Modern Technology Essay

Information technology is playing an increasingly important role in the work and personal lives of citizens. Computers, communications, digital information, software – the constituents of the information age – are everywhere. There is though, a considerable number of people that are really concerned about the changes that modern technology implies, stating that it embodies potential risks to social values, freedoms, and relationships and this is what Sherri Turkle also states in her Forbes magazine article ‘Can You Hear Me Now? . I must agree with Turkle’s point of view that technology, along with all the positive aspects it brought into people’s lives, it also brought loneliness and sameness of lifestyle because of this abusive way people got to use technology nowadays. But as opposed to Turkle’s and millions of other people’s fearful thinking that mankind is developing too intimate relationships with machinery; I would say that this can be absolutely controllable. While it is true that the future of technology is only limited by our imagination, people have to learn that no matter how developed technology might get, the basics of a better life are self-esteem, respect for the others and willingness to self-educate and build up a strong character. According to Dictionnary. com,’ technology is the branch of knowledge that deals with the creation and use of technical means and their interrelation with life, society, and the environment, drawing upon such subjects as industrial arts, engineering, applied science, and pure science’. Commonly, technology can be defined as the science applied to practical purposes. It can be argued that modern technology makes life easier and more dignified for most of people. The first and the major advantage is that medical science is very progressive and vastly available. Without the needed technology a lot of people would struggle with their health. In addition it saves many innocent lives. The point is to spread it and reach with medicine help to the poor nations of the Third World. Secondly, the advanced technology improves industry by making it more effective and, what is vital today, safer for environment. Moreover when we look at TV, personal computer, mobile phone or internet for instance, it is quite obvious that all these inventions have been made in the last 20 years. Thus the speed of improvement is huge and unpredictable. We can get the fastest ways of communication through modern technology which ties humanity together like a nervous system ties the parts of an organism together. Today we are connected with every other human being on the planet in a way people never have been before this leading to globalization through diversity, a very powerful current which is really to consider nowadays. On the minus side there is weaponry which is the inseparable issue of the new technologies. Hence the main problem is the proper use of this knowledge. Nevertheless, weapon engineering propels and provides a huge advance. Also, the industry despite highly developed machinery pollutes the globe. On the other hand while many people live in horrible conditions and famine governments spend a lot of money on developing weapon industry. Is it the right way? Modern technology should prevent social disproportions and not add up even more. Technology entered our lives over a relatively brief period of time with little warning and essentially no preparation. Many who currently use information technology have only a limited understanding of the tools they use and a probably correct belief that they are underutilizing them. This is why most of the people pay more attention first to their interlocutors coming through the modern gadgetry considered a more elevated audience; the ‘real’ ones have come to fill just a second position. This is where Turkle’s fair point comes when she describes these people’s feelings – ‘Being put on pause’ this is the impression we get when the one we are engaged with in a conversation answers his cell phone or replies to an e-mail or a text message. Another example of the modern technology taking over the unprepared people is the virtual lives they build and end up becoming addicted on that up to a certain point where it can even become dangerous for themselves and the ones close to them. Millions become someone else every day, lying about their age, gender, occupation or appearance. If you can be anything, you might as well be who you wish you were rather than what limits you in the real life. So if someone decides they like their online persona better, and decides to spend as much time in that persona as possible, living virtually – are they crazy? These games are addictive by design, and a lot of people get sucked into a virtual world existence, at the expense of their real life happiness. And surely a large part of the attraction is this ability to live an alternate, and in many ways, happier existence. But this can get really dangerous when it comes to children and adolescents as they may discover ‘world in the Second Life’ as Turkle puts it in might be much easier and funnier and they can develop serious issues n forming their character and personalities. And the negative effects technology can have on children are numerous: less physical movement, lack of attraction towards reading, no sense of responsibility. With parents buying their children cell phones and expecting them to call as often as possible showing them actually how little they trust them, this only adds up to children’s developing a lack of responsibility and a sense of dependence, as Turkle puts in and I agree. The time of self-reflection at adolescence is taken over by ‘quickly communicating a state over the cell phone or through an instant message and emoticons’ (Turkle) leading to a new dependence in their early emotional lives. Another point that Turkle makes is that technology leaves less or no time at all to sit and reflect of ourselves uninterrupted and I agree with that. Unless we are really strong as to put away or turn off all the technology around us we cannot get a moment with ourselves as all this machinery can be very distracting. Nowadays, when the rapidness of development and research is so impressive, it is easy to think about the advantages of modern technology. It is obvious that we are close on an era where technology is limited only by our imagination. Therefore the most frequently asked question is: Does technology go the right way and will it save or ruin our civilization? I believe that we can just let ourselves carried along with it or we could impose on ourselves in being more aware of the disadvantages also and try to control it.

Anne Lamott Summary Essay

In the book Bird by Bird by Anne Lamott, she writes an excerpt, Shitty First Drafts, which is about the impact and importance of the first drafts of writing. Anne explains in the beginning of this excerpt that all writers write shitty first drafts and the drafts get better as you write more and work on the writing more. Lamott claims that â€Å"writing is not rapturous,† she explains that the only way that she can write anything well is to write a very bad first draft and just work on fixing that. She explains that sometimes you just have to type and get your ideas  written out to be able to write a good piece of work. Once someone has been writing for so long, they have to have the ability to be able to just trust their writing process and understand that the first draft isn’t going to be perfect. Nothing is perfect on the first try, you have to keep working at it. Sometimes the first draft will be the worst thing someone thinks they have ever written, but they just have to go back to it and try to make it better and revise what is wrong. A writer has to start somewhere and they work from there. Just because the first draft is a bad draft doesn’t mean  that the final work will be terrible. The first draft is the terrible draft, the second draft is the slightly better draft that has been picked through lightly to better, and the final draft is the â€Å"dental draft. † The dental draft is the draft that you really pick through and make sure that everything is perfect. In other words, the final product is checked â€Å"dentally† to make sure that it is â€Å"healthy† so that the final product is perfect. Lamott’s entire excerpt is just explaining that whether or not your first draft is perfect or not, the final product will definitely be better and more acceptable.

Martin Luther Essay Example | Topics and Well Written Essays - 250 words - 1

Martin Luther - Essay Example With the approval from the Pope, pardoners journeyed throughout Europe, making lucrative profit by selling Indulgences. In addition, the Pope did not allow the Bible to be translated. Luther found it unfair because the common people could not read Latin. It was unfair because the people had to believe whatever the priest told them. Luther believed that the people should be able to enjoy the freedom of reading the Bible on their own and in their own language. Martin Luther knew that the Church lost sight of fundamental truths. The Protestant Reformation was a struggle to change the ways of the Roman Catholic Church and to unshackle the people from ruthless leaders who hungered after the expansion of their domination at the expense of the Church. As a result in summary, Luther’s actions brought more liberty of Christian belief and ways. It was the start of the termination of papal dominion. They no longer had the authority to order both religious doctrine and political rulings. It indicated the breaking loose of people from suffering under the dictatorship of the priesthood in the Medieval

Determinants of Capital Structure of Listed Saudi Arabian Companies Dissertation - 1

Determinants of Capital Structure of Listed Saudi Arabian Companies - Dissertation Example This study seeks to discover whether or not there is such a significant effect. In the study, the independent variables identified were seven financial and economic firm indicators, while the dependent variable proxy for capital structure is the leverage or level of debt capital relative to the total capitalization of the firm. Multivariate regression modelling was employed in the assessment of which variables proved significant in determining capital structure, and in what direction it tended to influence the firm’s debt. The dissertation concludes that firm size is the most significant determinant across three of the five industrial sectors, followed by profitability which is a significant determinant for two sectors. Of the remaining, four factors were significant for one sector each. Manufacturing and industrial firms are significantly related to four determinants, the most of any other sector. Retail and services has two significant determinants, while the other three sec tors have one each. Firm size relates to higher debt, while profitability relates to lower debt. Acknowledgements Table of Contents Abstract 2 Acknowledgements 4 Table of Contents 5 Chapter 1: Introduction 8 1.1Chapter overview 8 8 1.2 Background of the research problem 8 1.3 Research problem 10 1.4 Research objectives 10 1.6 Significance of the study 11 1.7 Scope and limitation 11 1.8 Chapter summary 11 Chapter 2: Literature Review 12 2.1 Chapter overview 12 2.2 Review of existing theories on capital structure policy determination. 12 2.3 Corporate control as a factor in capital structure determination 15 2.4 Evidence from different countries 16 2.5 Determinants of capital structure 20 2.6 Determinants of capital structure in Saudi Arabian companies 25 2.7 Chapter Summary 28 Chapter 3: Methodology 31 3.1 Chapter Overview 31 3.2 Research Design

Recruitment Quiz Essay Example | Topics and Well Written Essays - 750 words

Recruitment Quiz - Essay Example Moreover, the scientific recruitment process is usually conducted by different types of experts where time, energy and money are involved. As a result, Google and other organizations use scientific recruitment to select their employees since it has numerous advantages. In specific, Google ensures that the recruitment process goes through a thorough hiring assessment entailing recruiter screen, phone screen, and on site interview. Additionally, the Company has different experts who are used in the recruitment process such as the Hiring Committee that comprises of senior managers and directors, as well as, experienced employees who assist in making hiring decisions, thus avoiding a situation where bad decisions are made. Google also has a compensation committee that is concerned with ensuring that appropriate decisions are made in relation to what should be given to the qualified employees in terms of compensation for the offer. In a general sense, the scientific recruitment at Google has ensured that there is the right job for the right person, and high efficiency and productivity for the organization advantage (Kumar 2 62). 1. Identifying the gap: the HR department begins by identifying the gaps that are present in different department within the Company, which are as a result of employee turnover and/or increased amount of work that requires extra sources of labor. 2. Advertisement: the HR manager then consult the senior manager who is expected to give an approval on the necessity of recruiting more employees, and further give directions to the advertising department in reference placing the job adverts on various platforms that can easily be accessed by potential job seekers. 3. Screening: The recruiter goes through the applications sent in and matches them with the qualifications and experiences that are required by the Company. The rot that has all or most qualifications depending

The Republic of Mass Culture by James L. Baughman Essay

The Republic of Mass Culture by James L. Baughman - Essay Example Proceeding with an outline of the extent to which television impacted the operational parameters of both radio and print journalism, Baughman explains how and why this led to cooperation, rather than competition. As radio, film and print journalism found themselves confronted by television, a communications and entertainment medium which was drawing audiences away from them, they realized their inherent limitations for successful and effective competition. Quite simply stated, they could not compete with television. They, therefore, relied on a survival strategy which they had used in the past when faced with similar challenges: cooperation and imitation as opposed to competition. In brief, when newspapers were confronted with the challenged posed by radio, not only did they proceed to make significant changes to their content but they gave greater space to entertainment and pictures. Certainly, the gap between radio and newspaper remained but it gradually narrowed down in such a way as to allow the survival of the latter in face of the competition posed by the former. As Baughman explains through an in-depth historical analysis, this strategy was used vis--vis each new mass medium. The television, however, proved... As a survival strategy, however, this was simply not sufficient. Print journalism and radio could hardly compete with television but what they did do was define the mass media market itself and proceed to identify the different segments and sub-segments wherein, following which the engaged in the identification of their target audience and the design of content to meet the tastes of the target segments. The mass media evolved into an industry which relied on market studies and marketing in order, not just to survive but, to prosper and grow. The mass media industry began to borrow and implement the tools and strategies traditionally associated with other industries. Hence, marketing and PR departments evolved. Even as regards newspapers whose primary purpose is to report the news, irrespective of whether the public will find it enjoyable' and interesting, or not, content was influenced by marketing research. As Baughman argues, "market forces, or, more accurately, a perception of the market"1 shaped the content of mass media and influenced the evolution of novel trends therein. As he explains the extent to which the mass media made the transition from an information communications medium, whose content was primarily determined by developing news and events, to an almost wholly entertainment based channel of popular communication, whose content is determined by market studies, Baughman presents a controversial thesis. We are not, as seems to be the popular opinion, living in the Information Age but in an age where, despite the abundance of media channels and types, information is superficial and geared towards entertainment. The public, the market, is dictating the information to be conveyed and, within the context of the

DIFFERENCE BETWEEN COMPACT DISC AND RECORDS Essay

DIFFERENCE BETWEEN COMPACT DISC AND RECORDS - Essay Example The record technology was improved till 1980s when cassette technology was introduced which displaced the vinyl records significantly. The popularity of cassette went down when compact disc and mini disc were introduced in 1990s. Differences Size: Initially, the records were as big as 16 inches in diameter which was reduced to as low as 7 inches by the time. However, the most popular models used in that time were 12 inches. On the other side, Compact discs are only 4.75 inches in diameter which makes it a much more flexible product. Compact Disc also comes in small sizes, commonly know as Mini CD. The diameter of these Mini CDs ranges from 2.4 to 3.1 inches. The smaller is the size, the lesser will be data capacity. Production: Records are created with an element called black lacquer vinyl, which is the reason it is commonly called Vinyl Record. Contrary, CDs are developed with 1.2 millimeters thick polycarbonate plastic coated with aluminum and a thin translucent acrylic protective coating (Morgan). A CD weights around 15 to 20 grams. The thin layer of aluminum makes it reflective. A lacquer layer is used for spinning and label printing. Wear and Tear: Records are less likely to be abandoned and torn as compared to Compact Discs. Vinyl records are â€Å"hard† records, made up with black lacquer. ... CDs are susceptible to skips and clicks whereas Vinyle records usually play in any situation since they are analog. Price: The price of records is much higher because of the high cost expenditure incurred in manufacturing process. However, Compact Discs are comparatively cheaper and can stored hefty amount of data. Sound Quality: Vinyl records can play music as good as CDs. The difference is extremely small and negligible (Vinyl Vs. CD Part 3. Sound Difference Between LP’s and CD’s). After researching thoroughly, it is concluded that some extreme music lovers still prefer Vinyl over CDs, claiming the sound quality of Vinyl is richer. However, the differences in the sound quality are nearly inaudible to a normal human being and Vinyl and CDs overshadow each other only in some genre of music. Recording/Writing: Vinyl records needs a vinyl cutter for recording or copying songs in a record. These vinyl cutters are extremely expensive, costing about $10,000, thus making it i mpossible for common people to have it in their possession. Contrary, CDs can be written with the help of CD burner which are cheaply available in market, ranging from $15 to $25. Moreover, CD-R is a kind of Compact Disc which has the re-write feature. There is also a major difference between analog and digital recording. Analog recording is used in recording vinyl records, which varies a property or characteristic of a physical recording medium through air pressure (Elsea). Contrary, digital recording is developed when the physical properties of the original sound are converted into sequence number through an analog-to-digital converter which makes it able to be recorded and read back through a digital medium such as CD (Elsea, Basics of

Case studies Essay Example | Topics and Well Written Essays - 1750 words

Case studies - Essay Example It started as small company but it grew so rapidly that, in 2004 it had been ranked 25th among the Top 50 S&P 500 companies by Business Week magazine. The company has set itself as an example for the other companies in the SME sectors across the world regarding how to become successful in a short span of time. The period of 1990s seemed to be most successful for the company when on average it had opened a new store almost in each working day. This high pace of growth continued even after its entry into the new millennium also. In fact it had been able to maintain thin momentum until recently. The ongoing global down turn had also affected the company badly like the others. Since 2008, it has closed around 900 stores in the United States as demand has declined sharply. However, it still has a growth plan outside the territory of USA in near future. In fact, it is planning to open as many as 900 new stores in the countries outside the USA. (Starbucks- company Overview, 2009) Very often, this company has faced several types of protests on the grounds of trade related policies, employee relations, impacts on environment, and so on. But in the mid of all these issues it has managed to grow at a very fast rate (Starbucks- company Overview, 2009). There are a number of factors that have helped Starbucks to become so successful. These factors are as follows- Rapid expansion on a global basis: Starbucks had adopted the method of expanding its market not only in the domestic front, but also in the foreign countries. This expansion plan has been able to make the name of the Starbucks known by a huge number of people around the world which simply has resulted in magnificent increase in the customer base of this company. By creating its presence in the global market on strong feet, it has been able to dominate the segment of market it caters to. It has been rated as one of the best company to work with and its pleasant working environment has made the company able to expand at such a high pace, while retaining its customer base at its other outlets. Creation of brand loyalty: One major reason behind its success is that it has been able to create huge brand loyalty among its customers. The company has always been careful in meeting the customers' need and providing them with memorable experiences so that they make a return to this brand again and again. This is why the company has been rates as one of those global brands that have created highest level of impact on their consumers. In 2003, a magazine had considered Starbucks as one of most trustworthy brand. Its recognition as one of the most impactful and most trustworthy brand has enhanced its brand value and has made its logo recognizable by the most. Consequently, it has helped to retain its customer-base. The degree of loyalty of the customers to the Starbucks brand is so huge that even when the customers go any foreign location, they visit Starbucks' outlet to have a cup of coffee that they enjoy in their own home town. Adoption of innovative strategies for business: the company has employed a highly skilled research team for developing innovative ways of attracting more and more customers to its brand, while retaining the existing customers' loyalty towards this brand. For example, in 2004, it introduced a CD burning service in one of its outlets in California. This innovative service allows its

W2D 590 Organizational behavior Essay Example | Topics and Well Written Essays - 250 words

W2D 590 Organizational behavior - Essay Example le include actions and decisions made by employees, managers, and shareholders and their interactions and interrelationships with customers, community members, suppliers, investors, as well as government agencies which monitor their adherence to prescribed laws and regulations. The behavior in the US Army Recruiting command is expected and perceived to be positive given the crucial role and responsibilities for recruiting qualified people to join the U.S. Army. As emphasized, â€Å"bringing quality young men and women into the Army - people who will complete their tours of duty and make a contribution to the Nation’s defense - is the objective of the U.S. Army Recruiting Command as it goes about the mission of providing the strength for America’s Army† (U.S. Army Recruiting Command, 2014, p. 1). As such, the qualified recruiters are highly competent to locate and screen men and women who have the genuine desire to become members of the U.S. Army. The skills and qualifications that these men possess should fit the personnel requirements of the organization. Therefore, organizational behavior provides these recruiters with the theoretical frameworks for the function of acquisition, maintenance, development, and job organization which con tributes to the performance and productivity of the employees (Martires & Fule, 2004). Knowledge on the application of leadership theories, including application of leadership skills, styles, motivational strategies, communication, change management, and conflict resolution, among others, assist in providing job satisfaction and high

I want to do the topic on service learning and how it can increase Assignment

I want to do the topic on service learning and how it can increase admission retention - Assignment Example Sincerely, [Student signature] Student typed name Student title Encl, Contents Recommendation Report: Service Learning at Angelo State University 5 Discussion of Problem 6 Partnerships 9 Outreach 10 Curricular Engagement 11 Recommended Solution 12 Table of Figures Figure 1: Kellogg Logic Model (2004) 9 Figure 2: Google search results for keywords service learning and outreach 10 Figure 3: Service Learning and associated skills 12 Executive Summary Hook the reader with a clear explanation of what you want to do Briefly summarize each of the major segments of the report University description Problem Your solution Why now? Recommendation Report: Service Learning at Angelo State University It is no secret that many colleges and universities across the country are struggling to stay afloat. Earlier this year, Moody's Investors Service put out a negative outlook for the industry as a whole and predictions are bleak. According to the New York Times, only about 500 out of more than 4,000 Am erican colleges and universities are considered to have stable enough finances to survive (Selingo, 2013). In order to stay viable, many colleges and universities are putting strong effort into retaining freshmen students whose tuitions contribute a significant proportion of overall revenue (Pullaro, 2010). Retaining these students not only contributes to an educated, productive citizenry, but increases the likelihood of retaining them throughout the remainder of their degree plan. Unfortunately, freshmen students face a wide variety of issues that can affect their ability to maintain pursuit of a college degree, only some of which can be addressed by the university. Tinto (1993) provides some common barriers that affect a student's ability to stay in school. While factors such as intention and commitment are inherent to each individual, the university can provide programs that facilitate positive outcomes. Types of services that could assist in these areas would include programs su ch as Angelo State University's (ASU) First-Year Experience program to help with the challenges of adjustment, changes in educational expectations, unfamiliarity with the new culture/environment/lived experience, and, very commonly, feelings of isolation. External barriers to staying in school include students' obligations to family and community and students' ability to finance their college attendance, including tuition, fees, books, and living expenses. Helping students address these needs would also theoretically help increase student retention. While the university cannot reduce tuition rates and still remain viable, it is possible for ASU to address some of these internal and external barriers by incorporating a service learning approach throughout the campus community. The concept of integrating instruction with meaningful community service as a means of engaging students has been around for a long time, but it wasn't until 2001 that the first International Conference on Serv ice Learning took place (Historical Timeline, 2013). As it is now defined, service learning refers to programs in which students are encouraged to use what they are learning about in the classroom and apply it to real-world issues that ultimately benefit their communities. Through the service learning process, the students benefit in a variety of ways. They become invested in the community and connect with other students or

Signature Assesment Essay Example for Free

Signature Assesment Essay As I come to the end of my first master’s course, it certainly does come with a price of perfection, and perfection I have not found yet. I feel overwhelmed with words and the usage of APA style. My professor Dr. Kris Lichtanski says that scholarly writing is a must when one enters the Psychology field. I have finally understood what scholarly writing is truly about. Every time I hear the words â€Å"scholarly writing†, I think of Aristotle and Socrates for some reason, These two famous men from the beginning of antiquity, have impacted our souls and minds with such great wisdom, such as education and medical teachings that one can only imagine and this imagination for me is what I will sent out to achieve and finally turn an imagination into a dream, which will then turn into scholarly writing and finally into reality. So, traveling through time from antiquity to reality is what I call a major road trip. I hope to achieve this skill of writing, and possess the qualities that I have learned from my first mentor to the turning of the tassel. I find myself forming an opinion already of what one must do to obtain a degree of higher education from NCU and it truly scares me. I feel that as I write this first assignment I will take the actionable goals, use the intermediate and immediate in a positive manner, use personal control, and demonstrate meaningful insight in the presentations of my activities with in each class. The assignment is broken down into three parts, program resources and a personal success plan and finally a motivation touchstone, as I started the master’s program I had a variety of assignments to do and with all the resources I have collected throughout the first course. I have compiled a variety of the resources and shall use them throughout the courses to come. My Program Resources 1. Building the Vision- Activity resources- Library Roadrunner Search Discovery, Writing Center –Smart Thinking online 24/7 tutorial service 2. Taming the Time Management Beast- Attack Your Day! Before It Attacks You, by Woods, Mark (Woods,) Entire Time Management Workbook- I will use this as a skill builder and plan to use the Mark Woods time course to help set my future goals. 3 Giving Credit Where Credit is Due-Northcentral Academic Integrity Tutorial Successful vs. unsuccessful paraphrases and () Basics of APA Style. This resource will be my Bible and my guiding strength and I can access this from the NCU website. 4. How to Find What You Need-http://library. ncu. edu/dw_template. aspx? parent_id=226 http://www. apa. org/topics/index. aspx. I will find theses skill builders, resources and I plan to use this as my main topic first on every assignment by researching all the topics in the NCU library 5. Thinking critically-. —I would like to us this skill every day in my life as well as the work I will do for NCU. I would like to use a thinking website to challenge my brain. I need thinking tips and using higher productivity as well as clarity of thought to write papers with integrity. 6. Preparing an Annotated bibliography-When I will prepare an annotated bibliography, I will use the NCU library as well as all the skill builders plus proof readers. 7. Creating Actionable Goals related to obtaining your Graduate Degree- All the goals that I plan to use will be strong and hopefully attainable; I think that all the sites that Mark Woods’s ideology may benefit and I feel with help from (my therapist)set my plan and work my plan in baby steps are better for me. References http://dx. doi. org/Retrieved from http://www. headscratchers. comhttp:// Woods, M. Attack your day before it attacks you Retrieved hhttp://ncuregistration. attackyourday. net) http://www. canberra. edu. au/studyskills/writing/bibliography- http://www. lib. purdue. edu/content/tutorials-scientific-paper http://www. organizeyourself. com www. criticalthinking. org http://7rulesofachievement. com/resources http://www. goalstoaction. com http://www. timemanagementtraininghq. com My Personal Success Plan | | | Skill| Skill Evaluation| Goals(Indicate if these goals are immediate or intermediate goals)| | | | | | | Skill| Skill Evaluation| Goals(Indicate if these goals are immediate or intermediate goals)| | Beginner| Familiar| Master| | Visualizing overall goals| 1| 1| 0| Intermediate goals-I have a hard visualizing any goal I attain. ( fear of failure)| Understanding how I can reach those goals at Northcentral| 1| 1| 0| Intermediate goals-I feel through solid guidance and outstanding support from my mentors, advisors and perseverance, I can achieve the degree that I want and be proud of myself. | Understanding and applying the Academic Integrity Policy| 2| 2| 1| Immediate goals- As I go through each activity and class, I will have a better understanding and shall apply the academic Integrity policy with/tp each paper that I write. | Applying APA citation| 1| 1| 0| Immediate goals- absolutely with every minute I write a paper, I will improve with the resources from NCU Library as well as a proof reader. | Read and analyze complex texts| 1| 1| 0| Immediate goals- I shall try understand and improve my reading comprehension with complex texts. | Perform an online library search| 1| 2| 1| Immediate goals- each time I perform an online search, I am constantly improving my skills with the ROADRUNNER Search. | Manage time| 2| 1| 0| Immediate/Intermediate goals demonstrate personal control – with/out medication—as long as triggers do not affect me and slow my anxiety/depression. I will need assistance with this as well. | Formulate actionable goals| 1| 1| 0| Intermediate- demonstrates positive and meaningful goals. Formulate actions that will be personal as well as productive. I would like to use some resources to attain these goals. | Self evaluate skills and progress| 2| 2| 1| Immediate/Intermediate goals. -I would like to self-evaluate my goals on a daily basis, because my therapist says this is part of my recovery. I also, will be able to evaluate my skills because I will see my academic progress as well. | My Motivation Touchstone My third and final submission for will be submitted on a separate file as indicated by the activity sheet.

Organisational Behaviour of IKEA

Organisational Behaviour of IKEA What is organisation behaviour? It is combination of two different words organisation and behaviour. At first look it seems that it is somehow the way by which organisation behave but it is totally different from this. Organisation means different peoples,persons,individuals join together for a specific goal or purpose of a specific community. And behaviour means study of those aspects which effects these needs thinking motion psychology action within the organisation is called behaviour. George, M and R Jones, G Understanding and managing organisational behaviour ( 5TH. ED). My case study is about IKEA a Swedish company established in 1943. Ikeas founder is INGVAR KAMPRAD the fourth richest man in the world. Its owner is unknown but it is believed that he belong to Kampar family. Ikeas main products are household goods like furnature, kitchen goods, wardrobes and clothes. There are 17 branches of Ikeas in Sweden and more than 310 stores in more than 38 countries. [http://ezinearticles.com/?billionaire-attiributes..modesty:-ingvar-kampard-ikeas-founder-and-owneraid=274361,Thursday2nddec,2010.] 2: MAIN BODY IKEA is a rapidly growing company. It is increasing the number of its franchise and store in all over the world. Its mission statement is: Ikeas mission is to offer a wide range of home furnishing items of good design and function, excellent quality and durability, at prices so low that the majority of people can afford to buy them. [http://www.samples-help.org.uk/mission-statement/ikea-mission-statement.htm] Concept of IKEA is: The IKEA concept is founded on a low price offer in home furnishing. [http://franchisor.ikea.com/showcontent.asp?swid=concept1,Thursday 3rd Dec,2010] Now we are going to discuss that what is the role of our subject organisational behaviour in the success of any organisation and factors that works behind the success of any organisation. Organisational behaviour exist in business and management course is due to the need of those charges with managing people and system at work to inform their thinking as they address the underlying social and behavioural issues that confront them. Critical success factors are the keys and elements which an organisation must look in order to gain success. Or The steps for any organisation to follow for its successful future. Within organisation there are different areas where these critical factors works some of them are as below: Factors related to management. Organisations goals,objectives,mission,strategic successful factors. Individual critical success factors. Cultural critical success factors. Not only these are the factors responsible for the success of organisation but there are a lot of other factor work behind the success of any organisation. [http://rapidbi.com/created/criticalsuccessfactor.html, 5thDec, 2010, 11:00pm] 2.1: There are a lot of factors,ways,key issues, steps that works for the success of any organisation. Just like human body as human body is made up of different cells same as organisation is made up of different type of individuals. More develop is the individual, more effective is the organisation. Team work also a necessary part for the success of organisation. Not only the team but involving everyone in everything is also important. Communication between the team members and between individual and leader is also very important. And if we look toward any organisation by doing SWOT analysis it will also enable us to understand the factor of success. Be aware of the strength and weakness of organisation if any organisation wants to gain success. These two are the internal sources and within the control of organisation. On the other hand also be aware of the opportunities and threats you are facing.Opportunties will enables us to know the ways of making our organisation more successf ul and thereat such as, threat of downsizing,bankcrupting,loss enable us to adopt safety measure before time. But this experience can only b gains by doing swot analysis. C:UsersHomeDesktopswot-analysis-image.png http://www.businessballs.com/swotanalysisfreetemplete.htm(electronically assessed on 10th.dec,2010.) PESTAL analysis is another factor for the measurement of any organisation success or a factor for the success of any organisation. To deal with the political issues is really very difficult rather these issues may be inside the organisation or outside the organisation in your country. If the social environment of any country is not suitable for a successful company then how the company would be able to gain success in that particular country. Environment also include much in the success of any organisation if you are unable to meet the unfriendly environment its mean you are unable to gain success in business. You should be technologically as advance as the other organisations are in the markets so the you can meet competition in market. And being economically strong is another advantage for successful organisation. There is a legal restrictions in any country according to their government so you have to obey all these legal obligations for success for example in united kingdom you h ave to pay tax is a legal obligation .many more according to the law of any country.PESTAL analysis is also a best tool to gain success for any organisation. http://www.oup.com/uk/orc/bin(electrionaclly assessed on 11th.dec, 2010.) After SWOT and PESTEL analysis there are many other important factors which count a lot toward the success of an organisation. Firstly the goals mission vision of any organisation should be clearly defined so that everybody may know the purpose of that organisation like Ikeas have a clear mission statement and concept .Then these mission should be related to the structure of organisation neither the organisation is about car and mission statement is about clothes. It must b clearly related to the strategy and structure of organisation. The structure of organisation should be flexible so the to meet the changes easily and to fit in any circumstances easily.Recuritment is also a very delicate part of organisation that right person is doing the right job. Next step is to identify the root of problem. Where the problem is? The problem is in the organisation or within workers. Then gather the information about the problem and possible solution of that problem. After identifying the problem making a plan for the solution of that particular problem what we called implementation of plan. 2.2: There are a lot of problems in the way of success of any organisation which are created by different means like Competition among management is a major problem. If there is a conflict between management then how would they be able to solve the conflict in the organisation? Conflict among the groups in an organisation. One group tries to take advantages of the weakness of the other group. And to show their priority over the others. Then there is a conflict between the management and the group or the leader of group. Due to the different issues like position,salaery. Conflict between the group leaders. In order to show their efficiency over the other group counts a lot problem in the way of success of any organisation. Absenteeism in another big hurdle in the way of a success full organisation. When the works are not happy with their work this fault occur at that time or when they are not satisfied from their position within the organisation. Competition among employees in another hurdle in the way of success of any organisation. Their competition cast a bad impact on the overall progress of an organisation. Unclear and ineffective strategy not related to the overall organisation is also a big problem in the way of success of organisation. Due to this you are unaware of the real purpose of your work weather the work you are doing is beneficial for organisation or not. If the management is unable to control the whole organisation then it is also very bad for the health of organisation. Development can face a huge problem if the management is not able to control whole organisation. Or if the management is ineffective. If the management is sufficient to meet the need of whole organisation then the other important factor is to identify where the problem is to discover the real area where the problem lies is also a very difficult. After identifying the basic source of problem next step is to make possible steps in order to solve the problem. Look precisely which step to be taken in order to solve that problem. Lack of proper leadership or proper leader ship is another major source of creating problem within the organisation. If the leader is not able to control his group then how he will be able to prove batter for the whole organisation. And if the leader misguide his group from right toward wrong way and not utilize his own and his group ability in positive way then how the organisation will be able to gain progress. Lack of communication between management and leaders and employee is another major reason for creating problem in the way of success of any organisation. Autocratic management where nobody is allow to communicate with the manager directly. And there is a big gap between the management and employee. This type of management is really very harmful for the organisation Hippocratic management. If the organisation is not happy with its manager then there no chance for the growth of any organisation. When somebody works within any organisation it is just like their home their family because they spend more time with that organisation then their family they develop a deep affection with that organisation. And if they got angry how the organisation can be happy. They will feel very unfit in that environment their concentration will divert from their work and it will cast a really negative impact on the organisation. Maslow full name is ANRAHAM HARLOD MASLOW. He is famous psychologist of America. He is famous for human motivation.C:UsersHomeDesktopmaslow.jpg Now by looking at Maslows hierarchy of need concept of unsuccessful management can be more clear to us.Infact the management is not fulfilling these need of employee which are the basic need of all human beings that why the management is not effective. http://www.businessballs.com/maslow.html(electronically assessed on 11th.dec, 2010.) Another huge problem in the way of success of any organisation is environmental impact which is a big hurdle in the way of any organisation. This is not only the inner environment of organisation but the outer environment also creates a bad effect on the development of organisation. Within the organisation this is so because the employee is unable to fit themselves with the environment of that organisation. Different reasons are included in that environmental dissatisifaction.One main reason is the politics which doesnt allows the new employee to fit in the environment of that organisation because they are not willing to accept new entry are due to some other reason maybe they feel that they are having much more ability as compare to that new person so they create problem for that new person which ultimately create problem for the entire organisation. Another concept about the conflict within the organisation is of two types one is functional other dysfunctional. functional conflicts is positive type and though there is a conflict but due to this type of conflict there is no disturbance in the organisation n if this functional type of conflict or you can say this group of conflict face any problem they try to solve it in a positive way obeying the rules and regulation of that organisation and finally solve their conflict without creating any type of disturbance. Then there is another type of conflict which is opposite to this conflict known as dysfunctional conflict. In this type of conflict they use their power in negative way or you can say in order to solve any problem. Not only harmful for them but for the whole organisation and can cause huge destruction for progrees,profit,politics. Buchannan and Huczynki, A. organisational behaviour a introduction/text (5th.ed) 2.3: the next step is how to handle these problems which creates hurdle in the way of success of an organisation there are different methods to handle these problems which are as under: Stephen Robbins outlines the values underpinning most organisation development effort as follows The individual should be treated with respect and dignity or with trust and confident. The organisation climate should be characterized by trust openness and support or we can say open communication and honesty. Hierarchical authority and control and deemphasized or be careful about the feeling of others. Problems and conflicts should be confronted, and not disguised or avoided try to solve the conflicts do not avoid them. (2001, P.553) Everyone within the organisation whatever he or she may be means that whatever may be his or her position in the organisation should feel free to communicate with the senior management. And feel free to express their views and to explain their complains which they are having with that organisation. Due to this communication organisation maybe able to know that where the problem is and how to solve it as soon as possible before then this p become a full problem. Employee must have this assured that their opinion is very important for the organisation and management will pay attention toward what they said and what type of difficulties they face. By doing this we can also reduce the tension in organisation. Friendly and positive attitude toward employees if another source of reducing conflict .by doing this we are caring about employee self respect and developing their confidence which will motivate then in the future and then they will be very useful for the organisation. Electronically resources such as mobile internet can be use for fast conversation its not only join the whole organisation but also enable the management to know the conflict as soon as possible. Then there should be proper strategy to solve the problem. Never try to solve the problem without strategy because it can create more problem and conflicts then to solve the problems without proper strategy http://www.merinews.com/articles/key-to-success-of-an-organisation (electronically assessed on 2nd dec, 2010) Stress is a kind of burden due to which human mind work under pressure. It is mental processes which affect our life to a huge extent. Our mind work under pressure and wrong things occur because of this stress. Because we are unaware of our action because of our mental absence and this divert our attention. Our mind is somewhere else and our body is somewhere else. Our mind due to this stress is not work with our body. This is an individual activity but effect whole organisation. Because if someone mind is work under stress then the person can made mistakes and if individual made mistakes it will disturb whole group and if the group disturb the whole organisation will disturb automatically. Luthons ,F. organisational behaviour . (10th.ed).P376,P408 Working without stress in another factor to solve the conflict if your mind is free from tension at least when you are on work then you will b able to utilize your forces more effectively for the success of organisation. Which you are not able to do when you work under stress. Not everyone within the organisation is able to handle the worse situation. This is an ability not comes through knowledge but from experience. More you go through this type of situation like conflicts disturbances decline of organisation loss to handle these situation it is necessary to have knowledge but how to experience this knowledge is more important than just to have knowledge. You can say how you would be able to implement your knowledge. Or put your knowledge into action. Satisfaction of your customers from your service is also a very important thing which you must keep in your mind in order to remove problem from your way of success. If your customers are satisfied from your products than it is really very favourable to your organisation. At least you are carefree from that thing that you are not going to face any type of difficult from them or we can say you are successful from this point of view. If you will provide good service to the customers good response you will get from them. There should be a give and take relationship among employee and management if they are good with their employee the employee will be more motivated and will work more effectively for the organisation. On the other hand if you provide good customers you will get good response and hence improve the market value of your organisation. If someone is already expert in handling the situation then it is easy for him or her to take a right action in any situation. And if someone is not then he or she act be do the same thing but there is a need of motivation though he/she have knowledge but not experience so it is difficult for them to control the worse situation but they act in a positive way if the seniors motivate them. This is called expertises vs. motivation. According to the contingency theory there is no specific formula that tells us how to behave in a right way in any situation but within the limitation of organisation how to handle the situation and find best solution of that problem. According to the system theory all department of organisation should be interrelated to each other so that we can find where the problem is find the better solution of these problem. These are the key thing which an organisation should keep in mind to solve the problems faced by that organisation. [http://www.cliveshaw.com/improve. html(electronically assessed on1st.dec,2010.) 2:4Globlisation is another aspect which must take into the consideration for a successful organisation. Whole the world has changed into a global village due to which the whole ideas of business is changing and not only the business but also attitudes of different organisation toward each other is changing and fast media is used for business as well. Fast media like internet is widely used due to this gobalisation.Every country has its website. Which not only provide us information about that particular company but also offer online shopping this is so because of globalisation and every organisation wants to beat its competition as fast as possible. IKEA also offer online shopping in order to meet its competitor. 2:5. Managment usually concerned with goal setting resources deployment employee motivation teamwork leadership control and coordination and performance measurement.managment deals with all the criteria mention above. Managment has first to measure the productivity of organisation and then how to pay the workers according to their job within the organisation. By doing this most attention is paid toward more active employee or workers and less attention toward less effective employees and this behaviour reduce their motivation toward organisation because they are already slow and need motivation and here rather then this more attention is being paid toward those who are already working effectively within the organisation so the management should be more concerned toward slow workers then toward fast work. Role of management is to control and arrange the people are such a way that they work more precisely toward the achievement of goals and objectives of the organisation. Setting goal and objective for an organisation is really very difficult .but more difficult than this is to arrange the whole organisation according to these goals and objectives which is the responsibility of manager. Within the span of control of management is scientific to some extent you can say because they have to experience all those experiments which we called in the language of business goals and objectives of organisation and they have to perform these jobs successfully and result of their experiment should be positive. For a successful management there are a lot of keys or factors or ways some of them are as under Clear vision manager should have clear vision of what happened in the past what is happening now and what will be happen in future by doing they will not only have a clear view of past present and future Open communication is also necessary between management and staff. G a Cole, (1995). Organisational behaviour. Management is a practical work you cannot learn it by reading books but practical work will help you to learn more about how to manage thing same is the organisation books can only guide you but books cannot train you. But it is not enough that someone is holding the post of manager within any organisation it is not easy to get this post but what is more difficult is to meet all those objectives which are related to the management which is really a difficult task thats why management is a difficult task. Manager has to play different role at once. he have to meet organisations goals and objectives he has to satisfied all the employees he has to look at the progress of any organization in which he is working. He has to look too many thing or we can say to take care of whole organisation that everything is working on right place in a right way thats why management is called a cornerstone of an organisation that fills every facet of organisation. 2.6: On the other hand not in every part of life there is the need of management or we can say in every field of life there is not any manager post such as in house there is no manager but they still manage house all the household work whatever the type of work it be. Or in school teacher is no manager but they still manage the school there are many example which tells us that the word manager is not necessary for every field of life but management is necessary. The management process is also a very difficult function there is not an office or a chair on which manager have to sit and vary on all his activities but manager have to move thorough out the organisation and look around all the activity within the organization but not only within the organisation but also outside the organisation in the form of competition.Manager has to look all these side very keenly so that the organisation can work more effectively. 2.7: The first and most important challenge of management is how they deal the conflict in organisation and how they beat the competitors in the market. Though managers have to do a lot of other activities but their efficiency is tested by overcoming these conflicts their ability to solve these problems along with the other problems within the organisation and in market. Another important challenge face by the management is to meet the changes. These changes may be due to environment due to culture due to competition due to grouping or any other reason. These challenges are the real test of any management how the management by using its available resources can overcome these difficulties.managment powers and control is tested by facing these challenges and solving within the limitation. 2.8: The basic value of management is to control. This control is of different types. To control all the areas within the organisation in such a way that organisation move toward success then failure. To control conflicts among the employee to control the politics within the organisation. If there is no management within the organisation then there is the disturbance in every part of organisation not only within the organisation but also in downsizes the total impact of organisation in the market. Everyone within the organisation will work according no one is here to control them to have a look on their work which is really necessary for the success of any organisation.Althoug the stress free environment is necessary for the success of organisation but sometime use of power of organisation is also necessary for the betterment of organisation this is the value of management in the organisation. Recruitment and selection of effective educated and experienced employee is also a very necessary part of management. To recruit the right person at right place is a very important decision. Not only experience but knowledge of management is also a necessary part of organisation. Lauri j Mullins management and organisational behaviour ( 6th.ed.) 3: conclusion From above discussion it can be concluded that the necessary part of any organisation are people and without people it is impossible to make any organisation. For the success of any organisation management is necessary and in order to meet difficulties faced by the organisation. And due to globalisation whole the world has changed into a global village and what we need is the individual and time.Management no doubt is a cornerstone for the success of any organisation. In order to move successfully in this competitive environment not only management necessary but to identify the problem in the way of success of any organisation and the possible solution of that problem as soon as possible so that the competitions may not go ahead from your organisation and be able to took your position in the market. Management organisation behaviour problems people are interrelated to each other in this course work. We cannot discuss only one and leave the rest all these aspects are necessary for the success of organisation. And we must have to study all these criteria for a study of organisational behaviour of this coursework. And all these are also related to our case study of IKEA.IKEA must have passed through all these aspects to gain success as it is a growing company in these days.

Analysis of Botnet Security Threats

Analysis of Botnet Security Threats CHAPTER 1 INTRODUCTION 1.1 Introduction During the last few decades, we have seen the dramatically rise of the Internet and its applications to the point which they have become a critical part of our lives. Internet security in that way has become more and more important to those who use the Internet for work, business, entertainment or education. Most of the attacks and malicious activities on the Internet are carried out by malicious applications such as Malware, which includes viruses, trojan, worms, and botnets. Botnets become a main source of most of the malicious activities such as scanning, distributed denial-of-service (DDoS) activities, and malicious activities happen across the Internet. 1.2 Botnet Largest Security Threat A bot is a software code, or a malware that runs automatically on a compromised machine without the users permission. The bot code is usually written by some criminal groups. The term â€Å"bot† refers to the compromised computers in the network. A botnet is essentially a network of bots that are under the control of an attacker (BotMaster). Figure 1.1 illustrates a typical structure of a botnet. A bot usually take advantage of sophisticated malware techniques. As an example, a bot use some techniques like keylogger to record user private information like password and hide its existence in the system. More importantly, a bot can distribute itself on the internet to increase its scale to form a bot army. Recently, attackers use compromised Web servers to contaminate those who visit the websites through drive-by download [6]. Currently, a botnet contains thousands of bots, but there is some cases that botnet contain several millions of bots [7]. Actually bots differentiate themselves from other kind of worms by their ability to receive commands from attacker remotely [32]. Attacker or better call it botherder control bots through different protocols and structures. The Internet Relay Chat (IRC) protocol is the earliest and still the most commonly used CC channel at present. HTTP is also used because Http protocol is permitted in most networks. Centralized structure botnets was very successful in the past but now botherders use decentralized structure to avoid single point of failure problem. Unlike previous malware such as worms, which are used probably for entertaining, botnets are used for real financial abuse. Actually Botnets can cause many problems as some of them listed below: i. Click fraud. A botmaster can easily profit by forcing the bots to click on advertisement for the purpose of personal or commercial abuse. ii. Spam production. Majority of the email on the internet is spam. iii. DDoS attacks. A bot army can be commanded to begin a distributed denial-of-service attack against any machine. iv. Phishing. Botnets are widely used to host malicious phishing sites. Criminals usually send spam messages to deceive users to visit their forged web sites, so that they can obtain users critical information such as usernames, passwords. 1.3 Botnet in-Depth Nowadays, the most serious manifestation of advanced malware is Botnet. To make distinction between Botnet and other kinds of malware, the concepts of Botnet have to understand. For a better understanding of Botnet, two important terms, Bot and BotMaster have been defined from another point of views. Bot Bot is actually short for robot which is also called as Zombie. It is a new type of malware [24] installed into a compromised computer which can be controlled remotely by BotMaster for executing some orders through the received commands. After the Bot code has been installed into the compromised computers, the computer becomes a Bot or Zombie [25]. Contrary to existing malware such as virus and worm which their main activities focus on attacking the infecting host, bots can receive commands from BotMaster and are used in distributed attack platform. BotMaster BotMaster is also known as BotHerder, is a person or a group of person which control remote Bots. Botnets- Botnets are networks consisting of large number of Bots. Botnets are created by the BotMaster to setup a private communication infrastructure which can be used for malicious activities such as Distributed Denial-of-Service (DDoS), sending large amount of SPAM or phishing mails, and other nefarious purpose [26, 27, 28]. Bots infect a persons computer in many ways. Bots usually disseminate themselves across the Internet by looking for vulnerable and unprotected computers to infect. When they find an unprotected computer, they infect it and then send a report to the BotMaster. The Bot stay hidden until they are announced by their BotMaster to perform an attack or task. Other ways in which attackers use to infect a computer in the Internet with Bot include sending email and using malicious websites, but common way is searching the Internet to look for vulnerable and unprotected computers [29]. The activities associated with Botnet can be classified into three parts: (1) Searching searching for vulnerable and unprotected computers. (2) Dissemination the Bot code is distributed to the computers (targets), so the targets become Bots. (3) sign-on the Bots connect to BotMaster and become ready to receive command and control traffic. The main difference between Botnet and other kind of malwares is the existence of Command-and-Control (CC) infrastructure. The CC allows Bots to receive commands and malicious capabilities, as devoted by BotMaster. BotMaster must ensure that their CC infrastructure is sufficiently robust to manage thousands of distributed Bots across the globe, as well as resisting any attempts to shutdown the Botnets. However, detection and mitigation techniques against Botnets have been increased [30,31]. Recently, attackers are also continually improving their approaches to protect their Botnets. The first generation of Botnets utilized the IRC (Internet Relay Chat) channels as their Common-and-Control (CC) centers. The centralized CC mechanism of such Botnet has made them vulnerable to being detected and disabled. Therefore, new generation of Botnet which can hide their CC communication have emerged, Peer-to-Peer (P2P) based Botnets. The P2P Botnets do not experience from a single point of failur e, because they do not have centralized CC servers [35]. Attackers have accordingly developed a range of strategies and techniques to protect their CC infrastructure. Therefore, considering the CC function gives better understanding of Botnet and help defenders to design proper detection or mitigation techniques. According to the CC channel we categorize Botnets into three different topologies: a) Centralized; b) Decentralized and c) Hybrid. In Section 1.1.4, these topologies have been analyzed and completely considered the protocols that are currently being used in each model. 1.4 Botnet Topologies According to the Command-and-Control(CC) channel, Botnet topology is categorized into three different models, the Centralized model, the Decentralized model and Hybrid model. 1.4.1 Centralized Model The oldest type of topology is the centralized model. In this model, one central point is responsible for exchanging commands and data between the BotMaster and Bots. In this model, BotMaster chooses a host (usually high bandwidth computer) to be the central point (Command-and-Control) server of all the Bots. The CC server runs certain network services such as IRC or HTTP. The main advantage of this model is small message latency which cause BotMaster easily arranges Botnet and launch attacks. Since all connections happen through the CC server, therefore, the CC is a critical point in this model. In other words, CC server is the weak point in this model. If somebody manages to discover and eliminates the CC server, the entire Botnet will be worthless and ineffective. Thus, it becomes the main drawback of this model. A lot of modern centralized Botnets employed a list of IP addresses of alternative CC servers, which will be used in case a CC server discovered and has been taken offline. Since IRC and HTTP are two common protocols that CC server uses for communication, we consider Botnets in this model based on IRC and HTTP. Figure 1.2 shows the basic communication architecture for a Centralized model. There are two central points that forward commands and data between the BotMaster and his Bots. 1.4.1.1 Botnets based on IRC The IRC is a type of real-time Internet text messaging or synchronous conferencing [36]. IRC protocol is based on the Client Server model that can be used on many computers in distributed networks. Some advantages which made IRC protocol widely being used in remote communication for Botnets are: (i) low latency communication; (ii) anonymous real-time communication; (iii) ability of Group (many-to-many) and Private (one-to-one) communication; (iv) simple to setup and (v) simple commands. The basic commands are connect to servers, join channels and post messages in the channels; (vi) very flexibility in communication. Therefore IRC protocol is still the most popular protocol being used in Botnet communication. In this model, BotMasters can command all of their Bots or command a few of the Bots using one-to-one communication. The CC server runs IRC service that is the same with other standard IRC service. Most of the time BotMaster creates a channel on the IRC server that all the bots can connect, which instruct each connected bot to do the BotMasters commands. Figure 1.3 showed that there is one central IRC server that forwards commands and data between the BotMaster and his Bots. Puri [38] presented the procedures and mechanism of Botnet based on IRC, as shown in Figure. 1.4. Bots infection and control process [38]: i. The attacker tries to infect the targets with Bots. ii. After the Bot is installed on target machine, it will try to connect to IRC server. In this while a random nickname will be generate that show the bot in attackers private channel. iii. Request to the DNS server, dynamic mapping IRC servers IP address. iv. The Bot will join the private IRC channel set up by the attacker and wait for instructions from the attacker. Most of these private IRC channel is set as the encrypted mode. v. Attacker sends attack instruction in private IRC channel. vi. The attacker tries to connect to private IRC channel and send the authentication password. vii. Bots receive instructions and launch attacks such as DDoS attacks. 1.4.1.2 Botnet based on HTTP The HTTP protocol is an additional well-known protocol used by Botnets. Because IRC protocol within Botnets became well-known, internet security researchers gave more consideration to monitoring IRC traffic to detect Botnet. Consequently, attackers started to use HTTP protocol as a Command-and-Control communication channel to make Botnets become more difficult to detect. The main advantage of using the HTTP protocol is hiding Botnets traffics in normal web traffics, so it can easily passes firewalls and avoid IDS detection. Usually firewalls block incoming and outgoing traffic to not needed ports, which usually include the IRC port. 1.4.2 Decentralized model Due to major disadvantage of Centralized model-Central Command-and-Control (CC)-attackers tried to build another Botnet communication topology that is harder to discover and to destroy. Hence, they decided to find a model in which the communication system does not heavily depending on few selected servers and even discovering and destroying a number of Bots. As a result, attackers take advantage of Peer-to-Peer (P2P) communication as a Command-and-Control (CC) pattern which is much harder to shut down in the network. The P2P based CC model will be used considerably in Botnets in the future, and definitely Botnets that use P2P based CC model impose much bigger challenge for defense of networks. In the P2P model, as shown in Fig. 1.6, there is no Centralized point for communication. Each Bot have some connections to the other Bots of the same Botnet and Bots act as both Clients and servers. A new Bot must know some addresses of the Botnet to connect there. If Bots in the Botnet are taken offline, the Botnet can still continue to operate under the control of BotMaster. P2P Botnets aim at removing or hiding the central point of failure which is the main weakness and vulnerability of Centralized model. Some P2P Botnets operate to a certain extent decentralized and some completely decentralized. Those Botnets that are completely decentralized allow a BotMaster to insert a command into any Bots. Since P2P Botnets usually allow commands to be injected at any node in the network, the authentication of commands become essential to prevent other nodes from injecting incorrect commands. For a better understanding in this model, some characteristics and important features of famous P2P Botnets have been mentioned: Slapper: Allows the routing of commands to distinct nodes. Uses Public key and private key cryptography to authenticate commands. BotMasters sign commands with private key and only those nodes which has corresponding public key can verify the commands [42]. Two important weak points are: (a) its list of known Bots contains all (or almost all) of the Botnet. Thus, one single captured Bot would expose the entire Botnet to defenders [42] (b) its sophisticated communication mechanism produces lot traffic, making it vulnerable to monitoring via network flow analysis. Sinit: This Bot uses random searching to discove other Bots to communicate with. It can results in an easy detection due to the extensive probing traffic [34]. Nugache: Its weakness is based on its reliance on a seed list of 22 IP addresses during its bootstrap process [47]. Phatbot: Uses Gnutella cache server for its bootstrap process which can be easily shutdown. Also its WASTE P2P protocol has a scalability problem across a long network [48]. Strom worm: it uses a P2p overnet protocl to control compromised hosts. The communication protocol for this Bot can be classified into five steps, as describes below :[37] i. Connect to Overnet Bots try to join Overnet network. Each Bot initially has hard-coded binary files which is included the IP addresses of P2P-based Botnet nodes. ii. Search and Download Secondary Injection URL Bot uses hard-coded keys to explore for and download the URL on the Overnet network [37]. iii. Decrypt Secondary Injection URL compromised hosts take advantages of a key(hard coded) to decrypt the URL. iv. Download Secondary Injection compromised hosts attempt to download the second injection from a server(probably web server). It could be infected files or updated files or list of the P2P nodes [37]. 1.4.3 Hybrid model The Bots in the Hybrid Botnet are categorized into two groups: 1) Servant Bots Bots in the first group are called as servant Bots, because they behave as both clients and servers, which have static, routable IP addresses and are accessible from the entire Internet. 2) Client Bots Bots in the second group is called as client Bots since they do not accept incoming connections. This group contains the remaining Bots, including:- (a) Bots with dynamically designated IP addresses; (b) Bots with Non-routable IP addresses; and (c) Bots behind firewalls which they cannot be connected from the global Internet. 1.5 Background of the Problem Botnets which are controlled remotely by BotMasters can launch huge denial of service attacks, several infiltration attacks, can be used to spread spam and also conduct malicious activities [115]. While bot army activity has, so far, been limited to criminal activity, their potential for causing large- scale damage to the entire internet is immeasurable [115]. Therefore, Botnets are one of the most dangerous types of network-based attack today because they involve the use of very large, synchronized groups of hosts for their malicious activities. Botnets obtain their power by size, both in their increasing bandwidth and in their reach. As mentioned before Botnets can cause severe network disruptions through huge denial- of-service attacks, and the danger of this interruption can charge enterprises big sums in extortion fees. Botnets are also used to harvest personal, corporate, or government sensitive information for sale on a blooming organized crime market. 1.6 Statement of the Problem Recently, botnets are using new type of command-and-control(CC) communication which is totally decentralized. They utilize peer-to-peer style communication. Tracking the starting point and activity of this botnet is much more complicated due to the Peer-to-Peer communication infrastructure. Combating botnets is usually an issue of discovering their weakness: their central position of command, or CC server. This is typically an IRC network that all bots connect to central point, however with the use of P2P method; we cannot find any central point of command. In the P2P networks each bots in searching to connect other peers which can receive or broadcast commands through network. Therefore, an accurate detection and fighting method is required to prevent or stop such dangerous networks. 1.7 Research Questions a. What are the main differences between centralized and decentralized botnets? b. What is the best and efficient general extensible solution for detecting non-specific Peer-to- Peer botnets? 1.8 Objectives of the Study i. To develop a network-based framework for Peer-to-Peer botnets detection by common behavior in network communication. ii. To study the behavior of bots and recognizing behavioral similarities across multiple bots in order to develop mentioned framework. 1.9 Scope of the Study The project scope is limited to developing some algorithms pertaining to our proposed framework. This algorithms are using for decreasing traffics by filtering it, classifying intended traffics, monitoring traffics and the detection of malicious activities. 1.10 Significance of the study Peer-to-Peer botnets are one of the most sophisticated types of cyber crime today. They give the full control of many computers around to world to exploit them for malicious activities purpose such as spread of virus and worm, spam distribution and DDoS attack. Therefore, studying the behavior of P2P botnets and develop a technique that can detect them is important and high-demanded. 1.11 Summary Understanding the Botnet Command-and-Control(CC) is a critical part in recognizing how to best protect against the overall botnet threat. The CC channels utilized by the Botnets will often show the type and degree of actions an enterprise can follow in either blocking or shutting down a botnet, and the probability of success. It is also obvious that attackers have been trying for years to move away from Centralized CC channels, and are achieving some success using Decentralized(P2P) CC channels over the last 5 or so years. Therefore in this chapter we have defined a classification for better understanding of Botnets CC channels, which is included Centralized, Decentralized, and Hybrid model and tried to evaluate recognized protocols in each of them. Understanding the communication topologies in Botnets is essential to precisely identify, detect and mitigate the ever-increasing Botnets threats. CHAPTER 2 LITERATURE REVIEW 2.1 Introduction Before majority of botnets was using IRC (Internet Relay Chat) as a communication protocol for Command and Control(CC) mechanism. Therefore, many researches tried to develop botnet detection scheme which was based on analysis of IRC traffic [50]. As a result, attackers decided to develop more sophisticated botnets, such as Storm worm and Nugache toward the utilization of P2P networks for CC infrastructures. In response to this movement, researches have proposed various models of botnets detection that are based on P2P infrastructure [5]. One key advantage of both IRC and HTTP Botnet is the use of central Command and Control. This characteristic provides the attacker with very well-organized communication. However, the assets also considers as a main disadvantage to the attacker [8]. The threat of the Botnet can be decreased and possibly omitted if the central CC is taken over or taken down [8]. The method that is starting to come out is P2P structure for Botnet interaction. There is not any centralized centre for P2P botnets. Any nodes in P2P botnet behave as client and server as well. If any point in the network is shut down the botnet still can continue its operation. The storm botnet is one of the main and recognized recent P2P botnets. It customized the overnet P2P file-sharing application which is based on the Kademlia distributed hash table algorithm [55] and exploit it for its CC infrastructure. Recently many researchers specially in the anti-virus community and electronic media concentrated on storm worm [56,57]. 2.2 Background and History A peer-to-peer network is a network of computers that any computer in the network can behave as both a client and a server. Some explanation of peer-to-peer networks does not need any form of centralized coordination. This definition is more comfortable because the attacker may be interested in hybrid architectures [8]. 2.2.1 History The table 2.1 shows a summary of some well-known bots and P2P protocols. The range of time from the first bots, EggDrop, until the Storm Worm P2P bot is newly released. The first non-malicious bot was EggDrop that came up many years ago, and we know it as one of the first IRC bots that came to market. GTBot that have many other categories is another well-known malicious bot, that its variants are IRC client, mIRC.exe[61]. After a while, P2P protocols have been used for Botnet activities. Napster is one of the first bot that used P2P as its communication. Napster built an platform that permit all bots can find each other and share files with each other in the network. In this bot, file sharing has been done in the centralized server that we can say it was not completely a P2P botnet. Therefore, all bots have to upload an index of their files to the centralized server and also if they are looking for other files among all bots, have to search in centralized server. If it can find any file that looking for, then can directly connect to that bot and download what they want. Nowadays, because Napster has been shutdown as their service recognized as illegal service, many other P2P service focusing on avoiding such finding. After few years after Napster, Gnutella protocol came up as the first completely P2P services. Actually after Gnutellas , as shown in Table 2.1, many other P2P protocols have been released, such as Kademilia and Chord. This two new p2p service are using distributed hash table as a method for finding information in the peer-to-peer networks. Agobot is another malicious P2P bot that came up recently and become widespread because of good design and modular code base [61]. Nowadays many researchers are concentrating on P2P bots and there is an anticipation that P2P bots will reach to the stage that Centralized botnets will not been used any more in the future. Table 2.1: P2P based Botnets 2.3 Peers-to-Peer Overlay Networks Overlay networks are categorized into two categories: Structured and Unstructured. All nodes in first category can connect to most X peers regarding some conditions for identification of nodes that those peers want to connect. However in unstructured type there is not any specified limit for the number of peers that they can connect, in spite of the fact that there is not any condition for connecting to other peers. Overnet is a good example of structured p2p networks and Chorf is a good example of unstructured P2P networks. 2.3.1 Brief overview of Overnet One of the popular file sharing networks is Overnet that use for their design use distributed hash table (DHT) algorithm that called Kademlia[55]. Each node produces a 128-bit id for joining the network and also use for sending to other node for introducing itself. Actually each node in the network saves the information about other nodes in order to route query messages. 2.3.2 Brief overview of Gnutella Gnutellas is a unstructured file sharing network. In this network, when a node like n want to connect to a node like m, use a ping message to inform the other node for its presence. As long as node m received ping message, then send it back to other nodes in its neighbor and also send a Pong message to the sender of ping message that was node n. this transaction among node let them to learn about each other. 2.4 Botnet Detection In particular, to compare existing botnet detection techniques, different methods are described and then disadvantages of each method are mentioned respectively. 2.4.1 Honeypot-based tracking Honeypot can be used to collect bots for analyzing its behavior and signatures and also for tracking botnets. But using honeypots have several limitations. The most important limitation is because of limited scale of exploited activities that can track. And also it cannot capture the bots that use the method of propagation other than scanning, such as spam. And finally it can only give report for infection machines that are anticipated and put in the network as trap system. So it means that it can not give a report for those computers that are infected with bot in the network but are not devoted as trap machines. So we can come to this conclusion that generally in this technique we have to wait until one bot in the network infect our system and then we can track or analyze the machine. 2.4.2 Intrusion detection systems Intrusion detection techniques can be categorized into two categories: host-based and network-based solution. Host-based techniques are used for recognizing malware binaries such as viruses. A good example of this type is anti-virus detection systems. However, we know that anti-virus are good for just virus detection. The most important disadvantages of anti-virus are that bots can easily evade the detection technique by changing their signatures easily, because the detection system cannot update their databases consistency. And also bots can disable any anti-virus tools in the system to protect themselves from detection. Network- based intrusion detection system is another method for detection that is used in the field of botnet detection. Snort[67] and Bro[68] are the two well-known signature based detection system that are used currently. They use a database as signatures of famous malicious activities to detect botnets or any other malware. Actually if our objective is using this technique for botnet detection, we have to keep updating the database and recognizing all malware quickly to make a signature of it and add to our database. For solving this solving this problem recently researchers are using anomaly based IDS that can detect malicious activities based on behavior of malware or detection techniques. 2.4.3 Bothunter : Dialog correlation-based Botnet detection This technique developed an evidence-trail approach for detecting successful bot infection with patterns during communication for infection process. In this strategy, bot infection pattern are modeled to use for recognizing the whole process of infection of botnet in the network. All behavior that occur the bot infection such as target scanning, CC establishment, binary downloading and outbound propagation have to model by this method. This method gathers an evidence-trail of connected infection process for each internal machine and then tries to look for a threshold combination of sequences that will convince the condition for bot infection [32]. The BotHunter use snort with adding two anomaly-detection components to it that are SLADE (Statistical payLoad Anomaly Detection Engine) and SCADE (Statistical scan Anomaly Detection Engine). SCADE produce internal and external scan detection warnings that are weighted for criticality toward malware scanning patterns. SLADE perform a byte-distribution payload anomaly detection of incoming packets, providing a matching non-signature approach in inbound exploit detection [32 ]. Slade use an n-gram payload examination of traffics that have typical malware intrusions. SCADE execute some port scan analysis for incoming and outgoing traffics. Actually BotHunter has a link between scan and alarm intrusion that shows a host has been infected. When a adequate sequence of alerts is established to match BotHunters infection dialog model, a comprehensive report is created to get all the related events participants that have a rule in infection dialog [32]. This method provides some important features: i. This technique concentrates on malware detection by IDS-driven dialog correlation. This model shows an essential network processes that occur during a successful bot infection. ii. This technique has one IDS-independent dialog correlation engine and three bot-specific sensors. This technique can automatically produce a report of whole detection of bot, as well as the infection of agent, identification of the computer that has been infected and source of Command and Control centre. 2.4.3.1 Bot infection sequences Actually understanding bot infection life processes is a challenging work for protection of network in the future. The major work in this area is differentiating between successful bot infection and background exploit attempt. For reaching to this point analysis of two-way dialog flow between internal hosts and external hosts (internet) is needed. In a good design network which uses filtering at gateway, the threats of direct exploitations are limited. However, contemporary malware families are highly flexible in their ability to attack vulnerable hosts through email attachments, infected P2P media, and drive-by download infections [32]. 2.4.3.2 Modeling the infection dialog process The bot distribution model can conclude by an analysis of external communication traffics that shows the behavior of relevant botnet. Incoming scan and utilize alarms are not enough to state a winning malware infection, as are assumed that a stable stream of scan and exploit signals will be observed from the way out monitor [32]. Figure 2.1 shows the process of bot infection in BotHunter that used for evaluating network flows through eight stages. This model is almost similar with the model that Rajab et al. presented for IRC detection model. The model that they proposed has early initial scanning that is a preceding consideration happen in form of IP exchange and pointing vulnerable ports. Actually figure 2.1 is not aimed for a strict ordering of infection events that happen during bot infection. The important issue here is that bot dialog processes analysis have to be strong to the absence of some dialog events and must not need strong sequencing on the order in bound dialog is conducted. One solution to solve the problem of sequence order and event is to use a weighted event threshold system that take smallest essential sparse sequences of events under which bot profile statement can be initiated [32]. For instance, it is possible put weighting and threshold system for the look of each event in a way that a smallest set of event is important prior of bot detection. 2.4.3.3 Design and implementation More attention devoted for designing a passive network monitoring system in this part which be able of identifying the bidirectional warning signs when internal hosts are infected with b Analysis of Botnet Security Threats Analysis of Botnet Security Threats CHAPTER 1 INTRODUCTION 1.1 Introduction During the last few decades, we have seen the dramatically rise of the Internet and its applications to the point which they have become a critical part of our lives. Internet security in that way has become more and more important to those who use the Internet for work, business, entertainment or education. Most of the attacks and malicious activities on the Internet are carried out by malicious applications such as Malware, which includes viruses, trojan, worms, and botnets. Botnets become a main source of most of the malicious activities such as scanning, distributed denial-of-service (DDoS) activities, and malicious activities happen across the Internet. 1.2 Botnet Largest Security Threat A bot is a software code, or a malware that runs automatically on a compromised machine without the users permission. The bot code is usually written by some criminal groups. The term â€Å"bot† refers to the compromised computers in the network. A botnet is essentially a network of bots that are under the control of an attacker (BotMaster). Figure 1.1 illustrates a typical structure of a botnet. A bot usually take advantage of sophisticated malware techniques. As an example, a bot use some techniques like keylogger to record user private information like password and hide its existence in the system. More importantly, a bot can distribute itself on the internet to increase its scale to form a bot army. Recently, attackers use compromised Web servers to contaminate those who visit the websites through drive-by download [6]. Currently, a botnet contains thousands of bots, but there is some cases that botnet contain several millions of bots [7]. Actually bots differentiate themselves from other kind of worms by their ability to receive commands from attacker remotely [32]. Attacker or better call it botherder control bots through different protocols and structures. The Internet Relay Chat (IRC) protocol is the earliest and still the most commonly used CC channel at present. HTTP is also used because Http protocol is permitted in most networks. Centralized structure botnets was very successful in the past but now botherders use decentralized structure to avoid single point of failure problem. Unlike previous malware such as worms, which are used probably for entertaining, botnets are used for real financial abuse. Actually Botnets can cause many problems as some of them listed below: i. Click fraud. A botmaster can easily profit by forcing the bots to click on advertisement for the purpose of personal or commercial abuse. ii. Spam production. Majority of the email on the internet is spam. iii. DDoS attacks. A bot army can be commanded to begin a distributed denial-of-service attack against any machine. iv. Phishing. Botnets are widely used to host malicious phishing sites. Criminals usually send spam messages to deceive users to visit their forged web sites, so that they can obtain users critical information such as usernames, passwords. 1.3 Botnet in-Depth Nowadays, the most serious manifestation of advanced malware is Botnet. To make distinction between Botnet and other kinds of malware, the concepts of Botnet have to understand. For a better understanding of Botnet, two important terms, Bot and BotMaster have been defined from another point of views. Bot Bot is actually short for robot which is also called as Zombie. It is a new type of malware [24] installed into a compromised computer which can be controlled remotely by BotMaster for executing some orders through the received commands. After the Bot code has been installed into the compromised computers, the computer becomes a Bot or Zombie [25]. Contrary to existing malware such as virus and worm which their main activities focus on attacking the infecting host, bots can receive commands from BotMaster and are used in distributed attack platform. BotMaster BotMaster is also known as BotHerder, is a person or a group of person which control remote Bots. Botnets- Botnets are networks consisting of large number of Bots. Botnets are created by the BotMaster to setup a private communication infrastructure which can be used for malicious activities such as Distributed Denial-of-Service (DDoS), sending large amount of SPAM or phishing mails, and other nefarious purpose [26, 27, 28]. Bots infect a persons computer in many ways. Bots usually disseminate themselves across the Internet by looking for vulnerable and unprotected computers to infect. When they find an unprotected computer, they infect it and then send a report to the BotMaster. The Bot stay hidden until they are announced by their BotMaster to perform an attack or task. Other ways in which attackers use to infect a computer in the Internet with Bot include sending email and using malicious websites, but common way is searching the Internet to look for vulnerable and unprotected computers [29]. The activities associated with Botnet can be classified into three parts: (1) Searching searching for vulnerable and unprotected computers. (2) Dissemination the Bot code is distributed to the computers (targets), so the targets become Bots. (3) sign-on the Bots connect to BotMaster and become ready to receive command and control traffic. The main difference between Botnet and other kind of malwares is the existence of Command-and-Control (CC) infrastructure. The CC allows Bots to receive commands and malicious capabilities, as devoted by BotMaster. BotMaster must ensure that their CC infrastructure is sufficiently robust to manage thousands of distributed Bots across the globe, as well as resisting any attempts to shutdown the Botnets. However, detection and mitigation techniques against Botnets have been increased [30,31]. Recently, attackers are also continually improving their approaches to protect their Botnets. The first generation of Botnets utilized the IRC (Internet Relay Chat) channels as their Common-and-Control (CC) centers. The centralized CC mechanism of such Botnet has made them vulnerable to being detected and disabled. Therefore, new generation of Botnet which can hide their CC communication have emerged, Peer-to-Peer (P2P) based Botnets. The P2P Botnets do not experience from a single point of failur e, because they do not have centralized CC servers [35]. Attackers have accordingly developed a range of strategies and techniques to protect their CC infrastructure. Therefore, considering the CC function gives better understanding of Botnet and help defenders to design proper detection or mitigation techniques. According to the CC channel we categorize Botnets into three different topologies: a) Centralized; b) Decentralized and c) Hybrid. In Section 1.1.4, these topologies have been analyzed and completely considered the protocols that are currently being used in each model. 1.4 Botnet Topologies According to the Command-and-Control(CC) channel, Botnet topology is categorized into three different models, the Centralized model, the Decentralized model and Hybrid model. 1.4.1 Centralized Model The oldest type of topology is the centralized model. In this model, one central point is responsible for exchanging commands and data between the BotMaster and Bots. In this model, BotMaster chooses a host (usually high bandwidth computer) to be the central point (Command-and-Control) server of all the Bots. The CC server runs certain network services such as IRC or HTTP. The main advantage of this model is small message latency which cause BotMaster easily arranges Botnet and launch attacks. Since all connections happen through the CC server, therefore, the CC is a critical point in this model. In other words, CC server is the weak point in this model. If somebody manages to discover and eliminates the CC server, the entire Botnet will be worthless and ineffective. Thus, it becomes the main drawback of this model. A lot of modern centralized Botnets employed a list of IP addresses of alternative CC servers, which will be used in case a CC server discovered and has been taken offline. Since IRC and HTTP are two common protocols that CC server uses for communication, we consider Botnets in this model based on IRC and HTTP. Figure 1.2 shows the basic communication architecture for a Centralized model. There are two central points that forward commands and data between the BotMaster and his Bots. 1.4.1.1 Botnets based on IRC The IRC is a type of real-time Internet text messaging or synchronous conferencing [36]. IRC protocol is based on the Client Server model that can be used on many computers in distributed networks. Some advantages which made IRC protocol widely being used in remote communication for Botnets are: (i) low latency communication; (ii) anonymous real-time communication; (iii) ability of Group (many-to-many) and Private (one-to-one) communication; (iv) simple to setup and (v) simple commands. The basic commands are connect to servers, join channels and post messages in the channels; (vi) very flexibility in communication. Therefore IRC protocol is still the most popular protocol being used in Botnet communication. In this model, BotMasters can command all of their Bots or command a few of the Bots using one-to-one communication. The CC server runs IRC service that is the same with other standard IRC service. Most of the time BotMaster creates a channel on the IRC server that all the bots can connect, which instruct each connected bot to do the BotMasters commands. Figure 1.3 showed that there is one central IRC server that forwards commands and data between the BotMaster and his Bots. Puri [38] presented the procedures and mechanism of Botnet based on IRC, as shown in Figure. 1.4. Bots infection and control process [38]: i. The attacker tries to infect the targets with Bots. ii. After the Bot is installed on target machine, it will try to connect to IRC server. In this while a random nickname will be generate that show the bot in attackers private channel. iii. Request to the DNS server, dynamic mapping IRC servers IP address. iv. The Bot will join the private IRC channel set up by the attacker and wait for instructions from the attacker. Most of these private IRC channel is set as the encrypted mode. v. Attacker sends attack instruction in private IRC channel. vi. The attacker tries to connect to private IRC channel and send the authentication password. vii. Bots receive instructions and launch attacks such as DDoS attacks. 1.4.1.2 Botnet based on HTTP The HTTP protocol is an additional well-known protocol used by Botnets. Because IRC protocol within Botnets became well-known, internet security researchers gave more consideration to monitoring IRC traffic to detect Botnet. Consequently, attackers started to use HTTP protocol as a Command-and-Control communication channel to make Botnets become more difficult to detect. The main advantage of using the HTTP protocol is hiding Botnets traffics in normal web traffics, so it can easily passes firewalls and avoid IDS detection. Usually firewalls block incoming and outgoing traffic to not needed ports, which usually include the IRC port. 1.4.2 Decentralized model Due to major disadvantage of Centralized model-Central Command-and-Control (CC)-attackers tried to build another Botnet communication topology that is harder to discover and to destroy. Hence, they decided to find a model in which the communication system does not heavily depending on few selected servers and even discovering and destroying a number of Bots. As a result, attackers take advantage of Peer-to-Peer (P2P) communication as a Command-and-Control (CC) pattern which is much harder to shut down in the network. The P2P based CC model will be used considerably in Botnets in the future, and definitely Botnets that use P2P based CC model impose much bigger challenge for defense of networks. In the P2P model, as shown in Fig. 1.6, there is no Centralized point for communication. Each Bot have some connections to the other Bots of the same Botnet and Bots act as both Clients and servers. A new Bot must know some addresses of the Botnet to connect there. If Bots in the Botnet are taken offline, the Botnet can still continue to operate under the control of BotMaster. P2P Botnets aim at removing or hiding the central point of failure which is the main weakness and vulnerability of Centralized model. Some P2P Botnets operate to a certain extent decentralized and some completely decentralized. Those Botnets that are completely decentralized allow a BotMaster to insert a command into any Bots. Since P2P Botnets usually allow commands to be injected at any node in the network, the authentication of commands become essential to prevent other nodes from injecting incorrect commands. For a better understanding in this model, some characteristics and important features of famous P2P Botnets have been mentioned: Slapper: Allows the routing of commands to distinct nodes. Uses Public key and private key cryptography to authenticate commands. BotMasters sign commands with private key and only those nodes which has corresponding public key can verify the commands [42]. Two important weak points are: (a) its list of known Bots contains all (or almost all) of the Botnet. Thus, one single captured Bot would expose the entire Botnet to defenders [42] (b) its sophisticated communication mechanism produces lot traffic, making it vulnerable to monitoring via network flow analysis. Sinit: This Bot uses random searching to discove other Bots to communicate with. It can results in an easy detection due to the extensive probing traffic [34]. Nugache: Its weakness is based on its reliance on a seed list of 22 IP addresses during its bootstrap process [47]. Phatbot: Uses Gnutella cache server for its bootstrap process which can be easily shutdown. Also its WASTE P2P protocol has a scalability problem across a long network [48]. Strom worm: it uses a P2p overnet protocl to control compromised hosts. The communication protocol for this Bot can be classified into five steps, as describes below :[37] i. Connect to Overnet Bots try to join Overnet network. Each Bot initially has hard-coded binary files which is included the IP addresses of P2P-based Botnet nodes. ii. Search and Download Secondary Injection URL Bot uses hard-coded keys to explore for and download the URL on the Overnet network [37]. iii. Decrypt Secondary Injection URL compromised hosts take advantages of a key(hard coded) to decrypt the URL. iv. Download Secondary Injection compromised hosts attempt to download the second injection from a server(probably web server). It could be infected files or updated files or list of the P2P nodes [37]. 1.4.3 Hybrid model The Bots in the Hybrid Botnet are categorized into two groups: 1) Servant Bots Bots in the first group are called as servant Bots, because they behave as both clients and servers, which have static, routable IP addresses and are accessible from the entire Internet. 2) Client Bots Bots in the second group is called as client Bots since they do not accept incoming connections. This group contains the remaining Bots, including:- (a) Bots with dynamically designated IP addresses; (b) Bots with Non-routable IP addresses; and (c) Bots behind firewalls which they cannot be connected from the global Internet. 1.5 Background of the Problem Botnets which are controlled remotely by BotMasters can launch huge denial of service attacks, several infiltration attacks, can be used to spread spam and also conduct malicious activities [115]. While bot army activity has, so far, been limited to criminal activity, their potential for causing large- scale damage to the entire internet is immeasurable [115]. Therefore, Botnets are one of the most dangerous types of network-based attack today because they involve the use of very large, synchronized groups of hosts for their malicious activities. Botnets obtain their power by size, both in their increasing bandwidth and in their reach. As mentioned before Botnets can cause severe network disruptions through huge denial- of-service attacks, and the danger of this interruption can charge enterprises big sums in extortion fees. Botnets are also used to harvest personal, corporate, or government sensitive information for sale on a blooming organized crime market. 1.6 Statement of the Problem Recently, botnets are using new type of command-and-control(CC) communication which is totally decentralized. They utilize peer-to-peer style communication. Tracking the starting point and activity of this botnet is much more complicated due to the Peer-to-Peer communication infrastructure. Combating botnets is usually an issue of discovering their weakness: their central position of command, or CC server. This is typically an IRC network that all bots connect to central point, however with the use of P2P method; we cannot find any central point of command. In the P2P networks each bots in searching to connect other peers which can receive or broadcast commands through network. Therefore, an accurate detection and fighting method is required to prevent or stop such dangerous networks. 1.7 Research Questions a. What are the main differences between centralized and decentralized botnets? b. What is the best and efficient general extensible solution for detecting non-specific Peer-to- Peer botnets? 1.8 Objectives of the Study i. To develop a network-based framework for Peer-to-Peer botnets detection by common behavior in network communication. ii. To study the behavior of bots and recognizing behavioral similarities across multiple bots in order to develop mentioned framework. 1.9 Scope of the Study The project scope is limited to developing some algorithms pertaining to our proposed framework. This algorithms are using for decreasing traffics by filtering it, classifying intended traffics, monitoring traffics and the detection of malicious activities. 1.10 Significance of the study Peer-to-Peer botnets are one of the most sophisticated types of cyber crime today. They give the full control of many computers around to world to exploit them for malicious activities purpose such as spread of virus and worm, spam distribution and DDoS attack. Therefore, studying the behavior of P2P botnets and develop a technique that can detect them is important and high-demanded. 1.11 Summary Understanding the Botnet Command-and-Control(CC) is a critical part in recognizing how to best protect against the overall botnet threat. The CC channels utilized by the Botnets will often show the type and degree of actions an enterprise can follow in either blocking or shutting down a botnet, and the probability of success. It is also obvious that attackers have been trying for years to move away from Centralized CC channels, and are achieving some success using Decentralized(P2P) CC channels over the last 5 or so years. Therefore in this chapter we have defined a classification for better understanding of Botnets CC channels, which is included Centralized, Decentralized, and Hybrid model and tried to evaluate recognized protocols in each of them. Understanding the communication topologies in Botnets is essential to precisely identify, detect and mitigate the ever-increasing Botnets threats. CHAPTER 2 LITERATURE REVIEW 2.1 Introduction Before majority of botnets was using IRC (Internet Relay Chat) as a communication protocol for Command and Control(CC) mechanism. Therefore, many researches tried to develop botnet detection scheme which was based on analysis of IRC traffic [50]. As a result, attackers decided to develop more sophisticated botnets, such as Storm worm and Nugache toward the utilization of P2P networks for CC infrastructures. In response to this movement, researches have proposed various models of botnets detection that are based on P2P infrastructure [5]. One key advantage of both IRC and HTTP Botnet is the use of central Command and Control. This characteristic provides the attacker with very well-organized communication. However, the assets also considers as a main disadvantage to the attacker [8]. The threat of the Botnet can be decreased and possibly omitted if the central CC is taken over or taken down [8]. The method that is starting to come out is P2P structure for Botnet interaction. There is not any centralized centre for P2P botnets. Any nodes in P2P botnet behave as client and server as well. If any point in the network is shut down the botnet still can continue its operation. The storm botnet is one of the main and recognized recent P2P botnets. It customized the overnet P2P file-sharing application which is based on the Kademlia distributed hash table algorithm [55] and exploit it for its CC infrastructure. Recently many researchers specially in the anti-virus community and electronic media concentrated on storm worm [56,57]. 2.2 Background and History A peer-to-peer network is a network of computers that any computer in the network can behave as both a client and a server. Some explanation of peer-to-peer networks does not need any form of centralized coordination. This definition is more comfortable because the attacker may be interested in hybrid architectures [8]. 2.2.1 History The table 2.1 shows a summary of some well-known bots and P2P protocols. The range of time from the first bots, EggDrop, until the Storm Worm P2P bot is newly released. The first non-malicious bot was EggDrop that came up many years ago, and we know it as one of the first IRC bots that came to market. GTBot that have many other categories is another well-known malicious bot, that its variants are IRC client, mIRC.exe[61]. After a while, P2P protocols have been used for Botnet activities. Napster is one of the first bot that used P2P as its communication. Napster built an platform that permit all bots can find each other and share files with each other in the network. In this bot, file sharing has been done in the centralized server that we can say it was not completely a P2P botnet. Therefore, all bots have to upload an index of their files to the centralized server and also if they are looking for other files among all bots, have to search in centralized server. If it can find any file that looking for, then can directly connect to that bot and download what they want. Nowadays, because Napster has been shutdown as their service recognized as illegal service, many other P2P service focusing on avoiding such finding. After few years after Napster, Gnutella protocol came up as the first completely P2P services. Actually after Gnutellas , as shown in Table 2.1, many other P2P protocols have been released, such as Kademilia and Chord. This two new p2p service are using distributed hash table as a method for finding information in the peer-to-peer networks. Agobot is another malicious P2P bot that came up recently and become widespread because of good design and modular code base [61]. Nowadays many researchers are concentrating on P2P bots and there is an anticipation that P2P bots will reach to the stage that Centralized botnets will not been used any more in the future. Table 2.1: P2P based Botnets 2.3 Peers-to-Peer Overlay Networks Overlay networks are categorized into two categories: Structured and Unstructured. All nodes in first category can connect to most X peers regarding some conditions for identification of nodes that those peers want to connect. However in unstructured type there is not any specified limit for the number of peers that they can connect, in spite of the fact that there is not any condition for connecting to other peers. Overnet is a good example of structured p2p networks and Chorf is a good example of unstructured P2P networks. 2.3.1 Brief overview of Overnet One of the popular file sharing networks is Overnet that use for their design use distributed hash table (DHT) algorithm that called Kademlia[55]. Each node produces a 128-bit id for joining the network and also use for sending to other node for introducing itself. Actually each node in the network saves the information about other nodes in order to route query messages. 2.3.2 Brief overview of Gnutella Gnutellas is a unstructured file sharing network. In this network, when a node like n want to connect to a node like m, use a ping message to inform the other node for its presence. As long as node m received ping message, then send it back to other nodes in its neighbor and also send a Pong message to the sender of ping message that was node n. this transaction among node let them to learn about each other. 2.4 Botnet Detection In particular, to compare existing botnet detection techniques, different methods are described and then disadvantages of each method are mentioned respectively. 2.4.1 Honeypot-based tracking Honeypot can be used to collect bots for analyzing its behavior and signatures and also for tracking botnets. But using honeypots have several limitations. The most important limitation is because of limited scale of exploited activities that can track. And also it cannot capture the bots that use the method of propagation other than scanning, such as spam. And finally it can only give report for infection machines that are anticipated and put in the network as trap system. So it means that it can not give a report for those computers that are infected with bot in the network but are not devoted as trap machines. So we can come to this conclusion that generally in this technique we have to wait until one bot in the network infect our system and then we can track or analyze the machine. 2.4.2 Intrusion detection systems Intrusion detection techniques can be categorized into two categories: host-based and network-based solution. Host-based techniques are used for recognizing malware binaries such as viruses. A good example of this type is anti-virus detection systems. However, we know that anti-virus are good for just virus detection. The most important disadvantages of anti-virus are that bots can easily evade the detection technique by changing their signatures easily, because the detection system cannot update their databases consistency. And also bots can disable any anti-virus tools in the system to protect themselves from detection. Network- based intrusion detection system is another method for detection that is used in the field of botnet detection. Snort[67] and Bro[68] are the two well-known signature based detection system that are used currently. They use a database as signatures of famous malicious activities to detect botnets or any other malware. Actually if our objective is using this technique for botnet detection, we have to keep updating the database and recognizing all malware quickly to make a signature of it and add to our database. For solving this solving this problem recently researchers are using anomaly based IDS that can detect malicious activities based on behavior of malware or detection techniques. 2.4.3 Bothunter : Dialog correlation-based Botnet detection This technique developed an evidence-trail approach for detecting successful bot infection with patterns during communication for infection process. In this strategy, bot infection pattern are modeled to use for recognizing the whole process of infection of botnet in the network. All behavior that occur the bot infection such as target scanning, CC establishment, binary downloading and outbound propagation have to model by this method. This method gathers an evidence-trail of connected infection process for each internal machine and then tries to look for a threshold combination of sequences that will convince the condition for bot infection [32]. The BotHunter use snort with adding two anomaly-detection components to it that are SLADE (Statistical payLoad Anomaly Detection Engine) and SCADE (Statistical scan Anomaly Detection Engine). SCADE produce internal and external scan detection warnings that are weighted for criticality toward malware scanning patterns. SLADE perform a byte-distribution payload anomaly detection of incoming packets, providing a matching non-signature approach in inbound exploit detection [32 ]. Slade use an n-gram payload examination of traffics that have typical malware intrusions. SCADE execute some port scan analysis for incoming and outgoing traffics. Actually BotHunter has a link between scan and alarm intrusion that shows a host has been infected. When a adequate sequence of alerts is established to match BotHunters infection dialog model, a comprehensive report is created to get all the related events participants that have a rule in infection dialog [32]. This method provides some important features: i. This technique concentrates on malware detection by IDS-driven dialog correlation. This model shows an essential network processes that occur during a successful bot infection. ii. This technique has one IDS-independent dialog correlation engine and three bot-specific sensors. This technique can automatically produce a report of whole detection of bot, as well as the infection of agent, identification of the computer that has been infected and source of Command and Control centre. 2.4.3.1 Bot infection sequences Actually understanding bot infection life processes is a challenging work for protection of network in the future. The major work in this area is differentiating between successful bot infection and background exploit attempt. For reaching to this point analysis of two-way dialog flow between internal hosts and external hosts (internet) is needed. In a good design network which uses filtering at gateway, the threats of direct exploitations are limited. However, contemporary malware families are highly flexible in their ability to attack vulnerable hosts through email attachments, infected P2P media, and drive-by download infections [32]. 2.4.3.2 Modeling the infection dialog process The bot distribution model can conclude by an analysis of external communication traffics that shows the behavior of relevant botnet. Incoming scan and utilize alarms are not enough to state a winning malware infection, as are assumed that a stable stream of scan and exploit signals will be observed from the way out monitor [32]. Figure 2.1 shows the process of bot infection in BotHunter that used for evaluating network flows through eight stages. This model is almost similar with the model that Rajab et al. presented for IRC detection model. The model that they proposed has early initial scanning that is a preceding consideration happen in form of IP exchange and pointing vulnerable ports. Actually figure 2.1 is not aimed for a strict ordering of infection events that happen during bot infection. The important issue here is that bot dialog processes analysis have to be strong to the absence of some dialog events and must not need strong sequencing on the order in bound dialog is conducted. One solution to solve the problem of sequence order and event is to use a weighted event threshold system that take smallest essential sparse sequences of events under which bot profile statement can be initiated [32]. For instance, it is possible put weighting and threshold system for the look of each event in a way that a smallest set of event is important prior of bot detection. 2.4.3.3 Design and implementation More attention devoted for designing a passive network monitoring system in this part which be able of identifying the bidirectional warning signs when internal hosts are infected with b