CYBERBULLYING Essays - Behavior, Cyberbullying, Abuse, Bullying

CYBERBULLYING Jordan Mcfarlane Class 8A5 Cyberbullying is a huge problem affecting mostly teenagers around the world. The effects of cyberbullying alone can be long-term or short-term. The signs of it of it happening can be obvious to most parents but to some it's how their child ac ts on the daily basis. Most of the parents who don't realize, their own child is the bully! There are many ways to spot cyberbullying and how to prevent it from happening. First off, Cyberbullying is the act of using technology to harass, humiliate, and to find and target a certain person. Some children and teens will even go to the point to even create a fake account just to harass their target. Some children who are bullied in school will cyberbully their bully on social media because the bully wouldn't know who it is. Usually the cyberbullie s will post an embarrassing photo or video of their victim on social media and the picture or video will usually be on that social media site forever and everybody who sees it will usually comment something bad about the video or photo . Secondly, the effects of cyberbullying are harsh and can leave families in grief. Cyberbullying can take place at any time, any day of the week even while the child is in school. Your child may feel like they being harassed 24/7. Some of the effects of it happening can be short term or long term. The short term effects of cyberbullying usually are low self-esteem, body pains (Headaches and more), Grades will drop drastically, and the victim will not want to go out to places anymore. The long-term effects are worst because they will stick with you for a long time or even forever. The long-term effects can be Depression, Going into drugs and alcohol, being suspended or expelled from school, and much more. The fact that surprises a lot of people are that the victim and the bully are at risk of suicidal thoughts, attempts and completed ones. Next, the signs of cyberbullying can be obvious to some parents who pay attention to their children's behavior and body tone. The signs of cyberbullying is looking in distress emotionally while using the laptop or phone, being private and secretive about their social life, or wanting to avoid all discussions about the child's social life. Most of the time the child does not want to tell the parent about them being cyberbullied because they believe that they're computer privileges will be taken away. Lastly, the parents and the child can avoid cyberbullying by doing many different things. The child can just block the bully as soon as it starts to avoid the future problems, the child may disagree with limiting their access to technology but it is an effective way to prevent cyberbullying from happening. Your child might not want to share their social life with you but it is a way to give advice to your child on to avoid all problems with cyberbullies. In conclusion, Cyberbullying is a huge problem with teens these days and it needs to be stopped. The effects and signs of it happening can be obvious to some parents like the grade and more. Cyberbullying can even end a teens life. ALL INFORMATION CAME FROM: m.kidshealth.org

Douglass essays

Douglass essays Slavery was perhaps one of the most appalling tragedies in the history of the United States of America. As explained in the Narrative of the Life of Frederick Douglass, each slave had a different experience with slavery, but they all had certain things in common and a couple of those things were a life of unthinkable acts of cruelty and the desire to become free. In Douglass Narrative, he explains his life as a slave and how he uses his education and extraordinary ability of speaking to influence the freedom of all slaves. In reading the Narrative of the life of Frederick Douglass, I like others, found myself to be deeply moved. The way in which Mr. Douglass walked me through his life as a slave gave me a better understanding of the struggle that African American slaves encountered. Douglass was born in Talbot County, Maryland, but he does not know the year, as most slaves are not allowed to know their ages. He points out that slave owners deliberately keep their slaves ignorant, and that this is a tactic whites us to gain power over slaves. This is the recurrent structure Douglass uses in his narrative. I find this to be interesting, and wonder why that is. How does not knowing the age of ones self keep them ignorant? I have no accurate knowledge of my age, never having seen any authentic record containing it. By far the larger part of the slaves know as little of their ages as horses know of theirs, and it is the wish of most masters within my knowledge to keep their slaves thus ignorant.(pg.19) However, based on an overheard comment from his master, Douglass guesses that he was born in or around 1818. Douglasss mother was Harriet Bailey, and they were separated soon after birth, a common practice among slave owners. Douglass assumes that this cust om is intended to break the natural bond of affection between mother and child. For what this separation is done, I do not know, unless it i...

Exxon Valdez Oil Spill Essay Example | Topics and Well Written Essays - 1000 words

Exxon Valdez Oil Spill - Essay Example The oil spill incident of Exxon Valdez oil tanker in the year 1989 had occurred in the Alaska. The disaster occurred when the tanker had struck the Bligh Reef in the Prince William Sound in Alaska. The location being a remote one and the intensity of the disaster being huge, the government had to encounter difficulties in reaching at the location for the cleanup process. Only helicopters and boats could reach the location. It was in the Prince William Sound’s region and the fishing industry in the area was significantly affected along with the food chain in the region, as well as birds and other sea species. The effects were severely obtained in species like the harbor porpoises and sea lions, and several varieties of whales, and the lives of different migratory birds came under danger (Exxon Valdez, 2011). It could be realized that Exxon was not prepared for such a massive disaster. Thus after the occurrence of the incident, the local coast Marine Safety Office (MSO) as well as the contingency plan for Prince William Sound had been found to take the initiatives in the rescue and cleanup process with much difficulties. The planning of the federal government and the preparedness were considered under the responsibilities of the National Response Team (NRT) that include 14 agencies of the federal department. As soon as the incident was noted, the MSO and other immediate authorities took charge to put a stop to the traffic at the port of Valdez. The cleanup process was undertaken by the Alyeska and their activities had been initiative within 45 minutes of the notification of the spillage (Skinner & Reilly, 5-12). The most important concern considered was the spillage to be stopped from spreading in the sea. The National Oceanic and Atmospheric Administration (NOAA) had taken charge of identifying the areas that were more vulnerable to the

Methods for Resolving Small Scale Systems Problems Essay - 1

Methods for Resolving Small Scale Systems Problems - Essay Example General systems theory is often used to solve many problems. Problems are nothing new for human being. Since the creation of mankind, it is a common fact that human beings are continuously facing different problems and adopt various techniques to cope with these problems. Situations that may arise time to time always require some action to cope with them. Moreover, problems may be well defined and at small scale like opening a can, solving some mathematical problem and scoring in any specific game. On the other hand problems and issues may be of large scale. This may include the opening of a business which requires proper strategies, planning at each and every step. So, each and every problem always requires some specific strategy and solution. However, it does not mean that one solution is used to resolve any particular issue only and it is not suitable for some other problem. 2. After that you have to choose the strategy in order to solve the problem. For that purpose you should consider all those strategies and solutions that are available. Just adopt one that you think best out of all. Here, I want to mention that the basic reason to explain all the above mentioned details is to make it clear that problem solving always requires some specific phases whether short term goals are required to achieve or long term goals. So, here we can also say that problem solving of large scale systems can be applied to smaller scale systems as well because the basic thing to follow is to consider all the required phases accordingly. Now, I am going to explain briefly some of the systems methodologies that are described to resolve the problems of large scale systems. I will further explain that how these strategies can be applied to smaller scale systems. Basically, systems science and systems theory evolved to handle the real world and to resolve complex, intertwined, large scale and small scale systems problems. Remember, problems always contain some sort

Wigand vs. brown and Williamson- ethical issues Essay

Wigand vs. brown and Williamson- ethical issues - Essay Example ere not only grounded on the dangers accompanied smoking but also the fact that the company was adding chemicals to the cigarettes and this made the consumption of such cigarettes more addictive to the consumers. First, there was ethical violation of the consumers’ rights. Apart from the fact that the company endangered the lives of the people, it was also unlawfully and corruptly obtaining wealth from the unsuspecting consumers. When investigation was instituted by the CBS, Wigand was convinced by Lowell Bergman to make his testimony proving the allegation through an interview. In the process of doing that, Wigand found himself in an awkward situation that put his entire life at risk. The information he provided regarding this malpractice was treated with contempt. He suffered a lot of harassment and faced numerous threats because of such crucial information. The point of interest was that the CBS did not air the interview and the information that was presented by Wigand despite the risk he had taken. The main reason that the CBS gave for the failure to air the interview was the fear of litigation by the company. The CBS had broken law in this matter because of the omission. As a fourth estate, it was important that they work at the interest of the people and not base their actions on fear of actions being taken by the company. This was one of the major ethical dilemmas that CBS had placed itself in. It was now serving its own interests based on assumption rather than the interest of the people. It was revealed that the management of the CBS has chosen not to air the interview purely for monetary reasons. According to the study, it was revealed that the CBS did not want to taint their name with any legal issues particularly litigations, considering that they were at the verge of selling their company with the Westinghouse, and negotiatio ns were at critical level. This envisaged litigation was seen to have the potential of lowering the company stock.

Mobile Ad Hoc Network Intrusion Detection System (IDS)

Mobile Ad Hoc Network Intrusion Detection System (IDS) Chapter 1 1. Introduction Mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs) are relatively new communication paradigms. MANETs do not require expensive base stations or wired infrastructure. Nodes within radio range of each other can communicate directly over wireless links, and those that are far apart use other nodes as relays. Each host in a MANET also acts as a router as routes are mostly multichip. The lack of fixed infrastructure and centralized authority makes a MANET suitable for a broad range of applications in both military and civilian environments. For example, a MANET could be deployed quickly for military communications in the battlefield. A MANET also could be deployed quickly in scenarios such as a meeting room, a city transportation wireless network, for fire fighting, and so on. To form such a cooperative and self configurable network, every mobile host should be a friendly node and willing to relay messages for others. In the original design of a MANET, global trustworthiness in nodes within the whole network is a fundamental security assumption. Recent progress in wireless communications and micro electro mechanical systems (MEMS) technology has made it feasible to build miniature wireless sensor nodes that integrate sensing, data processing, and communicating capabilities. These miniature wireless sensor nodes can be extremely small, as tiny as a cubic centimeter. Compared with conventional computers, the low-cost, battery-powered, sensor nodes have a limited energy supply, stringent processing and communications capabilities, and memory is scarce. The design and implementation of relevant services for WSNs must keep these limitations in mind. Based on the collaborative efforts of a large number of sensor nodes, WSNs have become good candidates to provide economically viable solutions for a wide range of applications, such as environmental monitoring, scientific data collection, health monitoring, and military operations. Despite the wide variety of potential applications, MANETs and WSNs often are deployed in adverse or even hostile environments. Therefore, they cannot be readily deployed without first addressing security challenges. Due to the features of an open medium, the low degree of physical security of mobile nodes, a dynamic topology, a limited power supply, and the absence of a central management point, MANETs are more vulnerable to malicious attacks than traditional wired networks are. In WSNs, the lack of physical security combined with unattended operations make sensor nodes prone to a high risk of being captured and compromised, making WSNs vulnerable to a variety of attacks. A mobile ad hoc network (MANET) is a self-configuring network that is formed automatically by a collection of mobile nodes without the help of a fixed infrastructure or centralized management. Each node is equipped with a wireless transmitter and receiver, which allow it to communicate with other nodes in its radio communication range. In order for a node to forward a packet to a node that is out of its radio range, the cooperation of other nodes in the network is needed; this is known as multi-hop communication. Therefore, each node must act as both a host and a router at the same time. The network topology frequently changes due to the mobility of mobile nodes as they move within, move into, or move out of the network. A MANET with the characteristics described above was originally developed for military purposes, as nodes are scattered across a battlefield and there is no infrastructure to help them form a network. In recent years, MANETs have been developing rapidly and are increasingly being used in many applications, ranging from military to civilian and commercial uses, since setting up such networks can be done without the help of any infrastructure or interaction with a human. Some examples are: search-and-rescue missions, data collection, and virtual classrooms and conferences where laptops, PDA or other mobile devices share wireless medium and communicate to each other. As MANETs become widely used, the security issue has become one of the primary concerns. For example, most of the routing protocols proposed for MANETs assume that every node in the network is cooperative and not malicious [1]. Therefore, only one compromised node can cause the failure of the entire network. There are both passive and active attacks in MANETs. For passive at tacks, packets containing secret information might be eavesdropped, which violates confidentiality. Active attacks, including injecting packets to invalid destinations into the network, deleting packets, modifying the contents of packets, and impersonating other nodes violate availability, integrity, authentication, and non-repudiation. Proactive approaches such as cryptography and authentication were first brought into consideration, and many techniques have been proposed and implemented. However, these applications are not sufficient. If we have the ability to detect the attack once it comes into the network, we can stop it from doing any damage to the system or any data. Here is where the intrusion detection system comes in. Intrusion detection can be defined as a process of monitoring activities in a system, which can be a computer or network system. The mechanism by which this is achieved is called an intrusion detection system (IDS). An IDS collects activity information and then analyzes it to determine whether there are any activities that violate the security rules. Once AN ID determines that an unusual activity or an activity that is known to be an attack occurs, it then generates an alarm to alert the security administrator. In addition, IDS can also initiate a proper response to the malicious activity. Although there are several intrusion detection techniques developed for wired networks today, they are not suitable for wireless networks due to the differences in their characteristics. Therefore, those techniques must be modified or new techniques must be developed to make intrusion detection work effectively in MANETs. In this paper, we classify the architectures for IDS in MANETs, each of which is suitable for different network infrastructures. Current intrusion detection systems corresponding to those architectures are reviewed and compared. Chapter 2 Background 2.1 Intrusion Detection System (IDS) Many historical events have shown that intrusion prevention techniques alone, such as encryption and authentication, which are usually a first line of defense, are not sufficient. As the system become more complex, there are also more weaknesses, which lead to more security problems. Intrusion detection can be used as a second wall of defense to protect the network from such problems. If the intrusion is detected, a response can be initiated to prevent or minimize damage to the system. To make intrusion detection systems work, basic assumptions are made. The first assumption is that user and program activities are observable. The second assumption, which is more important, is that normal and intrusive activities must have distinct behaviors, as intrusion detection must capture and analyze system activity to determine if the system is under attack. Intrusion detection can be classified based on audit data as either host- based or network-based. A network-based IDS captures and analyzes packets from network tra ±c while a host-based IDS uses operating system or application logs in its analysis. Based on detection techniques, IDS can also be classified into three categories as follows [2]. Anomaly detection systems: The normal profiles (or normal behaviors) of users are kept in the system. The system compares the captured data with these profiles, and then treats any activity that deviates from the baseline as a possible intrusion by informing system administrators or initializing a proper response. Misuse detection systems: The system keeps patterns (or signatures) of known attacks and uses them to compare with the captured data. Any matched pattern is treated as an intrusion. Like a virus detection system, it cannot detect new kinds of attacks. Specification-based detection: The system defines a set of constraints that describe the correct operation of a program or protocol. Then, it monitors the execution of the program with respect to the defined constraints. 2.2 Intrusion Detection in MANETs Many intrusion detection systems have been proposed in traditional wired networks, where all track must go through switches, routers, or gateways. Hence, IDS can be added to and implemented in these devices easily [17, 18]. On the other hand, MANETs do not have such devices. Moreover, the medium is wide open, so both legitimate and malicious users can access it. Furthermore, there is no clear separation between normal and unusual activities in a mobile environment. Since nodes can move arbitrarily, false routing information could be from a compromised node or a node that has outdated information. Thus, the current IDS techniques on wired networks cannot be applied directly to MANETs. Many intrusion detection systems have been proposed to suit the characteristics of MANETs, some of which will be discussed in the next sections. 2.3 Architectures for IDS in MANETs The network infrastructures that MANETs can be configured to are either at or multi-layer, depending on the applications. Therefore, the optimal IDS architecture for a MANET may depend on the network infrastructure itself [9]. In an network infrastructure, all nodes are considered equal, thus it may be suitable for applications such as virtual classrooms or conferences. On the contrary, some nodes are considered different in the multi-layered network infrastructure. Nodes may be partitioned into clusters with one cluster head for each cluster. To communicate within the cluster, nodes can communicate directly. However, communication across the clusters must be done through the cluster head. This infrastructure might be well suited for military applications. 2.3.1 Stand-alone Intrusion Detection Systems In this architecture, an intrusion detection system is run on each node independently to determine intrusions. Every decision made is based only on information collected at its own node, since there is no cooperation among nodes in the network. Therefore, no data is exchanged. Besides, nodes in the same network do not know anything about the situation on other nodes in the network as no alert information is passed. Although this architecture is not elective due to its limitations, it may be suitable in a network where not all nodes are capable of running IDS or have IDS installed. This architecture is also more suitable for an network infrastructure than for multi-layered network infrastructure. Since information on each individual node might not be enough to detect intrusions, this architecture has not been chosen in most of the IDS for MANETs. 2.3.2 Distributed and Cooperative Intrusion Detection Systems Since the nature of MANETs is distributed and requires cooperation of other nodes, Zhang and Lee [1] have proposed that the intrusion detection and response system in MANETs should also be both distributed and cooperative as shown in Figure 1. Every node participates in intrusion detection and response by having an IDS agent running on them. An IDS agent is responsible for detecting and collecting local events and data to identify possible intrusions, as well as initiating a response independently. However, neighboring IDS agents cooperatively participate in global intrusion detection actions when the evidence is inconclusive. Similarly to stand-alone IDS architecture, this architecture is more suitable for a network infrastructure, not multi-layered one. 2.3.3 Hierarchical Intrusion Detection Systems Hierarchical IDS architectures extend the distributed and cooperative IDS architectures and have been proposed for multi-layered network infrastructures where the network is divided into clusters. Clusterheads of each cluster usually have more functionality than other members in the clusters, for example routing packets across clusters. Thus, these cluster heads, in some sense, act as control points which are similar to switches, routers, or gateways in wired networks. The same concept of multi-layering is applied to intrusion detection systems where hierarchical IDS architecture is proposed. Each IDS agent is run on every member node and is responsible locally for its node, i.e., monitoring and deciding on locally detected intrusions. A clusterhead is responsible locally for its node as well as globally for its cluster, e.g. monitoring network packets and initiating a global response when network intrusion is detected. 2.3.4 Mobile Agent for Intrusion Detection Systems A concept of mobile agents has been used in several techniques for intrusion detection systems in MANETs. Due to its ability to move through the large network, each mobile agent is assigned to perform only one specific task, and then one or more mobile agents are distributed into each node in the network. This allows the distribution of the intrusion detection tasks. There are several advantages for using mobile agents [2]. Some functions are not assigned to every node; thus, it helps to reduce the consumption of power, which is scarce in mobile ad hoc networks. It also provides fault tolerance such that if the network is partitioned or some agents are destroyed, they are still able to work. Moreover, they are scalable in large and varied system environments, as mobile agents tend to be independent of platform architectures. However, these systems would require a secure module where mobile agents can be stationed to. Additionally, mobile agents must be able to protect themselves from the secure modules on remote hosts as well. Mobile-agent-based IDS can be considered as a distributed and cooper ative intrusion detection technique as described in Section 3.2. Moreover, some techniques also use mobile agents combined with hierarchical IDS, for example, what will be described in Section 4.3. 2.4 Sample Intrusion Detection Systems for MANETs Since the IDS for traditional wired systems are not well-suited to MANETs, many researchers have proposed several IDS especially for MANETs, which some of them will be reviewed in this section. 2.4.1 Distributed and Cooperative IDS As described in Section 3.2, Zhang and Lee also proposed the model for distributed and cooperative IDS as shown in Figure 2 [1]. The model for an IDS agent is structured into six modules. The local data collection module collects real-time audit data, which includes system and user activities within its radio range. This collected data will be analyzed by the local detection engine module for evidence of anomalies. If an anomaly is detected with strong evidence, the IDS agent can determine independently that the system is under attack and initiate a response through the local response module (i.e., alerting the local user) or the global response module (i.e., deciding on an action), depending on the type of intrusion, the type of network protocols and applications, and the certainty of the evidence. If an anomaly is detected with weak or inconclusive evidence, the IDS agent can request the cooperation of neighboring IDS agents through a cooperative detection engine module, which communicates to other agents through a secure communication module. 2.4.2 Local Intrusion Detection System (LIDS) Albers et al. [3] proposed a distributed and collaborative architecture of IDS by using mobile agents. A Local Intrusion Detection System (LIDS) is implemented on every node for local concern, which can be extended for global concern by cooperating with other LIDS. Two types of data are exchanged among LIDS: security data and intrusion alerts. In order to analyze the possible intrusion, data must be obtained from what the LIDS detect, along with additional information from other nodes. Other LIDS might be run on different operating systems or use data from different activities such as system, application, or network activities; therefore, the format of this raw data might be different, which makes it hard for LIDS to analyze. However, such difficulties can be solved by using SNMP (Simple Network Management Protocol) data located in MIBs (Management Information Base) as an audit data source. Such a data source not only eliminates those difficulties, but also reduces the in-Figure 3: L IDS Architecture in A Mobile Node [3] crease in using additional resources to collect audit data if an SNMP agent is already run on each node. To obtain additional information from other nodes, the authors proposed mobile agents to be used to transport SNMP requests to other nodes. In another words, to distribute the intrusion detection tasks. The idea differs from traditional SNMP in that the traditional approach transfers data to the requesting node for computation while this approach brings the code to the data on the requested node. This is initiated due to untrustworthiness of UDP messages practiced in SNMP and the active topology of MANETs. As a result, the amount of exchanged data is tremendously reduced. Each mobile agent can be assigned a specific task which will be achieved in an autonomous and asynchronous fashion without any help from its LIDS. The LIDS architecture is shown in Figure 3, which consists of  ² Communication Framework: To facilitate for both internal and external communication with a LIDS. Local LIDS Agent: To be responsible for local intrusion detection and local response. Also, it reacts to intrusion alerts sent from other nodes to protect itself against this intrusion. Local MIB Agent: To provide a means of collecting MIB variables for either mobile agents or the Local LIDS Agent. Local MIB Agent acts as an interface with SNMP agent, if SNMP exists and runs on the node, or with a tailor-made agent developed specifically to allow up- dates and retrievals of the MIB variables used by intrusion detection, if none exists. Mobile Agents (MA): They are distributed from its LID to collect and process data on other nodes. The results from their evaluation are then either sent back to their LIDS or sent to another node for further investigation. Mobile Agents Place: To provide a security control to mobile agents. For the methodology of detection, Local IDS Agent can use either anomaly or misuse detection. However, the combination of two mechanisms will offer the better model. Once the local intrusion is detected, the LIDS initiate a response and inform the other nodes in the network. Upon receiving an alert, the LIDS can protect itself against the intrusion. 2.4.3 Distributed Intrusion Detection System Using Multiple Sensors Kachirski and Guha [4] proposed a multi-sensor intrusion detection system based on mobile agent technology. The system can be divided into three main modules, each of which represents a mobile agent with certain func- tionality: monitoring, decision-making or initiating a response. By separate in functional tasks into categories and assigning each task to a different agent, the workload is distributed which is suitable for the characteristics of MANETs. In addition, the hierarchical structure of agents is also developed in this intrusion detection system as shown in Figure 4. Monitoring agent: Two functions are carried out at this class of agent: network monitoring and host monitoring. A host-based monitor agent hosting system-level sensors and user-activity sensors is run on every node to monitor within the node, while a monitor agent with a network monitoring sensor is run only on some selected nodes to monitor at packet-level to capture packets going through the network within its radio ranges. Action agent: Every node also hosts this action agent. Since every node hosts a host-based monitoring agent, it can determine if there is any suspicious or unusual activities on the host node based on anomaly detection. When there is strong evidence supporting the anomaly detected, this action agent can initiate a response, such as terminating the process or blocking a user from the network. Decision agent: The decision agent is run only on certain nodes, mostly those nodes that run network monitoring agents. These nodes collect all packets within its radio range and analyze them to determine whether the network is under attack. Moreover, from the previous paragraph, if the local detection agent cannot make a decision on its own due to insufficient evidence, its local detection agent reports to this decision agent in order to investigate further. This is done by using packet-monitoring results that comes from the network-monitoring sensor that is running locally. If the decision agent concludes that the node is malicious, the action module of the agent running on that node as described above will carry out the response. The network is logically divided into clusters with a single cluster head for each cluster. This clusterhead will monitor the packets within the cluster and only packets whose originators are in the same cluster are captured and investigated. This means that the network monitoring agent (with network monitoring sensor) and the decision agent are run on the cluster head. In this mechanism, the decision agent performs the decision-making based on its own collected information from its network-monitoring sensor; thus, other nodes have no influence on its decision. This way, spooffing attacks and false accusations can be prevented. 2.4.4 Dynamic Hierarchical Intrusion Detection Architecture Since nodes move arbitrarily across the network, a static hierarchy is not suitable for such dynamic network topology. Sterne et al. [16] proposed a dynamic intrusion detection hierarchy that is potentially scalable to large networks by using clustering like those in Section 4.3 and 5.5. However, it can be structured in more than two levels as shown in Figure 5. Nodes labeled 1 are the first level clusterheads while nodes labeled 2 are the second level clusterheads and so on. Members of the first level of the cluster are called leaf nodes. Every node has the responsibilities of monitoring (by accumulating counts and statistics), logging, analyzing (i.e., attack signature matching or checking on packet headers and payloads), responding to intrusions detected if there is enough evidence, and alerting or reporting to cluster heads. Clues treads, in addition, must also perform: Data fusion/integration and data reduction: Clusterheads aggregate and correlate reports from members of the cluster and data of their own. Data reduction may be involved to avoid conflicting data, bogus data and overlapping reports. Besides, cluster heads may send the requests to their children for additional information in order to correlate reports correctly. Intrusion detection computations: Since different attacks require different sets of detected data, data on a single node might not be able to detect the attack, e.g., DDoS attack, and thus clusterheads also analyze the consolidated data before passing to upper levels. Security Management: The uppermost levels of the hierarchy have the authority and responsibility for managing the detection and response capabilities of the clusters and cluster heads below them. They may send the signatures update, or directives and policies to alter the configurations for intrusion detection and response. These update and directives will flow from the top of the hierarchy to the bottom. To form the hierarchical structure, every node uses clustering, which is typically used in MANETs to construct routes, to self-organize into local neighborhoods (first level clusters) and then select neighborhood representatives (cluster heads). These representatives then use clustering to organize themselves into the second level and select the representatives. This process continues until all nodes in the network are part of the hierarchy. The authors also suggested criteria on selecting cluster heads. Some of these criteria are: Connectivity: the number of nodes within one hop Proximity: members should be within one hop of its cluster head Resistance to compromise (hardening): the probability that the node will not be compromised. This is very important for the upper level cluster heads. Processing power, storage capacity, energy remaining, bandwidth cape abilities Additionally, this proposed architecture does not rely solely on promiscuous node monitoring like many proposed architectures, due to its unreliability as described in. Therefore, this architecture also supports direct periodic reporting where packet counts and statistics are sent to monitoring nodes periodically. 2.4.5 Zone-Based Intrusion Detection System (ZBIDS) Sun et al. [24] has proposed an anomaly-based two-level no overlapping Zone-Based Intrusion Detection System (ZBIDS). By dividing the network in Figure 6 into nonoverlapping zones (zone A to zone me), nodes can be categorized into two types: the intrazone node and the interzone node (or a gateway node). Considering only zone E, node 5, 9, 10 and 11 are intrazone nodes, while node 2, 3, 6, and 8 are interzone nodes which have physical connections to nodes in other zones. The formation and maintenance of zones requires each node to know its own physical location and to map its location to a zone map, which requires prior design setup. Each node has an IDS agent run on it which the model of the agent is shown in Figure 7. Similar to an IDS agent proposed by Zhang and Lee (Figure 2), the data collection module and the detection engine are re-sponsible for collecting local audit data (for instance, system call activities, and system log les) and analyzing collected data for any sign of intrusion respectively. In addition, there may be more than one for each of these modules which allows collecting data from various sources and using different detection techniques to improve the detection performance. The local aggregation and correlation (LACE) module is responsible for combining the results of these local detection engines and generating alerts if any abnormal behavior is detected. These alerts are broadcasted to other nodes within the same zone. However, for the global aggregation and correlation (GACE), its functionality depends on the type of the node. As described in Figure 7, if the node is an intrazone node, it only sends the generated alerts to the interzone nodes. Whereas, if the node is an interzone node, it receives alerts from other intrazone nodes, aggregates and correlates those alerts with its own alerts, and then generates alarms. Moreover, the GACE also cooperates with the GACEs of the neighboring interzone nodes to have more accurate information to detect the intrusion. Lastly, the intrusion response module is responsible for handling the alarms generated from the GACE. The local aggregation and correlation Algorithm used in ZBIDS is based on a local Markov chain anomaly detection. IDS agent rust creates a normal profile by constructing a Markov chain from the routing cache. A valid change in the routing cache can be characterized by the Markov chain detection model with probabilities, otherwise, its considered abnormal, and the alert will be generated. For the global aggregation and correlation algorithm, its based on information provided in the received alerts containing the type, the time, and the source of the attacks. 2.5 Intrusion Detection Techniques for Node Cooperation in MANETs Since there is no infrastructure in mobile ad hoc networks, each node must rely on other nodes for cooperation in routing and forwarding packets to the destination. Intermediate nodes might agree to forward the packets but actually drop or modify them because they are misbehaving. The simulations in [5] show that only a few misbehaving nodes can degrade the performance of the entire system. There are several proposed techniques and protocols to detect such misbehavior in order to avoid those nodes, and some schemes also propose punishment as well [6, 7]. 2.5.1 Watchdog and Pathrater Two techniques were proposed by Marti, Giuli, and Baker [5], watchdog and pathrater, to be added on top of the standard routing protocol in ad hoc networks. The standard is Dynamic Source Routing protocol (DSR) [8]. A watchdog identifies the misbehaving nodes by eavesdropping on the transmission of the next hop. A pathrater then helps to find the routes that do not contain those nodes. In DSR, the routing information is defined at the source node. This routing information is passed together with the message through intermediate nodes until it reaches the destination. Therefore, each intermediate node in the path should know who the next hop node is. In addition, listening to the next hops transmission is possible because of the characteristic of wireless networks if node A is within range of node B, A can overhear communication to and from B. Figure 8 shows how the watchdog works. Assume that node S wants to send a packet to node D, which there exists a path from S to D through nodes A, B, and C. Consider now that A has already received a packet from S destined to D. The packet contains a message and routing information. When A forwards this packet to B, A also keeps a copy of the packet in its buffer. Then, it promiscuously listens to the transmission of B to make sure that B forwards to C. If the packet overheard from B (represented by a dashed line) matches that stored in the buffer, it means that B really forwards to the next hop (represented as a solid line). It then removes the packet from the buffer. However, if theres no matched packet after a certain time, the watchdog increments the failures counter for node B. If this counter exceeds the threshold, A concludes that B is misbehaving and reports to the source node S. Path rater performs the calculation of the path metric for each path. By keeping the rating of every node in the network that it knows, the path metric can be calculated by combining the node rating together with link re- liability, which is collected from past experience. Obtaining the path metric for all available paths, the pathrater can choose the path with the highest metric. In addition, if there is no such link reliability information, the path metric enables the pathrater to select the shortest path too. As a result, paths containing misbehaving nodes will be avoided. From the result of the simulation, the system with these two techniques is quite effective for choosing paths to avoid misbehaving nodes. However, those misbehaving nodes are not punished. In contrast, they even benefit from the network. Therefore, misbehaving nodes are encouraged to continue their behaviors. Chapter 3 3. Literature survey 3.1 Introduction The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. The nature of mobility creates new vulnerabilities that do not exist in a fixed wired network, and yet many of the proven security measures turn out to be ineffective. Therefore, the traditional way of protecting networks with firewalls and encryption software is no longer sufficient. We need to develop new architecture and mechanisms to protect the wireless networks and mobile computing applications. The implication of mobile computing on network security research can be further demonstrated by the follow case. Recently (Summer 2001) an Internet worm called Code Red has spread rapidly to infect many of the Windows-based server machines. To prevent this type of worm attacks from spreading into intranets, many. This paper Mobile Ad Hoc Network Intrusion Detection System (IDS) Mobile Ad Hoc Network Intrusion Detection System (IDS) Chapter 1 1. Introduction Mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs) are relatively new communication paradigms. MANETs do not require expensive base stations or wired infrastructure. Nodes within radio range of each other can communicate directly over wireless links, and those that are far apart use other nodes as relays. Each host in a MANET also acts as a router as routes are mostly multichip. The lack of fixed infrastructure and centralized authority makes a MANET suitable for a broad range of applications in both military and civilian environments. For example, a MANET could be deployed quickly for military communications in the battlefield. A MANET also could be deployed quickly in scenarios such as a meeting room, a city transportation wireless network, for fire fighting, and so on. To form such a cooperative and self configurable network, every mobile host should be a friendly node and willing to relay messages for others. In the original design of a MANET, global trustworthiness in nodes within the whole network is a fundamental security assumption. Recent progress in wireless communications and micro electro mechanical systems (MEMS) technology has made it feasible to build miniature wireless sensor nodes that integrate sensing, data processing, and communicating capabilities. These miniature wireless sensor nodes can be extremely small, as tiny as a cubic centimeter. Compared with conventional computers, the low-cost, battery-powered, sensor nodes have a limited energy supply, stringent processing and communications capabilities, and memory is scarce. The design and implementation of relevant services for WSNs must keep these limitations in mind. Based on the collaborative efforts of a large number of sensor nodes, WSNs have become good candidates to provide economically viable solutions for a wide range of applications, such as environmental monitoring, scientific data collection, health monitoring, and military operations. Despite the wide variety of potential applications, MANETs and WSNs often are deployed in adverse or even hostile environments. Therefore, they cannot be readily deployed without first addressing security challenges. Due to the features of an open medium, the low degree of physical security of mobile nodes, a dynamic topology, a limited power supply, and the absence of a central management point, MANETs are more vulnerable to malicious attacks than traditional wired networks are. In WSNs, the lack of physical security combined with unattended operations make sensor nodes prone to a high risk of being captured and compromised, making WSNs vulnerable to a variety of attacks. A mobile ad hoc network (MANET) is a self-configuring network that is formed automatically by a collection of mobile nodes without the help of a fixed infrastructure or centralized management. Each node is equipped with a wireless transmitter and receiver, which allow it to communicate with other nodes in its radio communication range. In order for a node to forward a packet to a node that is out of its radio range, the cooperation of other nodes in the network is needed; this is known as multi-hop communication. Therefore, each node must act as both a host and a router at the same time. The network topology frequently changes due to the mobility of mobile nodes as they move within, move into, or move out of the network. A MANET with the characteristics described above was originally developed for military purposes, as nodes are scattered across a battlefield and there is no infrastructure to help them form a network. In recent years, MANETs have been developing rapidly and are increasingly being used in many applications, ranging from military to civilian and commercial uses, since setting up such networks can be done without the help of any infrastructure or interaction with a human. Some examples are: search-and-rescue missions, data collection, and virtual classrooms and conferences where laptops, PDA or other mobile devices share wireless medium and communicate to each other. As MANETs become widely used, the security issue has become one of the primary concerns. For example, most of the routing protocols proposed for MANETs assume that every node in the network is cooperative and not malicious [1]. Therefore, only one compromised node can cause the failure of the entire network. There are both passive and active attacks in MANETs. For passive at tacks, packets containing secret information might be eavesdropped, which violates confidentiality. Active attacks, including injecting packets to invalid destinations into the network, deleting packets, modifying the contents of packets, and impersonating other nodes violate availability, integrity, authentication, and non-repudiation. Proactive approaches such as cryptography and authentication were first brought into consideration, and many techniques have been proposed and implemented. However, these applications are not sufficient. If we have the ability to detect the attack once it comes into the network, we can stop it from doing any damage to the system or any data. Here is where the intrusion detection system comes in. Intrusion detection can be defined as a process of monitoring activities in a system, which can be a computer or network system. The mechanism by which this is achieved is called an intrusion detection system (IDS). An IDS collects activity information and then analyzes it to determine whether there are any activities that violate the security rules. Once AN ID determines that an unusual activity or an activity that is known to be an attack occurs, it then generates an alarm to alert the security administrator. In addition, IDS can also initiate a proper response to the malicious activity. Although there are several intrusion detection techniques developed for wired networks today, they are not suitable for wireless networks due to the differences in their characteristics. Therefore, those techniques must be modified or new techniques must be developed to make intrusion detection work effectively in MANETs. In this paper, we classify the architectures for IDS in MANETs, each of which is suitable for different network infrastructures. Current intrusion detection systems corresponding to those architectures are reviewed and compared. Chapter 2 Background 2.1 Intrusion Detection System (IDS) Many historical events have shown that intrusion prevention techniques alone, such as encryption and authentication, which are usually a first line of defense, are not sufficient. As the system become more complex, there are also more weaknesses, which lead to more security problems. Intrusion detection can be used as a second wall of defense to protect the network from such problems. If the intrusion is detected, a response can be initiated to prevent or minimize damage to the system. To make intrusion detection systems work, basic assumptions are made. The first assumption is that user and program activities are observable. The second assumption, which is more important, is that normal and intrusive activities must have distinct behaviors, as intrusion detection must capture and analyze system activity to determine if the system is under attack. Intrusion detection can be classified based on audit data as either host- based or network-based. A network-based IDS captures and analyzes packets from network tra ±c while a host-based IDS uses operating system or application logs in its analysis. Based on detection techniques, IDS can also be classified into three categories as follows [2]. Anomaly detection systems: The normal profiles (or normal behaviors) of users are kept in the system. The system compares the captured data with these profiles, and then treats any activity that deviates from the baseline as a possible intrusion by informing system administrators or initializing a proper response. Misuse detection systems: The system keeps patterns (or signatures) of known attacks and uses them to compare with the captured data. Any matched pattern is treated as an intrusion. Like a virus detection system, it cannot detect new kinds of attacks. Specification-based detection: The system defines a set of constraints that describe the correct operation of a program or protocol. Then, it monitors the execution of the program with respect to the defined constraints. 2.2 Intrusion Detection in MANETs Many intrusion detection systems have been proposed in traditional wired networks, where all track must go through switches, routers, or gateways. Hence, IDS can be added to and implemented in these devices easily [17, 18]. On the other hand, MANETs do not have such devices. Moreover, the medium is wide open, so both legitimate and malicious users can access it. Furthermore, there is no clear separation between normal and unusual activities in a mobile environment. Since nodes can move arbitrarily, false routing information could be from a compromised node or a node that has outdated information. Thus, the current IDS techniques on wired networks cannot be applied directly to MANETs. Many intrusion detection systems have been proposed to suit the characteristics of MANETs, some of which will be discussed in the next sections. 2.3 Architectures for IDS in MANETs The network infrastructures that MANETs can be configured to are either at or multi-layer, depending on the applications. Therefore, the optimal IDS architecture for a MANET may depend on the network infrastructure itself [9]. In an network infrastructure, all nodes are considered equal, thus it may be suitable for applications such as virtual classrooms or conferences. On the contrary, some nodes are considered different in the multi-layered network infrastructure. Nodes may be partitioned into clusters with one cluster head for each cluster. To communicate within the cluster, nodes can communicate directly. However, communication across the clusters must be done through the cluster head. This infrastructure might be well suited for military applications. 2.3.1 Stand-alone Intrusion Detection Systems In this architecture, an intrusion detection system is run on each node independently to determine intrusions. Every decision made is based only on information collected at its own node, since there is no cooperation among nodes in the network. Therefore, no data is exchanged. Besides, nodes in the same network do not know anything about the situation on other nodes in the network as no alert information is passed. Although this architecture is not elective due to its limitations, it may be suitable in a network where not all nodes are capable of running IDS or have IDS installed. This architecture is also more suitable for an network infrastructure than for multi-layered network infrastructure. Since information on each individual node might not be enough to detect intrusions, this architecture has not been chosen in most of the IDS for MANETs. 2.3.2 Distributed and Cooperative Intrusion Detection Systems Since the nature of MANETs is distributed and requires cooperation of other nodes, Zhang and Lee [1] have proposed that the intrusion detection and response system in MANETs should also be both distributed and cooperative as shown in Figure 1. Every node participates in intrusion detection and response by having an IDS agent running on them. An IDS agent is responsible for detecting and collecting local events and data to identify possible intrusions, as well as initiating a response independently. However, neighboring IDS agents cooperatively participate in global intrusion detection actions when the evidence is inconclusive. Similarly to stand-alone IDS architecture, this architecture is more suitable for a network infrastructure, not multi-layered one. 2.3.3 Hierarchical Intrusion Detection Systems Hierarchical IDS architectures extend the distributed and cooperative IDS architectures and have been proposed for multi-layered network infrastructures where the network is divided into clusters. Clusterheads of each cluster usually have more functionality than other members in the clusters, for example routing packets across clusters. Thus, these cluster heads, in some sense, act as control points which are similar to switches, routers, or gateways in wired networks. The same concept of multi-layering is applied to intrusion detection systems where hierarchical IDS architecture is proposed. Each IDS agent is run on every member node and is responsible locally for its node, i.e., monitoring and deciding on locally detected intrusions. A clusterhead is responsible locally for its node as well as globally for its cluster, e.g. monitoring network packets and initiating a global response when network intrusion is detected. 2.3.4 Mobile Agent for Intrusion Detection Systems A concept of mobile agents has been used in several techniques for intrusion detection systems in MANETs. Due to its ability to move through the large network, each mobile agent is assigned to perform only one specific task, and then one or more mobile agents are distributed into each node in the network. This allows the distribution of the intrusion detection tasks. There are several advantages for using mobile agents [2]. Some functions are not assigned to every node; thus, it helps to reduce the consumption of power, which is scarce in mobile ad hoc networks. It also provides fault tolerance such that if the network is partitioned or some agents are destroyed, they are still able to work. Moreover, they are scalable in large and varied system environments, as mobile agents tend to be independent of platform architectures. However, these systems would require a secure module where mobile agents can be stationed to. Additionally, mobile agents must be able to protect themselves from the secure modules on remote hosts as well. Mobile-agent-based IDS can be considered as a distributed and cooper ative intrusion detection technique as described in Section 3.2. Moreover, some techniques also use mobile agents combined with hierarchical IDS, for example, what will be described in Section 4.3. 2.4 Sample Intrusion Detection Systems for MANETs Since the IDS for traditional wired systems are not well-suited to MANETs, many researchers have proposed several IDS especially for MANETs, which some of them will be reviewed in this section. 2.4.1 Distributed and Cooperative IDS As described in Section 3.2, Zhang and Lee also proposed the model for distributed and cooperative IDS as shown in Figure 2 [1]. The model for an IDS agent is structured into six modules. The local data collection module collects real-time audit data, which includes system and user activities within its radio range. This collected data will be analyzed by the local detection engine module for evidence of anomalies. If an anomaly is detected with strong evidence, the IDS agent can determine independently that the system is under attack and initiate a response through the local response module (i.e., alerting the local user) or the global response module (i.e., deciding on an action), depending on the type of intrusion, the type of network protocols and applications, and the certainty of the evidence. If an anomaly is detected with weak or inconclusive evidence, the IDS agent can request the cooperation of neighboring IDS agents through a cooperative detection engine module, which communicates to other agents through a secure communication module. 2.4.2 Local Intrusion Detection System (LIDS) Albers et al. [3] proposed a distributed and collaborative architecture of IDS by using mobile agents. A Local Intrusion Detection System (LIDS) is implemented on every node for local concern, which can be extended for global concern by cooperating with other LIDS. Two types of data are exchanged among LIDS: security data and intrusion alerts. In order to analyze the possible intrusion, data must be obtained from what the LIDS detect, along with additional information from other nodes. Other LIDS might be run on different operating systems or use data from different activities such as system, application, or network activities; therefore, the format of this raw data might be different, which makes it hard for LIDS to analyze. However, such difficulties can be solved by using SNMP (Simple Network Management Protocol) data located in MIBs (Management Information Base) as an audit data source. Such a data source not only eliminates those difficulties, but also reduces the in-Figure 3: L IDS Architecture in A Mobile Node [3] crease in using additional resources to collect audit data if an SNMP agent is already run on each node. To obtain additional information from other nodes, the authors proposed mobile agents to be used to transport SNMP requests to other nodes. In another words, to distribute the intrusion detection tasks. The idea differs from traditional SNMP in that the traditional approach transfers data to the requesting node for computation while this approach brings the code to the data on the requested node. This is initiated due to untrustworthiness of UDP messages practiced in SNMP and the active topology of MANETs. As a result, the amount of exchanged data is tremendously reduced. Each mobile agent can be assigned a specific task which will be achieved in an autonomous and asynchronous fashion without any help from its LIDS. The LIDS architecture is shown in Figure 3, which consists of  ² Communication Framework: To facilitate for both internal and external communication with a LIDS. Local LIDS Agent: To be responsible for local intrusion detection and local response. Also, it reacts to intrusion alerts sent from other nodes to protect itself against this intrusion. Local MIB Agent: To provide a means of collecting MIB variables for either mobile agents or the Local LIDS Agent. Local MIB Agent acts as an interface with SNMP agent, if SNMP exists and runs on the node, or with a tailor-made agent developed specifically to allow up- dates and retrievals of the MIB variables used by intrusion detection, if none exists. Mobile Agents (MA): They are distributed from its LID to collect and process data on other nodes. The results from their evaluation are then either sent back to their LIDS or sent to another node for further investigation. Mobile Agents Place: To provide a security control to mobile agents. For the methodology of detection, Local IDS Agent can use either anomaly or misuse detection. However, the combination of two mechanisms will offer the better model. Once the local intrusion is detected, the LIDS initiate a response and inform the other nodes in the network. Upon receiving an alert, the LIDS can protect itself against the intrusion. 2.4.3 Distributed Intrusion Detection System Using Multiple Sensors Kachirski and Guha [4] proposed a multi-sensor intrusion detection system based on mobile agent technology. The system can be divided into three main modules, each of which represents a mobile agent with certain func- tionality: monitoring, decision-making or initiating a response. By separate in functional tasks into categories and assigning each task to a different agent, the workload is distributed which is suitable for the characteristics of MANETs. In addition, the hierarchical structure of agents is also developed in this intrusion detection system as shown in Figure 4. Monitoring agent: Two functions are carried out at this class of agent: network monitoring and host monitoring. A host-based monitor agent hosting system-level sensors and user-activity sensors is run on every node to monitor within the node, while a monitor agent with a network monitoring sensor is run only on some selected nodes to monitor at packet-level to capture packets going through the network within its radio ranges. Action agent: Every node also hosts this action agent. Since every node hosts a host-based monitoring agent, it can determine if there is any suspicious or unusual activities on the host node based on anomaly detection. When there is strong evidence supporting the anomaly detected, this action agent can initiate a response, such as terminating the process or blocking a user from the network. Decision agent: The decision agent is run only on certain nodes, mostly those nodes that run network monitoring agents. These nodes collect all packets within its radio range and analyze them to determine whether the network is under attack. Moreover, from the previous paragraph, if the local detection agent cannot make a decision on its own due to insufficient evidence, its local detection agent reports to this decision agent in order to investigate further. This is done by using packet-monitoring results that comes from the network-monitoring sensor that is running locally. If the decision agent concludes that the node is malicious, the action module of the agent running on that node as described above will carry out the response. The network is logically divided into clusters with a single cluster head for each cluster. This clusterhead will monitor the packets within the cluster and only packets whose originators are in the same cluster are captured and investigated. This means that the network monitoring agent (with network monitoring sensor) and the decision agent are run on the cluster head. In this mechanism, the decision agent performs the decision-making based on its own collected information from its network-monitoring sensor; thus, other nodes have no influence on its decision. This way, spooffing attacks and false accusations can be prevented. 2.4.4 Dynamic Hierarchical Intrusion Detection Architecture Since nodes move arbitrarily across the network, a static hierarchy is not suitable for such dynamic network topology. Sterne et al. [16] proposed a dynamic intrusion detection hierarchy that is potentially scalable to large networks by using clustering like those in Section 4.3 and 5.5. However, it can be structured in more than two levels as shown in Figure 5. Nodes labeled 1 are the first level clusterheads while nodes labeled 2 are the second level clusterheads and so on. Members of the first level of the cluster are called leaf nodes. Every node has the responsibilities of monitoring (by accumulating counts and statistics), logging, analyzing (i.e., attack signature matching or checking on packet headers and payloads), responding to intrusions detected if there is enough evidence, and alerting or reporting to cluster heads. Clues treads, in addition, must also perform: Data fusion/integration and data reduction: Clusterheads aggregate and correlate reports from members of the cluster and data of their own. Data reduction may be involved to avoid conflicting data, bogus data and overlapping reports. Besides, cluster heads may send the requests to their children for additional information in order to correlate reports correctly. Intrusion detection computations: Since different attacks require different sets of detected data, data on a single node might not be able to detect the attack, e.g., DDoS attack, and thus clusterheads also analyze the consolidated data before passing to upper levels. Security Management: The uppermost levels of the hierarchy have the authority and responsibility for managing the detection and response capabilities of the clusters and cluster heads below them. They may send the signatures update, or directives and policies to alter the configurations for intrusion detection and response. These update and directives will flow from the top of the hierarchy to the bottom. To form the hierarchical structure, every node uses clustering, which is typically used in MANETs to construct routes, to self-organize into local neighborhoods (first level clusters) and then select neighborhood representatives (cluster heads). These representatives then use clustering to organize themselves into the second level and select the representatives. This process continues until all nodes in the network are part of the hierarchy. The authors also suggested criteria on selecting cluster heads. Some of these criteria are: Connectivity: the number of nodes within one hop Proximity: members should be within one hop of its cluster head Resistance to compromise (hardening): the probability that the node will not be compromised. This is very important for the upper level cluster heads. Processing power, storage capacity, energy remaining, bandwidth cape abilities Additionally, this proposed architecture does not rely solely on promiscuous node monitoring like many proposed architectures, due to its unreliability as described in. Therefore, this architecture also supports direct periodic reporting where packet counts and statistics are sent to monitoring nodes periodically. 2.4.5 Zone-Based Intrusion Detection System (ZBIDS) Sun et al. [24] has proposed an anomaly-based two-level no overlapping Zone-Based Intrusion Detection System (ZBIDS). By dividing the network in Figure 6 into nonoverlapping zones (zone A to zone me), nodes can be categorized into two types: the intrazone node and the interzone node (or a gateway node). Considering only zone E, node 5, 9, 10 and 11 are intrazone nodes, while node 2, 3, 6, and 8 are interzone nodes which have physical connections to nodes in other zones. The formation and maintenance of zones requires each node to know its own physical location and to map its location to a zone map, which requires prior design setup. Each node has an IDS agent run on it which the model of the agent is shown in Figure 7. Similar to an IDS agent proposed by Zhang and Lee (Figure 2), the data collection module and the detection engine are re-sponsible for collecting local audit data (for instance, system call activities, and system log les) and analyzing collected data for any sign of intrusion respectively. In addition, there may be more than one for each of these modules which allows collecting data from various sources and using different detection techniques to improve the detection performance. The local aggregation and correlation (LACE) module is responsible for combining the results of these local detection engines and generating alerts if any abnormal behavior is detected. These alerts are broadcasted to other nodes within the same zone. However, for the global aggregation and correlation (GACE), its functionality depends on the type of the node. As described in Figure 7, if the node is an intrazone node, it only sends the generated alerts to the interzone nodes. Whereas, if the node is an interzone node, it receives alerts from other intrazone nodes, aggregates and correlates those alerts with its own alerts, and then generates alarms. Moreover, the GACE also cooperates with the GACEs of the neighboring interzone nodes to have more accurate information to detect the intrusion. Lastly, the intrusion response module is responsible for handling the alarms generated from the GACE. The local aggregation and correlation Algorithm used in ZBIDS is based on a local Markov chain anomaly detection. IDS agent rust creates a normal profile by constructing a Markov chain from the routing cache. A valid change in the routing cache can be characterized by the Markov chain detection model with probabilities, otherwise, its considered abnormal, and the alert will be generated. For the global aggregation and correlation algorithm, its based on information provided in the received alerts containing the type, the time, and the source of the attacks. 2.5 Intrusion Detection Techniques for Node Cooperation in MANETs Since there is no infrastructure in mobile ad hoc networks, each node must rely on other nodes for cooperation in routing and forwarding packets to the destination. Intermediate nodes might agree to forward the packets but actually drop or modify them because they are misbehaving. The simulations in [5] show that only a few misbehaving nodes can degrade the performance of the entire system. There are several proposed techniques and protocols to detect such misbehavior in order to avoid those nodes, and some schemes also propose punishment as well [6, 7]. 2.5.1 Watchdog and Pathrater Two techniques were proposed by Marti, Giuli, and Baker [5], watchdog and pathrater, to be added on top of the standard routing protocol in ad hoc networks. The standard is Dynamic Source Routing protocol (DSR) [8]. A watchdog identifies the misbehaving nodes by eavesdropping on the transmission of the next hop. A pathrater then helps to find the routes that do not contain those nodes. In DSR, the routing information is defined at the source node. This routing information is passed together with the message through intermediate nodes until it reaches the destination. Therefore, each intermediate node in the path should know who the next hop node is. In addition, listening to the next hops transmission is possible because of the characteristic of wireless networks if node A is within range of node B, A can overhear communication to and from B. Figure 8 shows how the watchdog works. Assume that node S wants to send a packet to node D, which there exists a path from S to D through nodes A, B, and C. Consider now that A has already received a packet from S destined to D. The packet contains a message and routing information. When A forwards this packet to B, A also keeps a copy of the packet in its buffer. Then, it promiscuously listens to the transmission of B to make sure that B forwards to C. If the packet overheard from B (represented by a dashed line) matches that stored in the buffer, it means that B really forwards to the next hop (represented as a solid line). It then removes the packet from the buffer. However, if theres no matched packet after a certain time, the watchdog increments the failures counter for node B. If this counter exceeds the threshold, A concludes that B is misbehaving and reports to the source node S. Path rater performs the calculation of the path metric for each path. By keeping the rating of every node in the network that it knows, the path metric can be calculated by combining the node rating together with link re- liability, which is collected from past experience. Obtaining the path metric for all available paths, the pathrater can choose the path with the highest metric. In addition, if there is no such link reliability information, the path metric enables the pathrater to select the shortest path too. As a result, paths containing misbehaving nodes will be avoided. From the result of the simulation, the system with these two techniques is quite effective for choosing paths to avoid misbehaving nodes. However, those misbehaving nodes are not punished. In contrast, they even benefit from the network. Therefore, misbehaving nodes are encouraged to continue their behaviors. Chapter 3 3. Literature survey 3.1 Introduction The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. The nature of mobility creates new vulnerabilities that do not exist in a fixed wired network, and yet many of the proven security measures turn out to be ineffective. Therefore, the traditional way of protecting networks with firewalls and encryption software is no longer sufficient. We need to develop new architecture and mechanisms to protect the wireless networks and mobile computing applications. The implication of mobile computing on network security research can be further demonstrated by the follow case. Recently (Summer 2001) an Internet worm called Code Red has spread rapidly to infect many of the Windows-based server machines. To prevent this type of worm attacks from spreading into intranets, many. This paper

Taoism in Chinese Culture Essay examples -- Taoism Chinese Culture Tao

Taoism in Chinese Culture Taoism, known as â€Å"The Way,† can be categorized as both a Chinese philosophy and a religion. Taoists believe in accepting and yielding to the ways of life, complementing nature and being by internalizing their goals rather than worshipping a god externally. Taoism, in its metaphysical and philosophical nature, is much like Confucianism, but the ideal interests of the two religions are contrasting. Confucianism was formulated during a time of war and relies heavily upon a moral and political system that fashioned society and the Chinese empire, while Taoism correlates to a time of peace and honors spiritual and metaphysical preoccupation (Taoism 2). The supposed author of the Tao Te Ching, Lao Tzu, is said to be the father of Taoism. It is estimated that Lao Tzu, spelled many other ways including Lao-tsu, Lao Tse, and Lao Tzi, was born under the name of Li Erh in Honan, China, around 604 B.C.E. Myth says that Lao Tzu was born fully developed with a long, white beard and hair the color of snow. He was somewhat of a recluse and withdrew from society to avoid governmental law and rule. He retreated to the Western frontier after the fall of the Zhou dynasty to continue his personal study of metaphysics and philosophy (Taoism 2). The collaborations of his studies and observations are said to be the basis of the Tao Te Ching, although some scholars argue that Lao Tzu’s existence cannot be proved and that the scholar Chuang-tzu played at least a partial role in the authorship. However the Tao Te Ching came to be, it is prized for being the foundation of Taoist belief and should hold merit as a universal guide, not as an aut hor’s accomplishment (De Bary, Chan, and Watson 49). There are t... ...e and space and is therefore attainable to each individual who is ready to be released from the bonds of the physical. The Tao is perfection, a place where yin and yang come together and all that lives in diversity finds unity. Works Cited De Bary, Wm. Theodore, Wing-Tsit Chan, and Burton Watson, eds. Sources of Chinese Tradition. NewYork: Columbia UP, 1960. Feibleman, James K. Understanding Oriental Philosophy: A Popular Account for the Western World. New York: Horizon, 1976. Robinson, B.A, â€Å"Taoism.† Religious Tolerance.org. 28 August 2000. 15 September 2000 . Smullyan, Raymond M. The Tao is Silent. New York: Harper & Row, 1977. â€Å"Taoism.† Encyclopedia Britannica Online. 1999-2000 ed. 19 September 2000 .

Geography Study Chart Places and Regions Essay

Studying the World Regions and Places units in your course Many students find the course content on world regions, countries, and places to be some of the most challenging material to learn. The combination of student unfamiliarity with the world regions and the large volume of information to be learned can be overwhelming. To help you organize your studies, keep in mind WGU’s intention behind this course, which is for competent students to have a strong grasp of the major human and physical geographic conditions that interact to shape our world. When you are studying world region, we want you to emphasize the 1) â€Å"big picture† of the geographic conditions in each world region, 2) the major countries of that region, and 3) how that region relates to the rest of the world. Creating a consistent framework for studying each world region may help you retain the knowledge you need to be successful in this course aspect. We recommend trying to identify the 2-3 most significant / most important physical, cultural, economic, and political characteristics that exist within each world region. We do not guarantee that you are only tested on those features, but the process of identifying the most significant characteristics from the broader range of information about each world region is an excellent study strategy that also will ensure you leave our course with a strong, general knowledge of the major geographic conditions around the world. You are welcome to use the grid, below, to help organize your study material.

Anthropology Final Paper essays

Anthropology Final Paper essays During the beginning of the semester, I did not find the class very interesting at all. It reminded me too much of a history class. The topics just werent appealing to me. Learning of how people function in other societies was really boring to me. I am more interested in learning about my own society and the history of it. I feel that would have a bigger impact on me instead of learning about other peoples societies. The class began to get more interesting towards the end of the semester when we started talking about Philadelphia and its suburbs. I found it very interesting because I already knew about most of the topics. My father works for PHA (Phila. Housing Auth.), and they own all of the projects and various scattered sites throughout the city. As a young child my dad would take my sister and I and drive around the city. He would tell us what used to be where and how nice everything in our neighborhood used to be. I live in Germantown, so when we began our discussion of Philadelphia I knew exactly where Everything was that we where talking about. Also my family belongs to the Germantown historical Society, so I have learned plenty from that. When I was in tenth grade we did a city block project. Every student was assigned a block and we had to evaluate that block during three different time periods. This required looking at old maps and plenty of microfiche. The block I was assigned was the 700 block of walnut street. Washington Square was located directly across the street from my block. When we started talking about that I already knew about it. These are the topics that held my interest. I cant say that my thinking has been affected, but there were plenty of times where I felt connections between class materials and my experiences in the real world. I also felt that the class material was very accurate. Although some of the class was not very interesting. I do feel that m...

In the nineties the world has been faced with many different crimes and social deviences essays

In the nineties the world has been faced with many different crimes and social deviences essays In the nineties the world and society has been faced with many different crimes and social deviancies, most of which have been as a result of rebellion and a form of expression. Whether it is to force a change or to create something new deviance is at a strong high. At the dawn of a new millenium some of society feel the need to express themselves in proscriptive norms and leave our mark on the world. The words deviance and crime are two words often mistaken for each other. Crime is a unlawful activity while deviance is a behavior that is different from that of the accepted social or moral standards. Deviance most of the time is the gateway to crime. A strong example of this would be the recent exploits at the Woodstock 99 music festival. In the September 2nd issue of Rolling Stone magazine the author Kurt Loder writes about the transgression that takes place when the music festival turns sour. He writes about how amid the music and peaceful motto of the festival some individuals feel the need to be malicious and irregular. He goes on to tell that when the band Limp Bizkit performed the song Break Stuff the violence took place. There was an unending blizzard of empty plastic water bottles sailing through the air and bouncing off skulls further down front, across the field people were ripping up the plywood barriers...and launching big, splintery crowd-surfing boards atop a sea of upsteached hands...The bonfires roaring out of control, the looting, the explosions, the whole stupid riot. Festival security, such as it was, collapsed in the face of this sudden war-zone situation. There was also accounts of different and unusual sexual activities. Kurts interpretation was like most others. This day that was supposed to be a social gathering in a peaceful atmosphere turned into a battle field of abnormal de...

Israel-Palestine Conflict Essay Example | Topics and Well Written Essays - 250 words

Israel-Palestine Conflict - Essay Example Hence, religion in its sense serves the role of rallying masses into deeming together with their leaders (like Fatah) while agitating adheres to what its statutes dictates, which is quite untrue1. Political issues have characterized this conflict though leaders try to incline on religion to attain their goals, which is evident in the case of Hamas who despite winning legally internal officials assumed diverse stands. This implies religion in this case encompasses pulling masses’ support but at the top its purely politics that will continue to paralyze the state’s affairs. I agree with you in arguing if the region desires peace ought to back Hamas for the international community to have a legal platform to intervene. I agree with you the conflict that characterizes Israel-Palestinians sour relationship its basis is not purely religion but instigators incline to blaming it citing as the source of differences between the two sides. They use creed as a scapegoat into undert aking their evil actions, which is also evident globally in form of malicious attacks. However, instigators of these conflicts are only out to realize their political interests but hoodwink the masses into deeming religion is the key reason and ought to protect it even if it implies dying in the process.

Week six summary Essay Example | Topics and Well Written Essays - 500 words

Week six summary - Essay Example The disadvantage of having a union is that it can lead to job losses. If the unions indulge in strikes and protests with the employees for unfeasible and avoidable reasons, the employer may suspend or fire the employees. Another negative aspect of being a union member is that it may consider only the interests of its members disregarding the plight of workers from other unions and non-unionized workers. By having workers from different backgrounds and a different mindset may trigger to disciplinary problems. The lack of discipline and implementation of it may hinder the formation of partnership, thus compromising the concept of consensus. According to Casico (2005) self-discipline, when it is committed, consistent, and dependable; will be in accordance to what was agreed upon. When the organization provides the employees with an optimal stress free working environment they will show optimum productivity. When the opposite occurs, Corsico (2005) stated that â€Å"†¦stress related disability claims are the most rapidly growing form of occupational illness†. An incentive program (rewards, promotions, recognitions) that takes into consideration the employees’ input increases the motivational levels and reduces the stress levels. Career Development Plan - There has been personnel training. An analysis of job responsibilities has been performed. We have developed job descriptions and qualification for: First Level Management Position – Regional Sales Manager, Lead Generation Sales Associate, In House Trainer, Marketing Specialist, and Diversity Officer. Training Program - We will design training for everyone (solution based selling, customer service, telephone sales, closing the sale on the telephone/field) that will be created and conducted and OSHA standards will be complied with. Methods for Evaluating Employees - I have suggested a 360 degree program. I found a report from the United States Office of Personnel Management (1997) that is