DATAMINING.doc (Size: 268 KB / Downloads: 1471)
Submitted by SHY AM KUMAR S MTHIN GOPINADH AJITH JOHN ALIAS RI TO GEORGE CHERIAN
1.1 ABOUT THE TOPIC
Data Mining is the process of discovering new correlations, patterns, and trends by digging into (mining) large amounts of data stored in warehouses, using artificial intelligence, statistical and mathematical techniques. Data mining can also be defined as the process of extracting knowledge hidden from large volumes of raw data i.e. the nontrivial extraction of implicit, previously unknown, and potentially useful information from data. The alternative name of Data Mining is Knowledge discovery (mining) in databases (KDD), knowledge extraction, data/pattern analysis, etc.
Data mining is the principle of sorting through large amounts of data and picking out relevant information. It is usually used by business intelligence organizations, and financial analysts, but it is increasingly used in the sciences to extract information from the enormous data sets generated by modern experimental and observational methods, it has been described as "the nontrivial extraction of implicit, previously unknown, and potentially useful information from data" and "the science of extracting useful information from large data sets or databases".
1.2 ABOUT THE PROJECT
The Project has been developed in our college in an effort to identify the most frequently visited sites, the site from where the most voluminous downloading has taken place and the sites that have been denied access when referred to by the users.
Our college uses the Squid proxy server and our aim is to extract useful knowledge from one of the log files in it. After a combined scrutiny of the log files the log named access.log was decided to be used as the database. Hence our project was to mine the contents ofaccess.log .
Finally the PERL programming language was used for manipulating the contents of the log file. PERL EXPRESS 2.5 was the platform used to develop the mining application.
The log file content is in the form of standard text file requiring extensive and quick siring manipulation to retrieve the necessary contents. The programs were required to sort the mined contents in the descending order of its frequency of usage and size.
CHAPTER 2 REQUIREMENT ANALYSIS
Requirement analysis is the process of gathering and interpreting facts, diagnosing problems and using the information lo recommend improvements on the system. It is a problem solving activity that requires intensive communication between the system users and system developers.
Requirement analysis or study is an important phase of any system development process. The system is studied to the minutest detail and analyzed. The system analyst plays the role of an interrogator and dwells deep into the working of the present system. The system is viewed as a whole and the inputs to the system are identified. The outputs from the organization are traced through the various processing that the inputs phase through in the organization.
A detailed study of these processes must be made by various techniques like Interviews, Questionnaires etc. The data collected by these sources must be scrutinized to arrive to a conclusion. The conclusion is an understanding of how the system functions. This system is called the existing system. Now, the existing system is subjected to close study and the problem areas are identified. The designer now functions as a problem solver and tries to sort out the difficulties that the enterprise faces. The solutions are given as a proposal.
The proposal is then weighed with the existing system analytically and the best one is
selected. The proposal is presented to the user for an endorsement by the user. The proposal is
reviewed on user request and suitable changes are made. This loop ends as soon as the user is
satisfied with the proposal.
2.2 PROPOSED SYSTEM
In order to make the programming strategy optimal, complete and least complex a detailed understanding of data mining, related concepts and associated algorithms are required. This is to be followed by effective implementation of the algorithm using the best possible alternative.
2.3 DATAM1NING (KDD PROCESS)
The Knowledge Discovery from Data process involved / includes relevant prior knowledge and goals of applications: Creating a large dataset, Preprocessing of the data, Filtering or clearing, data transformation, identifying dimcnsionally and useful feature. It also involves classification, association, regression, clustering and summarization. Choosing the mining algorithm is the most important parameter for the process.
The final stage includes pattern evaluation which means visualization, transformation, removing redundant pattern etc. use of discovery knowledge of the process.
DM Technology and System: Data mining methods involves neural network, evolutionary programming, memory base programming, Decision trees. Genetic Algorithms, Nonlinear regression methods these work also involve fuzzy logic, which is a superset of conventional Boolean logic that has been extended handle the concept of partial truth, partial false between completely true and complete false.
The term data mining is often used to apply to the two separate processes of knowledge discovery and prediction. Knowledge discovery provides explicit information that has a readable form and can be understood by a user. Forecasting, or predictive modeling provides predictions of future events and may be transparent and readable in some approaches (e.g. rule based systems) and opaque in others such as neural networks. Moreover, some data mining systems such as neural networks are inherently geared towards prediction and pattern recognition, rather than knowledge discovery.
Metadata, or data about a given data set, are often expressed in a condensed data mine-able format, or one that facilitates the practice of data mining. Common examples include executive summaries and scientific abstracts.
Data Mining is the process of discovering new correlations, patterns, and trends by digging into (mining) large amounts of data stored in warehouses, using artificial intelligence, statistical and mathematical techniques.
Data mining can also be defined as the process of extracting knowledge hidden from large volumes of raw data i.e. the nontrivial extraction of implicit, previously unknown, and potentially useful information from data. The alternative name of Data Mining is Knowledge discovery (mining) in databases (KDD), knowledge extraction, data/pattern analysis, etc. The importance of collecting data thai reflect your business or scientific activities to achieve competitive advantage is widely recognized now. Powerful systems for collecting data and managing it in large databases are in place in all large and mid-range companies.
Frequent Subtree Discovery
| Pattern RESULTS i Analysis
Figure 2.3.1 : Process of web usage mining
However, the bottleneck of turning this data into your success is the difficulty of extracting knowledge about the system you study from the collected data. DSS are computerize tools develop assist decision makers through the process of making of decision. This is inherently prescription which enhances decision making in some way. DSS are closely related to the concept of rationality which means the tendency to act in a reasonable'way to make good decision. To produce the key decision for an organization involve product/service, distribution of the product using different distribution channel, calculation /computation of the output on different time and space, prediction/trend of the output for individual product or service with in estimated time frame and finally the schedule of the production on the basis of demand, capacity and resource.
The main aim and objective of the work is to develop a system on dynamic decision which depend on product life cycle individual characteristics graph analysis has been done to give enhance and advance thought to analysis the pattern of the product. The system has been reviewed in terms of local and global aspect.
2.4 WORKING OF DATAMINTNG
While large-scale information technology has been evolving separate transaction and analytical systems, data mining provides the link between the two. Data mining software analyzes relationships and patterns in stored transaction data based on open-ended user queries. Several types of analytical software are available: statistical, machine learning, and neural networks. Generally, any of four types of relationships are sought:
Classes: Stored data is used to locate data in predetermined groups. For example, a restaurant chain could mine customer purchase data to determine when customers visit and what they typically order. This information could be used to increase traffic by having daily specials.
Clusters: Data items are grouped according to logical relationships or consumer preferences. For example, data can be mined to identify market segments or consumer affinities.
Associations: Data can be mined to identify associations. The beer-diaper example is an example of associative mining.
Sequential patterns: Data is mined to anticipate behavior patterns and trends. For example, an otitdoor equipment retailer could predict the likelihood of a backpack being purchased based on a consumer's purchase of sleeping bags and hiking shoes. Data mining consists of five major elements:
Â¢ Extract, transform, and load transaction data onto the data warehouse system.
Â¢ Store and manage the data in a multidimensional database system.
Â¢ Provide data access to business analysts and information technology professionals.
Â¢ Analyze the data by application software.
Â¢ Present the data in a useful format, such as a graph or table.
1 .Classification and Regression Trees (CART) and Chi Square
2.Detection (CHAID) : CART and CHAID are decision tree techniques used for classification of a dataset. They provide a set of rules that you can apply to a new (unclassified) dataset to predict which records will have a given outcome. CART' segments a dataset by creating 2-way splits while CHAID segments using chi square tests to create multi-way splits. CART typically requires less data preparation than CHAID.
Â¢ Nearest neighbor method: A technique that classifies each record in a dataset based on a combination of the classes of the k record(s) most similar to it in a historical dataset. Sometimes called the A:-nearest neighbor technique.
Â¢ Rule induction: The extraction of useful if-then rules from data based on statistical significance.
Â¢ Data visualization: The visual interpretation of complex relationships in multidimensional data. Graphics tools are used to illustrate data relation.
2.5 DATA MINING ALGORITHMS
The data mining algorithm is the mechanism that creates mining models. To create a model, an algorithm first analyzes a set of data, looking for specific patterns and trends. The algorithm then uses the results of this analysis to define the parameters of the mining model.
The mining model that an algorithm creates can take various forms, including:
Â¢ A set of rules that describe how products are grouped together in a transaction.
Â¢ A decision tree that predicts whether a particular customer will buy a product.
Â¢ A mathematical model that forecasts sales.
Â¢ A set of clusters that describe how the cases in a dataset are related.
Microsoft SQL Server 2005 Analysis Services (SSAS) provides several algorithms for use in your data mining solutions. These algorithms are a subset of all the algorithms that can be used for data mining. You can also use third-party algorithms that comply with the OLE DB for Data Mining specification. For more information about third-party algorithms, see Plugin Algorithms.
Analysis Services includes the following algorithm types:
Â¢ Classification algorithms predict one or more discrete variables, based on the other attributes in the dataset. An example of a classification algorithm is the Decision Trees Algorithm.
Â¢ Regression algorithms predict one or more continuous variables, such as profit or loss, based on other attributes in the dataset. An example of a regression algorithm is the Time Series Algorithm.
Â¢ Segmentation algorithms divide data into groups, or clusters, of items that have similar properties. An example of a segmentation algorithm is the Clustering Algorithm.
Â¢ Association algorithms find correlations between different attributes in a dataset. The most common application of this kind of algorithm is for creating association rules, which can be used in a market basket analysis.
Ã‚Â» Sequence analysis algorithms summarize frequent sequences or episodes in data, such as a Web path How. An example of a sequence analysis algorithm is the Sequence Clustering Algorithm.
2.6 SOFTWARE REQUIREMENTS
OPERATION SYSTEM PERL COMPILER. PERL SCRIPT EDITOR SERVER SOFTWARE
WINDOWS XP SP2 ACTIVE PERL
2.7 FUZZY LOGIC
Fuzzy logic is a form of multi-valued logic derived from fuzzy set theory to deal with reasoning that is approximate rather than precise. Just as in fuzzy set theory the set membership values can range (inclusively) between 0 and 1, in fuzzy logic the degree of truth of a statement can range between 0 and 1 and is not constrained to the two truth values ftrue, false} as in classic predicate logic. And when linguistic variables are used, these degrees may be managed by specific functions, as discussed below.
Both fuzzy degrees of truth and probabilities range between 0 and 1 and hence may seem similar at first. However, they are distinct conceptually; fuzzy truth represents membership in vaguely defined sets, not likelihood of some event or condition as in probability theory. For example, if a 100-ml glass contains 30 ml of water, then, for two fuzzy sets, Empty and Full, one might define the glass as being 0.7 empty and 0.3 full.
Note that the concept of emptiness would be subjective and thus would depend on the observer or designer. Another designer might equally well design a set membership function where the glass would be considered full for all values down to 50 ml. A probabilistic setting would first define a scalar variable for the fullness of the glass, and second, conditional distributions describing the probability that someone would call the glass full given a specific fullness level. Note that the conditioning can be achieved by having a specific observer that randomly selects ihe label for the glass, a distribution over deterministic observers, or both. While fuzzy logic avoids talking about randomness in this context, this simplification at the same time obscures what is exactly meant by the statement the 'glass is 0.3 full'.
2.7.1 APPLYING FUZZY TRUTH VALUES
A basic application might characterize sub ranges of a continuous variable. For instance, a temperature measurement for anti-lock brakes might have several separate membership functions defining particular temperature ranges needed to control the brakes properly. Each function maps the same temperature value to a truth value in the 0 to I range. These truth values can then be used to determine how the brakes should be controlled.
In this image, cold, warm, and hot are functions mapping a temperature scale. A point on that scale has three "truth values" â€ one for each of the three functions. The vertical line in the image represents a particular temperature that the three arrows (truth values) gauge. Since the red arrow points to zero, this temperature may be interpreted as "not hot". The orange arrow (pointing at 0.2) may describe it as "slightly warm" and the blue arrow (pointing at 0.8) "fairly cold".
2.7.2 FUZZY LINGUISTIC VARIABLES
While variables in mathematics usually take numerical values, in fuzzy logic applications, the non-numeric linguistic variables are often used to facilitate the expression of rules and facts.
A linguistic variable such as age may have a value such as young or its opposite defined as old. ITowever, the great utility of linguistic variables is that they can be modified via linguistic operations on the primary terms. For instance, if young is associated with the value 0.7 then very young is automatically deduced as having the value 0.7 * 0.7 = 0.49. And not very young gets the value (l - 0.49), i.e. 0.51.
In this example, the operator very(X) was defined as X * X, however in general these operators may be uniformly, but flexibly defined to fit the application, resulting in a great deal of power for the expression of both rules and fuzzy facts.
CHAPTER 3 SYSTEM DESIGN
System design is the solution to the creation of a new system. This phase is composed of several systems. This phase focuses on the detailed implementation of the feasible system. Its emphasis is on translating design specifications to performance specification. System design has two phases of development logical and physical design.
During logical design phase the analyst describes inputs (sources), out puts (destinations), databases (data sores) and procedures (data flows) all in a format that meats the uses requirements. The analyst also specifies the user needs and at a level that virtually determines the information How into and out of the system and the data resources. Here the logical design is done through data flow diagrams and database design.
The physical design is followed by physical design or coding. Physical design produces the working system by defining the design specifications, which tell the programmers exactly what the candidate system must do. The programmers write the necessary programs that accept input from the user, perform necessary processing on accepted data through call and produce the required report on a hard copy or display it on the screen.
3.1 DATABASE DESIGN
The data mining process involves the manipulation of large data sets. Hence, a large database is a key requirement in the mining operation. Ordered set of information is now to be extracted from this database.
The overall objective in the development of database technology has been to treat data as an organizational resource and as an integrated whole. DBMS allow data to be protected and organized separately from other resources.
Database is an integrated collection of data. The most significant form of data as seen by the programmers is data as stored on the direct access storage devices. This is the difference between logical and physical data.
Database files are the key source of information into the system. It is the process of designing database files, which are the key source of information to the system. The files should be properly designed and planned for collection, accumulation, editing and retrieving the required information.
The organization of data in database aims to achieve three major objectives: -
Â¢ Data integration.
Â¢ Data integrity.
Â¢ Data independence.
A large data set is difficult to parse and to interpret the knowledge contained in it. Since the data base used in this project is the log file of a proxy server called SQUID, a detailed study of the squid style transaction logging is also required.
3.2 PKOXY SERVER
A proxy server is a server (a computer system or an application program) which services the requests of its clients by forwarding requests to other servers. A client connects to the proxy server, requesting some service, such as a file, connection, web page, or other resource, available from a different server. The proxy server provides the resource by connecting to the specified server and requesting the service on behalf of the client. A proxy server may optionally alter the client's request or the server's response, and sometimes it may serve the request without contacting the specified server. In this case, it would 'cache' the first request to the remote server, so it could save the information for later, and make everything as fast as possible.
A proxy server that passes all requests and replies unmodified is usually called a gateway or sometimes tunneling proxy. A proxy server can be placed in the user's local computer or at specific key points between the user and the destination servers or the Internet.
Â¢ Caching proxy server
A proxy server can service requests without contacting the specified server, by retrieving content saved from a previous request, made by the same client or even other clients. This is called caching.
Â¢ Web proxy
A proxy that focuses on WWW traffic is called a "web proxy". The most common use of a web proxy is to serve as a web cache. Most proxy programs (e.g. Squid, Net Cache) provide a means to deny access to certain URLs in a blacklist, thus providing content filtering.
Â¢ Content Filtering Web Proxy
A content filtering web proxy server provides administrative control over the content that may be relayed through the proxy. It is commonly used in commercial and non-commercial organizations (especially schools) to ensure that Internet usage conforms to acceptable use policy.
Â¢ Anonymizing proxy server
An anonymous proxy server (sometimes called a web proxy) generally attempts to anonymize web surfing. These can easily be overridden by site administrators, and thus rendered useless in some cases. There are different varieties of anonymizers.
Â¢ Hostile proxy
Proxies can also be installed by online criminals, in order to eavesdrop upon the dataflow between the client machine and the web. All accessed pages, as well as all forms submitted, can be captured and analyzed by the proxy operator.
3.3 THE SQUID PROXY SERVER
Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-requested web pages. Squid has extensive access controls and makes a great server accelerator. It runs on Unix and Windows and is licensed under the GNU GPL. Squid is used by hundreds of Internet Providers world-wide to provide their users with the best possible web access.
Squid optimizes the data flow between client and server to improve performance and caches frequently-used content to save bandwidth. Squid can also route content requests to servers in a wide variety of ways to build cache server hierarchies which optimize network throughput.
Thousands of web-sites around the Internet use Squid to drastically increase their content delivery. Squid can reduce your server load and improve delivery speeds to clients. Squid can also be used to deliver content from around the world - copying only the content being used, rather than inefficiently copying everything. Finally, Squid's advanced content routing configuration allows you to build content clusters to route and load balance requests via a variety of web servers.
Squid is a fully-featured HTTP/1.0 proxy which is almost HTTP/1.1 compliant. Squid offers a rich access control, authorization and logging environment to develop web proxy and content serving applications. Squid is one of the projects which grew out of the initial content distribution and caching work in the mid-90s.
It has grown to include extra features such as powerful access control, authorization, logging, content distribution/replication, traffic management and shaping and more. It has many, many workÃ‚Â¬arounds, new and old. to deal with incomplete and incorrect HTTP implementations.
Squid allows Internet Providers to save on their bandwidth through content caching. Cached content means data is served locally and users will see this through faster download speeds with frequently-used content.
A well-tuned proxy server (even without caching!) can improve user speeds purely by optimizing TCP flows. Its easy to tune servers to deal with the wide variety of latencies found on the internet - something that desktop environments just aren't tuned for.
Squid allows ISPs to avoid needing to spend large amounts of money on upgrading core equipment and transit links to cope with ever-demanding content growth. It also allows ISPs to prioritize and control certain web content types where dictated by technical or economic reasons.
3.3.1 SQUID STYLE TRANSACTION-LOGGING
Transaction logs allow administrators to view the traffic that has passed through the Content Engine. Typical fields in the transaction log are the date and time when a request was made, the URL that was requested, whether it was a cache-hit or a cache-miss, the type of request, the number of bytes transferred, and the source IP.
High-performance caching presents additional challenges other than how to quickly retrieve objects from storage, memory, or the web. Administrators of caches are often interested in what requests have been made of the cache and what the results of these requests were. This information is then used for such applications as:
Â¢ Problem identification and solving
Â¢ Load monitoring
Â¢ Statistical analysis
Â¢ Security problems
Â¢ Cost analysis and provisioning
Squid log file format is:
time elapsed remotehost code/status bytes method URL rfc931 peerstatus/peerhost type A Squid log format example looks like this:
1012429341.115 100 172.16.100.152 TCP REFRESHJVIISS/304 1100 GET http://www.ciscoiiiiages/homepage/news.gif - DlRECT/www.cisco.com -
Squid logs are a valuable source of information about cache workloads and performance. The logs record not only access information but also system configuration errors and resource consumption, such as memory and disk space.
UNIX time stamp as Coordinated Jniversal Time (UTC) seconds with a millisecond Ã‚Â¦esolution.
Length of time in milliseconds that the ache was busy with the transaction.
Note Entries are logged after the reply las been sent, not during the lifetime of the transaction.
IP address of the requesting instance.
Two entries separated by a slash. The first mtry contains information on the result of the xansaction: the kind of request, how it was satisfied, or in what way it failed. The second Ã‚Â¦ mtry contains the HTTP result codes.
Amount of data delivered to the client. This does not constitute the net object size, because headers are also counted. Also, failed Ã‚Â¦equests may deliver an error page, the size of which is also logged here.
3.3.2 SQUID LOG FILES
The logs are a valuable source of information about Squid workloads and performance. The logs record not only access information, but also system configuration errors and resource consumption (eg, memory, disk space). There are several log file maintained by Squid. Some have 10 be explicitly activated during compile time, others can safely be deactivated during run-time.
There are a few basic points common to all log files. The lime stamps logged into the log files are usually UTC seconds unless stated otherwise. The initial time stamp usually contains a millisecond extension.
If we run your Squid from the Run Cache script, a file squid.out contains the Squid startup times, and also all fatal errors, e.g. as produced by an assertQ failure. If we are not using Run Cache, you will not see such a file.
The cache.log file contains the debug and error messages that Squid generates. If we start your Squid using the default RunCache .script, or start it with the -s command line option, a copy of certain messages will go into your syslog facilities. It is a matter of personal preferences to use a separate file for the squid log data.
From the area of automatic log file analysis, the cache.log file does not have much to offer. We will usually look into this file for automated error reports, when programming Squid, testing new features, or searching for reasons of a perceived misbehavior, etc.
The user agent log file is only maintained, if
l.We configure the compile time â€enable-useragent-log option, and
2.We pointed the useragentjog configuration option to a file.
From the user agent log file you are able to find out about distribution of browsers of your clients. Using this option in conjunction with a loaded production squid might not be the best of all ideas.
The store.log file covers the objects currently kept on disk or removed ones. As a kind of transaction log it is usually used for debugging purposes. A definitive statement, whether an object resides on your disks is only possible after analyzing the complete log file. The release (deletion) of an object may be logged at a later time than the swap out (save to disk).
The store.log file may be of interest to log file analysis which looks into the objects on your disks and the time they spend there, or how many times a hot object was accessed. The latter may be covered by another log file, too. With knowledge of the cache_dir configuration option, this log file allows for a URL to filename mapping without recurring your cache disks. However, the Squid developers recommend to treat store.log primarily as a debug file, and so should you, unless you know what you are doing.
This log file exists for Squid-1.0 only. The format is
[date] URL peer status peer host
Most log file analysis program are based on the entries in access.log. Currently, there are two file formats possible for the log file, depending on your configuration for the emulate^ httpd Jog option. By default, Squid will log in its native log file format. If the above option is enabled. Squid will log in the common log file format as defined by the CER'N web daemon.
'The Common Logfile Format is used by numerous HTTP servers. This format consists of the following seven fields:
remote host rfc931 authuser [date] "method URL" status bytes
It is pars able by a variety of tools. The common format contains different information than the native log file format. The HTTP version is logged, which is not logged in native log file format.
The log contents include the site name, the IP address of the requesting instance, date and time in unix time format, bytes transferred, the requesting method and other such features. Log files are usually large in size, large enough to be mined. However, the values of an entire line of input changes with the change in header.
The common log file format contains other information than the native log file, and less. The native format contains more information for the admin interested in cache evaluation. The access.log is the squid log that has been made use of in this project. The log file was in the form of a text file shown below :
File Eft Form* View llei|>
ii85 s.._.s.:.3 -CP>:5S/290 i85.ON__.CT 18.104.22.168.44. ::Ã‚Â»xc''/64.n.ioi.:5s :i:iic.:iS87.:jii
1198 85.141.2J7.136 ICP_MI5S/200 143 CONNECT login.icq.can:443 -DIRECT/22.214.171.124 -11204073887.231
8219 .'06.51. 233.54 TCPJ4ISS/200 10286 TOST http://www.go_gle -DIRECT/126.96.36.199 text/ht_ilDl040.'38.7.237
1229 188.8.131.52 TCF.flISS/302 630 GET http://Ww.around-japjncg1-b1n/rjnk/access.egl' -DIRtCi/210.188.2-5.12 text/html[1_04073337.263 170*7 184.108.40.206 TCP_HISS/200 5901 GET http://VnbBjil.charterimaqes/portal/MailAd.ipg -DIREC1/2Q220.127.116.11 image/ipegll204073387.265 1257 18.104.22.168 TCPJ4ISS/302 679 GET http://wm.club-support.riet/cgl-b1rVrank...nklink.cgl -DIRECT/202.212,131.188 text/html 112040/3887.266 1257 22.214.171.124 TCPJ.ISS/200 183 CONNECT login.icq.ttjm:443 -DIRECT/126.96.36.199 -11204073887.441
7891 188.8.131.52 TCP.MSS/500 758 POST http://Ww.7hue.com.cn/djtj/crjmnientAdd_Coinnent.asp -DIRECT/210.51.1 J.83 text/html 11204073887.471
1463 219.117,248.243 TCP_MISS/20u 6286 GET http://Ww.google -DIRECT/184.108.40.206 text/html_120407.8S7.4Bb
465 220.127.116.11 TCPJ1ISS/2Q. 977 POSI http://hiysstud1o.co_/proxy5/check.php -DIRECT/18.104.22.168 text/html[12040/3887.642
23638 22.214.171.124 TCPJ4ISS/999 3002 GET http://126.96.36.199/config/i5p_.erify_user' -DIRECT/188.8.131.52.99 text/htmlJ12O4073887.668
645 184.108.40.206 TCPJ.ISS/200 466 POST http://nuhost.info/eye.php -OIRECT/220.127.116.11 cext/Titmll1_.10.3387.G72
649 18.104.22.168C TCP..MISS/200 467 POST http://nuhost.info/_ye.php -DIRECT/22.214.171.124 text/himli)12u4073887.68i
3653 24.195,130.110 TCPJMISS/999 5080 GET http://126.96.36.199/confiq/isp_verify_USer'- -DIRECT, .09.191..2.64 te*t/htÃ‚Â«ill204073887.6.5
673 188.8.131.52 TCPJII5S/200 810 GET http://sinarteh.coiri.ru/proxy_checker/proxy_dest.php -DIRECT/184.108.40.206 text/html 03 2 04 0 . 3 8 87 . 731
708 216.163.8,34 TCPJMI55/200 581 GET hitp://itiobilel.login.vip.den.yahoo.cun/config/pwtokeiugrjt -DIRECT/716.155. 200.61 application/octet-stream!
2 5 6 3 5 60.172 . 204 . 2 5 0 TCPJ.ISS/200 12077 GET http://aqr'l.diytrade.c_ii/sdp/514222/2/...7270.htiin -MKECr/220.127.116.11 text/html 1120407388/.76
:747 18.104.22.168 TCPJ.ISS/200 581 GET http://_i.17.manlier.in.yahooconf1g/pwtoken_get -DIRECT/22.214.171.124 appHcat1on/octet-streainQl204073887.824
:801 126.96.36.199 TCPJMISS/200 595 GET http://w_w.arca_-_Hriners.c_t_/banners.php' -DIRECT/188.8.131.52 text/html[1204073837.835
754 184.108.40.2062 TCPJ.I55/302 386 GET http://pod-o-lee.iiiyiiiinicity.fr/sec -DIRECT/220.127.116.11 text/htni!lll2O4073687.903
2684 18.104.22.168 TCPJ.ISS/500 451 POST http://sheblogs.peopleaggregatorcontent.php -DIRECT/22.214.171.124 text/htmll204073887.974
951 126.96.36.199 TCPJMISS/200 139 CONNECT 188.8.131.52:443 -blRECT/184.108.40.206 -111204073888.010
3001 219.161,217.101 TCP_MSS/200 4144 GET http://mamono.2chtest/read.cgi/tvd/1200928402/1 -DIRECT/220.127.116.11 text/html[120S073888.153 1131 18.104.22.168 TCPJUSS/200 583 GET http://17.login.krs.yahooconfiq/pwroken_get -DIRECT/22.214.171.124 application/octet-screaM1204 0 7 3 8 38.189 1166 126.96.36.199 TCP_MISS/200 182 CONNECT 205.1881153.249:443 -DIRECT/188.8.131.52 -[1204073388.270 6264 184.108.40.206 TCP_MISS/200 199 CONNECT tcpconn.tencent.com:443 -DIRICT/220.127.116.11 -03204073888.423
1400 18.104.22.168 TCP_MI55/200 973 POST hnp;//hpcgi2.nifty.comA"inokankyo/BBS2/./aska.cgi -DIRECT/22.214.171.124 text/html.1204073888.423 4 10 64.124 . 9.8 KP_HIT/:00 10400 GkT http://Ww.pltorenihousariddigltstest.ixt -NONE/- teÃ‚Â«t/plÃ‚Â»1r.U.040738J8.$45
34422 126.96.36.199 ICPJII55/200 5942 POST http://www.volijriteertravelcostarica.co...5ting.php' -DIRECT/188.8.131.52 text/html .1204073888.634
1612 184.108.40.206 TCP._l.I5S/209 292 CONNECT 220.127.116.11:443 -DIRECT/18.104.22.168 -.120407388..649
636 22.214.171.124 TCPJMISS/200 601 POST http://sm.cusbbs.caii/proxy.php -DIRECT/126.96.36.199 text/htm! 1112040738.8.682
669 188.8.131.52 TCPJ.ISS/200 466 POST http://riuhost.1nfo/eye.php -DIRECT/184.108.40.206 text/htm^H204073883.759
746 220.127.116.11 TCPJMISS/200 401 POST http://megafasthost.info/eye.php -DIRECT/.18.104.22.168 text/html[1204073888.760
747 22.214.171.124 TCPJMISS/200 402 POST http://h1kufeye.php -DIRECT/126.96.36.199 text/html.1204073838.765
753 188.8.131.52 TCP_MIS5/200 399 POST http://megjfasthost.info/eye.php -DIRECT/184.108.40.206 text/html 11204 0 73 8 8 8 . 792 779 220.127.116.11 TCPJMISS/200 935 GET http://botmasternetproxy/http/engine.php -DIRECT/18.104.22.168 text/html[1204073388.818 5801 22.214.171.124 TCPJ1ISS/302 802 POST http://wwj.fngeetsphpbb/posting.php -DIRECT/126.96.36.199 text/html[1204073388.821 80S 66 . 2 3 2.113.194 TCPJ.ISS/200 402 POST http://hikufeve.php -DIRECT/188.8.131.52 text/html01 204 0 7 3 S88.833
8804 184.108.40.206 TCPJMISS/200 945 POST http://add-1n.co.3p/tbbs/old/imqbbs/1mgboard.cg1 -DIRECT/220.127.116.11 text/ht_i.lC1204073888.S41 828 18.104.22.168 1CPJ4ISS/200 4 02 POST http://hikufeye.php -DIRECT/22.214.171.124 text/htmlD1204U73838.849
8821 126.96.36.199 TCPJMISS/200 521 POST http://tesi.zJleJs1ng.c_n/Guestboofc/e_jdd msg.asp -DIRECT/188.8.131.52 text/htmiDl/04073888.852 839 184.108.40.206 TCP_MIiS/200 753 GET http://engine.espace.netaven1r -DIRECT/220.127.116.11 tex.Aitmlll204 0 7 S888.939 926 06.232.113.62 TCPJ.ISS/200 1957 POST http://victors-iwmaindex.php -DIRECT/18.104.22.168 text/htmlB204073888.94Ã‚Â¬929 22.214.171.124 TCPJ1ISS/302 913 GET http;//www,gettakaratok/rankllnk.cgi -DIRECT/126.96.36.199 text/htmlD12O4073888.947 9935 188.8.131.52 TCP_HISS/302 374 POST http://ww.dinexus.nl/guestbook/s1gnbook.php -DIRECT/184.108.40.206 text/html 11204073889.000 84 7 77 . 73.185.2 5 0 TCP.XI5S/304 4 4 0 GET http://www.singlepjreritmeetconmunity/im..._liook.qif -DIRECi/220.127.116.11 -112O4073339.023 2001 18.104.22.168 TCPJ.ISS/200 10340 GET http://www.youtube.c_it/barackobama -OIRECT/22.214.171.124 text/ht_ilo_204073889.221 3212 126.96.36.199 TCP_MISS/200 3916 GET http://www.kyksy.C_ll/5ite/promotion.php' -DIRECT/188.8.131.52 text/html 112040,'3839.251 1238 184.108.40.206 TCPJMISS/200 183 CONNECT 220.127.116.11:443 -OIRECT/18.104.22.168 -.1204073889. 271 1256 82,114.228.67 TCP_MI5S/200 185 CONNECT login.icq.COÃ‚Â»i:443 -DIRECT/22.214.171.124 -_L.2O4073889.414
451 126.96.36.199 TCPJMISS/200 581 GET http://ml7.iiiember.1n.yahooconf1g/pwtoken_get -OIRECT/188.8.131.52 applicjtion/o.re'.-stream012040388-.499
15911 184.108.40.206 TCPJ.ISS/200 701 POST http://www.qixiusoft.cn/addjnsg.asp -DIRECT/220.127.116.11 text/html 11204 0 7 3 8 89 . 5 08
19622 24. 95.156.140 TCP_MI55/999 3002 GET http://n37.loqin.mud.yahooconfig/login -DIRECT/18.104.22.168 text/html[1204073889.604
2581 22.214.171.124 TCPJ1IS5/999 5082 GET http://126.96.36.199/conf1g/1sp_ver1fy_iiser -DIRECT/188.8.131.52 text/htmlol.204 0 7 3 8 8 9 . 634
7629 184.108.40.206 TCPJUSS/502 1366 POST http://megafasthost,info/eye!php -DIPECT/72.232.67,226 text/htii.111204973889.648
7642 220.127.116.11 FCP.HISS/502 1366 POST http://megjfjsthost.info/eye.php -DIRECT/72.232.67,226 text/html 11204073889.659
6642 18.104.22.168 TCP_MISS/999 5082 GET http://fl.m_iiber.ukl.yahooconfiq/login -DIRECT/22.214.171.124 text/htm 111204073889.674
41070 126.96.36.199 TCP_MISS/200 3053 POST http://blogs.shintak.info/archive/2005/06/ie/6309.aspx -DIRECT/188.8.131.52 text/html_1204D73839.689
686 184.108.40.206 tcpj.55/200 581 GET http://rhobilel.login.v1p.dcn.yahoo.ccmi...okeri_get7 -OIRECT/220.127.116.11
3706 18.104.22.168 TCPJMISS/302 580 POST http://helpdesk.fasthitindex.php -DIRECT/202.53. 5.147 text/html 11204073889.723
6706 22.214.171.124 TCPJ1ISS/200 675 HEAD http://ww.axishq.wwlionlinephpBB2/v1e_topic.php -DIRECT/66,28.224.201 text/html[1204073889.741
738 126.96.36.199 TCPJ-S5/200 400 POST http://meqjfJSthost.info/eye.php -DIRECT/188.8.131.52 text/hti_lB12O4073889.770
76 7 66 . 2 3 2.113.194 TCPJitSS/200 402 POST http://hikufeye.php -DIRECT/184.108.40.206 text/html 11204 0 7 3 8 89 . 971
3962 220.127.116.11 TCPJ.I5S/200 184 CONNECT login.icq.coiÃ‚Â»:443 -DIRECT/205.188.153,121 -11204073890.016
36739 18.104.22.168 TCPJ.ISS/200 4701 GET http://__vj.ba1du.eom/s -DIRECT/22.214.171.124 text/htmlD12040738.0,022
401 3 6 9 . 64 . 45.239 TCPJMISS/200 4530 POST http://www.denic.de/Ae_w1.ois/iridex -DIRECT/126.96.36.199 toxt/ht_il.l20.1073890.o22
1019 188.8.131.52 TCP_HISS/200 144 CONNECT 184.108.40.206:443 -DIRECT/220.127.116.11 -11234073890.129
988 18.104.22.168 TCPJUSS/200 489 GET http://gadr.et.h1t.g_.1us.pl/-l2O4074244l40/redot.gif -DIRECT/22.214.171.124 .mage/gifQ12O4073S90.i56 32445 126.96.36.199 TCP-WSS/999 5084 GET http://188.8.131.52/ci_ifig/isp_verify_user' -DIRECT/87, 248.107.127 text/htmlll2O407<990.178 6357 184.108.40.206 TCPJMISS/200 585 POST http://tenayagroup.eom/blog/_p-cc_ment5-post.php -DIRECT/220.127.116.11 text/tltm 111204073890.228
Figure 18.104.22.168 : Access.log used as database
3.3.3 SQUID RESULT CODES
The TCP_ codes refer to requests on the HTTP port (usually 3128). The UDP_ codes refer to requests on the ICP port (usually 3130). If ICP logging was disabled using the logicp queries option, no ICP replies will be logged.
A valid copy of the requested object was in the cache. TCP_MISS
The requested object was not in the cache. TCP REFRESH HIT
The requested object was cached but STALE. The IMS query for the object resulted in "304 not modi lied".
The requested object was cached but STALE. The IMS query failed and the stale object was delivered.
The requested object was cached but STALE. The IMS query returned the new content. TCP CLIENTJREFRESH MISS
The client issued a "no-cache" pragma, or some analogous cache control command along with the request. Thus, the cache has to-prefect the object.
The client issued an IMS request for an object which was in the cache and fresh. TCP SWAPFAIL MISS
The object was believed to be in the cache, but could not be accessed. TCPNEGATIVEHIT
Request for a negatively cached object, e.g. "404 not found", for which the cache believes to know that it is inaccessible. Also refer to the explanations for negative^ ttl in your squid.conf file.
A valid copy of the requested object was in the cache and it was in memory, thus avoiding disk accesses.
Access was denied for this request. TCP_OFFLINE_IIIT
The requested object was retrieved from the cache during offline mode. The offline mode never validates any object.
A valid copy of the requested object was in the cache. UDP MISS
The requested object is not in this cache.
Access was denied for this request. UDP_IN VALID An invalid request was received. UDP_MISS_NOFEl CH
During "-Y" startup, or during frequent failures, a cache in hit only mode will return either UDPJHIT or this code. Neighbors will thus only fetch hits.
Seen with errors and cache manager requests.
3.4 HTTP RESULT CODES
These are taken from RFC 2616 and verified for Squid. Squid-2 uses almost all codes except 307 (Temporary Redirect), 416 (Request Range Not Satisfactory), and 417 (Expectation Failed). Extra codes include 0 for a result code being unavailable, and. 600 to signal an invalid header, a proxy error. Also, some definitions were added as for RFC 2518. Yes, there are really two entries for status code 424, compare with http_status in src/enums.h;
USED MOSTLY WITH UDP TRAFFIC
203 NON-AUTHORITATIVE INFORMATION
204 NO CONTENT
205 RESET CONTENT
206 PARTIAL CONTENT
207 MULTI STATUS
300 MULTIPLE CHOICES
301 MOVED PERMANENTLY
302 MOVED TEMPORARILY
304 NOT MODIFIED
305 USE PROXY
307 TEMPORARY REDIRECT
400 BAD REQUEST
402 PAYMENT REQUIRED
404 NOT FOUND
405 METHOD NOT ALLOWED
406 NOT ACCEPTABLE
407 PROXY AUTHENTICATION REQUIRED
408 REQUEST TIMEOUT
411 LENGTH REQUIRED
412 PRECONDITION FAILED
413 REQUEST ENTITY TOO LARGE
414 REQUEST URI TOO LARGE
415 UNSUPPORTED MEDIA TYPE
416 REQUEST RANGE NOT SATISFIABLE
417 EXPECTATION FAILED
424 FAILED DEPENDENCY
433 UNPROCESSABLE ENTITY
500 INTERNAL SERVER ERROR
501 NOT IMPLEMENTED
502 BAD GATEWAY TABLE 3.4.1 : HTTP result codes
3.5 HTTP REQUEST METHODS
Squid recognizes several request methods as defined in RFC 2616. Newer versions o Squid also recognize RFC 2518 "HTTP Extensions for Distributed Authoring WEBDAV extensions.
OBJECT RETRIEVAL AND SIMPLE SEARCHES.
SUBMIT DATA (TO A PROGRAM).
UPLOAD DATA (E.G. TO A FILE).
REMOVE RESOURCE (E.G. FILE).
APPLN LAYER TRACE OF REQUEST ROUTE.
REQUEST AVAILABLE COMM. OPTIONS.
TUNNEL SSL CONNECTION.
RETRIEVE PROPERTIES OF AN OBJEC
CHANGE PROPERTIES OF AN OBJECT
CREATE A DUPLICATE OF SRC IN DST.
MOVE LOCK UNLOCK
ATOMICALLY MOVE SRC TO DST.
LOCK AN OBJECT AGAINST MODIFICATIONS.
UNLOCK AN OBJECT.
TABLE 3.4.2 : HTTP request methods
4.1 FEATURES OF LANGUAGE (PERL)Practical Extraction and Reporting Language is an interpreted language optimized for scanning arbitrary text files, extracting information from those text files, and printing reports based on that information, it's also a good language for many system management tasks.
Â¢ The language is intended to be practical (easy to use, efficient, complete) rather than beautiful (tiny, elegant, minimal).
Â¢ It combines (in the author's opinion, anyway) some of the best features of c, sed, awk, and sh, so people familiar with those languages should have little difficulty with it. (language historians will also note some vestiges of Pascal and even basic-plus.)
Â¢ Unlike most UNIX utilities, Perl does not arbitrarily limit the size of our data â€ if we have got the memory, Perl can slurp in our whole file as a single string, recursion is of unlimited depth.
Â¢ The hash tables used by associative arrays grow as necessary to prevent degraded performance. Perl uses sophisticated pattern matching techniques to scan large amounts of data very quickly.
Â¢ Although optimized for scanning text, Perl can also deal with binary data, and can make dbm files look like associative arrays (where dbm is available).Setuid Perl scripts are safer than c programs through a dataflow tracing mechanism which prevents many stupid security holes.
Â¢ The overall structure of Perl derives broadly from C. Perl is procedural in nature, with variables, expressions, assignment statements, brace-delimited code blocks, control structures, and subroutines.
Â¢ Perl also takes features from shell programming. All variables are marked with leading sigils. which unambiguously identify the data type (scalar, array, hash, etc.) of the variable in context. Importantly, sigils allow variables to be interpolated directly into strings.
Â¢ Perl has many built-in functions which provide tools often used in shell programming (though many of these tools are implemented by programs external to the shell) like sorting, and calling on system facilities.
Â¢ Perl takes lists from Lisp, associative arrays (hashes) from AWK, and regular expressions from sed. These simplify and facilitate many parsing, text handling, and data management tasks.
Â¢ In Perl 5, features were added that support complex data structures, first-class functions (i.e., closures as values), and an object-oriented programming model. These include references, packages, class-based method dispatch, and lexically scoped variables, along with compiler directives .
Â¢ All versions of Perl do automatic data typing and memory management. The interpreter knows the type and storage requirements of every data object in the program; it allocates and frees storage for them as necessary using reference counting (so it cannot reallocate circular data structures without manual intervention). Legal type conversions -for example, conversions from number to stringâ€are done automatically at run time; illegal type conversions are fatal errors.
Â¢ Perl has a context-sensitive grammar which can be affected by code executed during an intermittent run-time phase. Therefore Perl cannot be parsed by a straight Lex/Yacc lexer/parser combination. Instead, the interpreter implements its own laxer, which coordinates with a modified GNU bison parser to resolve ambiguities in the language.
Â¢ The execution of a Perl program divides broadly into two phases: compile-timc and run-time. At compile time, the interpreter parses the program text into a syntax tree. At run time, it executes the program by walking the tree.
4.2 PERL CODE FOR MINING
i 6 :
12 j nptn (DAT, Sdi.uifiJ.-f ! ! 1.1 fiile content-<LiU>;
]:eM7h * line ft'".
.U | (5ET,tP,iC3,SBYTt;,;MT,8KAHi:,;P:;;H.: ^1| peint "*NAÃ‚Â«E"; 32 : print "\n"; 83! inumfgarray, "SWAHr'.i ; Ã‚Â¦2*1 ! ! -< Ã‚Â¦
j 27 : Ã‚Â£uiedch (IJaEtttyj
teach $Weye (keys '
FIGURE 4.2.1: PERL Program for mining
The Perl code to mine access.log makes use of the construct splitf) which is required to split a line of text in the log file. The extracted site name is pushed into an array for comparison purposes. After the required comparison to determine the number of times that a site has been repeated, both the site and its corresponding count is inserted into a hash array.
The Hashed array is now utilized for sorting the site name in the descending order of its count. The count and the corresponding site name is displayed as the output.
4.3 DISPLAYED OUTPUT
He "dt vm Rut feUM* Pflri Serve Mndm ti*>
l.t.tp://wÃ‚Â«Ã‚Â«.around-]apanc:gi-bin,/tarikyacce33.cgi http://rebiaail.cliarteciniages/portal/IIaiHd.jP9 6ttp://Ã‚Â»Ã‚Â«Ã‚Â».club-supportcgi-bio/cank'ing/ranklink.cgii Ã‚Â¦ login.icq.com:413
ht tp://ZOZ. 86.4.199/conf ig/ ispverify_u3er 7
http://5marteh.com.ru/proxy checker/proxy de3t.php
tttp://iÃ‚Â»r*.BW*>L. in. yahoo, cui/coni ig/pirtoken_get
.22.214.171.124:413 V.tp://mamono. 2chtest/read, cai/cvoV 1200928402/1
FIGURE 4.2.2 : VISITED SITES
This is the output to the program in figure 4. It displays only the sites that have been reqtiested for, visited and even those that have been denied access from the proxy server. Hence, the log records all the transactions that have been successful and those that have failed.
TOTAL SITES VISITED : 5238
SITES SORTED IN ORDER OF FREQUENCY OF USiGF.:
hi tp ://hi)nf. coai/'eye. phr
http ://wvw.dertic.de//wet'Vhois/ index
http://thedou Hies ite. com/ eye. php
http: // iwf iiids. org/ eye. php
http ://espace. netavettir. com/ diffusion/ http://72.2l.31.2S/-sirset/eye.php 126.96.36.199:443 188.8.131.52:113
http:III 184.108.40.206/config/pwtoken_get http://vw.dti-tanker.coM/public/jp/click: http://m22.member.in.yahooconfig/pwtoken get http://www.tlcketmastet.con: 143 http://botttia.tterrioi proxy/http/eiigine.plip http ://www. youtttbtbarackoboma http://www.googlesearch http://220.127.116.11/-sirsct/eve.chp
|NaiTfi''iiiain,:MT''tt^aJycfce:poisWe!^oatMtetkiie$.^lffi20 : Maine 'man ET" used onV ooce possible typo at sortedSites.pl tie 20: Ã‚Â¦ Name 'man IP' used onV once possiete two at sottedsitespl rte 20.
Figure 4.2.3 : Sites sorted in frequency of usage
BYTES DOWNLOAD EI1 yiTK NAHE
606811 http //2O2.1Q4.241.3/qqÃ‚Â£ile/qq/update/qqiipCiateeenter206.zip
89926 http //hwk, antrecotci. net/cgi-bin/bbs.cgi
89955 http //uw.casba.ne, jp/cgi~bin/ca3-bbs/yybb3.cgi
78307 http //BÃ‚Â»H.blowjob-pics.info/submit.html
78240 http //www.rfiy-real-livegirl/sayuki/bbs/c lever, cgi6442 6 http //iBage32.singleparentrseet.coBi/30/l4S/4689l15/ 1137852.jpg
62330 http //bp 12 3. spre ebb. cost/index, php
62414 http //forum, pouweb showthread.php
61633 http //ww.soybean.co. jp/cgi-Qpt/bbs/soybean_bbs.cgi
58949 http //tvoyapolovina.at.ua/
56631 http //uw. spike, com/search
56594 http //wwu. gennim-guji-clappasggc/index, php49106 http //engine.espace.netavenirlib/NETAVENIR/HETAVtNlR.is
47775 http //www.theeharly.f2sver taller.php47558 http //tnithlaidbearshowdetails.php45410 http / / 3eshg. coin/ vb/sendmessage. php
45039 http //kr.blog. yahoo.coin/cmkr/tHBLCWarite curt, html
43060 http //www. hardplayharclbb3/yybbs.cgi42152 http //comedy,irk.ni/guestbook/gueatbook/
42142 http //05xx. sub, jp/ sfsrver/bbs/ index.cgi
41878 http /Jvm.aemwT.vz
39246 http / / veetra. auto-art. org/ web/sue/6/
38502 http //www. yahoo, corn/
38110 http //www.nuninovacat-list/4/added/27834569 http //www.ostee,com/cgi-bin/bbs/clever.cgi33900 http / / www. x-iaods. co. nz/t orum/ index. php
33895 http //www.oztee. coiti/cgi-bin/bbs/clever. cgi33595 http //www. rainboapushcgi-biti/discus/board-post. pi33449 http //faithandrear.blogharborblog/ciiidKdo post corntiTent
33206 http //cim-phil.hp.infoaeek.co.jp/cgi-bin/yybbs.cgi
30382 http //ok. 2 lciitoplist/song.jsp29594 http //search,en.yahoosearch
2 8757 http //blog.sina.com.cn/s/blog 4al87039010005uiÃ‚Â».htÃ‚Â»l
27543 http //phot0370.nas2a-klasa.pl7devll3/0/O6l/266/OO61266097.jpg
26430 http //ews.sogou.eoio/websearch/corp/search. jsp
2593 6 http //hi. baidÃ‚Â«.cora/hggi8/b log/it ett^bedcci4 3 d447ca4c3 9e3d62e9.html
25483 http //www.gecsan.ru/vent cond.html25464 http //hww.ticketamstec.cora/event/06003F65BEE317745
25316 http //MÃ‚Â«w.3ingleparentBieet.cora/coiÃ‚Â«(iunity/nieinber/
25227 http //uiiiqueduiiip.coi'd/ indes. php
25225 http /7phot03l7.aasza-kltt3a.pl/dev42/0/036/134/00361340V8.jpg
25105 http //sacradoctrina.b logspot2006/ll/gestur efj-toHarti.':"-snare r.s-25040 http //inwaoes. gooqle imaqes
Nome "main ET" used only once: ixjistole lypo <i rowidowiloadedpl line 1 hÃ‚Â«P8 Ã‚Â¦ '6Wi MT"u^onivnrco' possUel>\)o jl iixAldu^n>>odded.pl line 19 Name ' toanJP'usedorÃ‚Â»vonce, potable lwÃ‚Â» atmoridowibauedpiSue 1S.
Figure 4.2.4 : Sites sorted in terms of bytes downloaded
I* Sid Input! '(! Scrip) Ã‚Â© Sid [Up'i
fCP^HISS/200 TCPJ1ISS/2QQ TCPJIISS/200 TCPJUSS/302 JCP_flISS/4CJl TCPJHSS/200 TCP HISS/200 TCP JUSS/2QQ |CP_HI3S/200 TCP_HIS5/200
NUMBER OF SITES THAT WEP.E DEN IIP ACCESS
ACCESS DENIED SITES *'
ms94.UEl.com.tw:25, TCP_DENKD/4Q3 iroxyzone.ru:8030, TCP_DF.NIÃ‚Â£D/403 proxyvay.net:60, TCP_DENIED/403 Cup,mail.xmte.net;25, iCP_DENIED/403 H-iW.ftp8.co.uk:80, TCP_DENIED/4C3 http://www.google.com:80, TCP DENIED/403
; ,man:APP"usetion|i'Ã‚Â«ico: poBfc!e-jTÃ‚Â»aUepdtfiedpl!MÃ‚Â»li Ã‚Â¦F*j.o'iriÃ‚Â«n::MT',u)edon(|JorÃ‚Â«! ijoufcletypoattcpctencd.plline 12 Ã‚Â¦Ã‚Â¦Ã‚Â¦.'Ã‚Â¦c "maitlP" wed onk> one* owtiie !wo a' tcudoniedplliiw 12.
Figure 4.2.5 : Sites that were denied access
CHAPTER 5 TESTING
5.1 SYSTEM TESTING
Testing is a set activity that can be planned and conducted systematically. Testing begins at the module level and work towards the integration of entire computers based system. Nothing is complete without testing, as it is vital success of the system.
There are several rides that can serve as testing objectives, they are Testing is a process of executing a program with the intent of finding an error A good test case is one that has high probability of finding an undiscovered error. A successful test is one that uncovers an undiscovered error.
If testing is conducted successfully according to the objectives as stated above, it would uncover errors in the software. Also testing demonstrates that software functions appear to the working according to the specification, that performance requirements appear to have been met.
There are three ways to test a program
Â¢ For Correctness
Â¢ For Implementation efficiency
Â¢ For Computational Complexity.
Tests for correctness are supposed to verify that a program does exactly what it was designed to do. This is much more difficult than it may at first appear, especially for large programs.
Tests for implementation efficiency attempt to find ways to make a correct program faster or use less storage. It is a code-refining process, which reexamines the implementation phase of algorithm development.
Tests for computational complexity amount to an experimental analysis of the complexity of an algorithm or an experimental comparison of two or more algorithms, which solve the same problem.
The following ideas should be a part of any testing plan:
Â¢ Preventive Measures
Â¢ Spot checks
Â¢ Testing all parts of the program
Â¢ Test Data
Â¢ Looking for trouble
Â¢ Time for testing
Â¢ Re Testing
The data is entered in all forms separately and whenever an error occurred, it is corrected immediately. A quality team deputed by the management verified all the necessary documents and tested the Software while entering the data at all levels. The entire testing process can be divided into 3 phases
Integrated Testing Final/ System testing
5.1.1 UNIT TESTING
As this system was partially GUI based WINDOWS application, the following were tested in this phase
Reverse Tab Order
Front end validations
In our system, Unit testing has been successfully handled. The test data was given to each and every module in all respects and got the desired output. Each module has been tested found working properly.
5.1.2 INTEGRATION TESTING
Test data should be prepared carefully since the data only determines the efficiency and accuracy of the system. Artificial data are prepared solely for testing. Every program validates the input data
5.1.3 VALIDATION TESTING
In this, all the Code Modules were tested individually one after the other. The following were tested in all the modules
Boundary Value analysis
Equivalence Partitioning Testing
In our case all the modules were combined and given the test data. The combined module works successfully with out any side effect on other programs. Everything was found tine working.
5.1.4 OUTPUT TESTING
This is the final step in testing. In this the entire system was tested as a whole with all forms, code, modules and class modules. This form of testing is popularly known as Black Box testing or system testing.
Black Box testing methods focus on the functional requirement of the software. That is, Black Box testing enables the software engineer to derive sets of input conditions that will fully exercise all functional requirements for a program.
Black Box testing attempts to find errors in the following categories; incorrect or missing functions, interface errors, errors in data structures or external database access, performance errors and initialization errors and termination errors.
CHAPTER 6 CONCLUSION
The project report entitled "DATAMINING USING FUZZY LOGIC" has come to its final stage. The system has been developed with much care that it is free of errors and at the same time it is efficient and less time consuming. The important thing is that the system is robust. We have tried our level best to make the complete the project with all its required features.
However due to time constraints the fuzzy implementation over the mined data has not been possible. Since, the queries related to mining require the proper retrieval of data, actual connl is preferred over applying fuzziness into count.
OVERVIEW OF PERL EXPRESS 2.5
PERL EXPRESS 2.5 is a free integrated development environment (IDE) for Perl with multiple tools for writing and debugging your scripts. It features multiple CGI scripts for editing, running, and debugging; multiple input fdes; full server simulation; queries created from an internal Web browser or query editor; test MySQL, MS Access scripts: interactive I/O; directory window; code library; and code templates.
Perl Express allows us to set environment variables used for running and debugging script. It has a customizable code editor with syntax highlighting, unlimited text size, printing, line numbering, bookmarks, column selection, a search-and-replace engine, multilevel undo/redo operations. Version 2.5 adds command line and bug fixes.
The developed system is flexible and changes can be made easily. The system is developed with an insight into the necessary modification that may be required in the future. Hence the system can be maintained successfully without much rework.
One of the main future enhancements of our system is to include fuzzy logic which is a form of multi-valued logic derived from fuzzy set theory to deal with reasoning that is approximate rather than precise.
1. frequent Pattern Mining in Web Log Data - Renata Ivancsy, lstvan Vajk
2. Squid-Style Transaction Logging (log formats) - http://www.cisco
3. Mining interesting knowledge from weblogs: a survey - Federico Michele Facca, Pier Luca lanzi.