Writing a research paper: October 2019

Wednesday, October 30, 2019

World literature Essay Example | Topics and Well Written Essays - 250 words

World literature - Essay Example It contains a lot of advice that seems pretty reprehensible today, but is definitely pragmatic. For instance one important piece of advice is that it is better to be feared than loved, because men who are afraid of their leader are less likely to rebel (132). The Heptameron story shows a similar view towards mankind, although it is not quite as pragmatic but more tragic. It shows how mankind, when placed in situations that are difficult, or that dont let them get exactly what they want, will do all sorts of things regardless of their professed intentions or their supposed interest in things like chivalry. That is seen in how the tale of Florida and Amador ends up, and how both characters are seen to have made up ideals which do not match reality. Of Cannibals is an essay arguing for how to convert non-European people to acting more "civilized" in the manner of the times. It is very explicitly about how the European culture should push its own ways of living off on other people, which would give them a lot of power over them culturally as well as just by military might. These three pieces of work taken together give us a clear glimpse of some of the diverse ways people at the time thought about their fellow human beings and

Monday, October 28, 2019

The love for American football Essay Example for Free

The love for American football Essay Someone who is from another country like me, may believe that life in the United States is very diverse from life anywhere else. Countless people from other countries have a completely distorted image of how we may live there in America and the mentalities thatthey all posess. Not all of Americans are spoiled, overweight, or are obsessed with football. All of them are completely different for the most part, and are actually concerned about what is occurring in the world today. However, I do believe I can say that most Americans are proud to be here, and proud to represent the UNITED States, and that pride and love is shared by everyone, kind of like a big family. Just like other countries, there are things that the people tend to be attracted to more than another group of people would. For example, in Mexico, soccer is huge, and almost everyone there is crazy about it, but here in the United States, soccer doesnÃ¢â‚¬â„¢t hold near as many fans. Since one doesnÃ¢â‚¬â„¢t really know a lot about the life in the United States, and the things all Americans seem to enjoy, I would like to enlighten you to the one thing that I believe is totally Ã¢â‚¬ËœAmericanÃ¢â‚¬â„¢. And of coarse, I would have to say its football. Now, no all of Americans enjoy the hazardous sport, but about nine out of ten of them absolutely adore it(including myseld). The competition and the thrill that you get from watching breathtaking game, will most likely have you sitting at the edge of your seat, not wanting to miss a minute of whar you are seeing take place on the television screen. The runs, the cheers, the interceptions, the touchdowns, and most of all the victory when itÃ¢â‚¬â„¢s all over is what I believe makes football what is it today in the society of Americans. If you were to meet another Amrican, I can almost guarantee that the person has a favorite football team that they support with all of theit hearts.

Saturday, October 26, 2019

William Shakespeare :: essays research papers

William Shakespeare William Shakespeare was born in the Hole Trinity Church in Stratford-upon-Avon in Warwickshire on April 23, 1564. He was the first son and third child of John Shakespeare, a leather tanner and a maker of gloves, and Mary Arden Shakespeare. WilliamÃ¢â‚¬â„¢s parents were married around 1558 and had a total of eight children, three of which died in childhood. Ã‚ Ã‚ Ã‚ Ã‚ Ã‚ WilliamÃ¢â‚¬â„¢s family had been living in the area of Warwickshire for many years and was respected. WilliamÃ¢â‚¬â„¢s father was at one time prosperous and elected to municipal offices. He was a member of the Stratford council in 1557 and appointed mayor in 1568. John was not without fault, though, and four times from 1570 to 1572 he faced prosecution for money lending and illegally buying wool. He fell into hard times financially and stopped buying property, went into dept, and even mortgaged part of his wifeÃ¢â‚¬â„¢s inheritance. Ã‚ Ã‚ Ã‚ Ã‚ Ã‚ Despite financial difficulties in the family, the boy WilliamÃ¢â‚¬â„¢s education was not neglected, and he went to the local school in Stratford. Some scholars questions whether a single could have written all the great literature attributes to Shakespeare, citing his schooling as proof that he was poorly educated, but their assumption is probable false. ( ) The teachers in school the William had attended had degrees from Oxford, and the education that the boy received was likely very good. Ã‚ Ã‚ Ã‚ Ã‚ Ã‚ Exactly what young William did after his years of schooling is not really clear, but we do know that during the winter of 1582, at the age of 18, he married Anne Hathaway, the eldest daughter of Richard Hathaway. She was 26, much older than her teenage husband, and pregnant by him. The church announcement of the marriage was waived on November 28, 1582 and less than six months later their first child, Susanna, was baptized in Stratford church on May 26, 1583. Early in 1585, Anne gave birth to twins: Hament, their only son (who died young), and Judith, their second daughter. With a wife and three kids to maintain, and still dependent on his father one of the London acting companies that had been touring in Stratford. Ã‚ Ã‚ Ã‚ Ã‚ Ã‚ Shakespeare moved to London in 1585, where he was very successful. He was an actor and a writer and even owned his own playhouse. He was very respected man there. He was the first playwright to have his formal biography written and published with his works. Ã‚ Ã‚ Ã‚ Ã‚ Ã‚ By 1592 William was firmly established in the big city of London.

Thursday, October 24, 2019

Discuss the contribution of material culture Essay

The aim of this essay is to explore how useful material culture studies is to understanding societies which existed under Roman rule, especially those of Gaul and Britain. These provinces of Rome adopted Roman culture and used Roman objects for their own use, which could come under the heading of cultural bricolage, where new cultural items are obtained by attributing new functions to previously existing ones, however I shall address this later on in the essay. Woolf comments that anthropologists and archaeologists use the concept of culture as a way of making sense of the diversity of human societies that cannot be expressed simply in terms of biological variation. It is seen by many to be a more precise way of understanding societies rather than seeing how advanced or rich a society was.1 Studying and understanding social identity can also be seen as an excellent alternative to relying on narratives written by Roman authors who were biased and wrote from a Ã¢â‚¬ËœRomano-centricÃ¢â‚ ¬â„¢ position, and it also allows us to consider other elements, for instance class,status, gender, age, occupation, and religion. Material culture can be defined as Ã¢â‚¬Å"the study through artifacts (and other pertinent historical evidence) of belief systemsÃ¢â‚¬â€œthe values, ideas, attitudes, and assumptionsÃ¢â‚¬â€œof a particular community or society, usually across time. As a study, it is based upon the obvious premise that the existence of a man-made object is concrete evidence of the presence of a human mind operating at the time of fabrication. The common assumption underlying material culture research is that objects made or modified by humans, consciously or unconsciously, directly or indirectly, reflect the belief patters of individuals who made, commissioned, purchased, or used them, and, by extension, the belief patterns of the larger society of which they are a part.Ã¢â‚¬ 2 Concerning Roman culture, Woolf defines it as Ã¢â‚¬Å"the range of objects, beliefs and practices that were characteristic of people who considered themselves to be, and were widely acknowledged as, Roman.Ã¢â‚¬ It is believed that every man-made object required the operation of some thought and design. Therefore it is the assumption of material culture studies that this thought is a reflection of the culture that produced the man-made objects. With this theory we can see, in some way, how a culture, which had no written records of its existence, lived. One advantage of material culture studies is that it is beneficial to social historians who wish to know about an entire group and not just the elites of a particular society. A useful definition of the term archaeology is that it uses Ã¢â‚¬Å"fieldwork and excavation, and the comparative study of sites and objects to compile information about the pastÃ¢â‚¬ ¦which can illuminate aspects of Roman life which were never recordedÃ¢â‚¬ . However it does have its limitations as it cannot achieve certainty as Ã¢â‚¬Å"all known sites and artefacts are merely a surviving sample of what once existed- and not necessarily a representative sample.Ã¢â‚¬ 4 So in understanding identity we may be able to place these artefacts in context as we will know what particular objects are used for certain practices, for instance burial customs or forms of pottery produced.5 Jones defines cultural identity as Ã¢â‚¬Å"that aspect of a personÃ¢â‚¬â„¢s self-conceptualization which results from identification with a broader group in opposition to others on the basis of perceived cultural differentiation and/or common descent.Ã¢â‚¬ .6 Concerning material culture, Pitts chose 12 areas of study, these were: Ã¢â‚¬Å"architecture, art, epigraphy (inscriptions in stone), faunal remains(animal bones), floral remains, funerary evidence, literature, monumentality, pottery, settlement (morphology and landscape archaeology) and small finds(portable material culture other than pottery)Ã¢â‚¬ .7 Epigraphic inscriptions allows us to observe how literacy spread through Gaul and Britain, along with helping us to trace an Ã¢â‚¬Å"outline of the cultural geography of Roman GaulÃ¢â‚¬ 8 Woolf also comments that inscriptions are useful as they represent a wide range of Roman cultural customs which included political, cultic, and funerary practices. He adds to this by suggesting that inscriptions should be seen as attempts made by people to assert their identities and to show their achievements in terms of status. Art and architecture are important as it gives us some insight into cultural ideologies, however this type of evidence only really survived if it was owned by the elites of the society, and the art and mosaics were only limited to this class, so it has its biases. Although it does have its uses as we can see how the adoption of villa architecture by the British and Gaulish tribes shows the acceptance and spread of Roman culture throughout the conquered countries.

Wednesday, October 23, 2019

Partisan election Essay

The research of Lawrence Baum deals with the relationship between the quantity of information that voters possess and their party voting behavior in partisan election. The paper aims to discern whether there is either a strong or a weak relationship between voters and the knowledge on the candidates of parties involve in the election. The paper explored the relationship in non-partisan elections contested by candidates from opposing parties. Past studies regarding this relationship has produced mixed and confusing empirical results that motivated the author to conduct his own study to further explore and analyze the topic. (Baum, 1987) In political science, the structure and functions of politics in a society are greatly scrutinized and evaluated. This is not meant just to enrich knowledge, but rather to provide society with enough critical evaluations on how they should treat and consider politics in their life. The issue is crucial as it involves the practice of voting which is considered as one of the freedom people living in a democratic is entitled to. Thus, the study is relevant in cultivating the understanding in political science which concerns the nature of politics in society and society itself. Through the effort of the author to bring light into the topic, he analyzed a survey done on two contestants in the 1984 election for Ohio Supreme Court and compared it with the presidential election also during that year. The findings of the study show that despite the highly partisan campaign, part defections by voters were far more common in Supreme Court races than in the presidential race. (Baum, 1987) This reflects the importance of party affiliations of the candidates as the voterÃ¢â‚¬â„¢s source of information about the candidates, which will definitely determine their choice during the elections. Another notable finding of the paper is that different levels of voters information, at the individual level, has differing effects in two supreme court races for the Democratic and Republican voters. Through this finding, the author suggests that the impact of the information levels on the votersÃ¢â‚¬â„¢ choice is a reflection by the information contained in the candidatesÃ¢â‚¬â„¢ campaigns. (Baum, 1987) But the author failed to mention the correlation between voterÃ¢â‚¬â„¢s information about the parties involved in the elections and the result of the elections. What I noticed in the researched was that it also failed to show the true relationship that undermines the effect of information on the voterÃ¢â‚¬â„¢s choice, and whether the popularity of a particular party makes the difference in casting an individual vote. The author notes that the research findings should be critically evaluated and interpreted based on two respects: first is that the individual level findings was based to what is believed to be only moderate good surrogates of voterÃ¢â‚¬â„¢s information thus not implying a concrete viable measure of the information itself, and the second being that the Ohio Supreme Court race is far different from the typical nonpartisan races in the country. (Baum, 1987) The analysis of the research had only contributed by attesting to the logic made by previous research, agreeing or disagreeing to some of the conclusions past research had made and was not able to discern the concrete findings to which we can understand better what the relationship of information on the parties to the candidates, and also in the outcome of the elections. The author admits that the study was not able to settle the issue, rather have suggested only the relationship that is based on a complex and highly conditional situation. With that, the research has contributed only a partial explanation and findings that what was expected from it. Although the study answered the research question directly, it failed to deliver the aspects which concerns to the findings. The paper evaluated the problem by analyzing the issues that surrounds the partisan election during the 1984 Ohio Supreme Court elections. The author analyzed the individual level survey done by Ohio State University Department of Political Science. The telephone interviews of 500 adults in Ohio were done through questions that relate voterÃ¢â‚¬â„¢s information of the parties and their choices of the candidates. The research method through the survey was not able to reach the individual level of perspective of the interviewees, but as the author states, provided logical background on the perception of the voters. This in turn was proven by the author as a means that moderately touched the individual perspective and does not reflect the core of the relationship between information of the party and voterÃ¢â‚¬â„¢s choice. The research only relied on second hand information provided by only one notable institution. Given the exploration of the research aspect in political science, I deem that this method used by Baum was not enough and sufficient to analyze the said complexities of the relationship between party information and voterÃ¢â‚¬â„¢s choice. But the author should be credited for his thorough discussion of the issues surrounding his research method. In this way, he was able to prove that the complexity of the subject must be dealt with an on-going process of research and analysis rather than claiming that he has the answer. As mentioned earlier, political science is a pursuit to understand the complexities of politics and its function in the society. It is an undergoing process to accumulate much and further enrichment of knowledge based on the realm of politics and our everyday living. It is substantial; after all, the author had concluded significantly that the relationship is there, although the complexities and challenges in resolving the issues are evident. The research was intended to explore the issue, not just give the answer to the problem right away. The research was able to do this effectively and the author is humble and honest enough to relate all the things that should be rethought, re-evaluated and analyzed by the reader. One of the roles political science has is to inform and educate society of the complexities of politics, and how the function of politics in society will affect the way they live, think and behave. The research accomplished the goal of educating and exploring further the realm of politics which is known in the society. But further challenging the generation of political scientist, observant, and the society in general to further study the matter and contribute to the increasing knowledge in the area of political science. To this, people are learned, cultured, and are equipped with the knowledge on how to view politics in society so they can make informed and wise choices. Reference: Baum, L. (1987). Information and Party Voting in Ã¢â‚¬Å"SemipartisanÃ¢â‚¬ Judicial Elections. Poltical Behavior, 9(1), 62-74.

Tuesday, October 22, 2019

6 Financial Benefits of a College Degree

6 Financial Benefits of a College Degree A college degree takes a lot of hard work - and often costs a lot of money. As a result, you may wonder if going to college is worthwhile, but its an investment that nearly always pays off. Here are some of the many financial benefits often enjoyed by college graduates. 1. Youll Have Higher Lifetime Earnings People with a bachelors degree earn about 66 percent more than their peers with only a high school diploma, according to the Bureau of Labor Statistics. A masters degree can net you twice as much asÃ‚ someone with a high school education. But you dont have to take on that degree of academic investment to see the benefits: Even those with an associates degree tend to earn 25 percent more than those with high school diplomas. Figures vary by occupation, but your earning potential is highly likely to increase with your level of education. 2. Youre More Likely to Have a Job at All Unemployment rates are lowest among Americans with advanced degrees. Even two years of extra education can make a big difference, as people with associates degrees have a significantly lower unemployment rate than people with high school diplomas. Keep in mind its very important to actually get your degree in order to increase your earning potential and chances of employment because people with some college and no degree dont fare much better than people with just a high school diploma. 3. Youll Have Access to More Resources Going to college means you can take advantage of your schools career center or internship programs, which can help you land your first post-graduate job. 4. Youll Have a Professional Network Before You Start Working Dont underestimate the value of connections. You can leverage the relationships youve made in college and your schools alumni network well after youve graduated, like when youre looking for new job opportunities. Thats decades of value from an investment of just a few years. 5. Youll Experience Indirect Financial Benefits While having a degree wont automatically improve your credit rating, for example, having a good job that you got because of your degree canÃ‚ indirectly increase your credit score. How? Earning more money means youre more likely to be able to meet your financial obligations, like regular bills and loan payments. That can help you avoid paying bills late or having a debt go to collections, which can hurt your credit. On top of that, increasing your earning potential can also improve your ability to save money, which can help you avoid debt. Of course, earning more money doesnt guarantee youll manage it well, but it can certainly help. 6. Youll Have Access to Jobs With Better Benefits Theres more to any job than just the take-home pay. Better-paying jobs, most of which require a college degree, can also offer better perks, like retirement contribution matching, health insurance, health savings accounts, childcare stipends, tuition reimbursement and commuter benefits.

Monday, October 21, 2019

college essay( fire dept) essays

college essay( fire dept) essays I decided to join the fire department a year and half ago as a way to aid the community in which IÃ‚ ¡Ã‚ ¯ve lived all my life. Firefighting has always been an interest of mine. It was something I dreamed of doing as a child. When I began to realize my dream, I had no idea of the obstacles and challenges that I would face, the things I would witness and the change it would have on me as a person. After being voted into the department, I entered what is called a Ã‚ ¡Ã‚ °probieÃ‚ ¡ period, which is a year of probation that all rookie firemen must go through. During this time, I took many courses ranging from water rescue, CPR certification, hazardous material, and extrication training. In addition to these concentrations, I had to clean the firehouse, make beds, wash the trucks, do the dishes, and roll hose. I did this without complaint because I knew it was part of the learning process in becoming a firefighter. All the firefighters were very supportive of me, watched over me, and helped teach me the skills necessary to become a firefighter. The first call I responded to was a signal 50, which means, Ã‚ ¡Ã‚ °fireÃ‚ ¡. I slid down the fire pole, threw on my turnout gear, which consisted of my coat, boots, hat, and pants. I jumped in the truck, feeling an overwhelming sense of nervousness and excitement. I can still remember my captain telling me hit the horn and siren as we went thorough busy downtown Mystic. I was imaging a house engulfed in flames. As we arrived at the scene to my surprise, a brush fire caused by the disposal of coal from a fireplace was the only thing I encountered that day. Since that day, though, I have come upon many high stress situations involving fatal car crashes, search and rescue, and structure fires. My first fire occurred in a two story wood building. I was at the nozzle of the hose, directing the flow of water with my captain and a fellow firefighter behind me. My captain told me ...

Sunday, October 20, 2019

The 13 Forms of Insect Antennae

The 13 Forms of Insect Antennae Antennae are movable sensory organs located on the head of most arthropods. All insects have a pair of antennae, but spiders have none. Insect antennae are segmented, and usually located above or between the eyes. How Do Insects Use Antennae? Antennae serve different sensory functions for different insects. In general, the antennae might be used to detect odors and tastes, wind speed and direction, heat and moisture, and even touch. A few insects have auditory insects on their antennae, so theyre involved in hearing.Ã‚ In some insects, the antennae may even serve a non-sensory function, such as grasping prey. 13 Different Shapes Because antennae serve different functions, their forms vary greatly within the insect world. In all, there are about 13 different antennae shapes, and the form of an insects antennae may be an important key to its identification. Learn to differentiate the forms of insect antennae, and it will help you improve your insect identification skills. Aristate Are Pouch-Like Aristate antennae are pouch-like, with a lateral bristle. Aristate antennae are most notably found in the Diptera (true flies). Capitate Have a Prominent Club or Knob at Their Ends Capitate antennae have a prominent club or knob at their ends. The term capitate derives from the Latin caput, meaning head. Butterflies (Lepidoptera)Ã‚ often have capitate form antennae. Clavate Have a Gradual Club or Knob The term clavate comes from the LatinÃ‚ clava, meaning club. Clavate antennae terminate in a gradual club or knob (unlike the capitate antennae, which end with an abrupt, pronounced knob). This antennae form is found most often in beetles, such as in carrion beetles. Filiform Are Slender and Thread-Like The term filiform comes from the Latin filum, meaning thread. Filiform antennae are slender and thread-like in form. Because the segments are of uniform widths, there is no taper to filiform antennae. Examples of insects with filiform antennae include: rock crawlers (order Grylloblattodea)gladiators (order Mantophasmatodea)angel insects (order Zoraptera)cockroaches (order Blattodea) Flabellate Look Like a Folding Paper Fan FlabellateÃ‚ comes from the Latin flabellum, meaning fan. In flabellate antennae, the terminal segments extend laterally, with long, parallel lobes that lie flat against one another. This feature looks like a folding paper fan. Flabellate (or flabelliform) antennae are found in several insect groups within the Coleoptera, the Hymenoptera, and the Lepidoptera. Geniculate Are Bent or Hinged Sharply Geniculate antennae are bent or hinged sharply, almost like a knee or elbow joint. The term geniculate derives from the Latin genu, meaning knee. Geniculate antennae are found mainly in ants or bees. Lamellate Are Flattened and Nested The term lamellate comes from the Latin lamella, meaning a thin plate or scale. In lamellate antennae, the segments at the tip are flattened and nested, so they look like a folding fan. To see an example of lamellate antennae, look at a scarab beetle. Monofiliform Look Like Strings of Beads Monofiliform comes from the Latin monile, meaning necklace. Moniliform antennae look like strings of beads. The segments are usually spherical, and uniform in size. The termites (order Isoptera) are a good example of insects with moniliform antennae. Pectinate Have a Comb-Like Shape The segments of pectinate antennae are longer on one side, giving each antennae a comb-like shape. Bipectinate antennae look like two-sided combs. The term pectinate derives from the Latin pectin, meaning comb. Pectinate antennae are found mainly in some beetles and sawflies. Plumose HaveÃ‚ a Feathery Appearance The segments of plumose antennae have fine branches, giving them a feathery appearance. The term plumose derives from the Latin pluma, meaning feather. Insects with plumose antennae include some of the true flies, such as mosquitoes, and moths. Serrate Look Like a Saw Blade The segments of serrate antennae are notched or angled on one side, making the antennae look like a saw blade. The term serrate derives from the Latin serra, meaning saw. Serrate antennae are found in some beetles. Setaceous Are Bristle-Shaped The term setaceous comes from the Latin seta, meaning bristle. Setaceous antennae are bristles of insects with setaceous antennae include mayflies (order Ephemeroptera) and dragonflies and damselflies (order Odonata). Stylate Terminate in a Long, Slender Point StylateÃ‚ comes from the LatinÃ‚ stylus, meaning pointed instrument. In stylate antennae, the final segment terminates in a long, slender point, called a style. The style may be hairlike but will extend from the end and never from the side. Stylate antennae are found most notably in certain true flies of the suborder Brachycera (such as robber flies, snipe flies, and bee flies). Source: Triplehorn, Charles A. and Johnson, Norman F. Borror and DeLongs Introduction to the Study of Insects. 7th Edition

Saturday, October 19, 2019

Module 1 TD- TUX 101 - Earning a College Degree Essay

Module 1 TD- TUX 101 - Earning a College Degree - Essay Example An analysis carried out in 29 countries (mostly industrialized ones) confirmed the long-known impression that college education is universally worth the cost and time. On average, degree holders earn 1.5 times that of adults with diplomas from high-school. Whereas a degree is a good investment in other countries, no other nation rewards it like the US. Nonetheless, a degree has got a higher rate of return than majority of financial investments, and it seems these benefits are rising due to financial crisis. This is because, there is a rising premium on superior skills and the biggest casualties are the low skilled since the work is getting digitized, outsourced, automated etc. Secondly, majority of companies use screening rules while selecting potential employees, one of the first rules being; does the candidate have a degree? On the other hand, pundits think that most of those attending 4 year colleges do not graduate even after 6 years and the dropout rate is increasingly high. Even though graduates from college acquire marketable skills, others earn little more income, but with college debts as well as some lost income accrued while one is unsuccessfully chasing a degree. On average, college graduates earn more, live longer, have h ealthy kids, acquire better social skills and generally happier and for those considering long term career, then a degree is an obvious requirement. Thus college is a worthy investment and college graduates accomplish key milestones in

Friday, October 18, 2019

Research Evaluation Essay Example | Topics and Well Written Essays - 2000 words

Research Evaluation - Essay Example ogs can, in fact, be used as remarkably adept tools of knowledge sharing in the context of a knowledge management work environment (Chai and Kim, 2010). The article has pointed out that trust among the individuals making up a knowledge sharing network has been among the most significant issues that can make or break a knowledge management system and in this context, this study specifically deals with the relationship between trust and knowledge sharing habits of people using blogs as a tool for sharing information in the setting of a knowledge management system. The researchers have used deductive reasoning principles in this study and for that purpose, have taken a quantitative research approach for this study. Quantitative research has been described as focusing upon the phenomena that occur in natural settings and has been designed specifically to study those phenomena in all their complexity (Leedy and Ormrod, 2001). According to Peshkin cited in Leedy and Ormrod (2001), these studies have been typically cited to serve one of the following purposes: 2. To allow the researchers to gain knowledge about the nature of a particular phenomenon, to help in the development of new concepts or theoretical perspectives about the phenomenon, and discover the constraints that face that phenomenon. The research in question has specifically been carried out as a qualitative research to understand more about the implications of trust in the knowledge management arena and has been designed to understand more about the impact of trust on the knowledge sharing behavior of bloggers which encourages increased knowledge sharing practices. The research uses the survey method to gather information about the various trust concerns that bloggers have and their impact on the bloggerÃ¢â‚¬â„¢s knowledge sharing behavior. Surveys have been defined as a reliable and relatively simpler way of gathering information on a large scale with minimum effort (Powell, 1998). However, Powell is also of

How Australia Helps Refugees Research Paper Example | Topics and Well Written Essays - 500 words

How Australia Helps Refugees - Research Paper Example According to the DIACÃ¢â‚¬â„¢s official map dealing with the organization of detention centers, Australia uses two systems of welcoming refugees. Offshore clients involve eligible people who get guaranteed the chance to apply for protected status in the country. If approved, the Australian state further awards permanent protection to the individuals, which include the provision of visa. If the individuals play within the laws of Australia, they get accorded full citizenship a factor, which transforms refugees into citizens of Australia. The maritime system, on the other hand, is for refugees who apply for protection from the Australian government after stepping on their soil. It involves irregular maritime apprehensions in the last several years as shown in detention centers such as Sydney, Perth, Christmas Island and Melbourne not forgetting Darwin. Australia refugee policy got stipulated on 24 may 1977 by Mr. Mackler who outlined various principles guiding the humanitarian act.Ã‚ For instance, under the principles, the country recognizes refugees as people who need help and support, but at the same time hold the decision to help them within the government. Furthermore, one of the principles stipulates that assistance gets provided to refugees once they are designated plans for resettlement. Consequently, the country contributes to the United Nation Commissioner for Refugees (UNHCR). It is indispensable to remember that the proponent policy got formulated at a time when Australia was facing a surge of refugees from the war of Vietnam. Considering the sensitivity and the amount of information the project holds, a sensible time is needed to conduct research. The first week of the intensive two-week research involves gathering data from books and other publications. The second week involves carrying out interviews in the relevant departments. This is to ascertain data from books as well as acquire new information helpful in the research. It is also in the week that the research paper gets compiled for submission.

Thursday, October 17, 2019

Foundation Degree Hospitality Management Essay Example | Topics and Well Written Essays - 750 words

Foundation Degree Hospitality Management - Essay Example In simple definition, ration analysis refers to the process by which the figures are quantified in order to understand business performance in terms of financial and operational management. Ratios analysis can be conducted to compare trends in the inter year performance of the organization. It can also be done to compare financial performance of several companies in the same industry. Similarly, the result of the analysis is comparable with that of the industry to which the company belongs. There are five main ratios that are applicable in this scenario. These include Profitability ratios, sales ratios, liquidity ratios, efficiency ratios, and financial ratios. Based on this brief introduction, ratio analysis of the Brown Sugar Cafe will follow in the next part... Identify appropriate techniques used to assess business performance, analysing data by applying selected techniques. Internal verifier: Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦..date:Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦.. RATIO ANALYSIS Case of the Brown Sugar Cafe The assessment of financial and operational performance of an organization can be accomplished through the use of ratio analysis. This is achieved by evaluating the relationship of different figures generated from the companyÃ¢â‚¬â„¢s financial statements. A number of performance indicators are derived from these figures. In simple definition, ration analysis refers to the process by which the figures are quantified in order to understand business performance in terms of financial and operational management. Ratios analysis can be conducted to compare trends in the inter year performance of the organization. It can also be done to compare financial performance of several companies in the same industry. Similarly, the result of the analysis is comparable with that of the industry to which the company belongs. There are five main ratios that are applicable in this scenario. These include Profitability ratios, sales ratios, liquidity ratios, efficiency ratios, and financial ratios. Based on this brief introduction, ratio analysis of the Brown Sugar Cafe will follow in the next part The Brown Sugar Cafe Ratio Analysis 1. Gross Profit Margin (%) Gross profit margin is a profitability ratio that helps in examining the ability of the company to control costs associated with the acquisition of raw materials (Ratios Workbook, 2013). It is calculated using the formula below: Gross Profit % = (Gross Profit/ Sales) x 100 Using Brown Sugar Cafe

How has information technology changed the daily lives of enlisted men Research Paper

How has information technology changed the daily lives of enlisted men and women serving in conflict zones overseas - Research Paper Example With the aid of academic literatures, this paper also aims to define information technology as used in this paper to provide a background as to how information technology relates to the US military, and provide a historical background of the utilization of IT in the US military forces to probe on how technology has affected military forces across different eras. 2.0 Information Technology (IT) Generally, Information Technology or IT is the processing of information by the computer systems which are greatly used for communication, data security and storage (Stoyles, Pentland, & Demant, 2003, p. 4). Thus, information technology helps the people in gathering, sharing and storing of data in a convenient and fast manner. Moreover, according to Yadav (2006, p. 2), information technology includes television sets, published works, computers and the Internet (which are common technologies used at home and offices) and any other media platforms where people can acquire information. In the cont ext of the military forces, information technology relates to the Revolution in Military Affairs (RMA) wherein information technology is used for weaponry, surveillance mechanisms, processing of information, and organizational transformations of different military units (Goldman, 2005, p. 1). These benefits center on the organizational advantage of the force. Part of the utilization of information technology of the US corps is also to provide personal benefits to the military soldiers as privatization of housing through IT, skills development and telemedicine programs. 3.0 IT and the Military: History In the early days of war fighting, various nations have adopted new technologies that brought radical changes in fighting. The end of World War II has marked the birth of atomic bombs where it was later developed to hydrogen bombs (Perry, 2004, p. 235). As people become more knowledgeable on the use of technology, the weapons and war instruments have also metamorphosed to a more advanc ed state. Furthermore, as the Soviet Union and the United States of America are creating war technologies based on fatal situations, both countries have developed missiles (Perry, 2004, p. 235). War weaponry continuously evolved which now includes new systems as satellites, smart sensors and new aircrafts to name a few. However, during the 1990s, as information technology slowly shapes the American society, and likewise, the US military has also acknowledged the importance of such technological advancement to further develop its strategies and principles that will ensure the dominance of the forces of the US military (Dombrowski & Gholz, 2006, p. 1). As information technology in the military forces centers on the war fighting improvement, they have implemented Ã¢â‚¬Å"network-centric warfare,Ã¢â‚¬ thereby providing a centralized infrastructure that allows communication, detection mechanics, commanding and controlling systems, combat information and battleground bearings among other s that can be accessed by various military personnel (X. Wang, Wei, & H. Wang, 2012, p. 573). From the mechanical war instruments, the advent of more advance technologies paved way for the

Wednesday, October 16, 2019

Foundation Degree Hospitality Management Essay Example | Topics and Well Written Essays - 750 words

Tuesday, October 15, 2019

Electoral college Coursework Example | Topics and Well Written Essays - 1000 words

Electoral college - Coursework Example The government of the United States is comprised of three branches. The separation of power is provided by the constitution. The three branches are executive, judiciary and the legislature (Campbell, 2004). The executive is comprised on the President, Vice President and the Departments. The body makes up the most superior governmental position. In addition, the branch implements the laws created and stated in the constitution. The legislature is comprised of the House and the Senate. The two bodies are less superior to the executive. However, there are responsible for the creation of laws. Additionally, the two bodies act as supervisors to the functions of the executive (Campbell, 2004). They analyze the effectiveness at which the executive implements the provision of the constitution. The judiciary contains the court system and the Supreme Court. The branch is provided with the responsibility of interpreting the provision of the constitution. The branch also oversees the function of the executive and the legislature as provided by the constitution. The separation of power allows for the effective operation and completion of duties by the three branches. In addition, the separation of power allows for the measurement of the effectiveness of the three branches. Regardless of separation of power, there is the need to create a mechanism that would enable the control and restriction of excessive dominance by one body. Specifically, the dominance of one branch of government should not be allowed. In most cases, the executive may implement policies that depict dictatorship. To avoid such occurrences, the constitution provides for checks and balances (Kilman & Costello, 2000). The provisions are aimed at increasing the ability of each body of the government to effectively carry out its functions. In addition, checks and balances minimize the occurrence of one body having greater power and

Monday, October 14, 2019

What an education means to me Essay Example for Free

What an education means to me Essay Ã¢â‚¬Å"Education is a progressive discovery of our ignoranceÃ¢â‚¬ says Will Durant (1885-1981) Education liberated me from ignorance and placed me in a high pedestal to wine and dines with the intellectuals and not mere men. Sometimes I wonder what my life would have been, without being educated. Like they say education is expensive, then why donÃ¢â‚¬â„¢t you try ignorance? A life without education is a passive one. In everything I believe Ã¢â‚¬Å"basics are the mother of all knowledgeÃ¢â‚¬ hence, societal development is highly dependent on the literacy level of its citizen. Education to me can either be an informal education or formal education. Informal education is a type of education which is outside the school premises while those of formal are within the school settings. Informal education given to me by my parents helped me a lot and equipped me with basic skills in human relationship and communication skills on which I was able to build upon. This gave me a starter dose. As a child, the elementary school introduces me to the basic skills, information and attitude necessary to thrive in my society. I was also introduce to the principles of reading, writing and spelling and even to some basic arithmetic. I was also introduced to some forms of fine arts, elementary science and some forms of handicraft. Education taught me the creative use of my mind and how to make it work for me in all aspect of my life. It gave me the capacity and ability to evaluate information and to predict future outcomes. I can also effectively recognize and evaluate different points of view even when arguing with my colleagues or friend and not creating a kind of enmity. Education also trained me to seek out alternative solutions and evaluate them when there is need for such, this I called problem solving skills. Education gave me a better understanding of my culture and environment and also helped me to learn history of my country, and an insight into that of others. With all the knowledge and wisdom from such learning I was able to integrate that with some aspect of my life. Acquisition of information about the past and present: including traditional disciplines such as literature, history, science, mathematics was as a result of education and this influence the development of every community. Without education knowledge and history can not be passed from one generation to the other. Education also influences my religion and this has guided my beliefs and actions. The influence of education on self esteem can not be underestimated. Taking my life as a case study, I used to be someone with a low self esteem until I got to realize what self esteem is all about and its effect my actions, life in totality. The sense of well-being, i. e. my mental and physical health has greatly improved. IÃ¢â‚¬â„¢m now able to acquire some values and attitude that is highly essential in the competitive and dynamic worlds of ours. The role of education in personal values is very important, because this gave me an opportunity of self-realization and self reflection which is germane to the awareness of my innate abilities and goals. Educations taught me Ã¢â‚¬Å"moralsÃ¢â‚¬ which simply means acting in a right manner and knowing how to deal with people. Knowledge of moral practices and ethical standards acceptable by society and culture can only be achieved via education. Everything my religion taught me about morals was as a result of my ability to read, think and takes actions, which are all by-products of education. ItÃ¢â‚¬â„¢s often said that where thereÃ¢â‚¬â„¢s no law thereÃ¢â‚¬â„¢s no sin, hence people can only behave well when they are taught the benefits of acting right towards their fellow citizen. This simply gives capacity and ability to be a good citizen. Education is a prerequisite for an intellectual pursuit. From mine point of view is education simply makes people respect you and recognize you and your achievements. I believe there can be a professor without education and there canÃ¢â‚¬â„¢t be a civilized society without education. Culture which is a way of life can only be acquired through education and exposure to the arts. Formation of healthy social and or formal relationships among and between students, teacher, others are some of the importance of education to my life. Culture is also maintain and kept from one age to the other as a result of education. My utmost view of education is that I will be able to earn a living, make the right choice, strengthening my character, becomes strong, develop my body soul and spirit and live a fulfill life. With my career I will be of use to my immediate environment. Above all education makes a better leader. I will conclude this piece by quoting the words of B. F skinner and Jack Stack which says Ã¢â‚¬Å"Education is what survives when what has been learnt has been forgottenÃ¢â‚¬ . Ã¢â‚¬â€œ B. F. Skinner Ã¢â‚¬Å"When you appeal to the highest level of thinking, you get the highest level of performanceÃ¢â‚¬ . -Jack Spack Reference Teachers mind resource. (2008). The meaning of education. TeacherÃ¢â‚¬â„¢s mind resource. Retrieved July 9, 2008. From www. teachersmind . com

Sunday, October 13, 2019

Mobile Ad Hoc Network Intrusion Detection System (IDS)

Mobile Ad Hoc Network Intrusion Detection System (IDS) Chapter 1 1. Introduction Mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs) are relatively new communication paradigms. MANETs do not require expensive base stations or wired infrastructure. Nodes within radio range of each other can communicate directly over wireless links, and those that are far apart use other nodes as relays. Each host in a MANET also acts as a router as routes are mostly multichip. The lack of fixed infrastructure and centralized authority makes a MANET suitable for a broad range of applications in both military and civilian environments. For example, a MANET could be deployed quickly for military communications in the battlefield. A MANET also could be deployed quickly in scenarios such as a meeting room, a city transportation wireless network, for fire fighting, and so on. To form such a cooperative and self configurable network, every mobile host should be a friendly node and willing to relay messages for others. In the original design of a MANET, global trustworthiness in nodes within the whole network is a fundamental security assumption. Recent progress in wireless communications and micro electro mechanical systems (MEMS) technology has made it feasible to build miniature wireless sensor nodes that integrate sensing, data processing, and communicating capabilities. These miniature wireless sensor nodes can be extremely small, as tiny as a cubic centimeter. Compared with conventional computers, the low-cost, battery-powered, sensor nodes have a limited energy supply, stringent processing and communications capabilities, and memory is scarce. The design and implementation of relevant services for WSNs must keep these limitations in mind. Based on the collaborative efforts of a large number of sensor nodes, WSNs have become good candidates to provide economically viable solutions for a wide range of applications, such as environmental monitoring, scientific data collection, health monitoring, and military operations. Despite the wide variety of potential applications, MANETs and WSNs often are deployed in adverse or even hostile environments. Therefore, they cannot be readily deployed without first addressing security challenges. Due to the features of an open medium, the low degree of physical security of mobile nodes, a dynamic topology, a limited power supply, and the absence of a central management point, MANETs are more vulnerable to malicious attacks than traditional wired networks are. In WSNs, the lack of physical security combined with unattended operations make sensor nodes prone to a high risk of being captured and compromised, making WSNs vulnerable to a variety of attacks. A mobile ad hoc network (MANET) is a self-configuring network that is formed automatically by a collection of mobile nodes without the help of a fixed infrastructure or centralized management. Each node is equipped with a wireless transmitter and receiver, which allow it to communicate with other nodes in its radio communication range. In order for a node to forward a packet to a node that is out of its radio range, the cooperation of other nodes in the network is needed; this is known as multi-hop communication. Therefore, each node must act as both a host and a router at the same time. The network topology frequently changes due to the mobility of mobile nodes as they move within, move into, or move out of the network. A MANET with the characteristics described above was originally developed for military purposes, as nodes are scattered across a battlefield and there is no infrastructure to help them form a network. In recent years, MANETs have been developing rapidly and are increasingly being used in many applications, ranging from military to civilian and commercial uses, since setting up such networks can be done without the help of any infrastructure or interaction with a human. Some examples are: search-and-rescue missions, data collection, and virtual classrooms and conferences where laptops, PDA or other mobile devices share wireless medium and communicate to each other. As MANETs become widely used, the security issue has become one of the primary concerns. For example, most of the routing protocols proposed for MANETs assume that every node in the network is cooperative and not malicious [1]. Therefore, only one compromised node can cause the failure of the entire network. There are both passive and active attacks in MANETs. For passive at tacks, packets containing secret information might be eavesdropped, which violates confidentiality. Active attacks, including injecting packets to invalid destinations into the network, deleting packets, modifying the contents of packets, and impersonating other nodes violate availability, integrity, authentication, and non-repudiation. Proactive approaches such as cryptography and authentication were first brought into consideration, and many techniques have been proposed and implemented. However, these applications are not sufficient. If we have the ability to detect the attack once it comes into the network, we can stop it from doing any damage to the system or any data. Here is where the intrusion detection system comes in. Intrusion detection can be defined as a process of monitoring activities in a system, which can be a computer or network system. The mechanism by which this is achieved is called an intrusion detection system (IDS). An IDS collects activity information and then analyzes it to determine whether there are any activities that violate the security rules. Once AN ID determines that an unusual activity or an activity that is known to be an attack occurs, it then generates an alarm to alert the security administrator. In addition, IDS can also initiate a proper response to the malicious activity. Although there are several intrusion detection techniques developed for wired networks today, they are not suitable for wireless networks due to the differences in their characteristics. Therefore, those techniques must be modified or new techniques must be developed to make intrusion detection work effectively in MANETs. In this paper, we classify the architectures for IDS in MANETs, each of which is suitable for different network infrastructures. Current intrusion detection systems corresponding to those architectures are reviewed and compared. Chapter 2 Background 2.1 Intrusion Detection System (IDS) Many historical events have shown that intrusion prevention techniques alone, such as encryption and authentication, which are usually a first line of defense, are not sufficient. As the system become more complex, there are also more weaknesses, which lead to more security problems. Intrusion detection can be used as a second wall of defense to protect the network from such problems. If the intrusion is detected, a response can be initiated to prevent or minimize damage to the system. To make intrusion detection systems work, basic assumptions are made. The first assumption is that user and program activities are observable. The second assumption, which is more important, is that normal and intrusive activities must have distinct behaviors, as intrusion detection must capture and analyze system activity to determine if the system is under attack. Intrusion detection can be classified based on audit data as either host- based or network-based. A network-based IDS captures and analyzes packets from network traÃ‚ ±c while a host-based IDS uses operating system or application logs in its analysis. Based on detection techniques, IDS can also be classified into three categories as follows [2]. Anomaly detection systems: The normal profiles (or normal behaviors) of users are kept in the system. The system compares the captured data with these profiles, and then treats any activity that deviates from the baseline as a possible intrusion by informing system administrators or initializing a proper response. Misuse detection systems: The system keeps patterns (or signatures) of known attacks and uses them to compare with the captured data. Any matched pattern is treated as an intrusion. Like a virus detection system, it cannot detect new kinds of attacks. Specification-based detection: The system defines a set of constraints that describe the correct operation of a program or protocol. Then, it monitors the execution of the program with respect to the defined constraints. 2.2 Intrusion Detection in MANETs Many intrusion detection systems have been proposed in traditional wired networks, where all track must go through switches, routers, or gateways. Hence, IDS can be added to and implemented in these devices easily [17, 18]. On the other hand, MANETs do not have such devices. Moreover, the medium is wide open, so both legitimate and malicious users can access it. Furthermore, there is no clear separation between normal and unusual activities in a mobile environment. Since nodes can move arbitrarily, false routing information could be from a compromised node or a node that has outdated information. Thus, the current IDS techniques on wired networks cannot be applied directly to MANETs. Many intrusion detection systems have been proposed to suit the characteristics of MANETs, some of which will be discussed in the next sections. 2.3 Architectures for IDS in MANETs The network infrastructures that MANETs can be configured to are either at or multi-layer, depending on the applications. Therefore, the optimal IDS architecture for a MANET may depend on the network infrastructure itself [9]. In an network infrastructure, all nodes are considered equal, thus it may be suitable for applications such as virtual classrooms or conferences. On the contrary, some nodes are considered different in the multi-layered network infrastructure. Nodes may be partitioned into clusters with one cluster head for each cluster. To communicate within the cluster, nodes can communicate directly. However, communication across the clusters must be done through the cluster head. This infrastructure might be well suited for military applications. 2.3.1 Stand-alone Intrusion Detection Systems In this architecture, an intrusion detection system is run on each node independently to determine intrusions. Every decision made is based only on information collected at its own node, since there is no cooperation among nodes in the network. Therefore, no data is exchanged. Besides, nodes in the same network do not know anything about the situation on other nodes in the network as no alert information is passed. Although this architecture is not elective due to its limitations, it may be suitable in a network where not all nodes are capable of running IDS or have IDS installed. This architecture is also more suitable for an network infrastructure than for multi-layered network infrastructure. Since information on each individual node might not be enough to detect intrusions, this architecture has not been chosen in most of the IDS for MANETs. 2.3.2 Distributed and Cooperative Intrusion Detection Systems Since the nature of MANETs is distributed and requires cooperation of other nodes, Zhang and Lee [1] have proposed that the intrusion detection and response system in MANETs should also be both distributed and cooperative as shown in Figure 1. Every node participates in intrusion detection and response by having an IDS agent running on them. An IDS agent is responsible for detecting and collecting local events and data to identify possible intrusions, as well as initiating a response independently. However, neighboring IDS agents cooperatively participate in global intrusion detection actions when the evidence is inconclusive. Similarly to stand-alone IDS architecture, this architecture is more suitable for a network infrastructure, not multi-layered one. 2.3.3 Hierarchical Intrusion Detection Systems Hierarchical IDS architectures extend the distributed and cooperative IDS architectures and have been proposed for multi-layered network infrastructures where the network is divided into clusters. Clusterheads of each cluster usually have more functionality than other members in the clusters, for example routing packets across clusters. Thus, these cluster heads, in some sense, act as control points which are similar to switches, routers, or gateways in wired networks. The same concept of multi-layering is applied to intrusion detection systems where hierarchical IDS architecture is proposed. Each IDS agent is run on every member node and is responsible locally for its node, i.e., monitoring and deciding on locally detected intrusions. A clusterhead is responsible locally for its node as well as globally for its cluster, e.g. monitoring network packets and initiating a global response when network intrusion is detected. 2.3.4 Mobile Agent for Intrusion Detection Systems A concept of mobile agents has been used in several techniques for intrusion detection systems in MANETs. Due to its ability to move through the large network, each mobile agent is assigned to perform only one specific task, and then one or more mobile agents are distributed into each node in the network. This allows the distribution of the intrusion detection tasks. There are several advantages for using mobile agents [2]. Some functions are not assigned to every node; thus, it helps to reduce the consumption of power, which is scarce in mobile ad hoc networks. It also provides fault tolerance such that if the network is partitioned or some agents are destroyed, they are still able to work. Moreover, they are scalable in large and varied system environments, as mobile agents tend to be independent of platform architectures. However, these systems would require a secure module where mobile agents can be stationed to. Additionally, mobile agents must be able to protect themselves from the secure modules on remote hosts as well. Mobile-agent-based IDS can be considered as a distributed and cooper ative intrusion detection technique as described in Section 3.2. Moreover, some techniques also use mobile agents combined with hierarchical IDS, for example, what will be described in Section 4.3. 2.4 Sample Intrusion Detection Systems for MANETs Since the IDS for traditional wired systems are not well-suited to MANETs, many researchers have proposed several IDS especially for MANETs, which some of them will be reviewed in this section. 2.4.1 Distributed and Cooperative IDS As described in Section 3.2, Zhang and Lee also proposed the model for distributed and cooperative IDS as shown in Figure 2 [1]. The model for an IDS agent is structured into six modules. The local data collection module collects real-time audit data, which includes system and user activities within its radio range. This collected data will be analyzed by the local detection engine module for evidence of anomalies. If an anomaly is detected with strong evidence, the IDS agent can determine independently that the system is under attack and initiate a response through the local response module (i.e., alerting the local user) or the global response module (i.e., deciding on an action), depending on the type of intrusion, the type of network protocols and applications, and the certainty of the evidence. If an anomaly is detected with weak or inconclusive evidence, the IDS agent can request the cooperation of neighboring IDS agents through a cooperative detection engine module, which communicates to other agents through a secure communication module. 2.4.2 Local Intrusion Detection System (LIDS) Albers et al. [3] proposed a distributed and collaborative architecture of IDS by using mobile agents. A Local Intrusion Detection System (LIDS) is implemented on every node for local concern, which can be extended for global concern by cooperating with other LIDS. Two types of data are exchanged among LIDS: security data and intrusion alerts. In order to analyze the possible intrusion, data must be obtained from what the LIDS detect, along with additional information from other nodes. Other LIDS might be run on different operating systems or use data from different activities such as system, application, or network activities; therefore, the format of this raw data might be different, which makes it hard for LIDS to analyze. However, such difficulties can be solved by using SNMP (Simple Network Management Protocol) data located in MIBs (Management Information Base) as an audit data source. Such a data source not only eliminates those difficulties, but also reduces the in-Figure 3: L IDS Architecture in A Mobile Node [3] crease in using additional resources to collect audit data if an SNMP agent is already run on each node. To obtain additional information from other nodes, the authors proposed mobile agents to be used to transport SNMP requests to other nodes. In another words, to distribute the intrusion detection tasks. The idea differs from traditional SNMP in that the traditional approach transfers data to the requesting node for computation while this approach brings the code to the data on the requested node. This is initiated due to untrustworthiness of UDP messages practiced in SNMP and the active topology of MANETs. As a result, the amount of exchanged data is tremendously reduced. Each mobile agent can be assigned a specific task which will be achieved in an autonomous and asynchronous fashion without any help from its LIDS. The LIDS architecture is shown in Figure 3, which consists of Ã‚ ² Communication Framework: To facilitate for both internal and external communication with a LIDS. Local LIDS Agent: To be responsible for local intrusion detection and local response. Also, it reacts to intrusion alerts sent from other nodes to protect itself against this intrusion. Local MIB Agent: To provide a means of collecting MIB variables for either mobile agents or the Local LIDS Agent. Local MIB Agent acts as an interface with SNMP agent, if SNMP exists and runs on the node, or with a tailor-made agent developed specifically to allow up- dates and retrievals of the MIB variables used by intrusion detection, if none exists. Mobile Agents (MA): They are distributed from its LID to collect and process data on other nodes. The results from their evaluation are then either sent back to their LIDS or sent to another node for further investigation. Mobile Agents Place: To provide a security control to mobile agents. For the methodology of detection, Local IDS Agent can use either anomaly or misuse detection. However, the combination of two mechanisms will offer the better model. Once the local intrusion is detected, the LIDS initiate a response and inform the other nodes in the network. Upon receiving an alert, the LIDS can protect itself against the intrusion. 2.4.3 Distributed Intrusion Detection System Using Multiple Sensors Kachirski and Guha [4] proposed a multi-sensor intrusion detection system based on mobile agent technology. The system can be divided into three main modules, each of which represents a mobile agent with certain func- tionality: monitoring, decision-making or initiating a response. By separate in functional tasks into categories and assigning each task to a different agent, the workload is distributed which is suitable for the characteristics of MANETs. In addition, the hierarchical structure of agents is also developed in this intrusion detection system as shown in Figure 4. Monitoring agent: Two functions are carried out at this class of agent: network monitoring and host monitoring. A host-based monitor agent hosting system-level sensors and user-activity sensors is run on every node to monitor within the node, while a monitor agent with a network monitoring sensor is run only on some selected nodes to monitor at packet-level to capture packets going through the network within its radio ranges. Action agent: Every node also hosts this action agent. Since every node hosts a host-based monitoring agent, it can determine if there is any suspicious or unusual activities on the host node based on anomaly detection. When there is strong evidence supporting the anomaly detected, this action agent can initiate a response, such as terminating the process or blocking a user from the network. Decision agent: The decision agent is run only on certain nodes, mostly those nodes that run network monitoring agents. These nodes collect all packets within its radio range and analyze them to determine whether the network is under attack. Moreover, from the previous paragraph, if the local detection agent cannot make a decision on its own due to insufficient evidence, its local detection agent reports to this decision agent in order to investigate further. This is done by using packet-monitoring results that comes from the network-monitoring sensor that is running locally. If the decision agent concludes that the node is malicious, the action module of the agent running on that node as described above will carry out the response. The network is logically divided into clusters with a single cluster head for each cluster. This clusterhead will monitor the packets within the cluster and only packets whose originators are in the same cluster are captured and investigated. This means that the network monitoring agent (with network monitoring sensor) and the decision agent are run on the cluster head. In this mechanism, the decision agent performs the decision-making based on its own collected information from its network-monitoring sensor; thus, other nodes have no influence on its decision. This way, spooffing attacks and false accusations can be prevented. 2.4.4 Dynamic Hierarchical Intrusion Detection Architecture Since nodes move arbitrarily across the network, a static hierarchy is not suitable for such dynamic network topology. Sterne et al. [16] proposed a dynamic intrusion detection hierarchy that is potentially scalable to large networks by using clustering like those in Section 4.3 and 5.5. However, it can be structured in more than two levels as shown in Figure 5. Nodes labeled 1 are the first level clusterheads while nodes labeled 2 are the second level clusterheads and so on. Members of the first level of the cluster are called leaf nodes. Every node has the responsibilities of monitoring (by accumulating counts and statistics), logging, analyzing (i.e., attack signature matching or checking on packet headers and payloads), responding to intrusions detected if there is enough evidence, and alerting or reporting to cluster heads. Clues treads, in addition, must also perform: Data fusion/integration and data reduction: Clusterheads aggregate and correlate reports from members of the cluster and data of their own. Data reduction may be involved to avoid conflicting data, bogus data and overlapping reports. Besides, cluster heads may send the requests to their children for additional information in order to correlate reports correctly. Intrusion detection computations: Since different attacks require different sets of detected data, data on a single node might not be able to detect the attack, e.g., DDoS attack, and thus clusterheads also analyze the consolidated data before passing to upper levels. Security Management: The uppermost levels of the hierarchy have the authority and responsibility for managing the detection and response capabilities of the clusters and cluster heads below them. They may send the signatures update, or directives and policies to alter the configurations for intrusion detection and response. These update and directives will flow from the top of the hierarchy to the bottom. To form the hierarchical structure, every node uses clustering, which is typically used in MANETs to construct routes, to self-organize into local neighborhoods (first level clusters) and then select neighborhood representatives (cluster heads). These representatives then use clustering to organize themselves into the second level and select the representatives. This process continues until all nodes in the network are part of the hierarchy. The authors also suggested criteria on selecting cluster heads. Some of these criteria are: Connectivity: the number of nodes within one hop Proximity: members should be within one hop of its cluster head Resistance to compromise (hardening): the probability that the node will not be compromised. This is very important for the upper level cluster heads. Processing power, storage capacity, energy remaining, bandwidth cape abilities Additionally, this proposed architecture does not rely solely on promiscuous node monitoring like many proposed architectures, due to its unreliability as described in. Therefore, this architecture also supports direct periodic reporting where packet counts and statistics are sent to monitoring nodes periodically. 2.4.5 Zone-Based Intrusion Detection System (ZBIDS) Sun et al. [24] has proposed an anomaly-based two-level no overlapping Zone-Based Intrusion Detection System (ZBIDS). By dividing the network in Figure 6 into nonoverlapping zones (zone A to zone me), nodes can be categorized into two types: the intrazone node and the interzone node (or a gateway node). Considering only zone E, node 5, 9, 10 and 11 are intrazone nodes, while node 2, 3, 6, and 8 are interzone nodes which have physical connections to nodes in other zones. The formation and maintenance of zones requires each node to know its own physical location and to map its location to a zone map, which requires prior design setup. Each node has an IDS agent run on it which the model of the agent is shown in Figure 7. Similar to an IDS agent proposed by Zhang and Lee (Figure 2), the data collection module and the detection engine are re-sponsible for collecting local audit data (for instance, system call activities, and system log les) and analyzing collected data for any sign of intrusion respectively. In addition, there may be more than one for each of these modules which allows collecting data from various sources and using different detection techniques to improve the detection performance. The local aggregation and correlation (LACE) module is responsible for combining the results of these local detection engines and generating alerts if any abnormal behavior is detected. These alerts are broadcasted to other nodes within the same zone. However, for the global aggregation and correlation (GACE), its functionality depends on the type of the node. As described in Figure 7, if the node is an intrazone node, it only sends the generated alerts to the interzone nodes. Whereas, if the node is an interzone node, it receives alerts from other intrazone nodes, aggregates and correlates those alerts with its own alerts, and then generates alarms. Moreover, the GACE also cooperates with the GACEs of the neighboring interzone nodes to have more accurate information to detect the intrusion. Lastly, the intrusion response module is responsible for handling the alarms generated from the GACE. The local aggregation and correlation Algorithm used in ZBIDS is based on a local Markov chain anomaly detection. IDS agent rust creates a normal profile by constructing a Markov chain from the routing cache. A valid change in the routing cache can be characterized by the Markov chain detection model with probabilities, otherwise, its considered abnormal, and the alert will be generated. For the global aggregation and correlation algorithm, its based on information provided in the received alerts containing the type, the time, and the source of the attacks. 2.5 Intrusion Detection Techniques for Node Cooperation in MANETs Since there is no infrastructure in mobile ad hoc networks, each node must rely on other nodes for cooperation in routing and forwarding packets to the destination. Intermediate nodes might agree to forward the packets but actually drop or modify them because they are misbehaving. The simulations in [5] show that only a few misbehaving nodes can degrade the performance of the entire system. There are several proposed techniques and protocols to detect such misbehavior in order to avoid those nodes, and some schemes also propose punishment as well [6, 7]. 2.5.1 Watchdog and Pathrater Two techniques were proposed by Marti, Giuli, and Baker [5], watchdog and pathrater, to be added on top of the standard routing protocol in ad hoc networks. The standard is Dynamic Source Routing protocol (DSR) [8]. A watchdog identifies the misbehaving nodes by eavesdropping on the transmission of the next hop. A pathrater then helps to find the routes that do not contain those nodes. In DSR, the routing information is defined at the source node. This routing information is passed together with the message through intermediate nodes until it reaches the destination. Therefore, each intermediate node in the path should know who the next hop node is. In addition, listening to the next hops transmission is possible because of the characteristic of wireless networks if node A is within range of node B, A can overhear communication to and from B. Figure 8 shows how the watchdog works. Assume that node S wants to send a packet to node D, which there exists a path from S to D through nodes A, B, and C. Consider now that A has already received a packet from S destined to D. The packet contains a message and routing information. When A forwards this packet to B, A also keeps a copy of the packet in its buffer. Then, it promiscuously listens to the transmission of B to make sure that B forwards to C. If the packet overheard from B (represented by a dashed line) matches that stored in the buffer, it means that B really forwards to the next hop (represented as a solid line). It then removes the packet from the buffer. However, if theres no matched packet after a certain time, the watchdog increments the failures counter for node B. If this counter exceeds the threshold, A concludes that B is misbehaving and reports to the source node S. Path rater performs the calculation of the path metric for each path. By keeping the rating of every node in the network that it knows, the path metric can be calculated by combining the node rating together with link re- liability, which is collected from past experience. Obtaining the path metric for all available paths, the pathrater can choose the path with the highest metric. In addition, if there is no such link reliability information, the path metric enables the pathrater to select the shortest path too. As a result, paths containing misbehaving nodes will be avoided. From the result of the simulation, the system with these two techniques is quite effective for choosing paths to avoid misbehaving nodes. However, those misbehaving nodes are not punished. In contrast, they even benefit from the network. Therefore, misbehaving nodes are encouraged to continue their behaviors. Chapter 3 3. Literature survey 3.1 Introduction The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. The nature of mobility creates new vulnerabilities that do not exist in a fixed wired network, and yet many of the proven security measures turn out to be ineffective. Therefore, the traditional way of protecting networks with firewalls and encryption software is no longer sufficient. We need to develop new architecture and mechanisms to protect the wireless networks and mobile computing applications. The implication of mobile computing on network security research can be further demonstrated by the follow case. Recently (Summer 2001) an Internet worm called Code Red has spread rapidly to infect many of the Windows-based server machines. To prevent this type of worm attacks from spreading into intranets, many. This paper Mobile Ad Hoc Network Intrusion Detection System (IDS) Mobile Ad Hoc Network Intrusion Detection System (IDS) Chapter 1 1. Introduction Mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs) are relatively new communication paradigms. MANETs do not require expensive base stations or wired infrastructure. Nodes within radio range of each other can communicate directly over wireless links, and those that are far apart use other nodes as relays. Each host in a MANET also acts as a router as routes are mostly multichip. The lack of fixed infrastructure and centralized authority makes a MANET suitable for a broad range of applications in both military and civilian environments. For example, a MANET could be deployed quickly for military communications in the battlefield. A MANET also could be deployed quickly in scenarios such as a meeting room, a city transportation wireless network, for fire fighting, and so on. To form such a cooperative and self configurable network, every mobile host should be a friendly node and willing to relay messages for others. In the original design of a MANET, global trustworthiness in nodes within the whole network is a fundamental security assumption. Recent progress in wireless communications and micro electro mechanical systems (MEMS) technology has made it feasible to build miniature wireless sensor nodes that integrate sensing, data processing, and communicating capabilities. These miniature wireless sensor nodes can be extremely small, as tiny as a cubic centimeter. Compared with conventional computers, the low-cost, battery-powered, sensor nodes have a limited energy supply, stringent processing and communications capabilities, and memory is scarce. The design and implementation of relevant services for WSNs must keep these limitations in mind. Based on the collaborative efforts of a large number of sensor nodes, WSNs have become good candidates to provide economically viable solutions for a wide range of applications, such as environmental monitoring, scientific data collection, health monitoring, and military operations. Despite the wide variety of potential applications, MANETs and WSNs often are deployed in adverse or even hostile environments. Therefore, they cannot be readily deployed without first addressing security challenges. Due to the features of an open medium, the low degree of physical security of mobile nodes, a dynamic topology, a limited power supply, and the absence of a central management point, MANETs are more vulnerable to malicious attacks than traditional wired networks are. In WSNs, the lack of physical security combined with unattended operations make sensor nodes prone to a high risk of being captured and compromised, making WSNs vulnerable to a variety of attacks. A mobile ad hoc network (MANET) is a self-configuring network that is formed automatically by a collection of mobile nodes without the help of a fixed infrastructure or centralized management. Each node is equipped with a wireless transmitter and receiver, which allow it to communicate with other nodes in its radio communication range. In order for a node to forward a packet to a node that is out of its radio range, the cooperation of other nodes in the network is needed; this is known as multi-hop communication. Therefore, each node must act as both a host and a router at the same time. The network topology frequently changes due to the mobility of mobile nodes as they move within, move into, or move out of the network. A MANET with the characteristics described above was originally developed for military purposes, as nodes are scattered across a battlefield and there is no infrastructure to help them form a network. In recent years, MANETs have been developing rapidly and are increasingly being used in many applications, ranging from military to civilian and commercial uses, since setting up such networks can be done without the help of any infrastructure or interaction with a human. Some examples are: search-and-rescue missions, data collection, and virtual classrooms and conferences where laptops, PDA or other mobile devices share wireless medium and communicate to each other. As MANETs become widely used, the security issue has become one of the primary concerns. For example, most of the routing protocols proposed for MANETs assume that every node in the network is cooperative and not malicious [1]. Therefore, only one compromised node can cause the failure of the entire network. There are both passive and active attacks in MANETs. For passive at tacks, packets containing secret information might be eavesdropped, which violates confidentiality. Active attacks, including injecting packets to invalid destinations into the network, deleting packets, modifying the contents of packets, and impersonating other nodes violate availability, integrity, authentication, and non-repudiation. Proactive approaches such as cryptography and authentication were first brought into consideration, and many techniques have been proposed and implemented. However, these applications are not sufficient. If we have the ability to detect the attack once it comes into the network, we can stop it from doing any damage to the system or any data. Here is where the intrusion detection system comes in. Intrusion detection can be defined as a process of monitoring activities in a system, which can be a computer or network system. The mechanism by which this is achieved is called an intrusion detection system (IDS). An IDS collects activity information and then analyzes it to determine whether there are any activities that violate the security rules. Once AN ID determines that an unusual activity or an activity that is known to be an attack occurs, it then generates an alarm to alert the security administrator. In addition, IDS can also initiate a proper response to the malicious activity. Although there are several intrusion detection techniques developed for wired networks today, they are not suitable for wireless networks due to the differences in their characteristics. Therefore, those techniques must be modified or new techniques must be developed to make intrusion detection work effectively in MANETs. In this paper, we classify the architectures for IDS in MANETs, each of which is suitable for different network infrastructures. Current intrusion detection systems corresponding to those architectures are reviewed and compared. Chapter 2 Background 2.1 Intrusion Detection System (IDS) Many historical events have shown that intrusion prevention techniques alone, such as encryption and authentication, which are usually a first line of defense, are not sufficient. As the system become more complex, there are also more weaknesses, which lead to more security problems. Intrusion detection can be used as a second wall of defense to protect the network from such problems. If the intrusion is detected, a response can be initiated to prevent or minimize damage to the system. To make intrusion detection systems work, basic assumptions are made. The first assumption is that user and program activities are observable. The second assumption, which is more important, is that normal and intrusive activities must have distinct behaviors, as intrusion detection must capture and analyze system activity to determine if the system is under attack. Intrusion detection can be classified based on audit data as either host- based or network-based. A network-based IDS captures and analyzes packets from network traÃ‚ ±c while a host-based IDS uses operating system or application logs in its analysis. Based on detection techniques, IDS can also be classified into three categories as follows [2]. Anomaly detection systems: The normal profiles (or normal behaviors) of users are kept in the system. The system compares the captured data with these profiles, and then treats any activity that deviates from the baseline as a possible intrusion by informing system administrators or initializing a proper response. Misuse detection systems: The system keeps patterns (or signatures) of known attacks and uses them to compare with the captured data. Any matched pattern is treated as an intrusion. Like a virus detection system, it cannot detect new kinds of attacks. Specification-based detection: The system defines a set of constraints that describe the correct operation of a program or protocol. Then, it monitors the execution of the program with respect to the defined constraints. 2.2 Intrusion Detection in MANETs Many intrusion detection systems have been proposed in traditional wired networks, where all track must go through switches, routers, or gateways. Hence, IDS can be added to and implemented in these devices easily [17, 18]. On the other hand, MANETs do not have such devices. Moreover, the medium is wide open, so both legitimate and malicious users can access it. Furthermore, there is no clear separation between normal and unusual activities in a mobile environment. Since nodes can move arbitrarily, false routing information could be from a compromised node or a node that has outdated information. Thus, the current IDS techniques on wired networks cannot be applied directly to MANETs. Many intrusion detection systems have been proposed to suit the characteristics of MANETs, some of which will be discussed in the next sections. 2.3 Architectures for IDS in MANETs The network infrastructures that MANETs can be configured to are either at or multi-layer, depending on the applications. Therefore, the optimal IDS architecture for a MANET may depend on the network infrastructure itself [9]. In an network infrastructure, all nodes are considered equal, thus it may be suitable for applications such as virtual classrooms or conferences. On the contrary, some nodes are considered different in the multi-layered network infrastructure. Nodes may be partitioned into clusters with one cluster head for each cluster. To communicate within the cluster, nodes can communicate directly. However, communication across the clusters must be done through the cluster head. This infrastructure might be well suited for military applications. 2.3.1 Stand-alone Intrusion Detection Systems In this architecture, an intrusion detection system is run on each node independently to determine intrusions. Every decision made is based only on information collected at its own node, since there is no cooperation among nodes in the network. Therefore, no data is exchanged. Besides, nodes in the same network do not know anything about the situation on other nodes in the network as no alert information is passed. Although this architecture is not elective due to its limitations, it may be suitable in a network where not all nodes are capable of running IDS or have IDS installed. This architecture is also more suitable for an network infrastructure than for multi-layered network infrastructure. Since information on each individual node might not be enough to detect intrusions, this architecture has not been chosen in most of the IDS for MANETs. 2.3.2 Distributed and Cooperative Intrusion Detection Systems Since the nature of MANETs is distributed and requires cooperation of other nodes, Zhang and Lee [1] have proposed that the intrusion detection and response system in MANETs should also be both distributed and cooperative as shown in Figure 1. Every node participates in intrusion detection and response by having an IDS agent running on them. An IDS agent is responsible for detecting and collecting local events and data to identify possible intrusions, as well as initiating a response independently. However, neighboring IDS agents cooperatively participate in global intrusion detection actions when the evidence is inconclusive. Similarly to stand-alone IDS architecture, this architecture is more suitable for a network infrastructure, not multi-layered one. 2.3.3 Hierarchical Intrusion Detection Systems Hierarchical IDS architectures extend the distributed and cooperative IDS architectures and have been proposed for multi-layered network infrastructures where the network is divided into clusters. Clusterheads of each cluster usually have more functionality than other members in the clusters, for example routing packets across clusters. Thus, these cluster heads, in some sense, act as control points which are similar to switches, routers, or gateways in wired networks. The same concept of multi-layering is applied to intrusion detection systems where hierarchical IDS architecture is proposed. Each IDS agent is run on every member node and is responsible locally for its node, i.e., monitoring and deciding on locally detected intrusions. A clusterhead is responsible locally for its node as well as globally for its cluster, e.g. monitoring network packets and initiating a global response when network intrusion is detected. 2.3.4 Mobile Agent for Intrusion Detection Systems A concept of mobile agents has been used in several techniques for intrusion detection systems in MANETs. Due to its ability to move through the large network, each mobile agent is assigned to perform only one specific task, and then one or more mobile agents are distributed into each node in the network. This allows the distribution of the intrusion detection tasks. There are several advantages for using mobile agents [2]. Some functions are not assigned to every node; thus, it helps to reduce the consumption of power, which is scarce in mobile ad hoc networks. It also provides fault tolerance such that if the network is partitioned or some agents are destroyed, they are still able to work. Moreover, they are scalable in large and varied system environments, as mobile agents tend to be independent of platform architectures. However, these systems would require a secure module where mobile agents can be stationed to. Additionally, mobile agents must be able to protect themselves from the secure modules on remote hosts as well. Mobile-agent-based IDS can be considered as a distributed and cooper ative intrusion detection technique as described in Section 3.2. Moreover, some techniques also use mobile agents combined with hierarchical IDS, for example, what will be described in Section 4.3. 2.4 Sample Intrusion Detection Systems for MANETs Since the IDS for traditional wired systems are not well-suited to MANETs, many researchers have proposed several IDS especially for MANETs, which some of them will be reviewed in this section. 2.4.1 Distributed and Cooperative IDS As described in Section 3.2, Zhang and Lee also proposed the model for distributed and cooperative IDS as shown in Figure 2 [1]. The model for an IDS agent is structured into six modules. The local data collection module collects real-time audit data, which includes system and user activities within its radio range. This collected data will be analyzed by the local detection engine module for evidence of anomalies. If an anomaly is detected with strong evidence, the IDS agent can determine independently that the system is under attack and initiate a response through the local response module (i.e., alerting the local user) or the global response module (i.e., deciding on an action), depending on the type of intrusion, the type of network protocols and applications, and the certainty of the evidence. If an anomaly is detected with weak or inconclusive evidence, the IDS agent can request the cooperation of neighboring IDS agents through a cooperative detection engine module, which communicates to other agents through a secure communication module. 2.4.2 Local Intrusion Detection System (LIDS) Albers et al. [3] proposed a distributed and collaborative architecture of IDS by using mobile agents. A Local Intrusion Detection System (LIDS) is implemented on every node for local concern, which can be extended for global concern by cooperating with other LIDS. Two types of data are exchanged among LIDS: security data and intrusion alerts. In order to analyze the possible intrusion, data must be obtained from what the LIDS detect, along with additional information from other nodes. Other LIDS might be run on different operating systems or use data from different activities such as system, application, or network activities; therefore, the format of this raw data might be different, which makes it hard for LIDS to analyze. However, such difficulties can be solved by using SNMP (Simple Network Management Protocol) data located in MIBs (Management Information Base) as an audit data source. Such a data source not only eliminates those difficulties, but also reduces the in-Figure 3: L IDS Architecture in A Mobile Node [3] crease in using additional resources to collect audit data if an SNMP agent is already run on each node. To obtain additional information from other nodes, the authors proposed mobile agents to be used to transport SNMP requests to other nodes. In another words, to distribute the intrusion detection tasks. The idea differs from traditional SNMP in that the traditional approach transfers data to the requesting node for computation while this approach brings the code to the data on the requested node. This is initiated due to untrustworthiness of UDP messages practiced in SNMP and the active topology of MANETs. As a result, the amount of exchanged data is tremendously reduced. Each mobile agent can be assigned a specific task which will be achieved in an autonomous and asynchronous fashion without any help from its LIDS. The LIDS architecture is shown in Figure 3, which consists of Ã‚ ² Communication Framework: To facilitate for both internal and external communication with a LIDS. Local LIDS Agent: To be responsible for local intrusion detection and local response. Also, it reacts to intrusion alerts sent from other nodes to protect itself against this intrusion. Local MIB Agent: To provide a means of collecting MIB variables for either mobile agents or the Local LIDS Agent. Local MIB Agent acts as an interface with SNMP agent, if SNMP exists and runs on the node, or with a tailor-made agent developed specifically to allow up- dates and retrievals of the MIB variables used by intrusion detection, if none exists. Mobile Agents (MA): They are distributed from its LID to collect and process data on other nodes. The results from their evaluation are then either sent back to their LIDS or sent to another node for further investigation. Mobile Agents Place: To provide a security control to mobile agents. For the methodology of detection, Local IDS Agent can use either anomaly or misuse detection. However, the combination of two mechanisms will offer the better model. Once the local intrusion is detected, the LIDS initiate a response and inform the other nodes in the network. Upon receiving an alert, the LIDS can protect itself against the intrusion. 2.4.3 Distributed Intrusion Detection System Using Multiple Sensors Kachirski and Guha [4] proposed a multi-sensor intrusion detection system based on mobile agent technology. The system can be divided into three main modules, each of which represents a mobile agent with certain func- tionality: monitoring, decision-making or initiating a response. By separate in functional tasks into categories and assigning each task to a different agent, the workload is distributed which is suitable for the characteristics of MANETs. In addition, the hierarchical structure of agents is also developed in this intrusion detection system as shown in Figure 4. Monitoring agent: Two functions are carried out at this class of agent: network monitoring and host monitoring. A host-based monitor agent hosting system-level sensors and user-activity sensors is run on every node to monitor within the node, while a monitor agent with a network monitoring sensor is run only on some selected nodes to monitor at packet-level to capture packets going through the network within its radio ranges. Action agent: Every node also hosts this action agent. Since every node hosts a host-based monitoring agent, it can determine if there is any suspicious or unusual activities on the host node based on anomaly detection. When there is strong evidence supporting the anomaly detected, this action agent can initiate a response, such as terminating the process or blocking a user from the network. Decision agent: The decision agent is run only on certain nodes, mostly those nodes that run network monitoring agents. These nodes collect all packets within its radio range and analyze them to determine whether the network is under attack. Moreover, from the previous paragraph, if the local detection agent cannot make a decision on its own due to insufficient evidence, its local detection agent reports to this decision agent in order to investigate further. This is done by using packet-monitoring results that comes from the network-monitoring sensor that is running locally. If the decision agent concludes that the node is malicious, the action module of the agent running on that node as described above will carry out the response. The network is logically divided into clusters with a single cluster head for each cluster. This clusterhead will monitor the packets within the cluster and only packets whose originators are in the same cluster are captured and investigated. This means that the network monitoring agent (with network monitoring sensor) and the decision agent are run on the cluster head. In this mechanism, the decision agent performs the decision-making based on its own collected information from its network-monitoring sensor; thus, other nodes have no influence on its decision. This way, spooffing attacks and false accusations can be prevented. 2.4.4 Dynamic Hierarchical Intrusion Detection Architecture Since nodes move arbitrarily across the network, a static hierarchy is not suitable for such dynamic network topology. Sterne et al. [16] proposed a dynamic intrusion detection hierarchy that is potentially scalable to large networks by using clustering like those in Section 4.3 and 5.5. However, it can be structured in more than two levels as shown in Figure 5. Nodes labeled 1 are the first level clusterheads while nodes labeled 2 are the second level clusterheads and so on. Members of the first level of the cluster are called leaf nodes. Every node has the responsibilities of monitoring (by accumulating counts and statistics), logging, analyzing (i.e., attack signature matching or checking on packet headers and payloads), responding to intrusions detected if there is enough evidence, and alerting or reporting to cluster heads. Clues treads, in addition, must also perform: Data fusion/integration and data reduction: Clusterheads aggregate and correlate reports from members of the cluster and data of their own. Data reduction may be involved to avoid conflicting data, bogus data and overlapping reports. Besides, cluster heads may send the requests to their children for additional information in order to correlate reports correctly. Intrusion detection computations: Since different attacks require different sets of detected data, data on a single node might not be able to detect the attack, e.g., DDoS attack, and thus clusterheads also analyze the consolidated data before passing to upper levels. Security Management: The uppermost levels of the hierarchy have the authority and responsibility for managing the detection and response capabilities of the clusters and cluster heads below them. They may send the signatures update, or directives and policies to alter the configurations for intrusion detection and response. These update and directives will flow from the top of the hierarchy to the bottom. To form the hierarchical structure, every node uses clustering, which is typically used in MANETs to construct routes, to self-organize into local neighborhoods (first level clusters) and then select neighborhood representatives (cluster heads). These representatives then use clustering to organize themselves into the second level and select the representatives. This process continues until all nodes in the network are part of the hierarchy. The authors also suggested criteria on selecting cluster heads. Some of these criteria are: Connectivity: the number of nodes within one hop Proximity: members should be within one hop of its cluster head Resistance to compromise (hardening): the probability that the node will not be compromised. This is very important for the upper level cluster heads. Processing power, storage capacity, energy remaining, bandwidth cape abilities Additionally, this proposed architecture does not rely solely on promiscuous node monitoring like many proposed architectures, due to its unreliability as described in. Therefore, this architecture also supports direct periodic reporting where packet counts and statistics are sent to monitoring nodes periodically. 2.4.5 Zone-Based Intrusion Detection System (ZBIDS) Sun et al. [24] has proposed an anomaly-based two-level no overlapping Zone-Based Intrusion Detection System (ZBIDS). By dividing the network in Figure 6 into nonoverlapping zones (zone A to zone me), nodes can be categorized into two types: the intrazone node and the interzone node (or a gateway node). Considering only zone E, node 5, 9, 10 and 11 are intrazone nodes, while node 2, 3, 6, and 8 are interzone nodes which have physical connections to nodes in other zones. The formation and maintenance of zones requires each node to know its own physical location and to map its location to a zone map, which requires prior design setup. Each node has an IDS agent run on it which the model of the agent is shown in Figure 7. Similar to an IDS agent proposed by Zhang and Lee (Figure 2), the data collection module and the detection engine are re-sponsible for collecting local audit data (for instance, system call activities, and system log les) and analyzing collected data for any sign of intrusion respectively. In addition, there may be more than one for each of these modules which allows collecting data from various sources and using different detection techniques to improve the detection performance. The local aggregation and correlation (LACE) module is responsible for combining the results of these local detection engines and generating alerts if any abnormal behavior is detected. These alerts are broadcasted to other nodes within the same zone. However, for the global aggregation and correlation (GACE), its functionality depends on the type of the node. As described in Figure 7, if the node is an intrazone node, it only sends the generated alerts to the interzone nodes. Whereas, if the node is an interzone node, it receives alerts from other intrazone nodes, aggregates and correlates those alerts with its own alerts, and then generates alarms. Moreover, the GACE also cooperates with the GACEs of the neighboring interzone nodes to have more accurate information to detect the intrusion. Lastly, the intrusion response module is responsible for handling the alarms generated from the GACE. The local aggregation and correlation Algorithm used in ZBIDS is based on a local Markov chain anomaly detection. IDS agent rust creates a normal profile by constructing a Markov chain from the routing cache. A valid change in the routing cache can be characterized by the Markov chain detection model with probabilities, otherwise, its considered abnormal, and the alert will be generated. For the global aggregation and correlation algorithm, its based on information provided in the received alerts containing the type, the time, and the source of the attacks. 2.5 Intrusion Detection Techniques for Node Cooperation in MANETs Since there is no infrastructure in mobile ad hoc networks, each node must rely on other nodes for cooperation in routing and forwarding packets to the destination. Intermediate nodes might agree to forward the packets but actually drop or modify them because they are misbehaving. The simulations in [5] show that only a few misbehaving nodes can degrade the performance of the entire system. There are several proposed techniques and protocols to detect such misbehavior in order to avoid those nodes, and some schemes also propose punishment as well [6, 7]. 2.5.1 Watchdog and Pathrater Two techniques were proposed by Marti, Giuli, and Baker [5], watchdog and pathrater, to be added on top of the standard routing protocol in ad hoc networks. The standard is Dynamic Source Routing protocol (DSR) [8]. A watchdog identifies the misbehaving nodes by eavesdropping on the transmission of the next hop. A pathrater then helps to find the routes that do not contain those nodes. In DSR, the routing information is defined at the source node. This routing information is passed together with the message through intermediate nodes until it reaches the destination. Therefore, each intermediate node in the path should know who the next hop node is. In addition, listening to the next hops transmission is possible because of the characteristic of wireless networks if node A is within range of node B, A can overhear communication to and from B. Figure 8 shows how the watchdog works. Assume that node S wants to send a packet to node D, which there exists a path from S to D through nodes A, B, and C. Consider now that A has already received a packet from S destined to D. The packet contains a message and routing information. When A forwards this packet to B, A also keeps a copy of the packet in its buffer. Then, it promiscuously listens to the transmission of B to make sure that B forwards to C. If the packet overheard from B (represented by a dashed line) matches that stored in the buffer, it means that B really forwards to the next hop (represented as a solid line). It then removes the packet from the buffer. However, if theres no matched packet after a certain time, the watchdog increments the failures counter for node B. If this counter exceeds the threshold, A concludes that B is misbehaving and reports to the source node S. Path rater performs the calculation of the path metric for each path. By keeping the rating of every node in the network that it knows, the path metric can be calculated by combining the node rating together with link re- liability, which is collected from past experience. Obtaining the path metric for all available paths, the pathrater can choose the path with the highest metric. In addition, if there is no such link reliability information, the path metric enables the pathrater to select the shortest path too. As a result, paths containing misbehaving nodes will be avoided. From the result of the simulation, the system with these two techniques is quite effective for choosing paths to avoid misbehaving nodes. However, those misbehaving nodes are not punished. In contrast, they even benefit from the network. Therefore, misbehaving nodes are encouraged to continue their behaviors. Chapter 3 3. Literature survey 3.1 Introduction The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. The nature of mobility creates new vulnerabilities that do not exist in a fixed wired network, and yet many of the proven security measures turn out to be ineffective. Therefore, the traditional way of protecting networks with firewalls and encryption software is no longer sufficient. We need to develop new architecture and mechanisms to protect the wireless networks and mobile computing applications. The implication of mobile computing on network security research can be further demonstrated by the follow case. Recently (Summer 2001) an Internet worm called Code Red has spread rapidly to infect many of the Windows-based server machines. To prevent this type of worm attacks from spreading into intranets, many. This paper