? protocol : protocol.getClass().newInstance(), client));
+    }
 
-		AttackRecord attackRecord = new AttackRecord(true);
+    /**
+     * Creates a SSLSocket out of the given socket and starts a {@link Handler}.
+     *
+     * @param client The socket with the accepted connection.
+     * @throws Exception
+     */
+    private void startSecureHandler(Socket client) throws Exception {
+        SSLContext sslContext = ((SSLProtocol) protocol).getSSLContext();
+        SSLSocketFactory factory = sslContext.getSocketFactory();
+        SSLSocket sslClient = (SSLSocket) factory.createSocket(client, null, client.getPort(), false);
+        sslClient.setUseClientMode(false);
+        handlers.add(newInstance(service, this, protocol.toString().equals("CIFS") ? protocol : protocol.getClass().newInstance(), sslClient));
+    }
 
-		attackRecord.setProtocol("File Injection");
+    /**
-		attackRecord.setExternalIP(connInfo.getString(service.getString(R.string.connection_info_external_ip), null));
+     * Logs a port scan attack and notifies ui about the portscan
-		attackRecord.setLocalIP(client.getLocalAddress().getHostAddress());
+     *
-		attackRecord.setLocalPort(0);
+     * @param client    The socket on which a port scan has been detected.
-		attackRecord.setRemoteIP(client.getInetAddress().getHostAddress());
+     * @param timestamp Timestamp when the portscan has been detected.
-		attackRecord.setRemotePort(client.getPort());
+     */
-		attackRecord.setBssid(connInfo.getString(service.getString(R.string.connection_info_bssid), null));
+    private void logPortscan(Socket client, long timestamp) {
+        SharedPreferences pref = PreferenceManager.getDefaultSharedPreferences(service);
+        SharedPreferences connInfo = service.getSharedPreferences(service.getString(R.string.connection_info), Context.MODE_PRIVATE);
+
+        AttackRecord attackRecord = new AttackRecord(true);
+
+        attackRecord.setProtocol("PORTSCAN");
+        attackRecord.setExternalIP(connInfo.getString(service.getString(R.string.connection_info_external_ip), null));
+        attackRecord.setLocalIP(client.getLocalAddress().getHostAddress());
+        attackRecord.setLocalPort(0);
+        attackRecord.setRemoteIP(client.getInetAddress().getHostAddress());
+        attackRecord.setRemotePort(client.getPort());
+        attackRecord.setBssid(connInfo.getString(service.getString(R.string.connection_info_bssid), null));
+
+        NetworkRecord networkRecord = new NetworkRecord();
+        networkRecord.setBssid(connInfo.getString(service.getString(R.string.connection_info_bssid), null));
+        networkRecord.setSsid(connInfo.getString(service.getString(R.string.connection_info_ssid), null));
+        if (MyLocationManager.getNewestLocation() != null) {
+            networkRecord.setLatitude(MyLocationManager.getNewestLocation().getLatitude());
+            networkRecord.setLongitude(MyLocationManager.getNewestLocation().getLongitude());
+            networkRecord.setAccuracy(MyLocationManager.getNewestLocation().getAccuracy());
+            networkRecord.setTimestampLocation(MyLocationManager.getNewestLocation().getTime());
+        } else {
+            networkRecord.setLatitude(0.0);
+            networkRecord.setLongitude(0.0);
+            networkRecord.setAccuracy(Float.MAX_VALUE);
+            networkRecord.setTimestampLocation(0);
+        }
+        Logger.logPortscan(Hostage.getContext(), attackRecord, networkRecord, timestamp);
 
-		NetworkRecord networkRecord = new NetworkRecord();
+        // now that the record exists we can inform the ui
-		networkRecord.setBssid(connInfo.getString(service.getString(R.string.connection_info_bssid), null));
+        // only handler informs about attacks so its name is used here
-		networkRecord.setSsid(connInfo.getString(service.getString(R.string.connection_info_ssid), null));
+        service.notifyUI(Handler.class.getName(),
-		if (MyLocationManager.getNewestLocation() != null) {
+                new String[]{service.getString(R.string.broadcast_started), "PORTSCAN",
-			networkRecord.setLatitude(MyLocationManager.getNewestLocation().getLatitude());
+                        Integer.toString(client.getPort())});
-			networkRecord.setLongitude(MyLocationManager.getNewestLocation().getLongitude());
+    }
-			networkRecord.setAccuracy(MyLocationManager.getNewestLocation().getAccuracy());
-			networkRecord.setTimestampLocation(MyLocationManager.getNewestLocation().getTime());
-		} else {
-			networkRecord.setLatitude(0.0);
-			networkRecord.setLongitude(0.0);
-			networkRecord.setAccuracy(Float.MAX_VALUE);
-			networkRecord.setTimestampLocation(0);
-		}
-		Logger.logFileInjection(Hostage.getContext(), attackRecord, networkRecord, timestamp);
 
-		// now that the record exists we can inform the ui
+
-		// only handler informs about attacks so its name is used here
+}
-		service.notifyUI(Handler.class.getName(),
-				new String[]{service.getString(R.string.broadcast_started), "File Injection",
-						Integer.toString(client.getPort())});
-	}
 
 
 
 
-}

src/de/tudarmstadt/informatik/hostage/logging/Logger.java

@@ -20,9 +20,11 @@ public class Logger extends IntentService {
 	private static final String ACTION_LOG_ATTACK = "de.tudarmstadt.informatik.hostage.action.LOG_ATTACK";
 	private static final String ACTION_LOG_NETWORK = "de.tudarmstadt.informatik.hostage.action.LOG_NETWORK";
 	private static final String ACTION_LOG_PORTSCAN = "de.tudarmstadt.informatik.hostage.action.LOG_PORTSCAN";
+	private static final String ACTION_LOG_MULTISTAGE = "de.tudarmstadt.informatik.hostage.action.LOG_MULTISTAGE";
 
 	private static final String EXTRA_RECORD = "de.tudarmstadt.informatik.hostage.extra.RECORD";
 	private static final String EXTRA_RECORD2 = "de.tudarmstadt.informatik.hostage.extra.RECORD2";
+	private static final String EXTRA_RECORD3 = "de.tudarmstadt.informatik.hostage.extra.RECORD3";
 	private static final String EXTRA_TIMESTAMP = "de.tudarmstadt.informatik.hostage.extra.TIMESTAMP";
 
 	/**
@@ -78,35 +80,19 @@ public class Logger extends IntentService {
 
 	}
 
-	/**
+		/**
-	 * Adds a File Injection entry to the database
-	 * @param context
-	 * @param attackRecord
-	 * @param netRecord
-	 * @param timestamp
-	 */
-	public static void logFileInjection(Context context, AttackRecord attackRecord, NetworkRecord netRecord, long timestamp){
-		Intent intent = new Intent(context, Logger.class);
-		intent.setAction(ACTION_LOG_PORTSCAN);
-		intent.putExtra(EXTRA_RECORD, (Parcelable)attackRecord);
-		intent.putExtra(EXTRA_RECORD2, (Parcelable)netRecord);
-		intent.putExtra(EXTRA_TIMESTAMP, timestamp);
-		context.startService(intent);
-	}
-
-
-	/**
 	 * Adds a Multi Stage Attack entry to the database
 	 * @param context
 	 * @param attackRecord
 	 * @param networkRecord
 	 * @param timestamp
 	 */
-	public static void logMultiStageAttack(Context context,AttackRecord attackRecord,NetworkRecord networkRecord, long timestamp){
+	public static void logMultiStageAttack(Context context,AttackRecord attackRecord,NetworkRecord networkRecord, MessageRecord messageRecord, long timestamp){
 		Intent intent = new Intent(context, Logger.class);
-		intent.setAction(ACTION_LOG_PORTSCAN);
+		intent.setAction(ACTION_LOG_MULTISTAGE);
-		intent.putExtra(EXTRA_RECORD, (Parcelable)attackRecord);
+		intent.putExtra(EXTRA_RECORD, (Parcelable) attackRecord);
 		intent.putExtra(EXTRA_RECORD2, (Parcelable)networkRecord);
+		intent.putExtra(EXTRA_RECORD3,(Parcelable)messageRecord);
 		intent.putExtra(EXTRA_TIMESTAMP, timestamp);
 		context.startService(intent);
 
@@ -167,6 +153,14 @@ public class Logger extends IntentService {
 				handleActionLog(attackRecord);
 				handleActionLog(networkRecord);
 				handleActionLog(messageRecord);
+			} else if(ACTION_LOG_MULTISTAGE.equals(action)) {
+				final AttackRecord attackRecord = intent.getParcelableExtra(EXTRA_RECORD);
+				final NetworkRecord networkRecord = intent.getParcelableExtra(EXTRA_RECORD2);
+				final MessageRecord msgRecord = intent.getParcelableExtra(EXTRA_RECORD3);
+				handleActionLog(attackRecord);
+				handleActionLog(networkRecord);
+				handleActionLog(msgRecord);
+
 			}
 		}
 	}

src/de/tudarmstadt/informatik/hostage/services/MultiStage.java

@@ -1,42 +1,31 @@
 package de.tudarmstadt.informatik.hostage.services;
 
 import android.app.Service;
-import android.content.Context;
 import android.content.Intent;
 import android.content.SharedPreferences;
-import android.net.DhcpInfo;
-import android.net.wifi.WifiManager;
 import android.os.Binder;
 import android.os.IBinder;
 import android.preference.PreferenceManager;
 import android.widget.Toast;
 
-import org.apache.log4j.chainsaw.Main;
-
-import java.net.InetAddress;
-import java.net.UnknownHostException;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.List;
 
 import de.tudarmstadt.informatik.hostage.Hostage;
-import de.tudarmstadt.informatik.hostage.Listener;
-import de.tudarmstadt.informatik.hostage.R;
-import de.tudarmstadt.informatik.hostage.commons.HelperUtils;
 import de.tudarmstadt.informatik.hostage.location.MyLocationManager;
 import de.tudarmstadt.informatik.hostage.logging.AttackRecord;
 import de.tudarmstadt.informatik.hostage.logging.Logger;
 import de.tudarmstadt.informatik.hostage.logging.MessageRecord;
 import de.tudarmstadt.informatik.hostage.logging.NetworkRecord;
 import de.tudarmstadt.informatik.hostage.logging.Record;
-import de.tudarmstadt.informatik.hostage.logging.SyncDevice;
 import de.tudarmstadt.informatik.hostage.persistence.HostageDBOpenHelper;
 import de.tudarmstadt.informatik.hostage.ui.activity.MainActivity;
 import de.tudarmstadt.informatik.hostage.ui.model.LogFilter;
 
 /**
- * Created by root on 16.08.15.
+ * Created by Shreyas Srinivasa on 16.08.15.
  */
 public class MultiStage extends Service {
     @Override
@@ -54,39 +43,29 @@ public class MultiStage extends Service {
         return 1;
     }
 
-    public Listener getListener() {
-        return mListener;
-    }
-
-    private Listener mListener;
-
-    private Hostage service;
-
-    private SharedPreferences pref;
 
     private HostageDBOpenHelper mDBOpenHelper;
 
+    StringBuilder message;
 
-    //for attack entry creation
 
-    SharedPreferences fpref;
+    private String bssid = "";
-    private int attack_id;
-    private String externalIP;
-    private String BSSID;
-    private String SSID;
-
-    private int subnetMask;
-    private int internalIPAddress;
 
-    private boolean logged;
+    private String ssid = "";
 
 
+    private String externalIP;
+    String stackRemoteIP;
+    String stackLocalIp;
+    String stackProtocol;
+    int stackRport;
+    int stackLport;
+    String stackssid;
+    String stackbssid;
 
     //fetch data of records of last 10 mins
     public Boolean fetchData() {
 
-
-
         Long currentTime = System.currentTimeMillis();
 
         Long filterTime = (currentTime - 600000);
@@ -96,167 +75,104 @@ public class MultiStage extends Service {
         filter.setAboveTimestamp(filterTime);
 
         this.mDBOpenHelper = new HostageDBOpenHelper(MainActivity.getInstance().getBaseContext());
-        pref = PreferenceManager.getDefaultSharedPreferences(MainActivity.getInstance());
-
         List<Record> recordArray = mDBOpenHelper.getRecordsForFilter(filter);
-
         Collections.sort(recordArray, new Comparator<Record>() {
             public int compare(Record one, Record other) {
                 return one.getRemoteIP().compareTo(other.getRemoteIP());
             }
         });
-
         ArrayList<Stackbean> b = new ArrayList<Stackbean>();
-
         String prevRemoteIP = "";
         String prevProt = "";
-        int lport=0;
+        int prevlport = 0;
-        int prevport=0;
+        int prevrport = 0;
+        String prevLocalIP = "";
 
 
-        System.out.println("Record Array - ");
         if (recordArray.size() != 0) {
             for (Record tmp : recordArray) {
-              //  if (!prevRemoteIP.equals(tmp.getRemoteIP()) || (prevRemoteIP.equals(tmp.getRemoteIP()) && !prevProt.equals(tmp.getProtocol()))) {
 
-                if ((prevRemoteIP.equals(tmp.getRemoteIP()) && !prevProt.equals(tmp.getProtocol()))) {
+                if ((prevRemoteIP.equals(tmp.getRemoteIP()) && !prevProt.equals(tmp.getProtocol()) && !prevProt.contains("MULTISTAGE"))) {
 
-                    b.add(new Stackbean(prevRemoteIP,prevProt,lport,prevport));
+                    b.add(new Stackbean(prevRemoteIP, prevLocalIP, prevProt, prevrport, prevlport, bssid, ssid));
-                    b.add(new Stackbean(tmp.getRemoteIP(), tmp.getProtocol(),tmp.getLocalPort(),tmp.getRemotePort()));         //,tmp.getLocalPort(),tmp.getRemotePort()));
+                    b.add(new Stackbean(tmp.getRemoteIP(), tmp.getLocalIP(), tmp.getProtocol(), tmp.getRemotePort(), tmp.getLocalPort(), tmp.getBssid(), tmp.getSsid()));         //,tmp.getLocalPort(),tmp.getRemotePort()));
                 }
                 prevRemoteIP = tmp.getRemoteIP();
                 prevProt = tmp.getProtocol();
-                prevport=tmp.getRemotePort();
+                prevrport = tmp.getRemotePort();
-                lport=tmp.getLocalPort();
+                prevlport = tmp.getLocalPort();
+                externalIP = tmp.getExternalIP();
+                bssid = tmp.getBssid();
+                ssid = tmp.getSsid();
+                prevLocalIP = tmp.getLocalIP();
 
 
             }
         }
 
-        System.out.println("Stack - ");
-
         if (b.size() != 0) {
+            StringBuilder message = new StringBuilder();
             for (Stackbean tmp : b) {
-               // Toast.makeText(MainActivity.getInstance().getApplicationContext(), tmp.getIp() + "----------" + tmp.getProtocol(),Toast.LENGTH_LONG).show();
-                String message = ("Multi Stage Attack Detected!\n" + "IP:" + tmp.getIp() + "\nProtocol:" + tmp.getProtocol());
 
-                //Toast.makeText(MainActivity.getInstance().getApplicationContext(),message,Toast.LENGTH_SHORT).show();
+                message.append("\nMulti Stage Attack Detected!\n" + "IP:" + tmp.getRemoteIp() + "\nProtocol:" + tmp.getProtocol());
 
-                log(MessageRecord.TYPE.RECEIVE, message, tmp.getPort(), tmp.getIp(), tmp.getRport());
+                stackRemoteIP=tmp.getRemoteIp();
-                //Clear stack after this
+                stackLocalIp=tmp.getLocalip();
+                stackProtocol=tmp.getProtocol();
+                stackRport=tmp.getRemotePort();
+                stackLport=tmp.getLocalPort();
+                stackbssid=tmp.getBSSID();
+                stackssid = tmp.getSSID();
 
+               Toast.makeText(MainActivity.getInstance().getApplicationContext(), message, Toast.LENGTH_LONG).show();
             }
+            log(MessageRecord.TYPE.RECEIVE, message.toString(), stackRemoteIP, stackLocalIp, stackProtocol,stackRport, stackLport,stackbssid, stackssid);
+            b.clear();
+            message.equals("");
 
         }
 
-
-        System.out.println("Hello");
-
-
         return true;
 
-
-    }
-
-
-    public class LocalBinder extends Binder {
-        public Hostage getService() {
-            return (Hostage) Hostage.getContext();
-        }
-    }
-
-    public int getLocalIp() {
-        WifiManager wifi = (WifiManager) MainActivity.context.getSystemService(Context.WIFI_SERVICE);
-        DhcpInfo dhcp = wifi.getDhcpInfo();
-        return dhcp.ipAddress;
     }
 
 
-    private synchronized void getAndIncrementAttackID(SharedPreferences pref) {
+    public void log(MessageRecord.TYPE type, String message, String remoteip, String localip, String protocol, int rport, int lport, String bssid, String ssid) {
-        SharedPreferences.Editor editor = pref.edit();
-        attack_id = pref.getInt("ATTACK_ID_COUNTER", 0);
-        editor.putInt("ATTACK_ID_COUNTER", attack_id + 1);
-        editor.commit();
-    }
-
 
-    //Create a listener for fpref so that it gets that existing attack  records information
+        AttackRecord attackRecord = new AttackRecord(true);
 
-    public MessageRecord createMessageRecord(MessageRecord.TYPE type, String packet) {
+        attackRecord.setProtocol("MULTISTAGE");
-        MessageRecord record = new MessageRecord(true);
+        attackRecord.setExternalIP(externalIP);
-        //record.setId(message_id++); // autoincrement
+        attackRecord.setLocalIP(localip);
-        record.setAttack_id(attack_id);
+        attackRecord.setLocalPort(lport);
-        record.setType(type);
+        attackRecord.setRemoteIP(remoteip);
-        record.setTimestamp(System.currentTimeMillis());
+        attackRecord.setRemotePort(rport);
-        record.setPacket(packet);
+        attackRecord.setBssid(bssid);
-        return record;
-    }
-
-    public AttackRecord createAttackRecord(int localPort, String remoteIP, int remotePort) {
-        AttackRecord record = new AttackRecord();
-        record.setAttack_id(attack_id);
-        record.setSync_id(attack_id);
-        record.setDevice(SyncDevice.currentDevice().getDeviceID());
-
-
-        record.setProtocol("MULTISTAGE ATTACK");
-        record.setExternalIP(externalIP);
-        record.setLocalIP(intToInetAddress(getLocalIp()).getHostAddress());
-        record.setLocalPort(localPort);
-       // record.setWasInternalAttack((HelperUtils.packInetAddress(remoteIP.getAddress()) & subnetMask) == (internalIPAddress & subnetMask));
-        record.setRemoteIP(remoteIP);
-        record.setRemotePort(remotePort);
-        record.setBssid(BSSID);
-        return record;
-    }
 
-    public NetworkRecord createNetworkRecord() {
+        NetworkRecord networkRecord = new NetworkRecord();
-        NetworkRecord record = new NetworkRecord();
+        networkRecord.setBssid(bssid);
-        record.setBssid(BSSID);
+        networkRecord.setSsid(ssid);
-        record.setSsid(SSID);
         if (MyLocationManager.getNewestLocation() != null) {
-            record.setLatitude(MyLocationManager.getNewestLocation().getLatitude());
+            networkRecord.setLatitude(MyLocationManager.getNewestLocation().getLatitude());
-            record.setLongitude(MyLocationManager.getNewestLocation().getLongitude());
+            networkRecord.setLongitude(MyLocationManager.getNewestLocation().getLongitude());
-            record.setAccuracy(MyLocationManager.getNewestLocation().getAccuracy());
+            networkRecord.setAccuracy(MyLocationManager.getNewestLocation().getAccuracy());
-            record.setTimestampLocation(MyLocationManager.getNewestLocation().getTime());
+            networkRecord.setTimestampLocation(MyLocationManager.getNewestLocation().getTime());
         } else {
-            record.setLatitude(0.0);
+            networkRecord.setLatitude(0.0);
-            record.setLongitude(0.0);
+            networkRecord.setLongitude(0.0);
-            record.setAccuracy(Float.MAX_VALUE);
+            networkRecord.setAccuracy(Float.MAX_VALUE);
-            record.setTimestampLocation(0);
+            networkRecord.setTimestampLocation(0);
         }
-        return record;
-    }
-
-    public void log(MessageRecord.TYPE type, String packet, int localPort, String remoteIP, int remotePort) {
-        if (!logged) {
-            Logger.log(Hostage.getContext(), createNetworkRecord());
-            Logger.log(Hostage.getContext(), createAttackRecord(localPort, remoteIP, remotePort));
-            logged = true;
-        }
-        if (packet != null && packet.length() > 0) { // prevent logging empty packets
-            Logger.log(Hostage.getContext(), createMessageRecord(type, packet));
-        }
-    }
 
 
-    /**
+        MessageRecord messageRecord = new MessageRecord(true);
-     * helper method to convert the ip from int to InetAddress
+        messageRecord.setAttack_id(attackRecord.getAttack_id());
-     */
+        messageRecord.setType(type);
-    public static InetAddress intToInetAddress(int hostAddress) {
+        messageRecord.setTimestamp(System.currentTimeMillis());
-        byte[] addressBytes = { (byte)(0xff & hostAddress),
+        messageRecord.setPacket(message);
-                (byte)(0xff & (hostAddress >> 8)),
-                (byte)(0xff & (hostAddress >> 16)),
-                (byte)(0xff & (hostAddress >> 24)) };
-
-        try {
-            return InetAddress.getByAddress(addressBytes);
-        } catch (UnknownHostException e) {
-            throw new AssertionError();
-        }
-    }
 
 
+        Logger.logMultiStageAttack(Hostage.getContext(), attackRecord, networkRecord, messageRecord, System.currentTimeMillis());
 
-
+    }
-}
+}

src/de/tudarmstadt/informatik/hostage/services/MultiStageAlarm.java

@@ -7,6 +7,7 @@ import android.content.Context;
 import android.content.Intent;
 import android.widget.Toast;
 
+import de.tudarmstadt.informatik.hostage.Hostage;
 import de.tudarmstadt.informatik.hostage.Listener;
 import de.tudarmstadt.informatik.hostage.ui.activity.MainActivity;
 
@@ -15,13 +16,12 @@ import de.tudarmstadt.informatik.hostage.ui.activity.MainActivity;
  */
 public class MultiStageAlarm extends BroadcastReceiver{
 
-
-
     @Override
     public void onReceive(Context context, Intent intent) {
         Toast.makeText(MainActivity.getInstance().getApplicationContext(),"Scanning for MultiStage Attacks...",Toast.LENGTH_SHORT).show();
         Intent i = new Intent(context, MultiStage.class);
         context.startService(i);
+
     }
 
     public void SetAlarm(Context context)
@@ -30,6 +30,7 @@ public class MultiStageAlarm extends BroadcastReceiver{
         Intent i = new Intent(context, MultiStageAlarm.class);
         PendingIntent pi = PendingIntent.getBroadcast(context, 0, i, 0);
         am.setRepeating(AlarmManager.RTC_WAKEUP, System.currentTimeMillis(), 1000 * 60 , pi); // Millisec * Second * Minute
+
     }
 
     public void CancelAlarm(Context context)

src/de/tudarmstadt/informatik/hostage/services/Stackbean.java

@@ -1,39 +1,67 @@
 package de.tudarmstadt.informatik.hostage.services;
 
 /**
- * Created by root on 21.08.15.
+ * Created by Shreyas Srinivasa on 21.08.15.
  */
 public class Stackbean {
 
-    public int getRport() {
+
-        return rport;
+    private String remoteip;
+
+
+
+
+    private String localip;
+    private String protocol;
+    private int remoteport;
+    private int localport;
+
+    private String BSSID;
+    private String SSID;
+
+
+
+    public int getRemotePort() {
+        return remoteport;
+    }
+
+    public int getLocalPort() {
+        return localport;
     }
 
-    public void setRport(int rport) {
+    public void setLocalPort(int port) {
-        this.rport = rport;
+        this.localport = port;
     }
 
-    private int rport;
 
-    public int getPort() {
+    public Stackbean(String remoteip, String localip, String protocol, int remoteport, int localport, String BSSID, String SSID) {
-        return port;
+        this.remoteip = remoteip;
+        this.localip = localip;
+        this.protocol = protocol;
+        this.remoteport = remoteport;
+        this.localport = localport;
+        this.BSSID = BSSID;
+        this.SSID = SSID;
     }
 
-    public void setPort(int port) {
+    public String getLocalip() {
-        this.port = port;
+        return localip;
     }
 
-    private int port;
+    public String getBSSID() {
+        return BSSID;
+    }
 
-    public Stackbean(String ip, String protocol, int port, int rport) {
+    public void setBSSID(String BSSID) {
-        this.ip = ip;
+        this.BSSID = BSSID;
-        this.protocol = protocol;
-        this.port = port;
-        this.rport = rport;
     }
 
-    private String ip;
+    public String getSSID() {
-    private String protocol;
+        return SSID;
+    }
+
+    public void setSSID(String SSID) {
+        this.SSID = SSID;}
 
 
     public String getProtocol() {
@@ -44,14 +72,8 @@ public class Stackbean {
         this.protocol = protocol;
     }
 
-    public String getIp() {
+    public String getRemoteIp() {
-        return ip;
+        return remoteip;
-    }
-
-    public void setIp(String ip) {
-        this.ip = ip;
     }
 
-
-
 }

src/de/tudarmstadt/informatik/hostage/ui/fragment/HomeFragment.java

@@ -354,8 +354,6 @@ public class HomeFragment extends Fragment {
 								Profile currentProfile = profileManager
 										.getCurrentActivatedProfile();
 								List<String> protocols = currentProfile.getActiveProtocols();
-								startAlarm();
-
 								if (protocols.size() > 0 || currentProfile.mGhostActive) {
 									protocols.add("GHOST");
 									MainActivity.getInstance().startMonitorServices(protocols);
@@ -390,15 +388,6 @@ public class HomeFragment extends Fragment {
 					}
 				}
 
-				private void startAlarm() {
-					Context context = getActivity();
-					if(alarm!=null){
-						alarm.SetAlarm(context);
-					}
-					else {
-						Toast.makeText(context, "Alarm is null", Toast.LENGTH_SHORT).show();
-					}
-				}
 			};
 		}
 		mHomeSwitchConnection.setOnCheckedChangeListener(mSwitchChangeListener);

thesis_report/Thesis_Report.tex

@@ -203,10 +203,7 @@ Honeynets are placed behind a Honeywall , which acts as a bridge to the honeynet
 Modern day smart phones are context sensitive and collect a lot of data from the users perspective. This data is both private and critical to the user. There is a need to protect this data. The phones also have enormous computing resources in terms of hardware and also efficiently built software kernels that are capable of processing huge data. We are also able to stay online every moment and can connect to various hotspots providing us Internet facilities to stay connected. This also is huge security concern as the networks and the apps that are deployed on our phones may not be secure and leak sensitive data with respect to the user. 
 
 The power of mobility, computing resources, usability and flexibility make Mobile devices a good platform to host low interaction Honeypots.
-
+Such capabilities make it possible to host a low interaction Honeypot on the devices.Some researchers believe that Mobile Honeypots are still not well defined and could be used to define either a probe deployed on a mobile device or on a mobile operating system. It can also be defined for a system that is controlled in the network of mobile devices. (http://conferences.sigcomm.org/sigcomm/2012/paper/sigcomm/p305.pdf)
-Such capabilities make it possible to host a low interaction Honeypot on the devices.
-
-Some researchers believe that Mobile Honeypots are still not well defined. (http://conferences.sigcomm.org/sigcomm/2012/paper/sigcomm/p305.pdf)
 
 Early research on Mobile Honeypots focused only on  Bluetooth communications[5,17]. The continuous advances in the field of smartphone technology has enabled better opportunities towards Honeypot research on smart phones. 
 
@@ -282,10 +279,33 @@ MODBUS TCP/IP is an Internet protocol. This makes the devices open to the Intern
   The main objective is to detect attacks made using the protocols offered by the Siemens Simati S7 200 PLC . A logging mechanism logs the information about the attacker in pursuit.  
        
        
-  \subsection{Architecture of Siemens SIMATIC s7 200}
+  \subsection{Siemens SIMATIC s7 200 - Overview}
 
 The Siemens S7 200 is a micro-programmable logic controller which can control a wide variety of devices to support various automation needs. The S7-200 monitors, inputs and changes outputs as controlled by the user program, which can include Boolean logic, counting, timing, complex math operations, and communications with other intelligent devices. It can control and communicate with devices like automatic pressure controllers, centrifuge pumps, water cooling systems. The STEP 7--Micro/WIN programming package provides a user-friendly environment to develop, edit, and monitor the logic needed to control the application that monitor devices. The Siemens Simatic S7 PLC's use PROFINET which is based on Ethernet for communication. There are over 3 million PROFINET devices deployed worldwide. 
+
+Siemens S7 200 PLCs boasts of a compact design, powerful performance, optimum modularity and open communications. This Micro PLC has been in successful use in millions of applications around the world – in both stand-alone and net-worked solutions. 
+
+This PLC uses communication protocols such as PROFINET, an advanced version of MODBUS communication protocol. This protocol is also based on Ethernet. It also supports TELNET, HTTP, FTP, SNMP, MODBUS and S7 Comm protocols. Though this PLC is designed to be used to control critical systems, security was not a part of its design. The above mentioned protocols were not customized to facilitate secure communication. The standards were defined to create an interconnected environment between industrial automation devices and common networking protocols.Security was either ignored or rather was thought to be expensive on these devices. This makes it an easier target for attackers. 
+
+
+
+
 The S7 200 is also widely used for variousl applications because of its flexibility, usablilty and comptibility. 
+
+\begin{itemize}
+
+\item\textbf{Open Communications}
+
+\item\textbf{:}
+
+\item\textbf{:}
+
+\end{itemize}
+
+
+
+
+Open Communication
       
  \subsection{Protocols}
 

thesis_report/Thesis_Report.tex~

@@ -203,10 +203,7 @@ Honeynets are placed behind a Honeywall , which acts as a bridge to the honeynet
 Modern day smart phones are context sensitive and collect a lot of data from the users perspective. This data is both private and critical to the user. There is a need to protect this data. The phones also have enormous computing resources in terms of hardware and also efficiently built software kernels that are capable of processing huge data. We are also able to stay online every moment and can connect to various hotspots providing us Internet facilities to stay connected. This also is huge security concern as the networks and the apps that are deployed on our phones may not be secure and leak sensitive data with respect to the user. 
 
 The power of mobility, computing resources, usability and flexibility make Mobile devices a good platform to host low interaction Honeypots.
-
+Such capabilities make it possible to host a low interaction Honeypot on the devices.Some researchers believe that Mobile Honeypots are still not well defined and could be used to define either a probe deployed on a mobile device or on a mobile operating system. It can also be defined for a system that is controlled in the network of mobile devices. (http://conferences.sigcomm.org/sigcomm/2012/paper/sigcomm/p305.pdf)
-Such capabilities make it possible to host a low interaction Honeypot on the devices.
-
-Some researchers believe that Mobile Honeypots are still not well defined. (http://conferences.sigcomm.org/sigcomm/2012/paper/sigcomm/p305.pdf)
 
 Early research on Mobile Honeypots focused only on  Bluetooth communications[5,17]. The continuous advances in the field of smartphone technology has enabled better opportunities towards Honeypot research on smart phones. 
 
@@ -282,9 +279,33 @@ MODBUS TCP/IP is an Internet protocol. This makes the devices open to the Intern
   The main objective is to detect attacks made using the protocols offered by the Siemens Simati S7 200 PLC . A logging mechanism logs the information about the attacker in pursuit.  
        
        
-  \subsection{Architecture of Siemens SIMATIC s7 200}
+  \subsection{Siemens SIMATIC s7 200 - Overview}
 
 The Siemens S7 200 is a micro-programmable logic controller which can control a wide variety of devices to support various automation needs. The S7-200 monitors, inputs and changes outputs as controlled by the user program, which can include Boolean logic, counting, timing, complex math operations, and communications with other intelligent devices. It can control and communicate with devices like automatic pressure controllers, centrifuge pumps, water cooling systems. The STEP 7--Micro/WIN programming package provides a user-friendly environment to develop, edit, and monitor the logic needed to control the application that monitor devices. The Siemens Simatic S7 PLC's use PROFINET which is based on Ethernet for communication. There are over 3 million PROFINET devices deployed worldwide. 
+
+Siemens S7 200 PLCs boasts of a compact design, powerful performance, optimum modularity and open communications. This Micro PLC has been in successful use in millions of applications around the world – in both stand-alone and net-worked solutions. 
+
+This PLC uses communication protocols such as PROFINET, an advanced version of MODBUS communication protocol. This protocol is also based on Ethernet. It also supports TELNET, HTTP, FTP, SNMP, MODBUS and S7 Comm protocols. Though this PLC is designed to be used to control critical systems, security was not a part of its design. The above mentioned protocols were not customized to facilitate secure communication. The standards were defined to create an interconnected environment between industrial automation devices and common networking protocols.Security was either ignored or rather was thought to be expensive on these devices. This makes it an easier target for attackers. 
+
+
+
+
+The S7 200 is also widely used for variousl applications because of its flexibility, usablilty and comptibility. 
+
+\begin{itemize}
+
+\item\textbf{Open Communications}
+
+\item\textbf{:}
+
+\item\textbf{:}
+
+\end{itemize}
+
+
+
+
+Open Communication
       
  \subsection{Protocols}