Saturday, December 28, 2019
Women and their eating disorders Free Essay Example, 2500 words
Eating disorders are known to affect both women and men, but are more common among women and less common among men (Keel et al. , 2007). A variety of studies, including Keel et al. (2007) have reported that the development of eating disorders is triggered by the cultural ideals socialised within society, about the ideal shape and size of the body of women, which is considerably below the weight of an average woman. The social model communicated by the media and the society triggers the feelings of dissatisfaction, which are complemented by the attention offered to weight changes among women, leading to depression. This paper will explore the eating disorders of women, contrasting incidence levels with those of men, where it can shed more light on the depth of the problem. DISCUSSION The eating disorders of women Disordered eating and eating disorders are complex problems affecting both women and men, but which are more common among women. The development of eating disorders is triggered by a variety of factors: familial, cultural, social, biological and psychological. Contrary to the thinking of many people, eating disorders are not entirely related to weight issues and food (Becker et al. , 1999). We will write a custom essay sample on Women and their eating disorders or any topic specifically for you Only $17.96 $11.86/pageorder now Instead, weight and food issues are the indicators of the intrinsic problem underlying the symptoms. In order to understand disordered eating and eating disorders more deeply, it is important to examine these problems and the people affected by them, as well as the many factors that contribute to the development of the problems (Becker et al. , 1999). Many women suffer from the difficulties caused by disordered eating, but only the behaviours of a few progress into full-blown disorders, including bulimia nervosa, anorexia nervosa and binge eating disorder (Becker et al. , 1999). Anorexia nervosa This disorder refers to self-imposed starvation, which is caused by the fear of becoming fat or gaining weight. In many cases, the victims are underweight, at below 15 percent the weight of a healthy person of their height and stature. The disorder is characterised by the distortion of the body image of the victim; she will hold the opinion that she is fat, irrespective of being underweight (Becker et al. , 1999). Among women, this eating disorder triggers amenorrhea, which is the loss of three consecutive menstrual cycles. Bulimia nervosa This disorder refers to the recurrence of purging and binge eating, for at least twice a week. During the incidence of a binge, the person will consume foods that contribute uncontrollably large calorie counts of between 1500 and 3000 in a span of less than one hour (Becker et al. , 1999).
Friday, December 20, 2019
Youth Gangs, Drugs, Violence Essay - 2317 Words
Gang involvement and its associated violent crime have become a rapidly growing problem for the United States. Generally, gangs consist of young people of the same ethnic, racial, and economic background. Usually of a low socio-economic status, these gangs engage in illegal money making activities and intimidate their neighborhoods and rival gangs with violent crimes and victimization. Gang members exemplify a high value for group loyalty and sacrifice. Gangs often target youth when recruiting new members, with the average age of initiation being 13 years old (Omizo, Omizo, and Honda). A personal interview with police gang specialist, Rob Geis, revealed that the rapid growth of gangs is resulting in recruitment at shockingly youngâ⬠¦show more contentâ⬠¦Power seekers are also drawn to gang life, which tend to commit crimes that victimize others. One ex-gang member, Lupita explains that she ââ¬Å"liked belonging to a gang because people recognized her power and they respected herâ⬠(Bazan, Harris, and Lorentzen 380). Gang members use deceptive tactics to prey on the youth by promising protection, acceptance, power, and material wealth. Joining a gang seems to be the best option for disadvantaged youth because it gives them what they are longing for. However, this comes at a price. Gang involvement negatively affects the quality of life of the involved youth and surrounding communities. The criminal activities and violence surrounding gang membership often lead to imprisonment and/or death. Gang involvement discourages personal upward mobility through the avenue of education; instead, placing importance on group success. Although non-gang members may also participate in risky activities like binge drinking, marijuana use, and drug selling, gang affiliation greatly increases exposure and likelihood to partake in these activities. Studies show that ââ¬Å"early alcohol use and early marijuana use are both identified risk factors for joining a gang among adolescentsâ⬠(Swahn et. al 354). Youth gang members are also exposed to hard drugs because of gang involvement in the illegal drug market. Many youth gang members in theseShow MoreRelatedLife Of A Gang : Youth853 Words à |à 4 PagesLife in a Gang Youth are exposed to gang life at an early age, sometimes as early as 10 or 11 years old. Observing older and respected gang members can often lead to impressions among youth that lead them to believe gang life is the way to gain access to things such as status, money and prestige. Research states that older more established gang members will utilize youth to their advantage by having them steal for the gang, buy and sell drugs, carry weapons and commit other crimes in hopes to evadeRead MoreYouth Participation In Gangs Essay1141 Words à |à 5 PagesYouth participation in gangs actually decreased from 1996 to 2004, but the violence within these gangs has not. Homicides committed by youth gang members still remain as a monumental problem across the United States of America. The Office of Juvenile Justice and Delinquency Prevention reported in its 2004 survey of youth gangs that there were an estimated 760,000 gang members that year. Many of the kids affiliated with gangs come from lower income, single parent homes; therefore, the youths of AmericaRead MoreJuvenile Offenders And Juvenile Delinquency1610 Words à |à 7 PagesPrevention Act. Today, youth gangs exist in nearly every state. A gang is basically an organized group of criminals fill with mostly juveniles. Some different types of gangs are Latin King, Crip, Bloods and etc. One expert estimates that more than 3,875 youth gangs with a total of more than 200,000 gang members are established in the 79 largest U.S. cities. Gang activity has extended beyond the inner city of major population centers into smaller communities and suburbs. Today s gangs are best characterizedRead MoreThe Gang Resistance Education And Training ( Great ) Program1298 Words à |à 6 Pagescreation for the Gang Resistance Education and Training (GREAT) program, Americaââ¬â¢s inner cities was experiencing a substantial increase of gang membership along the youth living in impoverished communities. During the early 1990s, many viewed gang activity as a particular communityââ¬â¢s problem, but as youth and gang violence was increasing drastically across the United Statesââ¬â¢ inner ci ties, the publicââ¬â¢s perception about this social issue changed. Due to the rapid rise of gang violence and youth membershipRead MoreGang Violence Essay987 Words à |à 4 Pagestheir home. Gang violence in youths is a prominent problem around numerous portions of the world today. Youths are forced to go along with the engagements taken place in the gang which can be cataclysmic to society and themselves. The life of a youth and their family can be altered by just one simple decision to join a gang, put many people in danger of being hurt, however there are still many workable solutions to put these youths back on track. When a youth elects to join a gang it is typicallyRead MoreSummary : Youth Gang And Violence1615 Words à |à 7 Pages March 27, 2016 Analytic Essay Youth Gang and Violence Delinquent Behavior ââ¬Å"Gangâ⬠ââ¬Å"Youth Gangâ⬠and ââ¬Å"Street Gangâ⬠are just labels used to describe young people consisting of three or more individuals organized to achieve a typical objective and who share a common identity. There is no single and universally accepted definition of gang, gang member and gang activities in the United States, however, the Federal Definition according to NationalRead MoreYouth Gang Prevention Efforts : A Two Pronged Prevention843 Words à |à 4 PagesYouth Gang Prevention Efforts A two-pronged prevention approach has proven effective, with primary prevention strategies aimed at the community s general population and secondary prevention strategies targeting youth between the ages of 7 and 14 who are at high risk of joining gangs. Prevention efforts undertaken by law enforcement departments around the country include: ââ¬Å"Participating in community awareness campaigns (e.g. developing public service announcements and poster campaigns). ContactingRead MoreGangs Of Gangs1136 Words à |à 5 PagesYouth gangs and the violence around them has grown in America. The gang related crimes committed by these youth gangs has risen and the age of these members had dropped. The youth are turning to the gang life at a younger age than ever before. In this essay I will dive into the different geographic types and their youth gangs. We will also take a look at age, gender, and the race of these gang members. Gang related crimes and local gang violence factors will also be discussed in this essay. GangsRead MoreYouth Gang Membership : A Serious Problem Affecting Many Youths Essay1272 Words à |à 6 PagesYouth Gang membership is a serious problem affecting many youths in America. Per the National Youth Gang Survey by the U.S. Justice Department puts the number of youths in gangs at only about 302,000. But a 2015 study by G. Gately found that there are more than 1 million youth gang members. Many youth gang members join around 12 and 13 years old, peaking at 14 years of age (Tara Young, 2014). This review will detail the main reasons youths enter gangs, outreach programs that are making a differenceRead MoreCity Of God : Movie Analysis860 Words à |à 4 Pagesurban issues that was shown numerous times in the movie, the urban crime and youth gang. The youth gang activity was also mentioned in the class reading as follow ââ¬Å"Many of these young people live in and around the citiesââ¬â¢ sprawling public markets, where it is easy to scavenge food. A few work at shinin g shoes, cleaning windshields, or selling anything from candy to their bodies, but most beg or steal to survive.â⬠The youth living in the slum was influenced by the crime activities happening in the slum
Thursday, December 12, 2019
Impact of E-Commerce on Customer Buying Behaviour â⬠Free Samples
Question: Discuss about the Impact of E-Commerce on Customer Buying Behaviour. Answer: Record for this research journal Date Task Action Comment [Please Fill] Choosing the topic to carry on the literature review. Searching topics on the internet Topic selected in the domain IT, and the topic is, Security in wireless networks. [Please Fill] Determining the time period of publication of the literatures to make an up to date review. Time period selected is 2012 and onwards. i.e. literatures published in or after 2012. Literature review will be consisted of latest information. [Please Fill] Determining the purpose of the research and the literature review. Determining the main factors that impacts on the customer behaviour. [Please Fill] Specifying the areas in which special attention will be given. Different internal and external factors affecting the consumer behaviour. [Please Fill] Taking notes from different researches to start the literature review. Collected notes from 10 other literatures. [Please Fill] Determining the two literatures to be reviewed. Literatures selected. [Please Fill] Asking feedback from the friends about the literatures. Feedback collected. [Please Fill] Determining the structure of the literature review Structure is completed and in the literature review. [Please Fill] Finding additional helpful references. Literature view competed. [Please Fill] Checking and proofreading the literature review. Errors corrected. [Please Fill] (Should be Date of Submission) Submission of the literature review Literature review completed. Filing system Source Key words used No of literatures returned No of collected literature Springer 12 1 Google scholar 25 1 Research gate 2 0 Review With the increasing development of internet and its usage in the business and other perspectives are impacting on the behaviours of the customers who uses the internet to purchase products. Business organizations are spending more and more in order to acquire larger segment. The internet can help the business organizations to enhance the buyers purchasing behaviours more proficiently and adequately than different other channels to fulfil their requirements related to specific product (Raghupathi and Fogel 2015). Through the diverse search engines available on internet the consumers can spare time to access to find out the product related data, and which data with blend of videos, sound and picturesand extremely point by point content portrayal to help purchaser learning and picking the most appropriate item from the most appropriate online platform. Individual customers buy services and products from the physical or online store depending on their level of trust in that item or services and dealers/sellers of the product in the store or online. On the web trust is the fundamental and basic component for building a long lasting with clients. Different researches in the recent times demonstrates that online trust is bring down level than the trust in the personal connections in the physical store. The online stores or the e-commerce gives the most important thing convenience to their customers as the principle reason behind the online purchases of the buyers concurred by the majority of analyst and researchers. Due to the element of Internet, it enables client to shopping on the web whenever and anyplace, which implies customers can peruse and shopping on the web 24-hours per day, 7 days seven days from home or office, which draws in some time-starved customers come to Internet for spare time to seeking items in physical store (Huang and Benyoucef 2013). Furthermore, Internet offers a few great approaches to spare cash and time without too much physical effort which is required in case of the physical stores. According to the author Hajli 2015, the customer behaviour is mainly impacted by the two factors which are, internal and external factors. External variables on the customers are originated from the environmental conditions, and internal factors are for the most part from the buyers mind and perception. There are many variables could impact buyer's practices on the online platform (Ioan?s Stoica 2014). As indicated by the external factors that impacts on the buyer behaviour could partition into five parts: Demographics, socio-financial aspects, public policies, use technology; culture; sub-culture; reference and marketing of the online stores. The impact due to the internal factors are assortment of psychological processes in the buyers mind, which incorporate learning, perception about the store, motivation to buy products etc. The reliability of E-commerce sitesis extremely depending on the how much protection or securitycan the site provide to the users personal and financial data shared with the site and the user. For instance, a very specialized SSH channel to transmit data can be a factor to impact the reliability of the site (Mittal 2013). As specified over that the web vendor can give outsider confirmation to E-business site, and keeping in mind that this protection and security procedures are utilized, clients will think their E-commerce exchanges through Web are secure and therefore the webpage is more dependable to them. Close to this point, if the Ecommerce site can give the data about their client services,contact details, and a help a tool on the site. This could likewise build their trustiness to the clients or customers. The process of making decision for the customers are similar regardless the consumer is online or offline. In the present scenario the major factors that makes the difference in the purchase behaviour are the marketing of the products and the services as well as the purchasing environment (Hoban and Bucklin 2015). In case of the traditional customer decision making model, Consumer purchasing choice normally begins with requirement awareness, search for the information, elective assessments, choosing to buy lastly, post-purchase behaviour by the customers. Role of the marketing in influencing the purchase behaviour As far as online communications is concerned affecting the behaviour of the users, when the customers observes online promotions on the internet platform, they attracts the customers attention and stimulates their interest for specific items or services on a specific e-commerce platform. Before they choose to buy, they require extra data to help them out in determining the trustworthiness of the site for which they had observed the promotion. In case the customers do not have enough data/information about the service or product, they will look through online channels to collect the required data. Such asonline indexes, sites, or web search engines. Whenever clients have enough data, they analyse those selections of items. In the inquiry organize, they may search for the expert product reviews or the customer reviews who had bought or used the service from the same platform. After exploring the data collected they willdiscover which e-commerce organization offers them the best option for their desired product or service. Amid this stage, efficient site design and its usability are essential things to induce purchasers to be occupied with purchasing products on a specific site. Besides, the data sources inclination may impact purchasing behaviour of the customers. Consumers can purchase anything at any time without traversing to the different physical stores so that they can find the similar product at lesser price by comparing different e-commerce sites simultaneously.Since on the web stores offer clients with assortment of items and administrations. It gives the customers more choices toanalyse cost from various sites and discover the products with lesser costs than purchasing from physical stores. Few sites, such as EBay for instance, offer customersauction alternative, so they can make a decent pricing for their desired products or services they want to buy. Review The impact of consumer behaviour is one of the most common matters that are being studied by the marketers, entrepreneurs and the researchers from the past and still going on. The researchers study about the different aspects about how the behaviour of the consumer changes due to e commerce. The overall performances of the enterprises have become a key factor in understanding behaviour of the customer. The rises in competition in the industries that are retail have mainly leaded to understanding the reasons for raising the impact of customer behaviour in Australia. This research study deals with all the areas of research background that deals with consumer behaviour which addresses works of marketers and researchers. There are mainly five different impacts of making consumer behaviour more effective in related to e-commerce. The study of behaviour that is related to consumer buying is taken as the part of marketing and the main motive is about the way to learn all the possible way on how the individuals, buy use, dispose goods, and the choose of organizations and factors related to taste, price, branding and experience are the factors that the consumers takes decision on purchasing some products. Such one of the studies that is related with behaviour of consumer buying is conducted by Lim et al. 2016. The study aims to this study is to get the impact of experiences that were studied previously. The study of e- commerce is divided into four different categories that are considered as the characteristics for selling and buying parties. The categories that comes under the e- commerce category are B2B (business to business), B2C (business to consumer), C2C (consumer to consumer) and lastly C2B (consumer to business). The online marketing e- commerce comes under the category of consumer to business marketing. With the increase of internet, companies reach to the rooms of customer easily. The transactions that are made by the buying and selling of products are also done online. Online tractions are very much protective and secure methods for buying products online. There are also many sites available that gives same services and same products at different rates. For instance- a website named as Priceline.com provides the companies to get tickets of airline, hotel room, salons appointment to the customer very easily. The internet can help the business organizations to enhance the buyers purchasing behaviours more proficiently and adequately than different other channels to fulfil their requirements related to specific product. Through the diverse search engines available on internet the consumers can spare time to access to find out the product related data, and which data with blend of videos, soun d and pictures and extremely point by point content portrayal to help purchaser learning and picking the most appropriate item from the most appropriate online platform. The most advantage of using e-commerce as a media for buying and selling is that a particular product or service gets the feedback very soon. It is not possible in offline transaction. The purchasing decisions that are made by the customers are mostly done online in this present day. The technology of website is making the internet social and customers that creates content that has increased the time of development. If the customers do not have enough data/information about the service or product, they will look through online channels to collect the required data. Internet offers more approaches to spare cash and time without too much physical effort which is required in case of the physical stores (Zhang, Gupta and Zhao 2014). The social media is the new way of promoting the products and services over the internet. The evolution of social media has created deep results in the world of marketing. Now a day the marketing teams of a business are putting their businesses add on the social media to promote their products more spontaneously. For instance, a company that deals with flowers has put their advertisement on the Facebook creating an online social media platf orm for the company. Factors Influencing Purchasing Behaviours of Customers The factors that influence the customer behaviour in purchasing products and services are described below: Purchasing Power: For increasing the customer behaviour, purchasing power plays an important role in the marketing sector. The purchasing capacity of the customers are analyzed by generally by making decisions that are related to the products that are needed for buying and selling of product. Even if the product is very good, the purchasing power of customer is not known, den the sale of the product goes down. The customers are segmented in the basis of their purchasing product; it is easy to determine the eligibility of the customer. Marketing Campaigns: Marketing is the most important factor that helps in making the decisions of the customers. The marketing campaigns help to shift the market shares in the industries that are competitive by increasing the decisions of the customers. The campaigns that are done for increasing the sale of the products of services are all done on a regular basis. The transactions that are made by the buying and selling of products are also done online. Online tractions are very much protective and secure methods for buying products online. Economic Conditions: The economic situations that are that are present in the market plays important roles in decisions that are spend by the customers. This is most effective for purchasing houses, vehicles and appliances of other household products. An economic condition that is positive is considered to make the customers more willing and confident to buy the product. This does not depend on the financial liabilities of the person who are buying the products. Personal Preferences: The customer behaviour is motivated by different shades of dislikes, likes, morals, values and priorities at this personal level (Kim, Wang and Malthouse 2015). The style of fashion, personal care and food depends on the each customer and all are different from each other. The products that are shown to the customers are shown according to the preferences that are made by the customers. The internet can help the business organizations to enhance the buyers purchasing behaviours more proficiently and adequately than different other channels to fulfil their requirements related to specific product. Personal preferences are defined by the personal requirements. Group Influence: The decisions that are made by the customers are also affected by the group influence. The group influence mainly comes from classmates, relatives, family members and influential group that are secondary (Chiu et al. 2014). The secondary group that influences customers consists of acquaintances and the neighbours. There are many examples of influence of group such as foods that are homemade are liked by all groups of people. The group influences to changes the decisions of a person. This is also an important factor for influencing the customers in the e-commerce sector. Conclusion From the above literature review of the authors, it is known that the consumer buying is taken as the part of marketing and the main motive is about the way to learn all the possible way on how the individuals, buy use, dispose goods, and the choose of organizations and factors related to taste, price, branding and experience are the factors that the consumers takes decision on purchasing some products. The impact of consumer behaviour is one of the most common matters that are being studied by the marketers, entrepreneurs and the researchers from the past and still going on. The researchers study about the different aspects about how the behaviour of the consumer changes due to e commerce. Introduction The overall performances of the enterprises have become a key factor in understanding behaviour of the customer. The rises in competition in the industries that are retail have mainly leaded to understanding the reasons for raising the impact of customer behaviour in Australia. This research study deals with all the areas of research background that deals with consumer behaviour which addresses works of marketers and researchers. The study of behaviour that is related to consumer buying is taken as the part of marketing and the main motive is about the way to learn all the possible way on how the individuals, buy use, dispose goods, and the choose of organizations and factors related to taste, price, branding and experience are the factors that the consumers takes decision on purchasing some products. References Chiu, C.M., Wang, E.T., Fang, Y.H. and Huang, H.Y., 2014. Understanding customers' repeat purchase intentions in B2C e?commerce: the roles of utilitarian value, hedonic value and perceived risk.Information Systems Journal,24(1), pp.85-114. Hajli, N., 2015. Social commerce constructs and consumer's intention to buy.International Journal of Information Management,35(2), pp.183-191. Hoban, P.R. and Bucklin, R.E., 2015. Effects of internet display advertising in the purchase funnel: Model-based insights from a randomized field experiment.Journal of Marketing Research,52(3), pp.375-393. Huang, Z. and Benyoucef, M., 2013. From e-commerce to social commerce: A close look at design features.Electronic Commerce Research and Applications,12(4), pp.246-259. Ioan?s, E., Stoica, I. (2014). Social media and its impact on consumers behavior.International Journal of Economic Practices and Theories,4(2), 295-303. Kim, S.J., Wang, R.J.H. and Malthouse, E.C., 2015. The effects of adopting and using a brand's mobile application on customers' subsequent purchase behavior.Journal of Interactive Marketing,31, pp.28-41. Lim, Y., Osman, A., Salahuddin, S., Romle, A. and Abdullah, S. (2016). Factors Influencing Online Shopping Behavior: The Mediating Role of Purchase Intention.Procedia Economics and Finance, 35, pp.401-410. Mittal, A., 2013. E-commerce: Its Impact on consumer Behavior.Global Journal of Management and Business Studies,3(2), pp.131-138. Raghupathi, V. and Fogel, J., 2015. The impact of opinion leadership on purchases through social networking websites.Journal of theoretical and applied electronic commerce research,10(3), pp.18-29. Zhang, H., Lu, Y., Gupta, S. and Zhao, L., 2014. What motivates customers to participate in social commerce? The impact of technological environments and virtual customer experiences.Information Management,51(8), pp.1017-1030.
Wednesday, December 4, 2019
Sexual Harassment and Bullying at the Workplace
Questions: 1.Fully define the terms Sexual Harassment and Bullying and discuss how they relate to power. 2.Research and explain the consequences of sexual harassment and bullying in the workplace. 3.Research and discuss an example of what organizations are doing to deal with power abuse. What are they doing to prevent and deal with sexual harassment and bullying in the workplace? Answers: 1. According to the definition set out in the Sexual Discrimination Act 1984, Sexual harassment is considered to be an unsolicited sexual behavior that leads a person to feeling offended, humiliated or intimidated (Bowling Behr, 2006). It does not entail any engagement which is manifested out of mutual consent. The law regards sexual harassment as one of the forms of sexual discrimination. Research indicates that in Australia, the number of women who experience sexual harassment is five times higher than that of men. On the other hand, Tracy et al. (2006) observe that bullying can be described as the psychological, physical, social or verbal abuse by either an employer or other persons at work. If bullying turns violent to include assault and stalking, it can be characterized as a criminal offence. Bullying, however, does not constitute acts which objectively are unfair but they form part of the core practices in the organization. If this practice is perpetuated on the grounds of sex, race, age or any other classified category, then it merits to be regarded as discrimination at the place of work. Sexual harassment and bullying have a direct nexus with power. Justice Mathews observed in the case of OCallaghan v Loder [1984] EOC 92022, 92023, 92024, that sexual harassment occurs if a person is subjected to unwelcome and unsolicited sexual conduct by another party which is in a position of power. In a majority of cases, persons who perpetuate sexual harassment and bullying are often in powerful positions because then the victim is intimidated and fearful of the impending consequences in case they raise an alarm. 2. Sexual harassment and bullying at the workplace present overarching consequences not only to the victim employee but also to the institution where they work and the society as a whole. The first outstanding effect of these vices is that the business incurs unnecessary human costs. Persons who are subjected to sexual harassment and bullying generally have a compromised health especially under the psychological part. Conditions such as anxiety, overt anger, depression and being emotionally distressed are often exhibited. As a matter of fact, recent research indicates that victims of bullying and sexual harassment show signs of Posttraumatic Stress Disorder (PTSD) (Mikkelsen Einarsen, 2002). The effects of these two transgressions are not only confined to the victims. Employees who witness incidents of bullying and sexual harassment are also subjected to mental agony and they often tend to be angered by the many things in the organization. With all these effects to employees in mind , the best returns on human capital cannot be realized. With respect to the organization, workers who are victims of sexual harassment and bullying are often absent due to sickness. In addition to this, even if they come to work, their performance levels are very low. This is majorly because their creativity is very low; loyalty to the organization is compromised and in most cases they engage in counterproductive behavior. They are always not satisfied and contemplate quitting at all times. These negative attitudes greatly hamper optimal performance of a given organization. Finally, these abusive practices once exhibited by a single member of the organization; have the propensity of being adopted by other persons within the institution. For instance, if the victim of sexual harassment or bullying is an employee; they may carry over this abuse to their own employees who subsequently end up abusing their own family members. Therefore, the whole society may end up feeling the pinch of these vices which are started in the organization. 3. A model of how the issue of power abuse within an organization can be found in the procedures of Australian Red Cross. The organizations Equal Opportunity policy establishes independent offices which are meant to tackle various grievances from all employees. There is established the position of the complaints officer who is tasked with handling all complaints by the employees. There is also a contact person at every station who is responsible for resolving any small disputes arising at the workplace while they are still at the rudimentary level. These two positions are bound by a requirement of utmost confidentiality with respect to all cases reported. Therefore, a complainant is free to make allegations about any person, however powerful without fear of being reprimanded or that the information could be divulged prematurely. With these mechanisms in place, very powerful persons in the organization are cautious not to engage in unbecoming conduct because they know that investigati ons can be discreetly commenced against them at any time (Nicolson, 2015). Sexual harassment and bullying have also been adequately addressed by many organizations in order to improve the working conditions of all employees. The very first step towards tackling these vices is to concisely define the meaning of the two terms from the organizations perspective and provide an elaborate list of conduct that may constitute such transgressions. Organizations are very cautious not to be subjected to a law suit predicated on the two grounds; therefore, they have established more effective internal preventive measures and dispute resolution mechanisms. A good structure from this front must first entail a very strict code of conduct which governs all employees from top to bottom regardless of the power they hold. Secondly, Organizations have resorted to using hotlines or specific complaints officials who are free of influence from any powerful figures within the institution. In light of all these procedures, it is also prudent to have all employees aware of consequen ces of conduct which falls under sexual harassment and bullying. This will enormously deter any such malpractices in the institution. Reference List Bowling, N.A. and Beehr, T.A., 2006. Workplace harassment from the victim's perspective: atheoretical model and meta-analysis. Journal of Applied Psychology, 91(5), p.998. Mikkelsen, E.G.E. and Einarsen, S., 2002. Basic assumptions and symptoms of post-traumaticstress among victims of bullying at work. European Journal of work and organizationalpsychology, 11(1), pp.87-111. Nicolson, P., 2015. Gender, power and organization: a psychological perspective on life at work. Routledge. Tracy, S.J., Lutgen-Sandvik, P. and Alberts, J.K., 2006. Nightmares, demons, and slavesexploring the painful metaphors of workplace bullying. Management communicationquarterly, 20(2), pp.148-185.
Thursday, November 28, 2019
CYBERBULLYING Essays - Behavior, Cyberbullying, Abuse, Bullying
CYBERBULLYING Jordan Mcfarlane Class 8A5 Cyberbullying is a huge problem affecting mostly teenagers around the world. The effects of cyberbullying alone can be long-term or short-term. The signs of it of it happening can be obvious to most parents but to some it's how their child ac ts on the daily basis. Most of the parents who don't realize, their own child is the bully! There are many ways to spot cyberbullying and how to prevent it from happening. First off, Cyberbullying is the act of using technology to harass, humiliate, and to find and target a certain person. Some children and teens will even go to the point to even create a fake account just to harass their target. Some children who are bullied in school will cyberbully their bully on social media because the bully wouldn't know who it is. Usually the cyberbullie s will post an embarrassing photo or video of their victim on social media and the picture or video will usually be on that social media site forever and everybody who sees it will usually comment something bad about the video or photo . Secondly, the effects of cyberbullying are harsh and can leave families in grief. Cyberbullying can take place at any time, any day of the week even while the child is in school. Your child may feel like they being harassed 24/7. Some of the effects of it happening can be short term or long term. The short term effects of cyberbullying usually are low self-esteem, body pains (Headaches and more), Grades will drop drastically, and the victim will not want to go out to places anymore. The long-term effects are worst because they will stick with you for a long time or even forever. The long-term effects can be Depression, Going into drugs and alcohol, being suspended or expelled from school, and much more. The fact that surprises a lot of people are that the victim and the bully are at risk of suicidal thoughts, attempts and completed ones. Next, the signs of cyberbullying can be obvious to some parents who pay attention to their children's behavior and body tone. The signs of cyberbullying is looking in distress emotionally while using the laptop or phone, being private and secretive about their social life, or wanting to avoid all discussions about the child's social life. Most of the time the child does not want to tell the parent about them being cyberbullied because they believe that they're computer privileges will be taken away. Lastly, the parents and the child can avoid cyberbullying by doing many different things. The child can just block the bully as soon as it starts to avoid the future problems, the child may disagree with limiting their access to technology but it is an effective way to prevent cyberbullying from happening. Your child might not want to share their social life with you but it is a way to give advice to your child on to avoid all problems with cyberbullies. In conclusion, Cyberbullying is a huge problem with teens these days and it needs to be stopped. The effects and signs of it happening can be obvious to some parents like the grade and more. Cyberbullying can even end a teens life. ALL INFORMATION CAME FROM: m.kidshealth.org
Sunday, November 24, 2019
Douglass essays
Douglass essays Slavery was perhaps one of the most appalling tragedies in the history of the United States of America. As explained in the Narrative of the Life of Frederick Douglass, each slave had a different experience with slavery, but they all had certain things in common and a couple of those things were a life of unthinkable acts of cruelty and the desire to become free. In Douglass Narrative, he explains his life as a slave and how he uses his education and extraordinary ability of speaking to influence the freedom of all slaves. In reading the Narrative of the life of Frederick Douglass, I like others, found myself to be deeply moved. The way in which Mr. Douglass walked me through his life as a slave gave me a better understanding of the struggle that African American slaves encountered. Douglass was born in Talbot County, Maryland, but he does not know the year, as most slaves are not allowed to know their ages. He points out that slave owners deliberately keep their slaves ignorant, and that this is a tactic whites us to gain power over slaves. This is the recurrent structure Douglass uses in his narrative. I find this to be interesting, and wonder why that is. How does not knowing the age of ones self keep them ignorant? I have no accurate knowledge of my age, never having seen any authentic record containing it. By far the larger part of the slaves know as little of their ages as horses know of theirs, and it is the wish of most masters within my knowledge to keep their slaves thus ignorant.(pg.19) However, based on an overheard comment from his master, Douglass guesses that he was born in or around 1818. Douglasss mother was Harriet Bailey, and they were separated soon after birth, a common practice among slave owners. Douglass assumes that this cust om is intended to break the natural bond of affection between mother and child. For what this separation is done, I do not know, unless it i...
Thursday, November 21, 2019
Exxon Valdez Oil Spill Essay Example | Topics and Well Written Essays - 1000 words
Exxon Valdez Oil Spill - Essay Example The oil spill incident of Exxon Valdez oil tanker in the year 1989 had occurred in the Alaska. The disaster occurred when the tanker had struck the Bligh Reef in the Prince William Sound in Alaska. The location being a remote one and the intensity of the disaster being huge, the government had to encounter difficulties in reaching at the location for the cleanup process. Only helicopters and boats could reach the location. It was in the Prince William Soundââ¬â¢s region and the fishing industry in the area was significantly affected along with the food chain in the region, as well as birds and other sea species. The effects were severely obtained in species like the harbor porpoises and sea lions, and several varieties of whales, and the lives of different migratory birds came under danger (Exxon Valdez, 2011). It could be realized that Exxon was not prepared for such a massive disaster. Thus after the occurrence of the incident, the local coast Marine Safety Office (MSO) as well as the contingency plan for Prince William Sound had been found to take the initiatives in the rescue and cleanup process with much difficulties. The planning of the federal government and the preparedness were considered under the responsibilities of the National Response Team (NRT) that include 14 agencies of the federal department. As soon as the incident was noted, the MSO and other immediate authorities took charge to put a stop to the traffic at the port of Valdez. The cleanup process was undertaken by the Alyeska and their activities had been initiative within 45 minutes of the notification of the spillage (Skinner & Reilly, 5-12). The most important concern considered was the spillage to be stopped from spreading in the sea. The National Oceanic and Atmospheric Administration (NOAA) had taken charge of identifying the areas that were more vulnerable to the
Wednesday, November 20, 2019
Methods for Resolving Small Scale Systems Problems Essay - 1
Methods for Resolving Small Scale Systems Problems - Essay Example General systems theory is often used to solve many problems. Problems are nothing new for human being. Since the creation of mankind, it is a common fact that human beings are continuously facing different problems and adopt various techniques to cope with these problems. Situations that may arise time to time always require some action to cope with them. Moreover, problems may be well defined and at small scale like opening a can, solving some mathematical problem and scoring in any specific game. On the other hand problems and issues may be of large scale. This may include the opening of a business which requires proper strategies, planning at each and every step. So, each and every problem always requires some specific strategy and solution. However, it does not mean that one solution is used to resolve any particular issue only and it is not suitable for some other problem. 2. After that you have to choose the strategy in order to solve the problem. For that purpose you should consider all those strategies and solutions that are available. Just adopt one that you think best out of all. Here, I want to mention that the basic reason to explain all the above mentioned details is to make it clear that problem solving always requires some specific phases whether short term goals are required to achieve or long term goals. So, here we can also say that problem solving of large scale systems can be applied to smaller scale systems as well because the basic thing to follow is to consider all the required phases accordingly. Now, I am going to explain briefly some of the systems methodologies that are described to resolve the problems of large scale systems. I will further explain that how these strategies can be applied to smaller scale systems. Basically, systems science and systems theory evolved to handle the real world and to resolve complex, intertwined, large scale and small scale systems problems. Remember, problems always contain some sort
Monday, November 18, 2019
Wigand vs. brown and Williamson- ethical issues Essay
Wigand vs. brown and Williamson- ethical issues - Essay Example ere not only grounded on the dangers accompanied smoking but also the fact that the company was adding chemicals to the cigarettes and this made the consumption of such cigarettes more addictive to the consumers. First, there was ethical violation of the consumersââ¬â¢ rights. Apart from the fact that the company endangered the lives of the people, it was also unlawfully and corruptly obtaining wealth from the unsuspecting consumers. When investigation was instituted by the CBS, Wigand was convinced by Lowell Bergman to make his testimony proving the allegation through an interview. In the process of doing that, Wigand found himself in an awkward situation that put his entire life at risk. The information he provided regarding this malpractice was treated with contempt. He suffered a lot of harassment and faced numerous threats because of such crucial information. The point of interest was that the CBS did not air the interview and the information that was presented by Wigand despite the risk he had taken. The main reason that the CBS gave for the failure to air the interview was the fear of litigation by the company. The CBS had broken law in this matter because of the omission. As a fourth estate, it was important that they work at the interest of the people and not base their actions on fear of actions being taken by the company. This was one of the major ethical dilemmas that CBS had placed itself in. It was now serving its own interests based on assumption rather than the interest of the people. It was revealed that the management of the CBS has chosen not to air the interview purely for monetary reasons. According to the study, it was revealed that the CBS did not want to taint their name with any legal issues particularly litigations, considering that they were at the verge of selling their company with the Westinghouse, and negotiatio ns were at critical level. This envisaged litigation was seen to have the potential of lowering the company stock.
Friday, November 15, 2019
Mobile Ad Hoc Network Intrusion Detection System (IDS)
Mobile Ad Hoc Network Intrusion Detection System (IDS) Chapter 1 1. Introduction Mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs) are relatively new communication paradigms. MANETs do not require expensive base stations or wired infrastructure. Nodes within radio range of each other can communicate directly over wireless links, and those that are far apart use other nodes as relays. Each host in a MANET also acts as a router as routes are mostly multichip. The lack of fixed infrastructure and centralized authority makes a MANET suitable for a broad range of applications in both military and civilian environments. For example, a MANET could be deployed quickly for military communications in the battlefield. A MANET also could be deployed quickly in scenarios such as a meeting room, a city transportation wireless network, for fire fighting, and so on. To form such a cooperative and self configurable network, every mobile host should be a friendly node and willing to relay messages for others. In the original design of a MANET, global trustworthiness in nodes within the whole network is a fundamental security assumption. Recent progress in wireless communications and micro electro mechanical systems (MEMS) technology has made it feasible to build miniature wireless sensor nodes that integrate sensing, data processing, and communicating capabilities. These miniature wireless sensor nodes can be extremely small, as tiny as a cubic centimeter. Compared with conventional computers, the low-cost, battery-powered, sensor nodes have a limited energy supply, stringent processing and communications capabilities, and memory is scarce. The design and implementation of relevant services for WSNs must keep these limitations in mind. Based on the collaborative efforts of a large number of sensor nodes, WSNs have become good candidates to provide economically viable solutions for a wide range of applications, such as environmental monitoring, scientific data collection, health monitoring, and military operations. Despite the wide variety of potential applications, MANETs and WSNs often are deployed in adverse or even hostile environments. Therefore, they cannot be readily deployed without first addressing security challenges. Due to the features of an open medium, the low degree of physical security of mobile nodes, a dynamic topology, a limited power supply, and the absence of a central management point, MANETs are more vulnerable to malicious attacks than traditional wired networks are. In WSNs, the lack of physical security combined with unattended operations make sensor nodes prone to a high risk of being captured and compromised, making WSNs vulnerable to a variety of attacks. A mobile ad hoc network (MANET) is a self-configuring network that is formed automatically by a collection of mobile nodes without the help of a fixed infrastructure or centralized management. Each node is equipped with a wireless transmitter and receiver, which allow it to communicate with other nodes in its radio communication range. In order for a node to forward a packet to a node that is out of its radio range, the cooperation of other nodes in the network is needed; this is known as multi-hop communication. Therefore, each node must act as both a host and a router at the same time. The network topology frequently changes due to the mobility of mobile nodes as they move within, move into, or move out of the network. A MANET with the characteristics described above was originally developed for military purposes, as nodes are scattered across a battlefield and there is no infrastructure to help them form a network. In recent years, MANETs have been developing rapidly and are increasingly being used in many applications, ranging from military to civilian and commercial uses, since setting up such networks can be done without the help of any infrastructure or interaction with a human. Some examples are: search-and-rescue missions, data collection, and virtual classrooms and conferences where laptops, PDA or other mobile devices share wireless medium and communicate to each other. As MANETs become widely used, the security issue has become one of the primary concerns. For example, most of the routing protocols proposed for MANETs assume that every node in the network is cooperative and not malicious [1]. Therefore, only one compromised node can cause the failure of the entire network. There are both passive and active attacks in MANETs. For passive at tacks, packets containing secret information might be eavesdropped, which violates confidentiality. Active attacks, including injecting packets to invalid destinations into the network, deleting packets, modifying the contents of packets, and impersonating other nodes violate availability, integrity, authentication, and non-repudiation. Proactive approaches such as cryptography and authentication were first brought into consideration, and many techniques have been proposed and implemented. However, these applications are not sufficient. If we have the ability to detect the attack once it comes into the network, we can stop it from doing any damage to the system or any data. Here is where the intrusion detection system comes in. Intrusion detection can be defined as a process of monitoring activities in a system, which can be a computer or network system. The mechanism by which this is achieved is called an intrusion detection system (IDS). An IDS collects activity information and then analyzes it to determine whether there are any activities that violate the security rules. Once AN ID determines that an unusual activity or an activity that is known to be an attack occurs, it then generates an alarm to alert the security administrator. In addition, IDS can also initiate a proper response to the malicious activity. Although there are several intrusion detection techniques developed for wired networks today, they are not suitable for wireless networks due to the differences in their characteristics. Therefore, those techniques must be modified or new techniques must be developed to make intrusion detection work effectively in MANETs. In this paper, we classify the architectures for IDS in MANETs, each of which is suitable for different network infrastructures. Current intrusion detection systems corresponding to those architectures are reviewed and compared. Chapter 2 Background 2.1 Intrusion Detection System (IDS) Many historical events have shown that intrusion prevention techniques alone, such as encryption and authentication, which are usually a first line of defense, are not sufficient. As the system become more complex, there are also more weaknesses, which lead to more security problems. Intrusion detection can be used as a second wall of defense to protect the network from such problems. If the intrusion is detected, a response can be initiated to prevent or minimize damage to the system. To make intrusion detection systems work, basic assumptions are made. The first assumption is that user and program activities are observable. The second assumption, which is more important, is that normal and intrusive activities must have distinct behaviors, as intrusion detection must capture and analyze system activity to determine if the system is under attack. Intrusion detection can be classified based on audit data as either host- based or network-based. A network-based IDS captures and analyzes packets from network traà ±c while a host-based IDS uses operating system or application logs in its analysis. Based on detection techniques, IDS can also be classified into three categories as follows [2]. Anomaly detection systems: The normal profiles (or normal behaviors) of users are kept in the system. The system compares the captured data with these profiles, and then treats any activity that deviates from the baseline as a possible intrusion by informing system administrators or initializing a proper response. Misuse detection systems: The system keeps patterns (or signatures) of known attacks and uses them to compare with the captured data. Any matched pattern is treated as an intrusion. Like a virus detection system, it cannot detect new kinds of attacks. Specification-based detection: The system defines a set of constraints that describe the correct operation of a program or protocol. Then, it monitors the execution of the program with respect to the defined constraints. 2.2 Intrusion Detection in MANETs Many intrusion detection systems have been proposed in traditional wired networks, where all track must go through switches, routers, or gateways. Hence, IDS can be added to and implemented in these devices easily [17, 18]. On the other hand, MANETs do not have such devices. Moreover, the medium is wide open, so both legitimate and malicious users can access it. Furthermore, there is no clear separation between normal and unusual activities in a mobile environment. Since nodes can move arbitrarily, false routing information could be from a compromised node or a node that has outdated information. Thus, the current IDS techniques on wired networks cannot be applied directly to MANETs. Many intrusion detection systems have been proposed to suit the characteristics of MANETs, some of which will be discussed in the next sections. 2.3 Architectures for IDS in MANETs The network infrastructures that MANETs can be configured to are either at or multi-layer, depending on the applications. Therefore, the optimal IDS architecture for a MANET may depend on the network infrastructure itself [9]. In an network infrastructure, all nodes are considered equal, thus it may be suitable for applications such as virtual classrooms or conferences. On the contrary, some nodes are considered different in the multi-layered network infrastructure. Nodes may be partitioned into clusters with one cluster head for each cluster. To communicate within the cluster, nodes can communicate directly. However, communication across the clusters must be done through the cluster head. This infrastructure might be well suited for military applications. 2.3.1 Stand-alone Intrusion Detection Systems In this architecture, an intrusion detection system is run on each node independently to determine intrusions. Every decision made is based only on information collected at its own node, since there is no cooperation among nodes in the network. Therefore, no data is exchanged. Besides, nodes in the same network do not know anything about the situation on other nodes in the network as no alert information is passed. Although this architecture is not elective due to its limitations, it may be suitable in a network where not all nodes are capable of running IDS or have IDS installed. This architecture is also more suitable for an network infrastructure than for multi-layered network infrastructure. Since information on each individual node might not be enough to detect intrusions, this architecture has not been chosen in most of the IDS for MANETs. 2.3.2 Distributed and Cooperative Intrusion Detection Systems Since the nature of MANETs is distributed and requires cooperation of other nodes, Zhang and Lee [1] have proposed that the intrusion detection and response system in MANETs should also be both distributed and cooperative as shown in Figure 1. Every node participates in intrusion detection and response by having an IDS agent running on them. An IDS agent is responsible for detecting and collecting local events and data to identify possible intrusions, as well as initiating a response independently. However, neighboring IDS agents cooperatively participate in global intrusion detection actions when the evidence is inconclusive. Similarly to stand-alone IDS architecture, this architecture is more suitable for a network infrastructure, not multi-layered one. 2.3.3 Hierarchical Intrusion Detection Systems Hierarchical IDS architectures extend the distributed and cooperative IDS architectures and have been proposed for multi-layered network infrastructures where the network is divided into clusters. Clusterheads of each cluster usually have more functionality than other members in the clusters, for example routing packets across clusters. Thus, these cluster heads, in some sense, act as control points which are similar to switches, routers, or gateways in wired networks. The same concept of multi-layering is applied to intrusion detection systems where hierarchical IDS architecture is proposed. Each IDS agent is run on every member node and is responsible locally for its node, i.e., monitoring and deciding on locally detected intrusions. A clusterhead is responsible locally for its node as well as globally for its cluster, e.g. monitoring network packets and initiating a global response when network intrusion is detected. 2.3.4 Mobile Agent for Intrusion Detection Systems A concept of mobile agents has been used in several techniques for intrusion detection systems in MANETs. Due to its ability to move through the large network, each mobile agent is assigned to perform only one specific task, and then one or more mobile agents are distributed into each node in the network. This allows the distribution of the intrusion detection tasks. There are several advantages for using mobile agents [2]. Some functions are not assigned to every node; thus, it helps to reduce the consumption of power, which is scarce in mobile ad hoc networks. It also provides fault tolerance such that if the network is partitioned or some agents are destroyed, they are still able to work. Moreover, they are scalable in large and varied system environments, as mobile agents tend to be independent of platform architectures. However, these systems would require a secure module where mobile agents can be stationed to. Additionally, mobile agents must be able to protect themselves from the secure modules on remote hosts as well. Mobile-agent-based IDS can be considered as a distributed and cooper ative intrusion detection technique as described in Section 3.2. Moreover, some techniques also use mobile agents combined with hierarchical IDS, for example, what will be described in Section 4.3. 2.4 Sample Intrusion Detection Systems for MANETs Since the IDS for traditional wired systems are not well-suited to MANETs, many researchers have proposed several IDS especially for MANETs, which some of them will be reviewed in this section. 2.4.1 Distributed and Cooperative IDS As described in Section 3.2, Zhang and Lee also proposed the model for distributed and cooperative IDS as shown in Figure 2 [1]. The model for an IDS agent is structured into six modules. The local data collection module collects real-time audit data, which includes system and user activities within its radio range. This collected data will be analyzed by the local detection engine module for evidence of anomalies. If an anomaly is detected with strong evidence, the IDS agent can determine independently that the system is under attack and initiate a response through the local response module (i.e., alerting the local user) or the global response module (i.e., deciding on an action), depending on the type of intrusion, the type of network protocols and applications, and the certainty of the evidence. If an anomaly is detected with weak or inconclusive evidence, the IDS agent can request the cooperation of neighboring IDS agents through a cooperative detection engine module, which communicates to other agents through a secure communication module. 2.4.2 Local Intrusion Detection System (LIDS) Albers et al. [3] proposed a distributed and collaborative architecture of IDS by using mobile agents. A Local Intrusion Detection System (LIDS) is implemented on every node for local concern, which can be extended for global concern by cooperating with other LIDS. Two types of data are exchanged among LIDS: security data and intrusion alerts. In order to analyze the possible intrusion, data must be obtained from what the LIDS detect, along with additional information from other nodes. Other LIDS might be run on different operating systems or use data from different activities such as system, application, or network activities; therefore, the format of this raw data might be different, which makes it hard for LIDS to analyze. However, such difficulties can be solved by using SNMP (Simple Network Management Protocol) data located in MIBs (Management Information Base) as an audit data source. Such a data source not only eliminates those difficulties, but also reduces the in-Figure 3: L IDS Architecture in A Mobile Node [3] crease in using additional resources to collect audit data if an SNMP agent is already run on each node. To obtain additional information from other nodes, the authors proposed mobile agents to be used to transport SNMP requests to other nodes. In another words, to distribute the intrusion detection tasks. The idea differs from traditional SNMP in that the traditional approach transfers data to the requesting node for computation while this approach brings the code to the data on the requested node. This is initiated due to untrustworthiness of UDP messages practiced in SNMP and the active topology of MANETs. As a result, the amount of exchanged data is tremendously reduced. Each mobile agent can be assigned a specific task which will be achieved in an autonomous and asynchronous fashion without any help from its LIDS. The LIDS architecture is shown in Figure 3, which consists of à ² Communication Framework: To facilitate for both internal and external communication with a LIDS. Local LIDS Agent: To be responsible for local intrusion detection and local response. Also, it reacts to intrusion alerts sent from other nodes to protect itself against this intrusion. Local MIB Agent: To provide a means of collecting MIB variables for either mobile agents or the Local LIDS Agent. Local MIB Agent acts as an interface with SNMP agent, if SNMP exists and runs on the node, or with a tailor-made agent developed specifically to allow up- dates and retrievals of the MIB variables used by intrusion detection, if none exists. Mobile Agents (MA): They are distributed from its LID to collect and process data on other nodes. The results from their evaluation are then either sent back to their LIDS or sent to another node for further investigation. Mobile Agents Place: To provide a security control to mobile agents. For the methodology of detection, Local IDS Agent can use either anomaly or misuse detection. However, the combination of two mechanisms will offer the better model. Once the local intrusion is detected, the LIDS initiate a response and inform the other nodes in the network. Upon receiving an alert, the LIDS can protect itself against the intrusion. 2.4.3 Distributed Intrusion Detection System Using Multiple Sensors Kachirski and Guha [4] proposed a multi-sensor intrusion detection system based on mobile agent technology. The system can be divided into three main modules, each of which represents a mobile agent with certain func- tionality: monitoring, decision-making or initiating a response. By separate in functional tasks into categories and assigning each task to a different agent, the workload is distributed which is suitable for the characteristics of MANETs. In addition, the hierarchical structure of agents is also developed in this intrusion detection system as shown in Figure 4. Monitoring agent: Two functions are carried out at this class of agent: network monitoring and host monitoring. A host-based monitor agent hosting system-level sensors and user-activity sensors is run on every node to monitor within the node, while a monitor agent with a network monitoring sensor is run only on some selected nodes to monitor at packet-level to capture packets going through the network within its radio ranges. Action agent: Every node also hosts this action agent. Since every node hosts a host-based monitoring agent, it can determine if there is any suspicious or unusual activities on the host node based on anomaly detection. When there is strong evidence supporting the anomaly detected, this action agent can initiate a response, such as terminating the process or blocking a user from the network. Decision agent: The decision agent is run only on certain nodes, mostly those nodes that run network monitoring agents. These nodes collect all packets within its radio range and analyze them to determine whether the network is under attack. Moreover, from the previous paragraph, if the local detection agent cannot make a decision on its own due to insufficient evidence, its local detection agent reports to this decision agent in order to investigate further. This is done by using packet-monitoring results that comes from the network-monitoring sensor that is running locally. If the decision agent concludes that the node is malicious, the action module of the agent running on that node as described above will carry out the response. The network is logically divided into clusters with a single cluster head for each cluster. This clusterhead will monitor the packets within the cluster and only packets whose originators are in the same cluster are captured and investigated. This means that the network monitoring agent (with network monitoring sensor) and the decision agent are run on the cluster head. In this mechanism, the decision agent performs the decision-making based on its own collected information from its network-monitoring sensor; thus, other nodes have no influence on its decision. This way, spooffing attacks and false accusations can be prevented. 2.4.4 Dynamic Hierarchical Intrusion Detection Architecture Since nodes move arbitrarily across the network, a static hierarchy is not suitable for such dynamic network topology. Sterne et al. [16] proposed a dynamic intrusion detection hierarchy that is potentially scalable to large networks by using clustering like those in Section 4.3 and 5.5. However, it can be structured in more than two levels as shown in Figure 5. Nodes labeled 1 are the first level clusterheads while nodes labeled 2 are the second level clusterheads and so on. Members of the first level of the cluster are called leaf nodes. Every node has the responsibilities of monitoring (by accumulating counts and statistics), logging, analyzing (i.e., attack signature matching or checking on packet headers and payloads), responding to intrusions detected if there is enough evidence, and alerting or reporting to cluster heads. Clues treads, in addition, must also perform: Data fusion/integration and data reduction: Clusterheads aggregate and correlate reports from members of the cluster and data of their own. Data reduction may be involved to avoid conflicting data, bogus data and overlapping reports. Besides, cluster heads may send the requests to their children for additional information in order to correlate reports correctly. Intrusion detection computations: Since different attacks require different sets of detected data, data on a single node might not be able to detect the attack, e.g., DDoS attack, and thus clusterheads also analyze the consolidated data before passing to upper levels. Security Management: The uppermost levels of the hierarchy have the authority and responsibility for managing the detection and response capabilities of the clusters and cluster heads below them. They may send the signatures update, or directives and policies to alter the configurations for intrusion detection and response. These update and directives will flow from the top of the hierarchy to the bottom. To form the hierarchical structure, every node uses clustering, which is typically used in MANETs to construct routes, to self-organize into local neighborhoods (first level clusters) and then select neighborhood representatives (cluster heads). These representatives then use clustering to organize themselves into the second level and select the representatives. This process continues until all nodes in the network are part of the hierarchy. The authors also suggested criteria on selecting cluster heads. Some of these criteria are: Connectivity: the number of nodes within one hop Proximity: members should be within one hop of its cluster head Resistance to compromise (hardening): the probability that the node will not be compromised. This is very important for the upper level cluster heads. Processing power, storage capacity, energy remaining, bandwidth cape abilities Additionally, this proposed architecture does not rely solely on promiscuous node monitoring like many proposed architectures, due to its unreliability as described in. Therefore, this architecture also supports direct periodic reporting where packet counts and statistics are sent to monitoring nodes periodically. 2.4.5 Zone-Based Intrusion Detection System (ZBIDS) Sun et al. [24] has proposed an anomaly-based two-level no overlapping Zone-Based Intrusion Detection System (ZBIDS). By dividing the network in Figure 6 into nonoverlapping zones (zone A to zone me), nodes can be categorized into two types: the intrazone node and the interzone node (or a gateway node). Considering only zone E, node 5, 9, 10 and 11 are intrazone nodes, while node 2, 3, 6, and 8 are interzone nodes which have physical connections to nodes in other zones. The formation and maintenance of zones requires each node to know its own physical location and to map its location to a zone map, which requires prior design setup. Each node has an IDS agent run on it which the model of the agent is shown in Figure 7. Similar to an IDS agent proposed by Zhang and Lee (Figure 2), the data collection module and the detection engine are re-sponsible for collecting local audit data (for instance, system call activities, and system log les) and analyzing collected data for any sign of intrusion respectively. In addition, there may be more than one for each of these modules which allows collecting data from various sources and using different detection techniques to improve the detection performance. The local aggregation and correlation (LACE) module is responsible for combining the results of these local detection engines and generating alerts if any abnormal behavior is detected. These alerts are broadcasted to other nodes within the same zone. However, for the global aggregation and correlation (GACE), its functionality depends on the type of the node. As described in Figure 7, if the node is an intrazone node, it only sends the generated alerts to the interzone nodes. Whereas, if the node is an interzone node, it receives alerts from other intrazone nodes, aggregates and correlates those alerts with its own alerts, and then generates alarms. Moreover, the GACE also cooperates with the GACEs of the neighboring interzone nodes to have more accurate information to detect the intrusion. Lastly, the intrusion response module is responsible for handling the alarms generated from the GACE. The local aggregation and correlation Algorithm used in ZBIDS is based on a local Markov chain anomaly detection. IDS agent rust creates a normal profile by constructing a Markov chain from the routing cache. A valid change in the routing cache can be characterized by the Markov chain detection model with probabilities, otherwise, its considered abnormal, and the alert will be generated. For the global aggregation and correlation algorithm, its based on information provided in the received alerts containing the type, the time, and the source of the attacks. 2.5 Intrusion Detection Techniques for Node Cooperation in MANETs Since there is no infrastructure in mobile ad hoc networks, each node must rely on other nodes for cooperation in routing and forwarding packets to the destination. Intermediate nodes might agree to forward the packets but actually drop or modify them because they are misbehaving. The simulations in [5] show that only a few misbehaving nodes can degrade the performance of the entire system. There are several proposed techniques and protocols to detect such misbehavior in order to avoid those nodes, and some schemes also propose punishment as well [6, 7]. 2.5.1 Watchdog and Pathrater Two techniques were proposed by Marti, Giuli, and Baker [5], watchdog and pathrater, to be added on top of the standard routing protocol in ad hoc networks. The standard is Dynamic Source Routing protocol (DSR) [8]. A watchdog identifies the misbehaving nodes by eavesdropping on the transmission of the next hop. A pathrater then helps to find the routes that do not contain those nodes. In DSR, the routing information is defined at the source node. This routing information is passed together with the message through intermediate nodes until it reaches the destination. Therefore, each intermediate node in the path should know who the next hop node is. In addition, listening to the next hops transmission is possible because of the characteristic of wireless networks if node A is within range of node B, A can overhear communication to and from B. Figure 8 shows how the watchdog works. Assume that node S wants to send a packet to node D, which there exists a path from S to D through nodes A, B, and C. Consider now that A has already received a packet from S destined to D. The packet contains a message and routing information. When A forwards this packet to B, A also keeps a copy of the packet in its buffer. Then, it promiscuously listens to the transmission of B to make sure that B forwards to C. If the packet overheard from B (represented by a dashed line) matches that stored in the buffer, it means that B really forwards to the next hop (represented as a solid line). It then removes the packet from the buffer. However, if theres no matched packet after a certain time, the watchdog increments the failures counter for node B. If this counter exceeds the threshold, A concludes that B is misbehaving and reports to the source node S. Path rater performs the calculation of the path metric for each path. By keeping the rating of every node in the network that it knows, the path metric can be calculated by combining the node rating together with link re- liability, which is collected from past experience. Obtaining the path metric for all available paths, the pathrater can choose the path with the highest metric. In addition, if there is no such link reliability information, the path metric enables the pathrater to select the shortest path too. As a result, paths containing misbehaving nodes will be avoided. From the result of the simulation, the system with these two techniques is quite effective for choosing paths to avoid misbehaving nodes. However, those misbehaving nodes are not punished. In contrast, they even benefit from the network. Therefore, misbehaving nodes are encouraged to continue their behaviors. Chapter 3 3. Literature survey 3.1 Introduction The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. The nature of mobility creates new vulnerabilities that do not exist in a fixed wired network, and yet many of the proven security measures turn out to be ineffective. Therefore, the traditional way of protecting networks with firewalls and encryption software is no longer sufficient. We need to develop new architecture and mechanisms to protect the wireless networks and mobile computing applications. The implication of mobile computing on network security research can be further demonstrated by the follow case. Recently (Summer 2001) an Internet worm called Code Red has spread rapidly to infect many of the Windows-based server machines. To prevent this type of worm attacks from spreading into intranets, many. This paper Mobile Ad Hoc Network Intrusion Detection System (IDS) Mobile Ad Hoc Network Intrusion Detection System (IDS) Chapter 1 1. Introduction Mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs) are relatively new communication paradigms. MANETs do not require expensive base stations or wired infrastructure. Nodes within radio range of each other can communicate directly over wireless links, and those that are far apart use other nodes as relays. Each host in a MANET also acts as a router as routes are mostly multichip. The lack of fixed infrastructure and centralized authority makes a MANET suitable for a broad range of applications in both military and civilian environments. For example, a MANET could be deployed quickly for military communications in the battlefield. A MANET also could be deployed quickly in scenarios such as a meeting room, a city transportation wireless network, for fire fighting, and so on. To form such a cooperative and self configurable network, every mobile host should be a friendly node and willing to relay messages for others. In the original design of a MANET, global trustworthiness in nodes within the whole network is a fundamental security assumption. Recent progress in wireless communications and micro electro mechanical systems (MEMS) technology has made it feasible to build miniature wireless sensor nodes that integrate sensing, data processing, and communicating capabilities. These miniature wireless sensor nodes can be extremely small, as tiny as a cubic centimeter. Compared with conventional computers, the low-cost, battery-powered, sensor nodes have a limited energy supply, stringent processing and communications capabilities, and memory is scarce. The design and implementation of relevant services for WSNs must keep these limitations in mind. Based on the collaborative efforts of a large number of sensor nodes, WSNs have become good candidates to provide economically viable solutions for a wide range of applications, such as environmental monitoring, scientific data collection, health monitoring, and military operations. Despite the wide variety of potential applications, MANETs and WSNs often are deployed in adverse or even hostile environments. Therefore, they cannot be readily deployed without first addressing security challenges. Due to the features of an open medium, the low degree of physical security of mobile nodes, a dynamic topology, a limited power supply, and the absence of a central management point, MANETs are more vulnerable to malicious attacks than traditional wired networks are. In WSNs, the lack of physical security combined with unattended operations make sensor nodes prone to a high risk of being captured and compromised, making WSNs vulnerable to a variety of attacks. A mobile ad hoc network (MANET) is a self-configuring network that is formed automatically by a collection of mobile nodes without the help of a fixed infrastructure or centralized management. Each node is equipped with a wireless transmitter and receiver, which allow it to communicate with other nodes in its radio communication range. In order for a node to forward a packet to a node that is out of its radio range, the cooperation of other nodes in the network is needed; this is known as multi-hop communication. Therefore, each node must act as both a host and a router at the same time. The network topology frequently changes due to the mobility of mobile nodes as they move within, move into, or move out of the network. A MANET with the characteristics described above was originally developed for military purposes, as nodes are scattered across a battlefield and there is no infrastructure to help them form a network. In recent years, MANETs have been developing rapidly and are increasingly being used in many applications, ranging from military to civilian and commercial uses, since setting up such networks can be done without the help of any infrastructure or interaction with a human. Some examples are: search-and-rescue missions, data collection, and virtual classrooms and conferences where laptops, PDA or other mobile devices share wireless medium and communicate to each other. As MANETs become widely used, the security issue has become one of the primary concerns. For example, most of the routing protocols proposed for MANETs assume that every node in the network is cooperative and not malicious [1]. Therefore, only one compromised node can cause the failure of the entire network. There are both passive and active attacks in MANETs. For passive at tacks, packets containing secret information might be eavesdropped, which violates confidentiality. Active attacks, including injecting packets to invalid destinations into the network, deleting packets, modifying the contents of packets, and impersonating other nodes violate availability, integrity, authentication, and non-repudiation. Proactive approaches such as cryptography and authentication were first brought into consideration, and many techniques have been proposed and implemented. However, these applications are not sufficient. If we have the ability to detect the attack once it comes into the network, we can stop it from doing any damage to the system or any data. Here is where the intrusion detection system comes in. Intrusion detection can be defined as a process of monitoring activities in a system, which can be a computer or network system. The mechanism by which this is achieved is called an intrusion detection system (IDS). An IDS collects activity information and then analyzes it to determine whether there are any activities that violate the security rules. Once AN ID determines that an unusual activity or an activity that is known to be an attack occurs, it then generates an alarm to alert the security administrator. In addition, IDS can also initiate a proper response to the malicious activity. Although there are several intrusion detection techniques developed for wired networks today, they are not suitable for wireless networks due to the differences in their characteristics. Therefore, those techniques must be modified or new techniques must be developed to make intrusion detection work effectively in MANETs. In this paper, we classify the architectures for IDS in MANETs, each of which is suitable for different network infrastructures. Current intrusion detection systems corresponding to those architectures are reviewed and compared. Chapter 2 Background 2.1 Intrusion Detection System (IDS) Many historical events have shown that intrusion prevention techniques alone, such as encryption and authentication, which are usually a first line of defense, are not sufficient. As the system become more complex, there are also more weaknesses, which lead to more security problems. Intrusion detection can be used as a second wall of defense to protect the network from such problems. If the intrusion is detected, a response can be initiated to prevent or minimize damage to the system. To make intrusion detection systems work, basic assumptions are made. The first assumption is that user and program activities are observable. The second assumption, which is more important, is that normal and intrusive activities must have distinct behaviors, as intrusion detection must capture and analyze system activity to determine if the system is under attack. Intrusion detection can be classified based on audit data as either host- based or network-based. A network-based IDS captures and analyzes packets from network traà ±c while a host-based IDS uses operating system or application logs in its analysis. Based on detection techniques, IDS can also be classified into three categories as follows [2]. Anomaly detection systems: The normal profiles (or normal behaviors) of users are kept in the system. The system compares the captured data with these profiles, and then treats any activity that deviates from the baseline as a possible intrusion by informing system administrators or initializing a proper response. Misuse detection systems: The system keeps patterns (or signatures) of known attacks and uses them to compare with the captured data. Any matched pattern is treated as an intrusion. Like a virus detection system, it cannot detect new kinds of attacks. Specification-based detection: The system defines a set of constraints that describe the correct operation of a program or protocol. Then, it monitors the execution of the program with respect to the defined constraints. 2.2 Intrusion Detection in MANETs Many intrusion detection systems have been proposed in traditional wired networks, where all track must go through switches, routers, or gateways. Hence, IDS can be added to and implemented in these devices easily [17, 18]. On the other hand, MANETs do not have such devices. Moreover, the medium is wide open, so both legitimate and malicious users can access it. Furthermore, there is no clear separation between normal and unusual activities in a mobile environment. Since nodes can move arbitrarily, false routing information could be from a compromised node or a node that has outdated information. Thus, the current IDS techniques on wired networks cannot be applied directly to MANETs. Many intrusion detection systems have been proposed to suit the characteristics of MANETs, some of which will be discussed in the next sections. 2.3 Architectures for IDS in MANETs The network infrastructures that MANETs can be configured to are either at or multi-layer, depending on the applications. Therefore, the optimal IDS architecture for a MANET may depend on the network infrastructure itself [9]. In an network infrastructure, all nodes are considered equal, thus it may be suitable for applications such as virtual classrooms or conferences. On the contrary, some nodes are considered different in the multi-layered network infrastructure. Nodes may be partitioned into clusters with one cluster head for each cluster. To communicate within the cluster, nodes can communicate directly. However, communication across the clusters must be done through the cluster head. This infrastructure might be well suited for military applications. 2.3.1 Stand-alone Intrusion Detection Systems In this architecture, an intrusion detection system is run on each node independently to determine intrusions. Every decision made is based only on information collected at its own node, since there is no cooperation among nodes in the network. Therefore, no data is exchanged. Besides, nodes in the same network do not know anything about the situation on other nodes in the network as no alert information is passed. Although this architecture is not elective due to its limitations, it may be suitable in a network where not all nodes are capable of running IDS or have IDS installed. This architecture is also more suitable for an network infrastructure than for multi-layered network infrastructure. Since information on each individual node might not be enough to detect intrusions, this architecture has not been chosen in most of the IDS for MANETs. 2.3.2 Distributed and Cooperative Intrusion Detection Systems Since the nature of MANETs is distributed and requires cooperation of other nodes, Zhang and Lee [1] have proposed that the intrusion detection and response system in MANETs should also be both distributed and cooperative as shown in Figure 1. Every node participates in intrusion detection and response by having an IDS agent running on them. An IDS agent is responsible for detecting and collecting local events and data to identify possible intrusions, as well as initiating a response independently. However, neighboring IDS agents cooperatively participate in global intrusion detection actions when the evidence is inconclusive. Similarly to stand-alone IDS architecture, this architecture is more suitable for a network infrastructure, not multi-layered one. 2.3.3 Hierarchical Intrusion Detection Systems Hierarchical IDS architectures extend the distributed and cooperative IDS architectures and have been proposed for multi-layered network infrastructures where the network is divided into clusters. Clusterheads of each cluster usually have more functionality than other members in the clusters, for example routing packets across clusters. Thus, these cluster heads, in some sense, act as control points which are similar to switches, routers, or gateways in wired networks. The same concept of multi-layering is applied to intrusion detection systems where hierarchical IDS architecture is proposed. Each IDS agent is run on every member node and is responsible locally for its node, i.e., monitoring and deciding on locally detected intrusions. A clusterhead is responsible locally for its node as well as globally for its cluster, e.g. monitoring network packets and initiating a global response when network intrusion is detected. 2.3.4 Mobile Agent for Intrusion Detection Systems A concept of mobile agents has been used in several techniques for intrusion detection systems in MANETs. Due to its ability to move through the large network, each mobile agent is assigned to perform only one specific task, and then one or more mobile agents are distributed into each node in the network. This allows the distribution of the intrusion detection tasks. There are several advantages for using mobile agents [2]. Some functions are not assigned to every node; thus, it helps to reduce the consumption of power, which is scarce in mobile ad hoc networks. It also provides fault tolerance such that if the network is partitioned or some agents are destroyed, they are still able to work. Moreover, they are scalable in large and varied system environments, as mobile agents tend to be independent of platform architectures. However, these systems would require a secure module where mobile agents can be stationed to. Additionally, mobile agents must be able to protect themselves from the secure modules on remote hosts as well. Mobile-agent-based IDS can be considered as a distributed and cooper ative intrusion detection technique as described in Section 3.2. Moreover, some techniques also use mobile agents combined with hierarchical IDS, for example, what will be described in Section 4.3. 2.4 Sample Intrusion Detection Systems for MANETs Since the IDS for traditional wired systems are not well-suited to MANETs, many researchers have proposed several IDS especially for MANETs, which some of them will be reviewed in this section. 2.4.1 Distributed and Cooperative IDS As described in Section 3.2, Zhang and Lee also proposed the model for distributed and cooperative IDS as shown in Figure 2 [1]. The model for an IDS agent is structured into six modules. The local data collection module collects real-time audit data, which includes system and user activities within its radio range. This collected data will be analyzed by the local detection engine module for evidence of anomalies. If an anomaly is detected with strong evidence, the IDS agent can determine independently that the system is under attack and initiate a response through the local response module (i.e., alerting the local user) or the global response module (i.e., deciding on an action), depending on the type of intrusion, the type of network protocols and applications, and the certainty of the evidence. If an anomaly is detected with weak or inconclusive evidence, the IDS agent can request the cooperation of neighboring IDS agents through a cooperative detection engine module, which communicates to other agents through a secure communication module. 2.4.2 Local Intrusion Detection System (LIDS) Albers et al. [3] proposed a distributed and collaborative architecture of IDS by using mobile agents. A Local Intrusion Detection System (LIDS) is implemented on every node for local concern, which can be extended for global concern by cooperating with other LIDS. Two types of data are exchanged among LIDS: security data and intrusion alerts. In order to analyze the possible intrusion, data must be obtained from what the LIDS detect, along with additional information from other nodes. Other LIDS might be run on different operating systems or use data from different activities such as system, application, or network activities; therefore, the format of this raw data might be different, which makes it hard for LIDS to analyze. However, such difficulties can be solved by using SNMP (Simple Network Management Protocol) data located in MIBs (Management Information Base) as an audit data source. Such a data source not only eliminates those difficulties, but also reduces the in-Figure 3: L IDS Architecture in A Mobile Node [3] crease in using additional resources to collect audit data if an SNMP agent is already run on each node. To obtain additional information from other nodes, the authors proposed mobile agents to be used to transport SNMP requests to other nodes. In another words, to distribute the intrusion detection tasks. The idea differs from traditional SNMP in that the traditional approach transfers data to the requesting node for computation while this approach brings the code to the data on the requested node. This is initiated due to untrustworthiness of UDP messages practiced in SNMP and the active topology of MANETs. As a result, the amount of exchanged data is tremendously reduced. Each mobile agent can be assigned a specific task which will be achieved in an autonomous and asynchronous fashion without any help from its LIDS. The LIDS architecture is shown in Figure 3, which consists of à ² Communication Framework: To facilitate for both internal and external communication with a LIDS. Local LIDS Agent: To be responsible for local intrusion detection and local response. Also, it reacts to intrusion alerts sent from other nodes to protect itself against this intrusion. Local MIB Agent: To provide a means of collecting MIB variables for either mobile agents or the Local LIDS Agent. Local MIB Agent acts as an interface with SNMP agent, if SNMP exists and runs on the node, or with a tailor-made agent developed specifically to allow up- dates and retrievals of the MIB variables used by intrusion detection, if none exists. Mobile Agents (MA): They are distributed from its LID to collect and process data on other nodes. The results from their evaluation are then either sent back to their LIDS or sent to another node for further investigation. Mobile Agents Place: To provide a security control to mobile agents. For the methodology of detection, Local IDS Agent can use either anomaly or misuse detection. However, the combination of two mechanisms will offer the better model. Once the local intrusion is detected, the LIDS initiate a response and inform the other nodes in the network. Upon receiving an alert, the LIDS can protect itself against the intrusion. 2.4.3 Distributed Intrusion Detection System Using Multiple Sensors Kachirski and Guha [4] proposed a multi-sensor intrusion detection system based on mobile agent technology. The system can be divided into three main modules, each of which represents a mobile agent with certain func- tionality: monitoring, decision-making or initiating a response. By separate in functional tasks into categories and assigning each task to a different agent, the workload is distributed which is suitable for the characteristics of MANETs. In addition, the hierarchical structure of agents is also developed in this intrusion detection system as shown in Figure 4. Monitoring agent: Two functions are carried out at this class of agent: network monitoring and host monitoring. A host-based monitor agent hosting system-level sensors and user-activity sensors is run on every node to monitor within the node, while a monitor agent with a network monitoring sensor is run only on some selected nodes to monitor at packet-level to capture packets going through the network within its radio ranges. Action agent: Every node also hosts this action agent. Since every node hosts a host-based monitoring agent, it can determine if there is any suspicious or unusual activities on the host node based on anomaly detection. When there is strong evidence supporting the anomaly detected, this action agent can initiate a response, such as terminating the process or blocking a user from the network. Decision agent: The decision agent is run only on certain nodes, mostly those nodes that run network monitoring agents. These nodes collect all packets within its radio range and analyze them to determine whether the network is under attack. Moreover, from the previous paragraph, if the local detection agent cannot make a decision on its own due to insufficient evidence, its local detection agent reports to this decision agent in order to investigate further. This is done by using packet-monitoring results that comes from the network-monitoring sensor that is running locally. If the decision agent concludes that the node is malicious, the action module of the agent running on that node as described above will carry out the response. The network is logically divided into clusters with a single cluster head for each cluster. This clusterhead will monitor the packets within the cluster and only packets whose originators are in the same cluster are captured and investigated. This means that the network monitoring agent (with network monitoring sensor) and the decision agent are run on the cluster head. In this mechanism, the decision agent performs the decision-making based on its own collected information from its network-monitoring sensor; thus, other nodes have no influence on its decision. This way, spooffing attacks and false accusations can be prevented. 2.4.4 Dynamic Hierarchical Intrusion Detection Architecture Since nodes move arbitrarily across the network, a static hierarchy is not suitable for such dynamic network topology. Sterne et al. [16] proposed a dynamic intrusion detection hierarchy that is potentially scalable to large networks by using clustering like those in Section 4.3 and 5.5. However, it can be structured in more than two levels as shown in Figure 5. Nodes labeled 1 are the first level clusterheads while nodes labeled 2 are the second level clusterheads and so on. Members of the first level of the cluster are called leaf nodes. Every node has the responsibilities of monitoring (by accumulating counts and statistics), logging, analyzing (i.e., attack signature matching or checking on packet headers and payloads), responding to intrusions detected if there is enough evidence, and alerting or reporting to cluster heads. Clues treads, in addition, must also perform: Data fusion/integration and data reduction: Clusterheads aggregate and correlate reports from members of the cluster and data of their own. Data reduction may be involved to avoid conflicting data, bogus data and overlapping reports. Besides, cluster heads may send the requests to their children for additional information in order to correlate reports correctly. Intrusion detection computations: Since different attacks require different sets of detected data, data on a single node might not be able to detect the attack, e.g., DDoS attack, and thus clusterheads also analyze the consolidated data before passing to upper levels. Security Management: The uppermost levels of the hierarchy have the authority and responsibility for managing the detection and response capabilities of the clusters and cluster heads below them. They may send the signatures update, or directives and policies to alter the configurations for intrusion detection and response. These update and directives will flow from the top of the hierarchy to the bottom. To form the hierarchical structure, every node uses clustering, which is typically used in MANETs to construct routes, to self-organize into local neighborhoods (first level clusters) and then select neighborhood representatives (cluster heads). These representatives then use clustering to organize themselves into the second level and select the representatives. This process continues until all nodes in the network are part of the hierarchy. The authors also suggested criteria on selecting cluster heads. Some of these criteria are: Connectivity: the number of nodes within one hop Proximity: members should be within one hop of its cluster head Resistance to compromise (hardening): the probability that the node will not be compromised. This is very important for the upper level cluster heads. Processing power, storage capacity, energy remaining, bandwidth cape abilities Additionally, this proposed architecture does not rely solely on promiscuous node monitoring like many proposed architectures, due to its unreliability as described in. Therefore, this architecture also supports direct periodic reporting where packet counts and statistics are sent to monitoring nodes periodically. 2.4.5 Zone-Based Intrusion Detection System (ZBIDS) Sun et al. [24] has proposed an anomaly-based two-level no overlapping Zone-Based Intrusion Detection System (ZBIDS). By dividing the network in Figure 6 into nonoverlapping zones (zone A to zone me), nodes can be categorized into two types: the intrazone node and the interzone node (or a gateway node). Considering only zone E, node 5, 9, 10 and 11 are intrazone nodes, while node 2, 3, 6, and 8 are interzone nodes which have physical connections to nodes in other zones. The formation and maintenance of zones requires each node to know its own physical location and to map its location to a zone map, which requires prior design setup. Each node has an IDS agent run on it which the model of the agent is shown in Figure 7. Similar to an IDS agent proposed by Zhang and Lee (Figure 2), the data collection module and the detection engine are re-sponsible for collecting local audit data (for instance, system call activities, and system log les) and analyzing collected data for any sign of intrusion respectively. In addition, there may be more than one for each of these modules which allows collecting data from various sources and using different detection techniques to improve the detection performance. The local aggregation and correlation (LACE) module is responsible for combining the results of these local detection engines and generating alerts if any abnormal behavior is detected. These alerts are broadcasted to other nodes within the same zone. However, for the global aggregation and correlation (GACE), its functionality depends on the type of the node. As described in Figure 7, if the node is an intrazone node, it only sends the generated alerts to the interzone nodes. Whereas, if the node is an interzone node, it receives alerts from other intrazone nodes, aggregates and correlates those alerts with its own alerts, and then generates alarms. Moreover, the GACE also cooperates with the GACEs of the neighboring interzone nodes to have more accurate information to detect the intrusion. Lastly, the intrusion response module is responsible for handling the alarms generated from the GACE. The local aggregation and correlation Algorithm used in ZBIDS is based on a local Markov chain anomaly detection. IDS agent rust creates a normal profile by constructing a Markov chain from the routing cache. A valid change in the routing cache can be characterized by the Markov chain detection model with probabilities, otherwise, its considered abnormal, and the alert will be generated. For the global aggregation and correlation algorithm, its based on information provided in the received alerts containing the type, the time, and the source of the attacks. 2.5 Intrusion Detection Techniques for Node Cooperation in MANETs Since there is no infrastructure in mobile ad hoc networks, each node must rely on other nodes for cooperation in routing and forwarding packets to the destination. Intermediate nodes might agree to forward the packets but actually drop or modify them because they are misbehaving. The simulations in [5] show that only a few misbehaving nodes can degrade the performance of the entire system. There are several proposed techniques and protocols to detect such misbehavior in order to avoid those nodes, and some schemes also propose punishment as well [6, 7]. 2.5.1 Watchdog and Pathrater Two techniques were proposed by Marti, Giuli, and Baker [5], watchdog and pathrater, to be added on top of the standard routing protocol in ad hoc networks. The standard is Dynamic Source Routing protocol (DSR) [8]. A watchdog identifies the misbehaving nodes by eavesdropping on the transmission of the next hop. A pathrater then helps to find the routes that do not contain those nodes. In DSR, the routing information is defined at the source node. This routing information is passed together with the message through intermediate nodes until it reaches the destination. Therefore, each intermediate node in the path should know who the next hop node is. In addition, listening to the next hops transmission is possible because of the characteristic of wireless networks if node A is within range of node B, A can overhear communication to and from B. Figure 8 shows how the watchdog works. Assume that node S wants to send a packet to node D, which there exists a path from S to D through nodes A, B, and C. Consider now that A has already received a packet from S destined to D. The packet contains a message and routing information. When A forwards this packet to B, A also keeps a copy of the packet in its buffer. Then, it promiscuously listens to the transmission of B to make sure that B forwards to C. If the packet overheard from B (represented by a dashed line) matches that stored in the buffer, it means that B really forwards to the next hop (represented as a solid line). It then removes the packet from the buffer. However, if theres no matched packet after a certain time, the watchdog increments the failures counter for node B. If this counter exceeds the threshold, A concludes that B is misbehaving and reports to the source node S. Path rater performs the calculation of the path metric for each path. By keeping the rating of every node in the network that it knows, the path metric can be calculated by combining the node rating together with link re- liability, which is collected from past experience. Obtaining the path metric for all available paths, the pathrater can choose the path with the highest metric. In addition, if there is no such link reliability information, the path metric enables the pathrater to select the shortest path too. As a result, paths containing misbehaving nodes will be avoided. From the result of the simulation, the system with these two techniques is quite effective for choosing paths to avoid misbehaving nodes. However, those misbehaving nodes are not punished. In contrast, they even benefit from the network. Therefore, misbehaving nodes are encouraged to continue their behaviors. Chapter 3 3. Literature survey 3.1 Introduction The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. The nature of mobility creates new vulnerabilities that do not exist in a fixed wired network, and yet many of the proven security measures turn out to be ineffective. Therefore, the traditional way of protecting networks with firewalls and encryption software is no longer sufficient. We need to develop new architecture and mechanisms to protect the wireless networks and mobile computing applications. The implication of mobile computing on network security research can be further demonstrated by the follow case. Recently (Summer 2001) an Internet worm called Code Red has spread rapidly to infect many of the Windows-based server machines. To prevent this type of worm attacks from spreading into intranets, many. This paper
Subscribe to:
Posts (Atom)