Essay tips what are: October 2019

Wednesday, October 30, 2019

Multimedia & design Essay Example | Topics and Well Written Essays - 1250 words

Multimedia & design - Essay Example As programs have integrated with computers, they also need to integrate with human beings (Norman, 2004). Programs need to have a user-friendly graphical interface in order to enhance convenience in their application. If the interface is not user friendly this affects the emotions of the human user negatively, whereby the user finds it frustrating when the program or application is too complex to operate and understand. I strongly agree with Don Norman as he says computers with emotions are necessary in order to facilitate effective operation by human beings. At least computers should have appropriate emotional manifestations. A computer with emotions is able to detect human emotions, which can be used as security features to the computer. In organizations such as banks and security agencies where information is sensitive, computer emotions are highly recommended to be very effective. Features such as facial, voice and fingerprint detection are key security features in the modern soc iety technology. A computer with emotions is able to do most activities, which can be done by human beings (Norman, 2004). It may be costly to purchase a few computers with emotional programs but in the end, it will sum up to being cost effective. Nevertheless, there is a challenge when using computers with emotions in cases whereby the human user lacks the emotions, which the computer has. For instance, human being who does not have fingers or is dump finds it hectic to use the computer. If the password to the computer requires voice or fingerprint recognition, then the human user with disability will not be able to operate the computer. Question 2 Philosophers have in the past come up with various philosophical concepts that people may use to analyze various popular culture. These concepts are what many philosophers consider tools that a philosopher needs to solve various philosophical problems. For each particular category of popular culture, there are specific philosophical tool s that one can use to analyze the culture. If faced with a problem, I would be able to collect various philosophical tools that are displayed in the book to form a philosophical tool kit that will help me in analyzing the problems and dealing with the same problems. The tools are very critical especially in solving day-to-day problems. For a computer scientist, these philosophical tools are vital in making good interfaces. When designing an interface, the developer should ensure that all cultural as well as social factors are considered (Wittkower, 2008). For this small project, I was trying to come up with a tool kit to enable developers to consider some social and cultural aspects of users when designing interfaces. These philosophical tools would provide the developer with a base in which to view model use needs. One of the philosophical tools that I identified to be very critical in designing interfaces is logic. Logic is very essential for the developer to analyze what the user needs. Like when building the iPod interface, the developer needs logic to understand what the user needs (Wittkower, 2008). The other philosophical tool that I identified is Utilitarianism. Developers should use Utilitarianism to come up with the best course of action to take. This is one of the tools that are needed in my kit to ensure that developers consider the best cause of action

Monday, October 28, 2019

Antigone Essay Example for Free

Antigone Essay Remember those people who always thought they were right, and they always ended up in trouble for it? I SophoclesÃ¢â‚¬â„¢ play Antigone, the main characters Antigone and Creon show how being so hubris can be tragic to your life. Set back in ancient Greece an epic battle takes place and brothers end up killing each other. One was allowed a proper burial, yet Polyinesis was not. Antigone felt disappointed by this and decided to bury them yet Creon the newly appointed king did not appreciate the rule breaking. Due to the fact that Antigone and creon exhibited excessive pride, their lives were ruined. AntigoneÃ¢â‚¬â„¢s arrogance and brashness ultimately led to her death. For example, on CreonÃ¢â‚¬â„¢s first day as king he made a decree that no one should bury Polyneisis body. When Antigone heard this, she went to Ismene and asked for her help; yet Ismene refused and called her a criminal. Antigone still disagreed, Ã¢â‚¬Å"But I will bury him; and if I must die, I say that this crime is holy; I shall lie down with him in deathÃ¢â‚¬ (673,55-57) This proved that Antigone was cocky and she was sort of stating that all her wrong doings are Ã¢â‚¬Å"holyÃ¢â‚¬ ; she is referring to herself as always being right. This affected her though distorting her view on life. In addition to her argument with Ismene, Antigone then was caught in the act of burying Polyniesis and was brought in and questioned by Creon. Ã¢â‚¬Å"And you Antigone, with your head hanging Ã¢â‚¬â€œ do you confess this thingÃ¢â‚¬ (679, 53) When Antigone didnÃ¢â‚¬â„¢t deny her crime and boasted to the king and the elders, It proves how narcissistic that she is. If she would have not been so boastful I doubt that Croen would have been so harsh to Antigone. Furthermore, Creon then calls in Ismene to protest against her crime as well. Creon started o believe that she helped Antigone to plot against him. Ismene then lied and said she did help to AntigoneÃ¢â‚¬â„¢s surprise. Antigone become outraged and denied her hand in the deed. Ismene is displeased in antigoneÃ¢â‚¬â„¢s punishment, Ã¢â‚¬Å"Do you refuse me, Antigone? I want to die with you; I too have a duty that I must discharge to the deadÃ¢â‚¬ (681, 138). Antigone was then enraged further and rebelled against Ismene, Ã¢â‚¬Å"You shall not lessen my death by sharing itÃ¢â‚¬ (681, 139) Antigone is showing self centered and concided she was. She believed that she was so important because she did the right thing by the gods that no one should die except her because she was special. However, Antigone was not the only major character with this flaw. This proves how arrogance can really damage anyoneÃ¢â‚¬â„¢s life just like it did to Antigone and CreonsÃ¢â‚¬â„¢. Pride and the excess of it played a big role in this play, being the tragic flaw of both main characters; arrogance is not only a big part of this play but also our history, there will always be people who can never be wrong. Many people are just like Creon and Antigone, Always thinking they are right. Is your life headed for a fate just like AntigoneÃ¢â‚¬â„¢s plot?

Saturday, October 26, 2019

Articles of confederation Essay -- essays research papers

Articles of Confederation vs. Constitution Ã‚ Ã‚ Ã‚ Ã‚ Ã‚ The Articles of Confederation and the Constitution, although vastly different in their philosophies of governing the nation, both played a big role in setting the stage for AmericaÃ¢â‚¬â„¢s economy in the upcoming nineteenth century. A few years after the Articles of Confederation were drafted many politicians and economists, such as Alexander Hamilton, began to see problems with the decentralized form of government that was created by this document. These advocates of a more centralized government were referred to as federalists, and although they were not in favor of a dictatorship, like that of EnglandÃ¢â‚¬â„¢s, they saw the need for a central governing system to reside over the individual states. Ã‚ Ã‚ Ã‚ Ã‚ Ã‚ In the FederalistsÃ¢â‚¬â„¢ opinion some of the detrimental consequences of the confederate system were the lack of an organized treasury, military or government system. Furthermore, the nation suffered from poor commerce; a result of insecure financial transactions, non-regulated interstate trade, and poorly enforced tax laws. They believed that instead of ridding the country of oppression by a superior government, the Articles of Confederation creates conflict between the states and hinders economic prosperity. The emergence of these difficulties early in the life of our nation indicated, to those in favor of the constitution, the fundamental imperfections and the dire need for reform. Hamilton a...

Thursday, October 24, 2019

Cultural Background Summary Essay

My family comes from different cultural background which has been molded by assimilation, climate of pluralism and acculturation. I am a Filipino and I grew up in Oahu in Hawaii, whereby people in Hawaii have modest-economic status, low income and little education hence less satisfaction to their needs. I never had enormous understanding of cultural diversity and my culture as Filipino as I grew up because I had a combination of native Austronesia civilization which influenced the Hispanics and American cultures (Ciria-Cruz, 1994, p. 16). This affected my cultural background a lot. As argued by Gramann and Sandra, 1998 people of my culture have differences in their language, traditions and mode of dressing which contributes towards cultural diversity. There is difference in moral and religious conceptualization among the people and differences on how each person interacts with the environment within the community (Gramann and Sandra, 1998, p. 57). My cultural identity is characterized by my race mainly skin color and other physical characteristics according to social class and ethnicity. Ethnicity is classified according to behavior, cultural knowledge and my cultural identity. Cultural backgrounds come out as a result of different reasons. My cultural identity have been shaped by my cultural backgrounds which have influenced how I interpret the world around me, perceive myself and relate with other people. The information I have concerning my cultural background has increased my cultural knowledge and gave me an overview of cultural issues and characteristics. I usually identify my needs and preferences and always remember that I cannot reduce to set cultural norms. My cultural backgrounds vary with that of other people due to migration and time of arrival at that particular destination, socio-economic background, and period of settlement, education level, cultural and religious background, rural and urban residence, different life experiences with migration experience (Feagin and Feagin, 1993, p. 42). According to Feagin and Feagin, 1993 my identity has been molded by assimilation, acculturation and climate of pluralism. My cultural identity faces racial discrimination with. Ciria-Cruz, 1994 argued that, different books have racial composition, culture and demographic information of Filipino people. As argued by Feagin and Feagin, 1993 my cultural identity face substantial prejudice, discrimination and stereotype and people of my cultural background mainly struggle to maintain and preserve their culture and identity. Even speaking their own language result to severe sanction such as, losing their jobs and being made fun of by other communities. This cultural diversity within the communities has a significant challenge to multiculturalism and it threatens the survival of my community. Race influence relates to my community and interaction of people within my community has been racialized negatively and positively. Pluralism can help in solving this by enriching experiences for my cultural background (Feagin and Feagin, 1993, p. 54). Diversity in my cultural background is due to ignorance of cultural background language which is extensive. Lack of basic cultural background hinders people from comprehending language. Religious culture has assimilated me on various behaviors of human beings. Regional culture has been shaped by geographical environment and natural conditions. Acculturation has impacted on my cultural background in which people has anticipated on changing their behavior through influence on different aspect such as age, gender occupation recency of arrival, socioeconomic status, and education (Ciria-Cruz, 1994, p. 18). Cultural characteristics suggest the influence of acculturation across generations. Through assimilation people avoid interacting with dominant cultures with the degree in which people maintain and relinquish attributes of their native cultures. Through assimilation people desires meets with dominant cultures which is not necessary in maintaining an identity of their native culture. Some people donÃ¢â‚¬â„¢t like being assimilated but the degrees to which people may agree to be assimilated vary as a result of cultural diversity (Gramann and Sandra, 1998, p. 61). Assimilation has molded my cultural background through economic, social and political integration. This has been possible since my ethnic group changed to that of the host society. Cultural assimilation has given rise to different economic development patterns reducing cultural diversity by standardizing socio-cultural traits like ethics, beliefs, norms and codes of conducts. The climate of pluralism identifies what people in my culture share in common. This helps in maintaining ethnic identity and cultural identity. Acceptance of pluralism affects peopleÃ¢â‚¬â„¢s feelings of cultural identity with effect of interaction being posited between ethnic and cultural identity. The diverse attitudes towards my cultural background can be viewed as positive forces with compatibility on learning second language. Language is the key to identification and if I want to change my cultural identity I have to change my linguistic identification. Conclusion My cultural background marks my cultural identity in which various factors have contributed to cultural diversity. Factors like assimilation, pluralism and acculturation. My cultural backgrounds vary because of migration and time of arrival at that particular destination, socio-economic background, and period of settlement, education level, cultural and religious background, rural and urban residence, different life experiences with migration experience. Diversity in my cultural background is due to ignorance of cultural background language. List of References Ciria-Cruz, R. (1994), Ã¢â‚¬Å"How far have we come,Ã¢â‚¬ Filipinas, Vol. 3, No. 4, pp. 16-18 Feagin, J. & Feagin C. (1993), Cultural Diversity, 4th Ed. Englewood Cliffs: Prentice Hall Gramann, H. , & Sandra, L, (1998), Ã¢â‚¬Å"The effect of cultural assimilation on the importance of family-related and nature-related recreation among Hispanic Americans,Ã¢â‚¬ Journal of leisure research, Vol. 30, No. 4, pp. 57-68

Wednesday, October 23, 2019

A Journey through War

The 3rd of September has brought many changes to my life that will shape the course of my future for years to come. I have signed up to Join the United States Army and will soon be leaving to fght in the war against Great Britain. The war was officially declared on the 18th of June after President Madison was finally persuaded by the War Hawks to battle the British. Madison stated that Ã¢â‚¬Å"war with the British was inevitableÃ¢â‚¬ and then asked Congress to go to war a few months later.After the president's declaration, I thought about Joining the war effort and was reminded of ll the cruel and outrageous actions that the British had performed against the United States. For many years now, The British have been violating our neutral rights and blocking off the French coast from American trading ships. In addition, the British have also been supporting and giving arms to Indian tribes that raid American cities along the Northwest Territory and block expansion into the west.Lastly and most importantly, the British scum have been practicing the horrid act of impressment on American ships and have been kidnapping thousands of American ailors in the search for Navvy deserters. After reflecting over all of these things, I couldn't help but become overcome with rage and anger. At that very moment, I swore to fght for the army and vowed to claim revenge for Britain's actions. I also promised to avenge all of those who had been impressed by the British Navvy and killed in Indian raids. The British have offended and taken advantage of our nation for long enough.It is time to act and show the Brits that we will no longer tolerate their behavior. August 15, 1812 The war has gotten off to a bad start. A few days after I was accepted into the US army and placed under the command of General William Henry Harrison, Congress had ordered for an attack on the British colony of Canada. Thus, we set out from our fort in Detroit and began marching towards Canada. This was going to be my very first battle and I was very anxious to get my first taste of war. I was confident in my fellow soldiers and believed that victory would be unproblematic and straightforward.However, as we marched to our destination, we were met by the British and a group of Native American warriors who were led by Tecumseh. Our general feared the Indian's vicious war tactics and knew that we would certainly face heavy losses if we engaged the British force. That day we were forced to shamefully surrender Fort Detroit and retreat. After our humiliating defeat, morale among my fellow soldiers was drastically low and we soon began developing doubts about victory. A few weeks later, we yet again attempted to invade Canada, but were once again defeated.After our two defeats, morale was at an all-time low and the only thing that even vaguely cheered us up, was the mention of the USS Constitution. The hip had managed to defeat the British vessel, Guerriere and was nicknamed Ã¢â‚¬Å"Old Ironsid esÃ¢â‚¬ when a shot bounced off its hull during battle. It was one the few victories that was heard about in a sea of losses. P. S. I shall not see war for a very long time control over Lake Erie. October 16, 1813 Today is a glorious day and my fellow soldiers and I are relishing a satisfying victory against the British and their Native American allies.It all started on September 10th, 1813, when Oliver Hazard Perry assembled a fleet of military ships and engaged the British naw in Lake Erie. After a long and bloody battle, the American fleet prevailed and Oliver Perry, watching the battle from Put-in-Bay, Ohio sent General Harrison the message, Ã¢â‚¬Å"We have met the enemy and they are ours. Ã¢â‚¬ With Lake Erie under American control, the British frantically evacuated Fort Detroit and hastily headed back for safety in Canada, but in the end, we were able to intercept their troops and force them to wage war.On October 5th, 1813, we fought the British and their Native American a llies in the Battle of Thames. At the end of the bloody battle, we had defeated the enemy force and had managed to kill Tecumseh, he Native American leader who had aided the British in the war. Our luck did not end here, however. A few days after our victory in the Battle of Thames, we attacked the Canadian town of York and set fire to the parliament buildings. After these victories, morale among my fellow soldiers was higher than ever before and we soon grew confident in victory over the British.August 25, 1814 Yesterday was a sad, sad day in American history that I will never forget for as long as I live. Just a couple of months ago, my fellow soldiers and I had enjoyed a heightened sense of confidence in our chance of victory. We believed that as long as the British were still at war with the French, they would not be able to send the majority of their troops to America and would thus, not be able to pose a large threat. However, several months later, we got news that Britain had managed to defeat the French and their brilliant military leader, Napoleon Bonaparte.With the French out of the way, the British were able to concentrate their military efforts on the war with America and were ready launch an attack. On August 24, 1814, British ships sailed into Chesapeake Bay and unloaded 5,000 troops (led by Major General Robert Ross) hat were headed directly for the nation's heart, Washington, DC. As the British marched towards the capitol, President Madison hastily ordered for the concentration of all nearby troops and the safekeeping of American documents such as the Constitution, the Declaration of Independence, and George Washington's Correspondence.In the Battle of Bladensburg, the recently assembled American defenders tried to hold off the large British attack force, but they were quickly overpowered by the well-trained enemy soldiers. As the British continued to advance towards the capitol, Dolley Madison, the first lady (which I am quite fond of) mazingl y risked her life in order to selflessly save President Washington's painting. She was among the last to evacuate the White House. Moments after Dolleys daring act, the British scoundrels barbarically raided and burned important government buildings such as the Capitol and Library of Congress.The British scum also burned down President Madison's home, the White House, a structure that has long been a symbol of freedom and independence for the American people. There seemed to be nothing we could do to protect the city, but fortunately, as if by the will of god, a iolent hurricane and tornado extinguished the fires and drove the British soldiers back to Benedict. After hearing this shocking story, my dislike for the British turned British again and will try to defend the city of Baltimore which is believed to be the next target for the British troops.September 21, 1814 The month of September has brought two glorious victories to the American people and has provided us with revenge for the burning of Washington. The first victory took place in the city of Baltimore. In the city of Baltimore, American troops were strengthening Fort McHenry for the upcoming British siege while my squad and I were helping fortify the city for the impending land based attack. While doing my work, I recall seeing a large and magnificent American flag hanging over the fort.I later learned that the majestic Ã¢â‚¬Å"Star Spangled Banner FlagÃ¢â‚¬ had been sewed by Mary Young Pickersgill on General George Armistead's orders. The British were advancing towards the city quickly and we needed more time to reinforce our defenses. Thus, it was decided that a group of soldiers led by General John Stricker would be sent out to buy time for the Americans. On September 12, 1814, John Stricker's and Robert Ross's forces fought each other in the Battle of North Point. Although they lost the battle, they had bought us time and had even managed to kill Major General Robert Ross.When the British land force arrived, we were ready for them and were able to hold them back easily. Meanwhile, in Fort McHenry, American soldiers were desperately trying to hold off the British naw and keep the fort alive. If this fort fell to the British, the city might have been destroyed and the war might have fallen into their hands. The American defenders however held firm and after 25 hours of bombardment from the British avy, the Brits finally gave up their assault and retreated. After the long, tiresome fght, we celebrated our amazing victory and shouted into the air.During this period of celebration, Francis Scott Key who had seen the whole battle from his ship and was deeply moved by it wrote the poem Ã¢â‚¬Å"Defense of Fort McHenry'. The poem was set to the tune of a popular British drinking song and was distributed throughout Baltimore on hand bills. While we celebrated our victory in Baltimore, General Sir George Prevost and his 10,000 British troops departed from Canada and attacked New York in the hopes of apturing the seaside city of Plattsburgh. The attack was easily thwarted when a group of American warships on Lake Champlain defeated the British flotilla.The British realized that control over the lake gave the Americans an advantage over their force and they were required to retreat back to Canada. January 15, 1815 The year of 181 5 has brought the American people another outstanding military victory and the end of a long and tiring war. After being defeated in the Battle of Lake Chaplain, the British realized that war with the USA was detrimental and was simply not worth the effort. On December 24, 1814, Britain and America signed a peace treaty in Ghent, Belgium which officially ended the war between the two nations.However, news of the treaty traveled too slowly and troops were not informed of the war's end quickly enough. Thus, on January 8, 181 5, the British and Americans engaged in one last gruesome battle at New Orleans. In the battle, Andrew Jackson's 4,0 00 American ragtag defenders were heavily outnumbered by the 10,000 British troops. However, the British forgot to bring scaling ladders and by simply staying behind earthen defenses and shooting from behind bales of cotton, Jackson Orleans was saved and Jackson became a national hero.After the ending of the war and the victory at New Orleans, people throughout the nation were feeling proud and honored to be an American. In addition, many Americans started to feel an improved sense of patriotism and nationalism. I myself felt proud to be a part of such a great nation. In a matter of a few years, our young country had grown strong enough to defeat the British army and had even gained the respect of other, much older nations. I believe that this war will define the American people for many years to come.

Tuesday, October 22, 2019

Can we know something that has not yet been proven true Essay Example

Can we know something that has not yet been proven true Essay Example Can we know something that has not yet been proven true Essay Can we know something that has not yet been proven true Essay Essay Topic: Religion In order to answer this question, we must first define how we can prove that something is true and it actually exists. Some think that seeing is believing and therefore if they see something with their own eyes, that precise object must exist. Others feel that if there is not a logical explanation to a certain event or to a belief, then that thing does not exist. Some might say that scientific proof is the only way to state that a certain thing is true. What happens when scientific proof is showed to someone who only believes in the seeing is believing principle, or what if a plain and simple picture is shown to a scientist? Will they believe that that object or theses exist or not? For us to know something, we must believe that the method used to prove this fact, is the most suitable and the most accurate. For example, not many people will believe that UFOs exist just because they have been showed a picture with a presumed flying spacecraft on it. This also goes for everything we are taught in life. If it comes from what we think is a reliable source (parents or teachers), then there is more of a chance that we will use this knowledge later on our lives. For scientists and mathematicians, the only medium through which the truth is separated from the imaginary world, is scientific facts and numbers. These facts and numbers, are later set up into an experiment or a certain method through which a predicted or less predicted outcome will be formed, and new facts and numbers released, formulating experimental results, which are the bases for scientific conclusions. These conclusions state what is true and what is not. We can also take into consideration, the fact that some people believe that seeing is believing. In general we can relate this also to our other four senses (hearing, smelling, tasting, and touching), therefore resulting in a method that uses our human senses to prove whether things are true or not. I have personally come across a discussion relating the seeing is believing theory, and this happened in religion class, where the students were asked to debate on the available evidence of Gods existence. One of the students asked the obvious question: has anyone ever seen God, has anyone touched him, has anyone talked to him? Another student replied with another quite similar question: has anyone ever seen your brain, has anyone ever touched it, has anyone ever talked to it? Obviously no one had, and realising the obvious, the class went quiet. Within the borders and the limits of the classroom, we knew something that we were not able to prove true. Arguments like these happen every day all around the world. Arguments, whos main point of discussion or of debate, is a certain fact, which is obviously true, but at that time no one would have the ability to produce some clear evidence that would be accepted by everyone as reliable and accurate. Religion is probably the most complicated and sensible subject dealing with what is real and what is not. How can so many people in the world follow a religion, which does not have some clear and recent proof? We do have eyewitness accounts, and holy books, but how can we explain all the miracles and the extraordinary events that characterise the life of a prophet. I am not here to criticise mine or other religious beliefs, but I am here to define the difference between knowledge and faith. Faith is another form of knowing something that has not yet been proven true, but it consists of something beyond science and beyond any sort of facts and figures. We can say that faith is a derivative of the seeing is believing principle. The only difference between the two is that, the religious belief is based on eyewitness accounts from over a millennium ago and not from your own observation. Faith could be interpreted as another method of knowing something that has not yet been proven true, if we do not consider how much time has passed since someone had the capabilities to prove that our beliefs and everyone elses, are true. All truth passes through three stages. First, it is ridiculed. Second, it is violently opposed. Third, it is accepted as being self-evident. 1 Arthur Schopenhauer (1788 1860) If we think about mans discoveries throughout history, we will see that most, if not all of them have followed the path suggested by the quote. Discoveries such as the roundness of the earth and the ability to overtake the speed of sound, perfectly match this sort of definition and so do other discoveries and theories, thought of by humans. Then what can be said about the existence of extraterrestrial beings, or about the life after death? Could the theories and the witness accounts be true? How can we tell the difference between someone who is lying and someone who is telling us what he really saw, felt, or heard? The only way we can resolve these mysteries, is to let time do the job for us. With the gaining of new and more advanced technologies, man will be able to reach limits never imagined before. In a couple of decades we could be all spending our winter holidays skiing on the, over twenty kilometre high, Olympus Mons, on Mars! Sometime in the future we will have the possibility to prove whether what we think of today as absolutely impossible and absurd, will be proven to be true, with the help of technology and other close encounters. The cause for this mass scepticism, is that some people might recognise certain witness accounts as absolute nonsense, but that is simply because they do not consider this as a reliable source of evidence for such an event. Therefore they conclude that this certain thing never happened, and therefore if has not been proven true. Therefore that witness knows something that has not yet been proven true. What a human being knows, is only a minute fraction, of the available knowledge of today. One must be able to preserve his or her knowledge, and pass it to later generations. This knowledge could be useless as it could be the key to our survival. It is obvious that in order to know something, one must first make sure it is true, and to do that, one must follow the best possible method, he or she regards as the most reliable. This is the very foundation of our knowledge. The proof of something being true, plays a vital role in the knowing or not knowing concept. What really matters is that, one must be able to prove to himself that his knowledge is correct, and in order to do so, one must follow the method chosen. There are more than one points of view concerning method used, and there will be some people who will think that the method u chose is the wrong one and rather inaccurate. But from your point of view, you would know that a certain thing is true, and according to your method, you have proven it true. But for those who do not believe the method you chose is the best one, they will bring up the argument that you have did not prove that that thing exists, even though they might believe it does. Therefore you would know something that has not yet been proven true.

Monday, October 21, 2019

How Dragonflies Males Find and Mate with Females

How Dragonflies Males Find and Mate with Females Dragonfly sex is a rough-and-tumble affair. If youve ever seen a pair of mating dragonflies in the act, you know that their sexual coupling requires the flexibility and acrobatic skill of a Cirque de Soleil performer. Females get bitten, males get scratched, and sperm winds up everywhere. These strange mating habits have survived millions of years of evolution, so the dragonflies must know what theyre doing, right? Lets take a closer look at how dragonflies mate. How Dragonfly Males Find ReceptiveÃ‚ Females Dragonflies dont engage in elaborate courtship rituals. In a few dragonfly families, the male might display his colors or fly over his territory to show a potential mate what a good oviposition site hes chosen for their offspring, but thats about it. Since dragonflies have extraordinarily good vision, the males rely mostly on their eyesight to find appropriate female partners. A typical pond or lake habitat will support many species of dragonflies and damselflies. To succeed in passing on his DNA, a male dragonfly must be able to distinguish females of his own species from all the other Odonates flying around. He can recognize a conspecific female by observing her flight style, her colors and patterns, and her size. How Dragonflies Mate (and the Wheel Formation) As with many insects, male dragonflies make the first move to initiate sex. When a male spots a female of his own species, he must first subdue her. Hell approach her from behind, usually while they are both in flight, and hold onto her thorax with his legs. He might bite her, too. If he hopes to mate successfully, he must get a firmÃ‚ grip on her quickly. He pulls his abdomen forward and uses his anal appendages, a pair of cerci, to clasp her by the neck (her prothorax). After he has her tightly by the neck, he extends his body and continues to fly with her, in tandem. This position is known as tandem linkage. Now that hes got a hold of a mate, the male dragonfly prepares for sex. Dragonflies have secondary sex organs, meaning they dont store sperm near the copulatory organ. He must transfer some sperm from a gonopore, on his ninth abdominal segment, to his penis, which is located under his second abdominal segment. After hes charged his seminal vesicle with sperm, hes ready to go. Now for the acrobatics. Somewhat inconveniently, the females genital opening is near her thorax, while the males penis is closer to the tip of his abdominal segments (on the underside of his second segment). She has to bend her abdomen forward, sometimes with coaxing from the male, to bring her genitalia into contact with his penis. This position during copulation is known as a wheel formation because the couple forms a closed circle with their joined bodies; it is unique to the order Odonata. In dragonflies, the sex organs lock together briefly (not so for damselflies). Some dragonflies will mate in flight, while others will retire to a nearby perch to consummate their relationship. Competition Among Male Dragonflies If given the opportunity, a female dragonfly might mate with multiple partners, but the sperm from her final sexual partner will fertilize her eggs, in most cases. Male dragonflies, therefore, have an incentive to make sure their sperm is the last to be deposited in her. A male dragonfly can increase his chances of fatherhood by destroying the sperm of his competitors, and hes well equipped to do so when he mates. Some dragonflies have backward-facing hooks or barbs on their penises, which they can use to scoop out any sperm they find inside their partner before depositing their own. Other dragonflies use their penises to tamp down or move the offending sperm, pushing it aside before he places his own in the ideal location for fertilization. Still, other dragonfly males will dilute any existing sperm they find. In all cases, his goal is to ensure that his sperm supersedes that of any prior partners she has had. Just to provide an added measure of security for his sperm, the male dragonfly will often guard the female until she oviposits her eggs. He tries to prevent her from mating with any other males, so his sperm is assured the last in position that will make him a father. Male damselflies will often continue to grasp their partners with their cerci, refusing to let go until she oviposits. Hell even endure a dunking in the pond if she submerges to place her eggs. Many dragonflies prefer to guard their partners by simply chasing off any approaching males, even engaging in wing-to-wing combat if necessary. Sources Paulson, Dennis. Dragonflies and Damselflies of the West. Princeton University Press, 2009.Resh, Vincent H., and Ring T. Carde, eds. Encyclopedia of Insects, 2nd ed., Academic Press, 2009.

Sunday, October 20, 2019

Sharpen Up Your Writing A Quick Guide to Sentence Types

Sharpen Up Your Writing A Quick Guide to Sentence Types Sharpen Up Your Writing: A Quick Guide to Sentence Types Writing in grammatical sentences helps you to express yourself clearly, but thereÃ¢â‚¬â„¢s more to sentence structure than syntactical construction alone. ItÃ¢â‚¬â„¢s also important to consider the type of sentences you use. The four sentence types you need to know are simple, compound, complex and compound-complex sentences. Simple Sentence Structure At its most basic, a simple sentence combines a subject and a verb to express a complete thought: I run. In the above, the subject is Ã¢â‚¬Å"IÃ¢â‚¬ and the verb is Ã¢â‚¬Å"run.Ã¢â‚¬ This is all the sentence needs to express that the speaker is someone who runs. Of course, not all simple sentences are quite so basic: My fitness-obsessed brother and I run at least five miles every day. This example includes more detail, but remains a simple sentence because it expresses a complete thought in itself. Another term for a simple sentence is an Ã¢â‚¬Å"independent clause.Ã¢â‚¬ Compound Sentences A compound sentence is a sentence with two or more independent clauses connected by a coordinating conjunction (e.g., Ã¢â‚¬Å"and,Ã¢â‚¬ Ã¢â‚¬Å"but,Ã¢â‚¬ Ã¢â‚¬Å"or,Ã¢â‚¬ Ã¢â‚¬Å"so,Ã¢â‚¬ etc.): I love my brother, and my brother loves running. I love my brother, but I hate running. In each of these cases, the statement on either side of the conjunction could work as a standalone sentence; however, by combining them in a compound sentence we clarify the relationship between the two thoughts expressed (e.g., that my hatred of running is why I donÃ¢â‚¬â„¢t run). Complex Sentences Unlike simple and compound sentences, complex sentences contain both an independent and a dependent clause. A dependent clause is one that contains a verb, but doesnÃ¢â‚¬â„¢t express a complete thought and begins with a subordinating conjunction (e.g., Ã¢â‚¬Å"although,Ã¢â‚¬ Ã¢â‚¬Å"after,Ã¢â‚¬ Ã¢â‚¬Å"whileÃ¢â‚¬ , Ã¢â‚¬Å"unlessÃ¢â‚¬ , etc.): I like to watch TV, whereas my brother enjoys running. Here, Ã¢â‚¬Å"I like to live watch TVÃ¢â‚¬ is an independent clause (i.e., it would work as a simple sentence without modification). The dependent clause Ã¢â‚¬Å"whereas my brother enjoys running,Ã¢â‚¬ on the other hand, would not work as a sentence by itself since the subordinating conjunction whereas implies a comparison and expresses a particular relationship between the two parts of the sentence. ItÃ¢â‚¬â„¢s worth noting here that subordinating conjunctions can also come at the start of a complex sentence (this is known as a periodic sentence): Whereas my brother enjoys running, I like to watch TV. Compound-Complex Sentences A compound-complex sentence is one which contains three or more clauses (at least two independent and one dependent): While I enjoy watching TV, my brother loves running, and my sister is a body builder. In the above, we have one dependent clause beginning with a subordinating conjunction (Ã¢â‚¬Å"While I enjoy watching TVÃ¢â‚¬ ). This is followed by two independent clauses (Ã¢â‚¬Å"my brother loves runningÃ¢â‚¬ and Ã¢â‚¬Å"my sister is a body builderÃ¢â‚¬ ) joined by a coordinating conjunction. Now that you know how these different sentence types work, we hope youll use a variety of them in your writing!

Saturday, October 19, 2019

The Child Left Behind Essay Example | Topics and Well Written Essays - 1250 words

The Child Left Behind - Essay Example The increased emphasis that the NCLB Act places on the subjects of math and reading undermines the importance of all other subjects that are either equally or more important for the inculcation of the required academic and professional skills in the children. The goals that schools in conventional practice set for the students are not limited to the inculcation of general reading and math skills but also extend to the development of appropriate critical thinking skills, emotional intelligence, conflict resolution, self-discipline and the health and safety habits in the students. When there are sanctions to threaten the schools just in case they do not meet their expectations with respect to one particular goal, the schools are bound to have their attention diverted from the rest of the goals that are equally or more important than that one goal. Having been educated in the NCLB culture, my knowledge of or skill in arts, science, music, social studies and exercises is close to negligi ble. This is so because my teachers could not afford to spend time on such subjects because they feared they would have to face the most unfavorable consequences if they did. The problem of goal distortion has been recognized at various levels. Even the former education assistant secretaries Diane Ravitch and Chester Finn have realized the negative impact of overemphasis on one area upon the others. They said, Ã¢â‚¬Å"[If NCLB continues,] rich kids will study philosophy and art, music and history, while their poor peers fill in bubbles on test sheets. The lucky few will spawn the next generation of tycoons, political leaders, inventors, authors, artists and entrepreneurs. The less lucky masses will see narrower opportunitiesÃ¢â‚¬ (Ravitch and Finn cited in Rothstein). NCLB assesses the studentsÃ¢â‚¬â„¢ learning from the annual test which can in many ways be quite misleading. On certain days in the year, a childÃ¢â‚¬â„¢s performance may be outclass while on others, his/her performan ce may be below average. It is not just the studies that are there in a childÃ¢â‚¬â„¢s life after all. The child may be upset because of some familial reason. The child may not be feeling well on the exam day. There can be hundreds of reasons for the declined performance on certain days. Taking this into consideration, there is dire need for multiple retesting in order to have an accurate assessment of the childÃ¢â‚¬â„¢s learning. In addition to that, the number of subgroups in a school also has an impact upon the childÃ¢â‚¬â„¢s academic performance. The margin of error for the academic achievement of a subgroup is enhanced because of the smaller size of the subgroups in a school in comparison to a full-grade cohort. Accountability becomes increasingly inaccurate as the subgroups in a school integrate in increased numbers. Students cannot be sure that all students are proficient at the challenging level as is expected of them even if the math and the reading are paid excessive atten tion towards. The variability in human nature and skills prevents such proficiency irrespective of the disparities originating in the socioeconomic statuses of the students. The normal intelligence quotient (IQ) of the humans that accounts for about 66.66 per cent of the total human population starts from 85 and ends at 115 (Rothstein). What the

Friday, October 18, 2019

Estoria de Espana Essay Example | Topics and Well Written Essays - 2000 words

Estoria de Espana - Essay Example Hayden White said the Ã¢â‚¬Ëœthe facts might be truthfully set forth, and the interpretation of them misguided. Or conversely, a given interpretation of events might be suggestive, brilliant, perspicuous, and so on, and still not justified by the facts or square with the story related in the narrative aspect of the discourse.Ã¢â‚¬â„¢(White 1987 p.28) When looked at in this light, Rolland BarthesÃ¢â‚¬â„¢ statement that historical discourse is essentially a product of ideology. Estoria de Espana, a Spanish historical discourse, reflects the veracity of BarthesÃ¢â‚¬â„¢ statement. Alfonso X, also known as El Sabio for the wise, became king of Leon and Castile in the year 1252 until his death in 1284. During his reign he commissioned scholars at the School of Translators to write many works of interest particularly translations of historical works, scientific data and legal cannons. He also commissioned original literary works including the Estoria de Espana which is believed to have commenced in 1260 and was not completed until after AlfonsoÃ¢â‚¬â„¢s death in 1289. (Weller) The first version of Estora de Espana which was completed in 1270 contained approximately four hundred chapters. The final version approved by Alfonso X contained 612 chapters. (Deyermond, 2001 pp 157-158) The work purports to represent a chronicle of Spanish history from the far reaches of Biblical times to the reign of Alfonso. (Deyermond, 2001) Interspersed in the historical chronology of events are myths as well as legends and historical sources origination from the Greeks. Be that as it may, Estoria de Espana was accepted as the history of Spain until the Modern Age.(Deyermond 2001) Despite the fact that Estoria de Espana purports to be a historical discourse, the sources used in its compilation is evidence easily supportive of BarthesÃ¢â‚¬â„¢ contention that a historical discourse is a product of ideology. Even the manner and style of delivery suggest that Barthes is correct. Nancy Joe Dyer

History (western civilization) Essay Example | Topics and Well Written Essays - 2500 words

History (western civilization) - Essay Example Ancient civilization is built on the ruins of over ten thousand years of advanced cultures. Medieval era is the longest major period in the history of Europe. It set in from the 5th century through the 15th century. Civilization is taken to refer to the duration of time immediate subsequent to the Iron Age. It is also that period which witnessed the caving in of the renowned Western Roman Empire as well as the big European migration. It precedes the early modern era. It is overly complex and the developments that took place during these times form key elements that separate it from the classical civilization of Greece and Rome that it replaced and todayÃ¢â‚¬â„¢s world. Life during the medieval era was perceived to be ruder and primitive than that of periods of classical civilization. During the medieval era, the society was dominated by a militant, single exclusive religion, there was great difference given to authority and there was a decline of the centralized rule which led to the development of petty principalities. (histclo.com, 2010) POLITICAL AND CULTURAL DEVELOPMENTS OVER THE PERIOD OF ANCIENT AS WELL AS MEDIEVAL TIMES The medieval as well as the ancient eras are taken to mean not only a period of time but also a situation of consciousness; that is, a cultural situation of humans. Three preeminent cultural influences were experienced in western civilization between BC 3250 and AD 1500. The early civilization of imperial Rome left traces of a cultural impact that was proven very powerful. The Germanic tribes also left a major cultural imprint forming the hallmarks of western civilization. The church-The coming of the religion of Christianity The historical Rome Empire is regarded the core of the Christian Church founding. During the reigns of emperors, Christians were constantly suppressed. The old fathers of the church carried out their operations in this chaotic environment. With the ConstantineÃ¢â‚¬â„¢s arrival, the church started being the official r eligion practiced in that empire. The church, being the official religion, started suppressing other rival creeds. It brought about new ethical concepts which resulted into moral responsibilities for individuals which were previously missing. The worldliness of pagan culture was strongly rejected by the churchÃ¢â‚¬â„¢s asceticism because of the influence the church got from the empire. Most of the aspects of the churchÃ¢â‚¬â„¢s organization were a mirror to the empireÃ¢â‚¬â„¢s organization. The setting of Christian dioceses clearly represented the political structure of the empire. Important local officials found it necessary to have powerhouses in their territories. The winning barbarian side took over Christianity which happened apparently be a religion losersÃ¢â‚¬â„¢ empire. This happened as on of the most remarkable of the triumphs by Christianity. Leaders were converted to Christianity through persuasion in the form of princely fiat, election, shamanistic vision and missionary zeal. Only a few Europeans were Christianized by conquest. Many features of the church differed from those of the ancient church. The cult of saints and the confessions were some of the major differences. Previously, confessions were done by the most deeply pious and it had the aspect of tarriffed penances based on penitentials. The survival of medieval penitentialÃ¢â‚¬â„¢s provided a wealthy source of information to socialists concerning the intimates

Thursday, October 17, 2019

Case study chapter 10 Example | Topics and Well Written Essays - 250 words

Chapter 10 - Case Study Example JohnstonÃ¢â‚¬â„¢s problem (Shaw et al., 2012). Indeed, the hospitalÃ¢â‚¬â„¢s management takes the greatest responsibility for Dr. JohnstonÃ¢â‚¬â„¢s problems since it failed to institute relevant measures that would ensure responsible administration of the narcotics given their nature. It is prudent that drugs are prone to be abused and thus the hospital ought to have implemented more stringent measures that would curb any irregularities with regard on how they are administered by tracking who administered them and to which particular patient to enhance accountability. In that light, Dr. Johnston would not have gotten the opportunity to make irregular administration of morphine to patients and thus making it hard to get the chance to utilize the drug at will (Shaw et al., 2012). The management will argue that it has placed the relevant measures in monitoring the use of narcotics by the physician in charge having to sign the sheet on the lockbox to facilitate accountability in the administration of those drugs. The escapades of Dr. Johnston are out of unethical work practices in the sense that he had to under dose patients or at times not administer the drug so as to use it for his personal needs. That is uncouth, and the physician ought to be punished in accordance with the hospitalÃ¢â‚¬â„¢s professional work ethics (Shaw et al., 2012). Sometimes back my elder sister was sick, and we had to take him to a local medical center to receive medication. The physician who was in charge of attending her gave her an overdose of the medication and the next day my sister was worse than we had brought her there. When we tried to inquire because the situation we were told the condition she was in was quite stubborn but would normalize with time. However, we decided to transfer her to a higher ranking Hospital to receive specialized care. It is at this hospital that we were informed the medication she was given was overdosed thus causing the reaction. My

NONE Essay Example | Topics and Well Written Essays - 500 words - 2

NONE - Essay Example The theory of conspicuous consumption is evident in the lives of very many people today. For instance, many renowned celebrities today such as rappers, singers, actors, sports personalities, deejays, and socialites among others are known to make a lot of money. These celebrities do not shy from spending their money lavishly in ways that are intended to provoke the envy of other members of the public just as stipulated in VeblenÃ¢â‚¬â„¢s theory of conspicuous consumption. They simply do this as a means of displaying their superior socio-economic status and letting the world know that they are economically powerful. For example, popular celebrity actor Jennifer Aniston passed by a New York lighting store and spent $ 20,000 on lights for her mansion in Los Angeles. While in Paris, socialite Kim Kardashian spent more than $ 100,000 on buying less than seven handbags for herself. Victoria Beckham was also recorded as having spent more than $ 1.5 million on clothes, sunglasses, shoes and b ags. Other conspicuous spenders include Brad Pitt who spent more than $ 10,000 at once just buying boyÃ¢â‚¬â„¢s clothes. The fact that the above mentioned celebrities go on these spending sprees conspicuously and end up attracting the attention of members of the public on their spending abilities proves that VeblenÃ¢â‚¬â„¢s theory of conspicuous spending is still relevant today because it is evident in the spending habits of a group of people who wish to maintain a certain social status. According to VeblenÃ¢â‚¬â„¢s theory, this social class of super rich people came into sight as an outcome of the accumulation of wealth during the Second Industrial Revolution. That is the same case with the people who conspicuously spend money on luxury items today. They usually accumulate their wealth through various ventures that they engage in. After accumulating their wealth, they apply it as a way of publicly displaying their social and economic power. This is

Wednesday, October 16, 2019

Case study chapter 10 Example | Topics and Well Written Essays - 250 words

Tuesday, October 15, 2019

BCG Growth Matrix Assignment Example | Topics and Well Written Essays - 250 words

BCG Growth Matrix - Assignment Example Market growth is the percentage at which the market is growing over a given period of time. Market or demand growth indicates opportunity. Low growth products or markets have greater competition and vice versa. Marketers and ecommerce owners can use industry analysis, published reports and third party tools to track sale rates to gauge market growth. Marketers should plot the market share and market growth at least annually for each product category on the BCG Matrix. The BCG Matrix has four quadrants. Products in the Dogs quadrant are those in the lower right quadrat. They have low growth and low market share. These products should be closed out. The Cash Cow products are those in the lower left quadrant (Roggio, 2014). They have good market share and low growth. These products are harvested from with the revenue being invested elsewhere. The Question Marks products are those in the upper right quadrant. They have low market share and high growth. These products are promoted and advertised. The Stars are the upper left quadrant. They have strong market share and high growth. Marketers hold on to the Stars and try to continue to grow with moderate advertising and marketing. The benefits of the BCG Matrix include helping marketers evaluate balance between the quadrants, seek experience and volume effects, prepare for the future, and manufacture new products at low enough prices to lead in the market share. BCG Matrix is also easy and simple to use. The limitations of the BCG Matrix is that it neglects synergism between product lines, the Dogs can earn more than Cash Cows sometimes, getting data can be a challenge, high market share sometimes does not reflect on profitability, low market share products can be profitable and small competitors with fast growing market shares are neglected. Roggio, A. (2014). Using the BCG Matrix for Ecommerce Marketing Decisions. Practical ecommerce. Retrieved from

Per ClausewitzÃ¢â‚¬â„¢s On War Essay Example for Free

Per ClausewitzÃ¢â‚¬â„¢s On War Essay Per ClausewitzÃ¢â‚¬â„¢s On War focal points on how victory can be achieved, reader see a keen interest in how to disarm the enemy using reciprocal and proportionate Ã¢â‚¬Å"efforts to his powers or resistance. Ã¢â‚¬ This implies that to win a war you might use all means, strength, and resources within your power to deliver the best strategy possible. Using Ã¢â‚¬Å"calculation of probabilitiesÃ¢â‚¬ victory can achieved by fully knowing what is at stake and how to attack at the right time. Being aware of the political agenda and reasoning behind a war allows for more awareness of political and military alliances in order to achieve victory in war. In addition, by understanding that there are tactics and strategy which must be used in war a victory can be acquired (website, Handel). To Clausewitz this means that Ã¢â‚¬Å"preparations for WarÃ¢â‚¬ and the Ã¢â‚¬Å"War itselfÃ¢â‚¬ must be seen as distinct entities. By preparing for the War you are acquiring all needed provisions and equipment, and comprehending the enemy and terrain in which the battles might be fought (Clausewitz Book 6). Sun too indicates that preparation for War is strongly required, and that without it practicality of strategy is lost. This would include any tactics to be used, calculations which can done, deriving rules or Ã¢â‚¬Å"even systems for the conduct of warÃ¢â‚¬ , and understanding that knowledge can be Ã¢â‚¬Å"converted into real powerÃ¢â‚¬ . Clausewitz considers that Ã¢â‚¬Å"war is science when mere knowing; art, when doing. Ã¢â‚¬ This law of action must include strategy. This in turn Ã¢â‚¬Å"links together the series of acts which are to lead to the final decisionÃ¢â‚¬ or finality of victory. Because these strategic elements are key to achieving victory, this author insists that the Ã¢â‚¬Å"use of engagementsÃ¢â‚¬ ¦. be classified into: moral, physical, mathematical, geographical, and statisticalÃ¢â‚¬ aspects. This elements manifest within the process and act of War, and encompass the idea that strategic assembly of forces enables victory. Clausewitz indicates that the use of battle leads to the destruction of the enemyÃ¢â‚¬â„¢s military, and that a great results is achieved by battle (KLINGER 79-89).

Sunday, October 13, 2019

Analysis of Botnet Security Threats

Analysis of Botnet Security Threats CHAPTER 1 INTRODUCTION 1.1 Introduction During the last few decades, we have seen the dramatically rise of the Internet and its applications to the point which they have become a critical part of our lives. Internet security in that way has become more and more important to those who use the Internet for work, business, entertainment or education. Most of the attacks and malicious activities on the Internet are carried out by malicious applications such as Malware, which includes viruses, trojan, worms, and botnets. Botnets become a main source of most of the malicious activities such as scanning, distributed denial-of-service (DDoS) activities, and malicious activities happen across the Internet. 1.2 Botnet Largest Security Threat A bot is a software code, or a malware that runs automatically on a compromised machine without the users permission. The bot code is usually written by some criminal groups. The term Ã¢â‚¬Å"botÃ¢â‚¬ refers to the compromised computers in the network. A botnet is essentially a network of bots that are under the control of an attacker (BotMaster). Figure 1.1 illustrates a typical structure of a botnet. A bot usually take advantage of sophisticated malware techniques. As an example, a bot use some techniques like keylogger to record user private information like password and hide its existence in the system. More importantly, a bot can distribute itself on the internet to increase its scale to form a bot army. Recently, attackers use compromised Web servers to contaminate those who visit the websites through drive-by download [6]. Currently, a botnet contains thousands of bots, but there is some cases that botnet contain several millions of bots [7]. Actually bots differentiate themselves from other kind of worms by their ability to receive commands from attacker remotely [32]. Attacker or better call it botherder control bots through different protocols and structures. The Internet Relay Chat (IRC) protocol is the earliest and still the most commonly used CC channel at present. HTTP is also used because Http protocol is permitted in most networks. Centralized structure botnets was very successful in the past but now botherders use decentralized structure to avoid single point of failure problem. Unlike previous malware such as worms, which are used probably for entertaining, botnets are used for real financial abuse. Actually Botnets can cause many problems as some of them listed below: i. Click fraud. A botmaster can easily profit by forcing the bots to click on advertisement for the purpose of personal or commercial abuse. ii. Spam production. Majority of the email on the internet is spam. iii. DDoS attacks. A bot army can be commanded to begin a distributed denial-of-service attack against any machine. iv. Phishing. Botnets are widely used to host malicious phishing sites. Criminals usually send spam messages to deceive users to visit their forged web sites, so that they can obtain users critical information such as usernames, passwords. 1.3 Botnet in-Depth Nowadays, the most serious manifestation of advanced malware is Botnet. To make distinction between Botnet and other kinds of malware, the concepts of Botnet have to understand. For a better understanding of Botnet, two important terms, Bot and BotMaster have been defined from another point of views. Bot Bot is actually short for robot which is also called as Zombie. It is a new type of malware [24] installed into a compromised computer which can be controlled remotely by BotMaster for executing some orders through the received commands. After the Bot code has been installed into the compromised computers, the computer becomes a Bot or Zombie [25]. Contrary to existing malware such as virus and worm which their main activities focus on attacking the infecting host, bots can receive commands from BotMaster and are used in distributed attack platform. BotMaster BotMaster is also known as BotHerder, is a person or a group of person which control remote Bots. Botnets- Botnets are networks consisting of large number of Bots. Botnets are created by the BotMaster to setup a private communication infrastructure which can be used for malicious activities such as Distributed Denial-of-Service (DDoS), sending large amount of SPAM or phishing mails, and other nefarious purpose [26, 27, 28]. Bots infect a persons computer in many ways. Bots usually disseminate themselves across the Internet by looking for vulnerable and unprotected computers to infect. When they find an unprotected computer, they infect it and then send a report to the BotMaster. The Bot stay hidden until they are announced by their BotMaster to perform an attack or task. Other ways in which attackers use to infect a computer in the Internet with Bot include sending email and using malicious websites, but common way is searching the Internet to look for vulnerable and unprotected computers [29]. The activities associated with Botnet can be classified into three parts: (1) Searching searching for vulnerable and unprotected computers. (2) Dissemination the Bot code is distributed to the computers (targets), so the targets become Bots. (3) sign-on the Bots connect to BotMaster and become ready to receive command and control traffic. The main difference between Botnet and other kind of malwares is the existence of Command-and-Control (CC) infrastructure. The CC allows Bots to receive commands and malicious capabilities, as devoted by BotMaster. BotMaster must ensure that their CC infrastructure is sufficiently robust to manage thousands of distributed Bots across the globe, as well as resisting any attempts to shutdown the Botnets. However, detection and mitigation techniques against Botnets have been increased [30,31]. Recently, attackers are also continually improving their approaches to protect their Botnets. The first generation of Botnets utilized the IRC (Internet Relay Chat) channels as their Common-and-Control (CC) centers. The centralized CC mechanism of such Botnet has made them vulnerable to being detected and disabled. Therefore, new generation of Botnet which can hide their CC communication have emerged, Peer-to-Peer (P2P) based Botnets. The P2P Botnets do not experience from a single point of failur e, because they do not have centralized CC servers [35]. Attackers have accordingly developed a range of strategies and techniques to protect their CC infrastructure. Therefore, considering the CC function gives better understanding of Botnet and help defenders to design proper detection or mitigation techniques. According to the CC channel we categorize Botnets into three different topologies: a) Centralized; b) Decentralized and c) Hybrid. In Section 1.1.4, these topologies have been analyzed and completely considered the protocols that are currently being used in each model. 1.4 Botnet Topologies According to the Command-and-Control(CC) channel, Botnet topology is categorized into three different models, the Centralized model, the Decentralized model and Hybrid model. 1.4.1 Centralized Model The oldest type of topology is the centralized model. In this model, one central point is responsible for exchanging commands and data between the BotMaster and Bots. In this model, BotMaster chooses a host (usually high bandwidth computer) to be the central point (Command-and-Control) server of all the Bots. The CC server runs certain network services such as IRC or HTTP. The main advantage of this model is small message latency which cause BotMaster easily arranges Botnet and launch attacks. Since all connections happen through the CC server, therefore, the CC is a critical point in this model. In other words, CC server is the weak point in this model. If somebody manages to discover and eliminates the CC server, the entire Botnet will be worthless and ineffective. Thus, it becomes the main drawback of this model. A lot of modern centralized Botnets employed a list of IP addresses of alternative CC servers, which will be used in case a CC server discovered and has been taken offline. Since IRC and HTTP are two common protocols that CC server uses for communication, we consider Botnets in this model based on IRC and HTTP. Figure 1.2 shows the basic communication architecture for a Centralized model. There are two central points that forward commands and data between the BotMaster and his Bots. 1.4.1.1 Botnets based on IRC The IRC is a type of real-time Internet text messaging or synchronous conferencing [36]. IRC protocol is based on the Client Server model that can be used on many computers in distributed networks. Some advantages which made IRC protocol widely being used in remote communication for Botnets are: (i) low latency communication; (ii) anonymous real-time communication; (iii) ability of Group (many-to-many) and Private (one-to-one) communication; (iv) simple to setup and (v) simple commands. The basic commands are connect to servers, join channels and post messages in the channels; (vi) very flexibility in communication. Therefore IRC protocol is still the most popular protocol being used in Botnet communication. In this model, BotMasters can command all of their Bots or command a few of the Bots using one-to-one communication. The CC server runs IRC service that is the same with other standard IRC service. Most of the time BotMaster creates a channel on the IRC server that all the bots can connect, which instruct each connected bot to do the BotMasters commands. Figure 1.3 showed that there is one central IRC server that forwards commands and data between the BotMaster and his Bots. Puri [38] presented the procedures and mechanism of Botnet based on IRC, as shown in Figure. 1.4. Bots infection and control process [38]: i. The attacker tries to infect the targets with Bots. ii. After the Bot is installed on target machine, it will try to connect to IRC server. In this while a random nickname will be generate that show the bot in attackers private channel. iii. Request to the DNS server, dynamic mapping IRC servers IP address. iv. The Bot will join the private IRC channel set up by the attacker and wait for instructions from the attacker. Most of these private IRC channel is set as the encrypted mode. v. Attacker sends attack instruction in private IRC channel. vi. The attacker tries to connect to private IRC channel and send the authentication password. vii. Bots receive instructions and launch attacks such as DDoS attacks. 1.4.1.2 Botnet based on HTTP The HTTP protocol is an additional well-known protocol used by Botnets. Because IRC protocol within Botnets became well-known, internet security researchers gave more consideration to monitoring IRC traffic to detect Botnet. Consequently, attackers started to use HTTP protocol as a Command-and-Control communication channel to make Botnets become more difficult to detect. The main advantage of using the HTTP protocol is hiding Botnets traffics in normal web traffics, so it can easily passes firewalls and avoid IDS detection. Usually firewalls block incoming and outgoing traffic to not needed ports, which usually include the IRC port. 1.4.2 Decentralized model Due to major disadvantage of Centralized model-Central Command-and-Control (CC)-attackers tried to build another Botnet communication topology that is harder to discover and to destroy. Hence, they decided to find a model in which the communication system does not heavily depending on few selected servers and even discovering and destroying a number of Bots. As a result, attackers take advantage of Peer-to-Peer (P2P) communication as a Command-and-Control (CC) pattern which is much harder to shut down in the network. The P2P based CC model will be used considerably in Botnets in the future, and definitely Botnets that use P2P based CC model impose much bigger challenge for defense of networks. In the P2P model, as shown in Fig. 1.6, there is no Centralized point for communication. Each Bot have some connections to the other Bots of the same Botnet and Bots act as both Clients and servers. A new Bot must know some addresses of the Botnet to connect there. If Bots in the Botnet are taken offline, the Botnet can still continue to operate under the control of BotMaster. P2P Botnets aim at removing or hiding the central point of failure which is the main weakness and vulnerability of Centralized model. Some P2P Botnets operate to a certain extent decentralized and some completely decentralized. Those Botnets that are completely decentralized allow a BotMaster to insert a command into any Bots. Since P2P Botnets usually allow commands to be injected at any node in the network, the authentication of commands become essential to prevent other nodes from injecting incorrect commands. For a better understanding in this model, some characteristics and important features of famous P2P Botnets have been mentioned: Slapper: Allows the routing of commands to distinct nodes. Uses Public key and private key cryptography to authenticate commands. BotMasters sign commands with private key and only those nodes which has corresponding public key can verify the commands [42]. Two important weak points are: (a) its list of known Bots contains all (or almost all) of the Botnet. Thus, one single captured Bot would expose the entire Botnet to defenders [42] (b) its sophisticated communication mechanism produces lot traffic, making it vulnerable to monitoring via network flow analysis. Sinit: This Bot uses random searching to discove other Bots to communicate with. It can results in an easy detection due to the extensive probing traffic [34]. Nugache: Its weakness is based on its reliance on a seed list of 22 IP addresses during its bootstrap process [47]. Phatbot: Uses Gnutella cache server for its bootstrap process which can be easily shutdown. Also its WASTE P2P protocol has a scalability problem across a long network [48]. Strom worm: it uses a P2p overnet protocl to control compromised hosts. The communication protocol for this Bot can be classified into five steps, as describes below :[37] i. Connect to Overnet Bots try to join Overnet network. Each Bot initially has hard-coded binary files which is included the IP addresses of P2P-based Botnet nodes. ii. Search and Download Secondary Injection URL Bot uses hard-coded keys to explore for and download the URL on the Overnet network [37]. iii. Decrypt Secondary Injection URL compromised hosts take advantages of a key(hard coded) to decrypt the URL. iv. Download Secondary Injection compromised hosts attempt to download the second injection from a server(probably web server). It could be infected files or updated files or list of the P2P nodes [37]. 1.4.3 Hybrid model The Bots in the Hybrid Botnet are categorized into two groups: 1) Servant Bots Bots in the first group are called as servant Bots, because they behave as both clients and servers, which have static, routable IP addresses and are accessible from the entire Internet. 2) Client Bots Bots in the second group is called as client Bots since they do not accept incoming connections. This group contains the remaining Bots, including:- (a) Bots with dynamically designated IP addresses; (b) Bots with Non-routable IP addresses; and (c) Bots behind firewalls which they cannot be connected from the global Internet. 1.5 Background of the Problem Botnets which are controlled remotely by BotMasters can launch huge denial of service attacks, several infiltration attacks, can be used to spread spam and also conduct malicious activities [115]. While bot army activity has, so far, been limited to criminal activity, their potential for causing large- scale damage to the entire internet is immeasurable [115]. Therefore, Botnets are one of the most dangerous types of network-based attack today because they involve the use of very large, synchronized groups of hosts for their malicious activities. Botnets obtain their power by size, both in their increasing bandwidth and in their reach. As mentioned before Botnets can cause severe network disruptions through huge denial- of-service attacks, and the danger of this interruption can charge enterprises big sums in extortion fees. Botnets are also used to harvest personal, corporate, or government sensitive information for sale on a blooming organized crime market. 1.6 Statement of the Problem Recently, botnets are using new type of command-and-control(CC) communication which is totally decentralized. They utilize peer-to-peer style communication. Tracking the starting point and activity of this botnet is much more complicated due to the Peer-to-Peer communication infrastructure. Combating botnets is usually an issue of discovering their weakness: their central position of command, or CC server. This is typically an IRC network that all bots connect to central point, however with the use of P2P method; we cannot find any central point of command. In the P2P networks each bots in searching to connect other peers which can receive or broadcast commands through network. Therefore, an accurate detection and fighting method is required to prevent or stop such dangerous networks. 1.7 Research Questions a. What are the main differences between centralized and decentralized botnets? b. What is the best and efficient general extensible solution for detecting non-specific Peer-to- Peer botnets? 1.8 Objectives of the Study i. To develop a network-based framework for Peer-to-Peer botnets detection by common behavior in network communication. ii. To study the behavior of bots and recognizing behavioral similarities across multiple bots in order to develop mentioned framework. 1.9 Scope of the Study The project scope is limited to developing some algorithms pertaining to our proposed framework. This algorithms are using for decreasing traffics by filtering it, classifying intended traffics, monitoring traffics and the detection of malicious activities. 1.10 Significance of the study Peer-to-Peer botnets are one of the most sophisticated types of cyber crime today. They give the full control of many computers around to world to exploit them for malicious activities purpose such as spread of virus and worm, spam distribution and DDoS attack. Therefore, studying the behavior of P2P botnets and develop a technique that can detect them is important and high-demanded. 1.11 Summary Understanding the Botnet Command-and-Control(CC) is a critical part in recognizing how to best protect against the overall botnet threat. The CC channels utilized by the Botnets will often show the type and degree of actions an enterprise can follow in either blocking or shutting down a botnet, and the probability of success. It is also obvious that attackers have been trying for years to move away from Centralized CC channels, and are achieving some success using Decentralized(P2P) CC channels over the last 5 or so years. Therefore in this chapter we have defined a classification for better understanding of Botnets CC channels, which is included Centralized, Decentralized, and Hybrid model and tried to evaluate recognized protocols in each of them. Understanding the communication topologies in Botnets is essential to precisely identify, detect and mitigate the ever-increasing Botnets threats. CHAPTER 2 LITERATURE REVIEW 2.1 Introduction Before majority of botnets was using IRC (Internet Relay Chat) as a communication protocol for Command and Control(CC) mechanism. Therefore, many researches tried to develop botnet detection scheme which was based on analysis of IRC traffic [50]. As a result, attackers decided to develop more sophisticated botnets, such as Storm worm and Nugache toward the utilization of P2P networks for CC infrastructures. In response to this movement, researches have proposed various models of botnets detection that are based on P2P infrastructure [5]. One key advantage of both IRC and HTTP Botnet is the use of central Command and Control. This characteristic provides the attacker with very well-organized communication. However, the assets also considers as a main disadvantage to the attacker [8]. The threat of the Botnet can be decreased and possibly omitted if the central CC is taken over or taken down [8]. The method that is starting to come out is P2P structure for Botnet interaction. There is not any centralized centre for P2P botnets. Any nodes in P2P botnet behave as client and server as well. If any point in the network is shut down the botnet still can continue its operation. The storm botnet is one of the main and recognized recent P2P botnets. It customized the overnet P2P file-sharing application which is based on the Kademlia distributed hash table algorithm [55] and exploit it for its CC infrastructure. Recently many researchers specially in the anti-virus community and electronic media concentrated on storm worm [56,57]. 2.2 Background and History A peer-to-peer network is a network of computers that any computer in the network can behave as both a client and a server. Some explanation of peer-to-peer networks does not need any form of centralized coordination. This definition is more comfortable because the attacker may be interested in hybrid architectures [8]. 2.2.1 History The table 2.1 shows a summary of some well-known bots and P2P protocols. The range of time from the first bots, EggDrop, until the Storm Worm P2P bot is newly released. The first non-malicious bot was EggDrop that came up many years ago, and we know it as one of the first IRC bots that came to market. GTBot that have many other categories is another well-known malicious bot, that its variants are IRC client, mIRC.exe[61]. After a while, P2P protocols have been used for Botnet activities. Napster is one of the first bot that used P2P as its communication. Napster built an platform that permit all bots can find each other and share files with each other in the network. In this bot, file sharing has been done in the centralized server that we can say it was not completely a P2P botnet. Therefore, all bots have to upload an index of their files to the centralized server and also if they are looking for other files among all bots, have to search in centralized server. If it can find any file that looking for, then can directly connect to that bot and download what they want. Nowadays, because Napster has been shutdown as their service recognized as illegal service, many other P2P service focusing on avoiding such finding. After few years after Napster, Gnutella protocol came up as the first completely P2P services. Actually after Gnutellas , as shown in Table 2.1, many other P2P protocols have been released, such as Kademilia and Chord. This two new p2p service are using distributed hash table as a method for finding information in the peer-to-peer networks. Agobot is another malicious P2P bot that came up recently and become widespread because of good design and modular code base [61]. Nowadays many researchers are concentrating on P2P bots and there is an anticipation that P2P bots will reach to the stage that Centralized botnets will not been used any more in the future. Table 2.1: P2P based Botnets 2.3 Peers-to-Peer Overlay Networks Overlay networks are categorized into two categories: Structured and Unstructured. All nodes in first category can connect to most X peers regarding some conditions for identification of nodes that those peers want to connect. However in unstructured type there is not any specified limit for the number of peers that they can connect, in spite of the fact that there is not any condition for connecting to other peers. Overnet is a good example of structured p2p networks and Chorf is a good example of unstructured P2P networks. 2.3.1 Brief overview of Overnet One of the popular file sharing networks is Overnet that use for their design use distributed hash table (DHT) algorithm that called Kademlia[55]. Each node produces a 128-bit id for joining the network and also use for sending to other node for introducing itself. Actually each node in the network saves the information about other nodes in order to route query messages. 2.3.2 Brief overview of Gnutella Gnutellas is a unstructured file sharing network. In this network, when a node like n want to connect to a node like m, use a ping message to inform the other node for its presence. As long as node m received ping message, then send it back to other nodes in its neighbor and also send a Pong message to the sender of ping message that was node n. this transaction among node let them to learn about each other. 2.4 Botnet Detection In particular, to compare existing botnet detection techniques, different methods are described and then disadvantages of each method are mentioned respectively. 2.4.1 Honeypot-based tracking Honeypot can be used to collect bots for analyzing its behavior and signatures and also for tracking botnets. But using honeypots have several limitations. The most important limitation is because of limited scale of exploited activities that can track. And also it cannot capture the bots that use the method of propagation other than scanning, such as spam. And finally it can only give report for infection machines that are anticipated and put in the network as trap system. So it means that it can not give a report for those computers that are infected with bot in the network but are not devoted as trap machines. So we can come to this conclusion that generally in this technique we have to wait until one bot in the network infect our system and then we can track or analyze the machine. 2.4.2 Intrusion detection systems Intrusion detection techniques can be categorized into two categories: host-based and network-based solution. Host-based techniques are used for recognizing malware binaries such as viruses. A good example of this type is anti-virus detection systems. However, we know that anti-virus are good for just virus detection. The most important disadvantages of anti-virus are that bots can easily evade the detection technique by changing their signatures easily, because the detection system cannot update their databases consistency. And also bots can disable any anti-virus tools in the system to protect themselves from detection. Network- based intrusion detection system is another method for detection that is used in the field of botnet detection. Snort[67] and Bro[68] are the two well-known signature based detection system that are used currently. They use a database as signatures of famous malicious activities to detect botnets or any other malware. Actually if our objective is using this technique for botnet detection, we have to keep updating the database and recognizing all malware quickly to make a signature of it and add to our database. For solving this solving this problem recently researchers are using anomaly based IDS that can detect malicious activities based on behavior of malware or detection techniques. 2.4.3 Bothunter : Dialog correlation-based Botnet detection This technique developed an evidence-trail approach for detecting successful bot infection with patterns during communication for infection process. In this strategy, bot infection pattern are modeled to use for recognizing the whole process of infection of botnet in the network. All behavior that occur the bot infection such as target scanning, CC establishment, binary downloading and outbound propagation have to model by this method. This method gathers an evidence-trail of connected infection process for each internal machine and then tries to look for a threshold combination of sequences that will convince the condition for bot infection [32]. The BotHunter use snort with adding two anomaly-detection components to it that are SLADE (Statistical payLoad Anomaly Detection Engine) and SCADE (Statistical scan Anomaly Detection Engine). SCADE produce internal and external scan detection warnings that are weighted for criticality toward malware scanning patterns. SLADE perform a byte-distribution payload anomaly detection of incoming packets, providing a matching non-signature approach in inbound exploit detection [32 ]. Slade use an n-gram payload examination of traffics that have typical malware intrusions. SCADE execute some port scan analysis for incoming and outgoing traffics. Actually BotHunter has a link between scan and alarm intrusion that shows a host has been infected. When a adequate sequence of alerts is established to match BotHunters infection dialog model, a comprehensive report is created to get all the related events participants that have a rule in infection dialog [32]. This method provides some important features: i. This technique concentrates on malware detection by IDS-driven dialog correlation. This model shows an essential network processes that occur during a successful bot infection. ii. This technique has one IDS-independent dialog correlation engine and three bot-specific sensors. This technique can automatically produce a report of whole detection of bot, as well as the infection of agent, identification of the computer that has been infected and source of Command and Control centre. 2.4.3.1 Bot infection sequences Actually understanding bot infection life processes is a challenging work for protection of network in the future. The major work in this area is differentiating between successful bot infection and background exploit attempt. For reaching to this point analysis of two-way dialog flow between internal hosts and external hosts (internet) is needed. In a good design network which uses filtering at gateway, the threats of direct exploitations are limited. However, contemporary malware families are highly flexible in their ability to attack vulnerable hosts through email attachments, infected P2P media, and drive-by download infections [32]. 2.4.3.2 Modeling the infection dialog process The bot distribution model can conclude by an analysis of external communication traffics that shows the behavior of relevant botnet. Incoming scan and utilize alarms are not enough to state a winning malware infection, as are assumed that a stable stream of scan and exploit signals will be observed from the way out monitor [32]. Figure 2.1 shows the process of bot infection in BotHunter that used for evaluating network flows through eight stages. This model is almost similar with the model that Rajab et al. presented for IRC detection model. The model that they proposed has early initial scanning that is a preceding consideration happen in form of IP exchange and pointing vulnerable ports. Actually figure 2.1 is not aimed for a strict ordering of infection events that happen during bot infection. The important issue here is that bot dialog processes analysis have to be strong to the absence of some dialog events and must not need strong sequencing on the order in bound dialog is conducted. One solution to solve the problem of sequence order and event is to use a weighted event threshold system that take smallest essential sparse sequences of events under which bot profile statement can be initiated [32]. For instance, it is possible put weighting and threshold system for the look of each event in a way that a smallest set of event is important prior of bot detection. 2.4.3.3 Design and implementation More attention devoted for designing a passive network monitoring system in this part which be able of identifying the bidirectional warning signs when internal hosts are infected with b Analysis of Botnet Security Threats Analysis of Botnet Security Threats CHAPTER 1 INTRODUCTION 1.1 Introduction During the last few decades, we have seen the dramatically rise of the Internet and its applications to the point which they have become a critical part of our lives. Internet security in that way has become more and more important to those who use the Internet for work, business, entertainment or education. Most of the attacks and malicious activities on the Internet are carried out by malicious applications such as Malware, which includes viruses, trojan, worms, and botnets. Botnets become a main source of most of the malicious activities such as scanning, distributed denial-of-service (DDoS) activities, and malicious activities happen across the Internet. 1.2 Botnet Largest Security Threat A bot is a software code, or a malware that runs automatically on a compromised machine without the users permission. The bot code is usually written by some criminal groups. The term Ã¢â‚¬Å"botÃ¢â‚¬ refers to the compromised computers in the network. A botnet is essentially a network of bots that are under the control of an attacker (BotMaster). Figure 1.1 illustrates a typical structure of a botnet. A bot usually take advantage of sophisticated malware techniques. As an example, a bot use some techniques like keylogger to record user private information like password and hide its existence in the system. More importantly, a bot can distribute itself on the internet to increase its scale to form a bot army. Recently, attackers use compromised Web servers to contaminate those who visit the websites through drive-by download [6]. Currently, a botnet contains thousands of bots, but there is some cases that botnet contain several millions of bots [7]. Actually bots differentiate themselves from other kind of worms by their ability to receive commands from attacker remotely [32]. Attacker or better call it botherder control bots through different protocols and structures. The Internet Relay Chat (IRC) protocol is the earliest and still the most commonly used CC channel at present. HTTP is also used because Http protocol is permitted in most networks. Centralized structure botnets was very successful in the past but now botherders use decentralized structure to avoid single point of failure problem. Unlike previous malware such as worms, which are used probably for entertaining, botnets are used for real financial abuse. Actually Botnets can cause many problems as some of them listed below: i. Click fraud. A botmaster can easily profit by forcing the bots to click on advertisement for the purpose of personal or commercial abuse. ii. Spam production. Majority of the email on the internet is spam. iii. DDoS attacks. A bot army can be commanded to begin a distributed denial-of-service attack against any machine. iv. Phishing. Botnets are widely used to host malicious phishing sites. Criminals usually send spam messages to deceive users to visit their forged web sites, so that they can obtain users critical information such as usernames, passwords. 1.3 Botnet in-Depth Nowadays, the most serious manifestation of advanced malware is Botnet. To make distinction between Botnet and other kinds of malware, the concepts of Botnet have to understand. For a better understanding of Botnet, two important terms, Bot and BotMaster have been defined from another point of views. Bot Bot is actually short for robot which is also called as Zombie. It is a new type of malware [24] installed into a compromised computer which can be controlled remotely by BotMaster for executing some orders through the received commands. After the Bot code has been installed into the compromised computers, the computer becomes a Bot or Zombie [25]. Contrary to existing malware such as virus and worm which their main activities focus on attacking the infecting host, bots can receive commands from BotMaster and are used in distributed attack platform. BotMaster BotMaster is also known as BotHerder, is a person or a group of person which control remote Bots. Botnets- Botnets are networks consisting of large number of Bots. Botnets are created by the BotMaster to setup a private communication infrastructure which can be used for malicious activities such as Distributed Denial-of-Service (DDoS), sending large amount of SPAM or phishing mails, and other nefarious purpose [26, 27, 28]. Bots infect a persons computer in many ways. Bots usually disseminate themselves across the Internet by looking for vulnerable and unprotected computers to infect. When they find an unprotected computer, they infect it and then send a report to the BotMaster. The Bot stay hidden until they are announced by their BotMaster to perform an attack or task. Other ways in which attackers use to infect a computer in the Internet with Bot include sending email and using malicious websites, but common way is searching the Internet to look for vulnerable and unprotected computers [29]. The activities associated with Botnet can be classified into three parts: (1) Searching searching for vulnerable and unprotected computers. (2) Dissemination the Bot code is distributed to the computers (targets), so the targets become Bots. (3) sign-on the Bots connect to BotMaster and become ready to receive command and control traffic. The main difference between Botnet and other kind of malwares is the existence of Command-and-Control (CC) infrastructure. The CC allows Bots to receive commands and malicious capabilities, as devoted by BotMaster. BotMaster must ensure that their CC infrastructure is sufficiently robust to manage thousands of distributed Bots across the globe, as well as resisting any attempts to shutdown the Botnets. However, detection and mitigation techniques against Botnets have been increased [30,31]. Recently, attackers are also continually improving their approaches to protect their Botnets. The first generation of Botnets utilized the IRC (Internet Relay Chat) channels as their Common-and-Control (CC) centers. The centralized CC mechanism of such Botnet has made them vulnerable to being detected and disabled. Therefore, new generation of Botnet which can hide their CC communication have emerged, Peer-to-Peer (P2P) based Botnets. The P2P Botnets do not experience from a single point of failur e, because they do not have centralized CC servers [35]. Attackers have accordingly developed a range of strategies and techniques to protect their CC infrastructure. Therefore, considering the CC function gives better understanding of Botnet and help defenders to design proper detection or mitigation techniques. According to the CC channel we categorize Botnets into three different topologies: a) Centralized; b) Decentralized and c) Hybrid. In Section 1.1.4, these topologies have been analyzed and completely considered the protocols that are currently being used in each model. 1.4 Botnet Topologies According to the Command-and-Control(CC) channel, Botnet topology is categorized into three different models, the Centralized model, the Decentralized model and Hybrid model. 1.4.1 Centralized Model The oldest type of topology is the centralized model. In this model, one central point is responsible for exchanging commands and data between the BotMaster and Bots. In this model, BotMaster chooses a host (usually high bandwidth computer) to be the central point (Command-and-Control) server of all the Bots. The CC server runs certain network services such as IRC or HTTP. The main advantage of this model is small message latency which cause BotMaster easily arranges Botnet and launch attacks. Since all connections happen through the CC server, therefore, the CC is a critical point in this model. In other words, CC server is the weak point in this model. If somebody manages to discover and eliminates the CC server, the entire Botnet will be worthless and ineffective. Thus, it becomes the main drawback of this model. A lot of modern centralized Botnets employed a list of IP addresses of alternative CC servers, which will be used in case a CC server discovered and has been taken offline. Since IRC and HTTP are two common protocols that CC server uses for communication, we consider Botnets in this model based on IRC and HTTP. Figure 1.2 shows the basic communication architecture for a Centralized model. There are two central points that forward commands and data between the BotMaster and his Bots. 1.4.1.1 Botnets based on IRC The IRC is a type of real-time Internet text messaging or synchronous conferencing [36]. IRC protocol is based on the Client Server model that can be used on many computers in distributed networks. Some advantages which made IRC protocol widely being used in remote communication for Botnets are: (i) low latency communication; (ii) anonymous real-time communication; (iii) ability of Group (many-to-many) and Private (one-to-one) communication; (iv) simple to setup and (v) simple commands. The basic commands are connect to servers, join channels and post messages in the channels; (vi) very flexibility in communication. Therefore IRC protocol is still the most popular protocol being used in Botnet communication. In this model, BotMasters can command all of their Bots or command a few of the Bots using one-to-one communication. The CC server runs IRC service that is the same with other standard IRC service. Most of the time BotMaster creates a channel on the IRC server that all the bots can connect, which instruct each connected bot to do the BotMasters commands. Figure 1.3 showed that there is one central IRC server that forwards commands and data between the BotMaster and his Bots. Puri [38] presented the procedures and mechanism of Botnet based on IRC, as shown in Figure. 1.4. Bots infection and control process [38]: i. The attacker tries to infect the targets with Bots. ii. After the Bot is installed on target machine, it will try to connect to IRC server. In this while a random nickname will be generate that show the bot in attackers private channel. iii. Request to the DNS server, dynamic mapping IRC servers IP address. iv. The Bot will join the private IRC channel set up by the attacker and wait for instructions from the attacker. Most of these private IRC channel is set as the encrypted mode. v. Attacker sends attack instruction in private IRC channel. vi. The attacker tries to connect to private IRC channel and send the authentication password. vii. Bots receive instructions and launch attacks such as DDoS attacks. 1.4.1.2 Botnet based on HTTP The HTTP protocol is an additional well-known protocol used by Botnets. Because IRC protocol within Botnets became well-known, internet security researchers gave more consideration to monitoring IRC traffic to detect Botnet. Consequently, attackers started to use HTTP protocol as a Command-and-Control communication channel to make Botnets become more difficult to detect. The main advantage of using the HTTP protocol is hiding Botnets traffics in normal web traffics, so it can easily passes firewalls and avoid IDS detection. Usually firewalls block incoming and outgoing traffic to not needed ports, which usually include the IRC port. 1.4.2 Decentralized model Due to major disadvantage of Centralized model-Central Command-and-Control (CC)-attackers tried to build another Botnet communication topology that is harder to discover and to destroy. Hence, they decided to find a model in which the communication system does not heavily depending on few selected servers and even discovering and destroying a number of Bots. As a result, attackers take advantage of Peer-to-Peer (P2P) communication as a Command-and-Control (CC) pattern which is much harder to shut down in the network. The P2P based CC model will be used considerably in Botnets in the future, and definitely Botnets that use P2P based CC model impose much bigger challenge for defense of networks. In the P2P model, as shown in Fig. 1.6, there is no Centralized point for communication. Each Bot have some connections to the other Bots of the same Botnet and Bots act as both Clients and servers. A new Bot must know some addresses of the Botnet to connect there. If Bots in the Botnet are taken offline, the Botnet can still continue to operate under the control of BotMaster. P2P Botnets aim at removing or hiding the central point of failure which is the main weakness and vulnerability of Centralized model. Some P2P Botnets operate to a certain extent decentralized and some completely decentralized. Those Botnets that are completely decentralized allow a BotMaster to insert a command into any Bots. Since P2P Botnets usually allow commands to be injected at any node in the network, the authentication of commands become essential to prevent other nodes from injecting incorrect commands. For a better understanding in this model, some characteristics and important features of famous P2P Botnets have been mentioned: Slapper: Allows the routing of commands to distinct nodes. Uses Public key and private key cryptography to authenticate commands. BotMasters sign commands with private key and only those nodes which has corresponding public key can verify the commands [42]. Two important weak points are: (a) its list of known Bots contains all (or almost all) of the Botnet. Thus, one single captured Bot would expose the entire Botnet to defenders [42] (b) its sophisticated communication mechanism produces lot traffic, making it vulnerable to monitoring via network flow analysis. Sinit: This Bot uses random searching to discove other Bots to communicate with. It can results in an easy detection due to the extensive probing traffic [34]. Nugache: Its weakness is based on its reliance on a seed list of 22 IP addresses during its bootstrap process [47]. Phatbot: Uses Gnutella cache server for its bootstrap process which can be easily shutdown. Also its WASTE P2P protocol has a scalability problem across a long network [48]. Strom worm: it uses a P2p overnet protocl to control compromised hosts. The communication protocol for this Bot can be classified into five steps, as describes below :[37] i. Connect to Overnet Bots try to join Overnet network. Each Bot initially has hard-coded binary files which is included the IP addresses of P2P-based Botnet nodes. ii. Search and Download Secondary Injection URL Bot uses hard-coded keys to explore for and download the URL on the Overnet network [37]. iii. Decrypt Secondary Injection URL compromised hosts take advantages of a key(hard coded) to decrypt the URL. iv. Download Secondary Injection compromised hosts attempt to download the second injection from a server(probably web server). It could be infected files or updated files or list of the P2P nodes [37]. 1.4.3 Hybrid model The Bots in the Hybrid Botnet are categorized into two groups: 1) Servant Bots Bots in the first group are called as servant Bots, because they behave as both clients and servers, which have static, routable IP addresses and are accessible from the entire Internet. 2) Client Bots Bots in the second group is called as client Bots since they do not accept incoming connections. This group contains the remaining Bots, including:- (a) Bots with dynamically designated IP addresses; (b) Bots with Non-routable IP addresses; and (c) Bots behind firewalls which they cannot be connected from the global Internet. 1.5 Background of the Problem Botnets which are controlled remotely by BotMasters can launch huge denial of service attacks, several infiltration attacks, can be used to spread spam and also conduct malicious activities [115]. While bot army activity has, so far, been limited to criminal activity, their potential for causing large- scale damage to the entire internet is immeasurable [115]. Therefore, Botnets are one of the most dangerous types of network-based attack today because they involve the use of very large, synchronized groups of hosts for their malicious activities. Botnets obtain their power by size, both in their increasing bandwidth and in their reach. As mentioned before Botnets can cause severe network disruptions through huge denial- of-service attacks, and the danger of this interruption can charge enterprises big sums in extortion fees. Botnets are also used to harvest personal, corporate, or government sensitive information for sale on a blooming organized crime market. 1.6 Statement of the Problem Recently, botnets are using new type of command-and-control(CC) communication which is totally decentralized. They utilize peer-to-peer style communication. Tracking the starting point and activity of this botnet is much more complicated due to the Peer-to-Peer communication infrastructure. Combating botnets is usually an issue of discovering their weakness: their central position of command, or CC server. This is typically an IRC network that all bots connect to central point, however with the use of P2P method; we cannot find any central point of command. In the P2P networks each bots in searching to connect other peers which can receive or broadcast commands through network. Therefore, an accurate detection and fighting method is required to prevent or stop such dangerous networks. 1.7 Research Questions a. What are the main differences between centralized and decentralized botnets? b. What is the best and efficient general extensible solution for detecting non-specific Peer-to- Peer botnets? 1.8 Objectives of the Study i. To develop a network-based framework for Peer-to-Peer botnets detection by common behavior in network communication. ii. To study the behavior of bots and recognizing behavioral similarities across multiple bots in order to develop mentioned framework. 1.9 Scope of the Study The project scope is limited to developing some algorithms pertaining to our proposed framework. This algorithms are using for decreasing traffics by filtering it, classifying intended traffics, monitoring traffics and the detection of malicious activities. 1.10 Significance of the study Peer-to-Peer botnets are one of the most sophisticated types of cyber crime today. They give the full control of many computers around to world to exploit them for malicious activities purpose such as spread of virus and worm, spam distribution and DDoS attack. Therefore, studying the behavior of P2P botnets and develop a technique that can detect them is important and high-demanded. 1.11 Summary Understanding the Botnet Command-and-Control(CC) is a critical part in recognizing how to best protect against the overall botnet threat. The CC channels utilized by the Botnets will often show the type and degree of actions an enterprise can follow in either blocking or shutting down a botnet, and the probability of success. It is also obvious that attackers have been trying for years to move away from Centralized CC channels, and are achieving some success using Decentralized(P2P) CC channels over the last 5 or so years. Therefore in this chapter we have defined a classification for better understanding of Botnets CC channels, which is included Centralized, Decentralized, and Hybrid model and tried to evaluate recognized protocols in each of them. Understanding the communication topologies in Botnets is essential to precisely identify, detect and mitigate the ever-increasing Botnets threats. CHAPTER 2 LITERATURE REVIEW 2.1 Introduction Before majority of botnets was using IRC (Internet Relay Chat) as a communication protocol for Command and Control(CC) mechanism. Therefore, many researches tried to develop botnet detection scheme which was based on analysis of IRC traffic [50]. As a result, attackers decided to develop more sophisticated botnets, such as Storm worm and Nugache toward the utilization of P2P networks for CC infrastructures. In response to this movement, researches have proposed various models of botnets detection that are based on P2P infrastructure [5]. One key advantage of both IRC and HTTP Botnet is the use of central Command and Control. This characteristic provides the attacker with very well-organized communication. However, the assets also considers as a main disadvantage to the attacker [8]. The threat of the Botnet can be decreased and possibly omitted if the central CC is taken over or taken down [8]. The method that is starting to come out is P2P structure for Botnet interaction. There is not any centralized centre for P2P botnets. Any nodes in P2P botnet behave as client and server as well. If any point in the network is shut down the botnet still can continue its operation. The storm botnet is one of the main and recognized recent P2P botnets. It customized the overnet P2P file-sharing application which is based on the Kademlia distributed hash table algorithm [55] and exploit it for its CC infrastructure. Recently many researchers specially in the anti-virus community and electronic media concentrated on storm worm [56,57]. 2.2 Background and History A peer-to-peer network is a network of computers that any computer in the network can behave as both a client and a server. Some explanation of peer-to-peer networks does not need any form of centralized coordination. This definition is more comfortable because the attacker may be interested in hybrid architectures [8]. 2.2.1 History The table 2.1 shows a summary of some well-known bots and P2P protocols. The range of time from the first bots, EggDrop, until the Storm Worm P2P bot is newly released. The first non-malicious bot was EggDrop that came up many years ago, and we know it as one of the first IRC bots that came to market. GTBot that have many other categories is another well-known malicious bot, that its variants are IRC client, mIRC.exe[61]. After a while, P2P protocols have been used for Botnet activities. Napster is one of the first bot that used P2P as its communication. Napster built an platform that permit all bots can find each other and share files with each other in the network. In this bot, file sharing has been done in the centralized server that we can say it was not completely a P2P botnet. Therefore, all bots have to upload an index of their files to the centralized server and also if they are looking for other files among all bots, have to search in centralized server. If it can find any file that looking for, then can directly connect to that bot and download what they want. Nowadays, because Napster has been shutdown as their service recognized as illegal service, many other P2P service focusing on avoiding such finding. After few years after Napster, Gnutella protocol came up as the first completely P2P services. Actually after Gnutellas , as shown in Table 2.1, many other P2P protocols have been released, such as Kademilia and Chord. This two new p2p service are using distributed hash table as a method for finding information in the peer-to-peer networks. Agobot is another malicious P2P bot that came up recently and become widespread because of good design and modular code base [61]. Nowadays many researchers are concentrating on P2P bots and there is an anticipation that P2P bots will reach to the stage that Centralized botnets will not been used any more in the future. Table 2.1: P2P based Botnets 2.3 Peers-to-Peer Overlay Networks Overlay networks are categorized into two categories: Structured and Unstructured. All nodes in first category can connect to most X peers regarding some conditions for identification of nodes that those peers want to connect. However in unstructured type there is not any specified limit for the number of peers that they can connect, in spite of the fact that there is not any condition for connecting to other peers. Overnet is a good example of structured p2p networks and Chorf is a good example of unstructured P2P networks. 2.3.1 Brief overview of Overnet One of the popular file sharing networks is Overnet that use for their design use distributed hash table (DHT) algorithm that called Kademlia[55]. Each node produces a 128-bit id for joining the network and also use for sending to other node for introducing itself. Actually each node in the network saves the information about other nodes in order to route query messages. 2.3.2 Brief overview of Gnutella Gnutellas is a unstructured file sharing network. In this network, when a node like n want to connect to a node like m, use a ping message to inform the other node for its presence. As long as node m received ping message, then send it back to other nodes in its neighbor and also send a Pong message to the sender of ping message that was node n. this transaction among node let them to learn about each other. 2.4 Botnet Detection In particular, to compare existing botnet detection techniques, different methods are described and then disadvantages of each method are mentioned respectively. 2.4.1 Honeypot-based tracking Honeypot can be used to collect bots for analyzing its behavior and signatures and also for tracking botnets. But using honeypots have several limitations. The most important limitation is because of limited scale of exploited activities that can track. And also it cannot capture the bots that use the method of propagation other than scanning, such as spam. And finally it can only give report for infection machines that are anticipated and put in the network as trap system. So it means that it can not give a report for those computers that are infected with bot in the network but are not devoted as trap machines. So we can come to this conclusion that generally in this technique we have to wait until one bot in the network infect our system and then we can track or analyze the machine. 2.4.2 Intrusion detection systems Intrusion detection techniques can be categorized into two categories: host-based and network-based solution. Host-based techniques are used for recognizing malware binaries such as viruses. A good example of this type is anti-virus detection systems. However, we know that anti-virus are good for just virus detection. The most important disadvantages of anti-virus are that bots can easily evade the detection technique by changing their signatures easily, because the detection system cannot update their databases consistency. And also bots can disable any anti-virus tools in the system to protect themselves from detection. Network- based intrusion detection system is another method for detection that is used in the field of botnet detection. Snort[67] and Bro[68] are the two well-known signature based detection system that are used currently. They use a database as signatures of famous malicious activities to detect botnets or any other malware. Actually if our objective is using this technique for botnet detection, we have to keep updating the database and recognizing all malware quickly to make a signature of it and add to our database. For solving this solving this problem recently researchers are using anomaly based IDS that can detect malicious activities based on behavior of malware or detection techniques. 2.4.3 Bothunter : Dialog correlation-based Botnet detection This technique developed an evidence-trail approach for detecting successful bot infection with patterns during communication for infection process. In this strategy, bot infection pattern are modeled to use for recognizing the whole process of infection of botnet in the network. All behavior that occur the bot infection such as target scanning, CC establishment, binary downloading and outbound propagation have to model by this method. This method gathers an evidence-trail of connected infection process for each internal machine and then tries to look for a threshold combination of sequences that will convince the condition for bot infection [32]. The BotHunter use snort with adding two anomaly-detection components to it that are SLADE (Statistical payLoad Anomaly Detection Engine) and SCADE (Statistical scan Anomaly Detection Engine). SCADE produce internal and external scan detection warnings that are weighted for criticality toward malware scanning patterns. SLADE perform a byte-distribution payload anomaly detection of incoming packets, providing a matching non-signature approach in inbound exploit detection [32 ]. Slade use an n-gram payload examination of traffics that have typical malware intrusions. SCADE execute some port scan analysis for incoming and outgoing traffics. Actually BotHunter has a link between scan and alarm intrusion that shows a host has been infected. When a adequate sequence of alerts is established to match BotHunters infection dialog model, a comprehensive report is created to get all the related events participants that have a rule in infection dialog [32]. This method provides some important features: i. This technique concentrates on malware detection by IDS-driven dialog correlation. This model shows an essential network processes that occur during a successful bot infection. ii. This technique has one IDS-independent dialog correlation engine and three bot-specific sensors. This technique can automatically produce a report of whole detection of bot, as well as the infection of agent, identification of the computer that has been infected and source of Command and Control centre. 2.4.3.1 Bot infection sequences Actually understanding bot infection life processes is a challenging work for protection of network in the future. The major work in this area is differentiating between successful bot infection and background exploit attempt. For reaching to this point analysis of two-way dialog flow between internal hosts and external hosts (internet) is needed. In a good design network which uses filtering at gateway, the threats of direct exploitations are limited. However, contemporary malware families are highly flexible in their ability to attack vulnerable hosts through email attachments, infected P2P media, and drive-by download infections [32]. 2.4.3.2 Modeling the infection dialog process The bot distribution model can conclude by an analysis of external communication traffics that shows the behavior of relevant botnet. Incoming scan and utilize alarms are not enough to state a winning malware infection, as are assumed that a stable stream of scan and exploit signals will be observed from the way out monitor [32]. Figure 2.1 shows the process of bot infection in BotHunter that used for evaluating network flows through eight stages. This model is almost similar with the model that Rajab et al. presented for IRC detection model. The model that they proposed has early initial scanning that is a preceding consideration happen in form of IP exchange and pointing vulnerable ports. Actually figure 2.1 is not aimed for a strict ordering of infection events that happen during bot infection. The important issue here is that bot dialog processes analysis have to be strong to the absence of some dialog events and must not need strong sequencing on the order in bound dialog is conducted. One solution to solve the problem of sequence order and event is to use a weighted event threshold system that take smallest essential sparse sequences of events under which bot profile statement can be initiated [32]. For instance, it is possible put weighting and threshold system for the look of each event in a way that a smallest set of event is important prior of bot detection. 2.4.3.3 Design and implementation More attention devoted for designing a passive network monitoring system in this part which be able of identifying the bidirectional warning signs when internal hosts are infected with b