Postmodern and Existential/Psychoanalytical curriculum theory Essay

The terms I had the most difficulty defining from the exercise were Postmodern and Existential/Psychoanalytical curriculum theory. I find that these theories assume a class body which I understand intellectually but have difficulty imagining. In Scenario 6 (AIU, 2006) about postmodernism where the teacher is discussing how technology furthers cultural elitism, this would require a very advanced class of students. It is an approach which would only really impact 11th and 12th graders who have studied history and understand cultural elitism. In addition, even if the students have studied the history, the material requires experience the students have only caught glimpses of. Certainly a discussion a little above the students comfort zone would lead to critical thinking, but it runs the risk of this vulnerable age using the belief that technology will somehow lead to oppression to stop them from seeing how it could lead to equalization of inequality. A postmodern approach would take a special teacher and a special set of students to be effective. The problem I had with the Existential/Psychoanalytical theory of Scenario 7 (AIU, 2006) is that it assumes that you as a teacher really know a student. What a teacher observes of their student may not be accurate, and it takes a dedicated teacher to take the necessary time to understand what direction a student should take their potential. Students have great potential for many diverse things from, for example, being great artists or activists or sports commentators. Teachers must examine their own biases to make sure that they are not encouraging one potential over another due to cultural, sexual or racial biases and perceptions. Similarities and differences among theories. Walker’s deliberative approach to curriculum development is similar to a postmodern approach. In both approaches it is assumed that curriculum is shaped by particular beliefs and values held by curriculum makers. For the deliberative approach these biases are mitigated by the makers open discussion of beliefs and values and attempt to come to neutral ground before designing the curriculum (Scenario 3). In postmodernism, the teacher allows the receivers of the curriculum to provide input on and conceptualize the effects of the curriculum before it is implemented (Scenario 6). The Existential/Psychoanalytical approach, Hilda Taba’s approach, Eisner’s approach and the Autobiographical/Biographical approach to curriculum development all share a central tenant that students are individuals. However, Existential/ Psychoanalytical theory optimistically focuses on nurturing who the student will be in the future (AIU, 2006, Scenario 7) while Taba’s needs assessment tends to focus on present deficiencies (AIU, 2006, Scenario 5). In contrast, the Autobiographical/Biographical theory focuses on how human differences in experience shape the developmental journey from the present to the future (AIU, 2006, Scenario 4). Eisner is more Autobiographical in theory but focuses on providing the right opportunity to learn rather than strict direction (AIU, 2006, Scenario 1).

Slavery & Racism in America Through Time

SLAVERY & RACISM IN AMERICA THROUGH TIME Slavery & Racism In America Through Time AMENDMENT I – to the Bill of Rights, the right to be able to make your own choices about your life†¦ In so many words that is true. The first amendment speaks of freedom of speech, freedom of religion and freedom of petition, but who did this pertain to? Not everyone was privileged to these rights, which is sad when in today’s society; we have so much to be thankful for. Our rights are being guarded, fought for by thousands of men and women in the Armed Forces day and night, and have been for years, but since 1865, the fight for equality did not exist. So today there is a spirit that America has, called Patriotism, which means something different now than it did before 1865. Today we have comfort and a reason to live here; a purpose. Coming into this world as a black, white, brown, green, or orange person, we all have a choice as to who we want to become, and how we want to call the shots, if we want to be lawyers, police officers, judges, waitresses, or run for the president of the United States. Did it ever occur to you, that before you and I and our grandparents were born, not any of this was an option? People had children for one reason; whites had children to raise and become the owners of their plantations depending on the sex of the child. If you were an African American slave, you were born an African American slave. No choices! We all have choices now. The mess it took to get America to where we are today is an amazing adventure that is going to be and adventure to write about. Before the reconstruction in 1865, African Americans were treated in ways depending on their masters. The authority the masters had over their slaves, made it easy for them to take advantage of the situation by beating them and being torn up by dogs, which is what one slave said that lived to tell her story during an interview by Ila B. Prine in a Federal Writing Project in 1937. Charity Andersen lived in Mobile Alabama, and was said to be 101 years old. Most of the former slaves during this project were close to a century old if not older. They speak of broken English, but not of a language of a country, but of illiteracy. The slaves were not given education rights, for hemselves or children. They were simply put on this earth to work for the white man. There were also the slaves who had a better way of life because their masters felt that mistreating their slaves would not make for a good investment for their future if needed to sell them later. The slaves would need to be healthy and hard working, well mannered, and trusted. To beat, and â€Å"feed them to the dogs†, as Cha rity well stated, would not promote more work out of the slaves either. In these interviews the slaves spoke of freedom after the emancipation as if they had never left. They were set free, but really, were they? They had choices to move on and make more of their lives, but most were oblivious to what was out there. They lived alone, never learned to read or write, but spoke of freedom as it being the best thing that ever happened. Would you agree? Abolishing slavery did not mean the white man accepted the black man into their world. This brought hatred, ugliness into society more than could be imagined. The anti-black riots began the summer of the Elections of 1866. Many were killed and injured. Still, African Americans did not give up fighting for equal rights from the beginning of the reconstruction. The Fourteenth Amendment was ratified which allowed African American’s that were born in America to be called U. S. citizens, but were limited to their constitutional rights. Although they kept getting beat down, they demanded the right to vote, and in 1870, finally, the fifteenth amendment was ratified and gave the right for black males to vote. (Davidson, 481) The fact that the black man was able to vote meant a lot, but what did that mean to to the rest of the African Americans? To the women? Women were still not considered equal to man. It was not until 50 years later until the nineteenth amendment granted women the right to vote. There were a lot of corks and screws loose in the consitution, and with each state having the ability to change within it’s own, made it difficult to play the equality game. No matter where you went Democratic parties were trying to wean out the rights for the African Americans. â€Å"Separate but Equal† was the new Democratic running slogan. Today this means nothing. Then it meant seperating the blacks and the whites as long as theywere treated equal. The fourteenth amendment was limited to protecting citizens civil rights by states not by individials. Segregation was legalized in 1896, but for example, Mississippi’s new state constitution required voters to pay a toll and required all voters to pass a literacy test. This eliminated a great majority of black voters. How is this not setting them up for failure? Entrapment at its best! Then by1908, campaigns that put a to limit voting has one in every southern state. The â€Å"color blind† constitution was a part of African American progress for the next 100 years, which will bring us past to our future amazing life as we are now! Not only giving African American men the right to vote, but women, made a big impact on the political society. This legitimized women’s participation in all area’s of society. For example, African Americans were still getting denied services in certain states that was kept underground for a period of time. Reporter Peter Buxton, a Public Health Investigator revealed that 399 African American men were infected with syphilis near Tuskegee, Alabama in 1932. They were being denied medical treatment so that effects of the disease could be studied. This subsequently ended in 1972. In 1997 President Clinton apologized to some of the American people by stating the some of the studies were not covert, and not only on African Americans. Basically spreading the wealth among the whites, burn victims etc. The families that were there were still unaware of what experiement they were getting into. (P*, 1994-1995) There was so much for the black man and woman to give up on. Since slavery the whit man has been trying to run the black man out of the country, out of the business world, out of the housing market, the crop market, the economy, away from voting; has that stopped him or her? What is next? The Klu Klux Klan has got to be the most dredged alligience that lynched African Americans and they grew all over the United States after World War I. The KKK Lynched over 70 African Americans, leaving 11 burned alive. The mid 50’s were times also when men were lynched for â€Å"imagined† crimes. Just for possible looking at someone. There is a story about a black man in North Carolina plowing a field. He was accused of looking at a white woman walking along side the field, when he was probably just looking at the cows butt. He was found guilt for â€Å"leering† at her. He was given a long prison sentence. The black men and women still stood for what they believed in. In 1955, Rosa Parks, well, she sat down for what she believed in. She was tired after a long day at work, and refused to give up her seat on a bus in Alabama, which disobeyed a law that required blacks to give up their seats to white people when buses were full. She was arrested, which caused a 381-day boycott, that resulted in the Supreme Court banning segregation on public transportation. Rosa Parks was a seamstress who helped spark the civil rights movement of the 1960’s. (America's Story) No matter what, African Amercians were pushing to be apart of American society, and EQUAL part of Amerian society. Because we are all Americans. By the early 1960’s, African Americans were moving to urban centers in the Northest, the Midwest and the Far West of the United States. Then by the 1970’s, the trend was known as the â€Å"Sun Belt† phenomenon. (Davidson, 831) The cities were declining, the whites were moving out and the blacks, and hispanics were moving in. There was so much in Americas society that the African American had to offer after we had moved in. In 1967, Thurgood Marshall was the first African American Supreme Court Justice. He spent many years on the National Association for Colored People, and argued that segregated schools for children was against consittutional rights. The Supreme Court agreed. We still had our bad times, 1968, Springfield riots, Martin Luther King assassination, the democratic convention in Chicago, ect. , but will it ever end? We have so much still to fight for and so does the black man. We finally have our first African American President of the United States of America. Does it end here? No! It will not! Because Barak Obama will not. This paper stands behind every black man amd woman and what they stand for. They should never give up for what they believe in. Have faith in our country and where you stand. To come as far as slavery, to be born and know you will be 4 years old and peeling potatoes barefoot and picking corn in the fields without meals for hours, sleeping on hardwood floors and calling that normal, then calling freedom, sitting in your living room afraid to walk outside and cross the street because you can not read the street signs. Their freedom was never given in every sense it could have been like we have it. References Lester, J.. (2009, September). Troubling White People. The Horn Book magazine, 85(5), 507-508. Retrieved September 29, 2009, from Research Library. (Document ID: 1845601651). †African American literature. † ClassicLayout. World Book, 2009. Web . 29 September. 2009. America's Story from America's Library. (n. d. ). Retrieved October 12, 2009, from Library of Congress in Washington D. C. : http://www. americaslibrary. gov/cgi-bin/page. cgi/jb/modern/parks_1 Davidson, J. D. (2008). Nations of Nations, A Narrative History of the American Republic (Sixth ed. , Vol. II: Since 1865). (S. Culbertosn, Ed. ) Several, US: McGraw Hill Companies. Georgetown University. (n. d. ). The History Guide. Retrieved September 28 , 2009, from Resources for Historians – the History Guide: http://www. historyguide. org/resources. html P*, S. E. (1994-1995). Bordeninstitute. army. mil. Retrieved October 12, 2009, from Military Medical Ethics: http://74. 125. 155. 132/unclesam? q=cache:PuNerD7YimYJ:www. bordeninstitute. army. mil/published_volumes/ethicsvol2/ethics-ch-17. pdf+peter+buxton+tuskegee+alabama&cd=1&hl=en&ct=clnk&gl=us Prine, I. B. (1996). American Studies Hypertexts at the University of Virginia. Retrieved October 11, 2009, from American Slaves Narratives, an Online Anthology: http://xroads. virginia. edu/~hyper/wpa/anderso1. html

Medea: Passion vs. Reason

Medea: Passion vs. Reason â€Å"The passions are like fire, useful in a thousand ways and dangerous only in one, through their excess,† stated Christian Nestell Bovee a famous mid-19th century author. â€Å"Logic, like whiskey, loses its beneficial effect when taken in too large quantities,† stated Lord Dunsany a famous Anglo-Irish writer during the 1900s. These quotes demonstrate a strong theme in the Greek play Medea written by Euripides. In the play Medea, the protagonist Medea learns that her husband Jason breaks every vow and betrays her by taking another woman to bed.Feeling outraged and hurt, Medea decides to take revenge. She carries out her plan successfully and the play concludes with Medea escaping off to Athens. Throughout the play, two distinct concepts of beliefs and point of views are revealed in the two main characters of the play, Medea and Jason. Medea sees the world through the views of passion whereas Jason sees the world through the views of reason. The main characters express an extremity of either passion or reason which leads them to their own downfall; moreover, through both Medea and Jason's actions, the strength and weakness of each attribute is revealed.According to the Oxford Dictionary, passion is defined as a â€Å"strong and barely controllable emotion and a state or outburst of strong emotion†. The protagonist of the play, Medea, demonstrates an excessive passion which leads her to destruction. The strongest factor that contributes to Medea’s unreasonable passion is her extreme love for Jason. In the beginning of the play the nurse mourns that, â€Å"[Medea’s] heart on fire with passionate love for Jason; nor would she have persuaded the daughters of Pelias to kill their father†¦ and she herself helped Jason in every way† (P. 1).The protagonist passionate love for Jason deceives her thoughts and leaves her with nothing but hope for Jason’s love. However, Medea’s hope s trips and shatters to pieces when she learns that Jason has left her for another woman. Medea explains to the chorus that, â€Å"It has broken [her] heart. [She is] finished. † (P. 8). Medea simply wishes to die. However, Medea’s suicidal mind fades away as her excessive passion feeds upon her hatred and rage which leads her to uncalled acts of revenge. She calls out to the gods to pray that â€Å"[she] may see [Jason], him and his bride and their entire place hattered for the wrong they dare to do [her] without cause† (P. 6). Motivated by animosity, Medea successfully murders the Princess and the king. However, lost in the sea of hatred Medea then decides to â€Å"kill [her] own children† (P. 26). From her own actions, Medea destroys everything that she cares for due to an excessive in both love and hatred. Medea’s superfluous love makes her sacrifice her family, status, and home. Furthermore, Medea’s actions due to hatred destroy her futur e. For example, to achieve ultimate revenge, Medea kills her own two sons to make Jason suffer.However, at the same time â€Å"[Medea] feel the pain [herself]. [She] share[s] in [Jason’s] sorrow† (P. 44). The killing of her own children will make her feel a lifelong agony. For Medea, love does not simply turn to abhorrence. A main cause of this sudden shift in passion is Jason’s betrayal. Also to Medea, it is her redundant and hurtful pride that unleashes the hate inside her. Many times throughout the play Medea expresses â€Å"For it is not bearable to be mocked by enemies† (P. 26). Medea cannot allow others to laugh at her misfortune and only through the murder of her enemies could she feel redeemed and her pride restored.Reason defined by Oxford Dictionary means to â€Å"think, understand and form judgment logically†. Through his own excessive reasoning, the antagonist of the story, Jason, falls to destruction. Firstly in his mind, Jason sees ev erything to be explained by reason. Jason betrays Medea by marrying the Princess of Corinth. His purpose for such a cold hearted action is simply â€Å"that [they] might live well, and not be short of anything† (P. 18). To Jason, all the betraying is just a desperate act in hope to have what is best for the family. Secondly, in Jason‘s mind he never expects Medea to act irrationally because he neglects her feelings.In Jason’s eyes â€Å"it would have been for better far for men to have gotten their children in some other way, and women not to have existed† (P. 18). Jason believes that the only reason and positive outcome of marriage is children. Another example is when Jason argues that, â€Å" women have got such a state of mind that, if [their] life at night is good, [they] think [they] have everything; but, if in that quarter things go wrong, [they] will consider [their] best and truest interest most hateful† (P. 18). Jason thinks that Medea is o utraged because he took another woman to chamber. In addition, because he disregardedMedea’s love for him, he does not take into consideration that it is his betrayal that outrages Medea. Having too much reasoning and too little passion, Jason is left with nothing but hopeless and misery. Jason’s inability to see Medea’s revenge causes him to fall from the top to the bottom leaving him with nothing: no power, wealth, family, bloodlines and respect. In his last conversation with Medea, Jason cries that, â€Å"for [him] remains to cry aloud upon [his] fate, who will get no pleasure from [his] newly wedded love, and the boys whom [he] begot and brought up, never shall [he] speak to them alive.Oh, [his] life is over! † (P. 44). Medea’s final blow to Jason’s life is providing him with a prophecy about his death. In his character, Jason’s ratio of reason to passion is surely not proportional which blinds him from seeing Medea’s irrat ionality thus his downfall resulted. Everyone in society has both passion and reason. No one has one without the other. Both passion and reason have its own strengths and weakness which expresses through the main characters of Medea. Through the behaviors of Medea, many strength and weakness of passion are seen.For Medea, Passion is able to become strength and motivation for her reprisal. In text, Medea’s abundant love for Jason causes her to do anything for him, including sacrificing her own family. On the other hand, Medea’s excessive hatred overpowers her mind and becomes overboard with her actions. For instance, Medea plans â€Å"Next after [killing the princess]; for [she] shall kill [her] own children† (P. 26). Medea killing her own children will surely be the most evil act of humanity and all result from immoderate passion. Also, positive and negative aspects of logic are shown through Jason’s arguments.Strength of being rational is to be able to t hink about the positive and negative of things before making a decision. For example, â€Å"when [Jason] [arrives] here from the land of Iolcus †¦ [he] [is], in every kind of difficulty,† he exclaims, â€Å"what luckier chance could [he] have come across than this, an exile to marry the daughter of the king? †(P. 18). The outcomes of Jason’s plan have far more advantages than disadvantages. However, an extremity of reasoning may lead to neglecting the feelings of others. For instance, Jason neglects Medea’s love.Even though both have positive and negative aspects, in Euripides’ view having excessive passion is better than excessive reasoning. He consummates the play with Medea having her triumph and escaping to Athens with â€Å"such a chariot has Helius, [her] father’s father given [her] to defend from [her] enemies† (P. 43). With Medea having the final victory, readers may tell that Euripides chooses passion over reason. One ma y think, without the ability to feel and to have emotions, human would be no different from robots. These qualities are what make one human.The play Medea justifies both Christian Nestell Bovee’s point, â€Å"The passions are like fire, useful in a thousand ways and dangerous only in one, through their excess† and Lord Dunsany‘s view, â€Å"Logic, like whiskey, loses its beneficial effect when taken in too large quantities† . The extremity of passion and reason are revealed in the play Medea. Jason played a role of a rationalist and Medea an irrationalist. Via Medea’s superfluous passion, disastrous events occur in which guilt and grief will accompany Medea for the rest of her life. On the other hand, Jason is left with nothing due to his acute logical mind.His inconsideration for feelings and desire for acquisition are all causes of Jason’s denouement. Through the events in the story, properties, reason and passion have its own strength and weakness. Too much passion could lead to poor choices. On the contrary, de trop reasoning could lead one to a stone-heart. Both Jason and Medea possess an extremity of passion or reason which proves to be their hamartia. Even though each attribute has its own strength and weakness people should have a harmonic balance between reason and passion. Only then would one be ideal in making decisions. Just like in life, everything needs to have a balance.

Sociological Theory in Sports Coursework Example | Topics and Well Written Essays - 2750 words - 1

Sociological Theory in Sports - Coursework Example Skinner, Zakus & Edwards (2005) posit that sociology theory may contribute to the discussion regarding the development of sport management practices and policies.   This essay aims to analyze the significance of sociology theory to sports management by studying modern sports issues.This paper is concerned with how sports play a role in fostering social inclusion to aid in social inclusion and community development. According to Coalter (2007), there have been two sports policies brought up: to increase social and sports participation trough geographically targeted programs in socially deprived locations and to emphasize the contribution that sports volunteering can make to activate citizenship.Relatively, sports sociology is still a new term. Chalip, Thomas & Voyle (1996) defines it as the study of â€Å"the sportsperson as a sociological being in a particular context† Giddens (1997). He also postulates that it includes the study of contemporary social models which influence sport, specifically those that have lasted. They also believe that sports sociology is morally bound to consider the process and results of inequality and ignorance that exist in sport. Sociology also allows the range of common beliefs practices and attitudes to be reviewed and analyzed with the sole purpose of giving the best quality of sporting experience to shareholders. Chalip, Thomas & Voyle (1996) discuss the value of the sociological theory relation in four areas: as a stimulus for new ideas, the ability to clarify or to destroy myths surrounding sports, theoretical or hypothesis testing in sports research, and allowing the explanation and generalization of the sport.In the past decade, sport and recreational policy makers have had to adjust globalization and neoliberal processes since they affect social, economic and state activities, including those of social and community development. The governments' methods to shift from support and financial provision for sport and oth er embedded liberalism provisions to modern neoliberal state ones resulted in significant changes Coalter (2007). In the â€Å"neo-liberal† state private-public partnerships, tax advantages for corporate social duty, and the reduction of social solidarity are key aspects of the new institutional frameworks.  According to Thompson (2004), this implies that development and community level sport should operate under market conditions and frameworks inherent in neoliberalism and globalism. This means that sport should fulfill two roles: traditional sport development system for society and elite sport programs; as a function of legislation, programs, policies, funding, and sports management, secondly, where a sport is employed as a platform to deal with issues in the society and offer opportunities for disadvantaged members of the society. Research proves that one of the biggest challenges facing the disadvantaged is to find a community which they can identify with and belong un der declining social program provision and persistent breakdown of social solidarity (Atherley, 2006).Long term reliability and sustainability in delivering social outcomes is essential to the success of these developments through sport participation programs. Modern society demands additional flexibility and choice. The challenge for the traditional sports sector in most places is to move beyond current sport delivery norms and provide a range of products at low cost locally developed opportunities and extended public, private and third sector social capital programs. According to Giddens (1997), there is always a risk relying on these predominantly volunteer organizations to determine social outcomes.In such as the United Kingdom, there is an opportunity for the organizations to establish long term programs to support the use of sport to engage the community to deliver positive social outcomes. Partnerships between the traditional sports organization and the community-based organi zations could be forged to support participation in sports across the time from outreach to mainstream participation (Atherley, 2006).

Race and My Community Essay Example | Topics and Well Written Essays - 1250 words

Race and My Community - Essay Example Although I don't look different, the fact that I am not a pure Chinese makes some people stop and think, and depending on their personal experience, they adjust their behavior towards us. My community is a pretty mixed up place, but I don't mean we are confused. No, there may be few of mixed Japanese-Chinese ancestry as I am, but the neighborhood is crawling with people from different parts of the country who have come to the capital, where I live, in order to study, find work, or stay with their families. This is how race becomes an issue, something that one would not expect from an island nation such as ours, but it does. Contrary to popular belief, not all the Chinese are of the same race. Neither are all the Asians of the same race. The label "Asian American" in countries like the United States says a lot about the confusion of the racialized Western mind that thinks that we are all the same race. We can be as white as the Japanese and the Koreans or as dark as Indians or Pakistanis or Arabs. My being half-Japanese just makes the classification more exciting. I enjoy the care and attention I get from people who think I am not the same as they are, but I also suffer when others think that I don't belong, since I am neither pure Chinese nor pure Japanese, but this is something I have learned to adapt to since I was small, and when my friends learn more about me, they adapt. That is why they are my friends: we have many things in common, but also many things that are different. Our community leaders are open to us. They are helpful and are doing a good job with everyone regardless of color or ethnic origin, because most of them are also immigrants from other parts of the country. I think this is what education and moving out of your place of birth does to people. You learn quickly that even a small country like mine is really a big place where all of us can live happily together. I wish I could say the same thing of leaders in other communities. A friend from another part of town was just telling me that their leader, who happened to have migrated from the south of the country many decades ago, was discriminating against immigrants from other regions and favoring those from his town. I don't think that is right. I think a leader should treat people the same way a parent would treat their children. Help the kids grow up and learn, because life in this world is not easy. After thinking about it, I think racialization - the construction of racially unequal social hierarchies characterized by dominant and subordinate social relations between groups (Marable, 2004)- works both ways. Others find it useful to support their own hidden intentions, which can be good or bad. This is why it is good because people become more educated and sensitive on this issue so that there is less racialization in society. But it is also bad, because we might reach a point when we become paralyzed by racialization that life stops becoming fun. One example I can cite, which is related to information by or about people like me that can be found in texts or work manuals, is the impression people get when they see a strange name as the author of something, a speech, article, or a book.

Supply Chain and Operations Management Essay Example | Topics and Well Written Essays - 500 words

Supply Chain and Operations Management - Essay Example These risks could involve counterfeiting of mobile phone devices and their software as well as material losses of goods in transit. Measure should be taken to encourage good delivery, whether physical or intellectual. It is therefore for staff involved in the supply chain to be well motivated. Of essence is a platform of data sharing, where records and histories can be tracked. It is important to know who amended what and where they made their amends. These track records keep the entire system in check in case there is need to work a risk deductively. It ensures efficiency and risk reduction and fewer mistakes are made. The management should as well maintain hawk eye watch on their entire supply process to realize risks to sort them as fast as possible (Sara, & Pauline, 2001). Power disruption can be a source of interference with the delivery process and the entire supply system. It is advisable for the company to have a backup system to reduce on the losses imparted during periods when they happen Firms should protect useful information concerning the systems of developing mobile phone devices during the supply process. This is because there is need to avert creation of counterfeit material that could lower the quality of the original material in the market. Counterfeit products have been created for fraudulent activities. To avoid exposing the supply chain of a firm is also a good measure in risk reduction. This aids in avoiding fixations by counterfeit products and maintains the discretion of a firm. Counterfeits would require that firms develop their own defensive systems in software. These systems are an assurance of quality production and security, this way harm on the customers and firms in the long run is avoided. Firms also aid in the maintaining of their products by advising their customers

Workplace Human Resource Essay Example | Topics and Well Written Essays - 2250 words

Workplace Human Resource - Essay Example Hence, this department is only responsible for managing the existing employees within the business. Credit Union Bank has a corporate HR department responsible for the implementation and development of different aspects of human resource management, including hiring, talent management, change management, organizational performance, learning and development, employee engagement, benefits, compensations, diversity and inclusion, employee relations, and so forth, However, the local branch I work for has its local HR department. Basically, the HR department in my branch of the bank is responsible for the same things the corporate one is. However, of course, the amount of work and the scale of responsibilities differ significantly. While the corporate department is more focused on the long-term goals of the whole chain of banks, the local HR department in my branch is more concerned about such aspects of work as getting the best-fit candidates for vacant positions, keeping under control the relationships between the employees in the workplace, giving feedback on the achievements and performance of the employees, and designing compensation and bonus systems. Since the branch I work for is relatively small, the local HR department is represented by one single person. Regardless of the fact that our bank branch is not big, to my point of view, it is hardly possible for one person to cover all the responsibilities and duties an HR manager is supposed to cover. Proceeding from this, it becomes clear why some HR-related problems regularly occur in my workplace.

Sexually Transmitted Infections Essay Example | Topics and Well Written Essays - 500 words

Sexually Transmitted Infections - Essay Example Treatment is with azithromycin (single, 1g dose) or doxycycline (100mg twice daily for a week). A possible complication includes pelvic inflammatory disease (PID). This may lead to chronic pelvic pain, ectopic pregnancy and infertility. Treponema Pallidum and Neisseria Gonorrhoeae are both infections caused by a bacterium. While the infection with T. Pallidium (syphilis) manifests in the form of painless ulcers on the sites of infection, infection with N. Gonorrhoea (gonorrhea) presents in the form of painful urination, bleeding between periods and discharge from the vagina in women and discharge from the penis and painful, swollen testicles in men. Both infections may be passed from mother to baby. Syphilis may cause anomalies in babies (Syphilis, 2006). Both are diagnosed by detecting the bacterium in scrapings and samples. Syphilis may be diagnosed by detecting antibodies too. Both are treated with antibiotics. Both organisms can pass through blood to other organs. Complications of syphilis mainly involve the cardiovascular system and brain. Gonorrhoea causes PID. This in turn may lead to chronic pelvic pain, ectopic pregnancy and infertility. Both infections make the sufferer more susceptible to acquire HIV and if not treated, both may lead to death. I will explain that HSV

William Shakespeares Macbeth Essay Example | Topics and Well Written Essays - 1250 words

William Shakespeares Macbeth - Essay Example Thus, there are spectacular evidences all through the characterisation and the plot of the play which suggest the importance of the Elizabethan culture in the representation of 'gender' in Macbeth. Therefore, a paradox of sexual confusion and gender roles is evident at the heart of the play. "'Macbeth, a virile warrior-hero, is at the same time an 'unfinished man' who murders because he has been convinced by his wife that only through violence will he achieve a state of heroism. His manhood, displayed in the utterly 'masculine' form of bloodshed, is not self-determined or innate, but rather infused into him by Lady Macbeth." (Sch'rkhuber, 2007, p. 75). Therefore, this paper analyses Shakespeare's representation of 'gender' in Macbeth and compares it with the representation of 'gender' in the 21st Century referring to current literature, media, and poetry. One of the central concerns of the critics of the play Macbeth has been the author's representation of feminism in the play which is noted for the reversal of gender roles. Thus, one finds that the playwright has been interested in representing females as dominating their counterparts and the major characters and themes of the play depict the difference in the sexual representation of males and females. Whereas both Lady Macbeth and Macbeth are obsessed by the same passion of ambition, the playwright represents its effect differently in males and females. Lady Macbeth, the chief representative of females in the play, evidently violates the natural law concerning gender roles and the character of Macbeth enhances the reversal of gender roles in the play. "Both Lady Macbeth and Macbeth are fired by the same passion of ambition. However, while Macbeth is presented as violating moral law, Lady Macbeth seems to violate natural law: she is unfeminine. By eliminating in herself and her hus band tenderness, pity and vulnerability to feeling - human qualities her culture tends to associate with women - Lady Macbeth becomes half man herself. Through his efforts to be supreme among all men, Macbeth re-enacts the ambivalence of his sexual identity: the more he tries to prove his masculinity, the greater his fusion with Lady Macbeth." (Sch'rkhuber, 2007, p. 75). Therefore, it is palpable to a careful reader of the tragedy that Lady Macbeth makes an essential attempt to assume masculine characteristics which can make herself a stronger person. In addition, she also disparages her male counterpart, Macbeth, by attacking his own masculinity. "Macbeth shows a reversal in gender roles. The play questions what constitutes masculinity and femininity. It is important to Macbeth to be seen as a strong, powerful man. Lady Macbeth taunts him and mocks his sexuality to force him to get the courage to kill Duncan." (Thacker, 2008). In a careful analysis of the representation of feminism and masculinity in the play, one recognises that there is an evident reversal of gender roles by the playwright which can be comprehended as an attempt to identify with the contemporary Elizabethan culture.

Scholarly paper schizophrenia Essay Example | Topics and Well Written Essays - 2250 words

Scholarly paper schizophrenia - Essay Example A holistic approach has to be adopted in the treatment of this condition. Although schizophrenia cannot be cured, its symptoms can be considerably mitigated by medication with antipsychotic drugs. To a significant extent, this condition is genetic. However, it is also caused by stress, abuse of drugs and trauma. Schizophrenia Introduction This work deals with the disorder of schizophrenia and the methods of dealing with the problem. Initially, clinical features of the disease were taken up for a discussion. Subsequently, implications of the disorder were discussed. Moreover, the psychopathology of this ailment had been analysed. In this regard, role of the health care professionals in implementing the pathological interventions related to the patient, had been examined. Thereafter, the impact of the disease on the psychological condition of the patient were examined. The extant medical treatments and their effectiveness have been analysed. Pharmacological treatments, and psychologica l interventions provided by the health professionals, as a part of the treatment of this disorder, were taken up for a brief discussion. Subsequently, genetic issues relating to the problem were examined. Finally conclusions were arrived at stating that family support and psychological interventions are essential, n addition to the available medical treatments, in containing the degenerative disorder schizophrenia. Schizophrenia is a condition that can be correlated to many factors, and constitutes the result of a combination of genetic and environmental factors. Although the exact causes of this disorder have not been established, it is now evident that some of the genetic conditions have a causal relationship with schizophrenia, as depicted in the research conducted by Tandon, Keshavan, and Nasrallah. This can be established by family, twin and adoption studies (Tormoehlen & Lessick, 2011, p. 486). Individuals afflicted with schizophrenia exhibit excess mortality, in comparison to the general population. All the same, several of the people with this disease will survive and suffer from it in their later life. This makes it clear that schizophrenia among the old will emerge as a major public health issue in the future. Consequently, treatment of schizophrenia that is based on evidence will become a major issue, with regard to the older patients. All the same, the absence of adequate data to guide the selection of antipsychotics for those suffering from schizophrenia in their later life (Suzuki, et al., 2011, p. 961). There is an absence regarding the essential criteria necessary for arriving at a diagnosis of schizophrenia. However, there is consensus regarding the general clinical aspects of this syndrome (Tandon, Nasrallah, & Keshavan, 2009, p. 3). Clinical Features of Schizophrenia Patients diagnosed with schizophrenia have a higher mortality rate, in comparison to the normal population. Even though these heightened mortality rates seem to be on an increas ing trend, many of the patients afflicted with schizophrenia survive until old age and continue to suffer from the disorder. Hence, geriatric schizophrenia needs to be addressed in the near future, as one can expect the number of patients affected by it to increase substantially (Suzuki, et al., 2011, p. 662). Patients affected with an early onset of schizophrenia and who do not show adequate

What is Art Essay Example | Topics and Well Written Essays - 500 words

What is Art - Essay Example Art is something that looks attractive, fascinating or thrilling. These characteristics make art interesting hence becoming the best way for conveying messages, since people will tend to pay attention to things that will make them relax their minds. Art depends mainly on the use of illustrations to express ideas. The artist ensures that the viewer understands the message by simply looking at the illustration. The brain of the viewer is set to cope with the mood portrayed by the art. It may be an image portraying a holy place, a dirge which is a sign of sorrow or a painting to portray cheerful events. According to Bart Rosier, â€Å"Art is a historical blueprint of human vision and imagination.† Art is an imaginative attempt which integrates many characteristics of the human being. It is a sign of intelligence and the ability to combine several resources to come up with a resourceful image which is intended to be educative, informative and forewarning of impending dangers. Art is used to express differences in various cultures of the world, and the changes that occur with time. Art is mostly a symbol of its cultural setting hence there is immense effect of culture established in the art environment. According to Megan Backhouse, â€Å"There are many different definitions that explain art to be a study, practice and or observation whether it be in relation to scientific arts or the art of thinking.† Many artists use it as a means to present people with a design in relation to the prevailing circumstances, which may possibly not be clear if it was only said without art. Art connects the artistic mind and the minds of the viewer. It therefore deliberately generates poignant communication between the artiste and the spectators. Art has various definitions. These mainly depend on the circumstances for which art is intended to portray specific information. Art is an external way of putting in to view an artist’s

Parks and recreation Essay Example for Free

Parks and recreation Essay Chicago is a major medical and dental center supported by high-class hospitals and research services offering to its dwellers. Chicago offers life science and biotech entrepreneurs with a balance of capital, community. The local companies are experienced vanguarding the diagnostics, therapeutics, medical equipment, food and environmental biotechnologies, and research and development related activities (World business Chicago, 2005). Transportation Chicagos boasts a major inland port and the railroad hub of the US, while the OHare International Airport is the worlds busiest airports. The city has 1,084,127 number of passenger cars and 55,585 trucks (B plates) and 17,807 Trucks (RV) and Busses with total CTA passenger figure of 450,530,411 as per 2000. There are 3 airports, which handled 1,663,784 metric tons of cargo in 2000. The detail is shown in the table 1. 4 (Chicago Public Library, 2005). Lagos is connected by rail and road to all the major cities of Nigeria, while the city main Airport is Murtala Muhammad International Airport situated in city center. Ferries and highways form the transportation link for the city, but transport links within Lagos are crowded due to chaotic and unplanned geography of the city. Its volatile population, broken roads and reckless drivers, worsens the situation (Simmie, 2001) Table 1. 4 Chicago has total 791 parks, which includes baseball, basketball, bathing beaches, field houses, playgrounds, football, golf courses, driving ranges and gymnasiums with total area of 7,337 acres. There are also 5,327 harbor facilities and swimming pools, and zoos. (Chicago Public Library, 2005) In Lagos near the lagoon, Ebute Metta, multitude of wooden homes and shops are built over the frail silt which offer cheap living and food. The people sit in the middle and enjoy meals in the middle of stink, naked kids and beggars. The shops are made by these people to have a living, as government doesn’t seem to bother about their miseries. A council of elders resolves the issues inside the slums as government has little concern for these poor people (Smith, 2000). Water, sewerage and sanitation system The Chicago city has elaborate and well-developed water and sewerage, sanitation and recycling system. The city daily water pumpage is 969,225,00 gallons, while the water tunnels and lake covers an area of 63 miles. The city residential waste was about 1. 1 million ton as per 2000, while the total amount of recycling reached about 296,425 tons. The total length of sewers is about 4300 miles with 148000 main holes. Lagos is built on poorly drained marshlands. The city suffers flooding not only in the rainy season, but sewage blockage floods the city slums regularly. Just like other third world cities, Lagos is riddled with garbage and waste disposal littered everywhere. The explosive population has led the boom in construction industry, but without any planning as a result the building constructed with cheap material collapse giving rise to series of accidents frequently. The city is infamous for its traffic jams, as some times a 10 km distance can take up to three hours. Lagos has the reputation of the most dangerous city in the Africa. As the few bridge connects 3,500 square km of islands, swamp and the mainland, the highways run through mountains of garbage and wastelands with dirt and dust in the air passing through its 200 slums eternally drenched in sewage, garbage and industrial waste (Hall, 2001). The city haphazard planning has given rise to chaotic development, causing shortage of houses, roads, power, water and constant traffic jams. About 90 percent of the Nigerian people have access to electricity with Lagos consuming 45 percent of the energy (Octchet, 2005).

How Continuous Quality Improvement Can Address Medical Errors

How Continuous Quality Improvement Can Address Medical Errors This paper will cover medical errors and how Continuous Quality Improvement can address them. Health care managers have addressed the issue of medical errors for many years. Medical errors can be caused by lack or communication and leadership. Quality improvement in the health care environment is a hot topic and managers are researching ways in which they can increase the quality of care that a patient receives. The quality of care that a patient receives can be the determining factor as to whether they live or die. It is critical that managers develop policies and implement control measure to control the rise of medical errors. Attention to medical errors escalated over five years ago with the release of a study from the Institute of Medicine (IOM), which found that between 44,000 and 98,000 Americans die each year in U.S. hospitals due to preventable medical errors (Kaiseredu, 2010). Hospital errors rank between the fifth and eighth leading cause of death, killing more Americans than breast cancer, traffic accidents or AIDS. Serious medication errors occur in the cases of five to 10 percent of patients admitted to hospitals. These numbers may understate the problem because they do not include preventable deaths due to medical treatments outside of hospitals (kaiseredu, 2010). Health care managers, along with the Food and Drug Administration, have study the medical error reports to determine the cause of errors. Medical errors are one of the leading causes as to why health care has declined. To improve healthcare managers must determine how to decrease the mortality rates. Managers can determine this by studying and analyzing medical reports. These reports provided managers with detailed information on what procedure was being conducted or what medication the patient was administered. In a study by the FDA that evaluated reports of fatal medication errors from 1993 to 1998, the most common error involving medications was related to administration of an improper dose of medicine, accounting for 41% of fatal medication errors. Giving the wrong drug and using the wrong route of administration each accounted for 16% of the errors. Almost half of the fatal medication errors occurred in people over the age of 60. Older people may be at greatest risk for medicati on errors because they often take multiple prescription medications (Stoppler Marks, 2010). History has shown that many surveys and research studies have been conducted, so that providers can learn where and why mistakes are being made. Once providers have a clear understanding, they can implement control measure to insure these mistakes do not occur. National Patient Safety Foundation Survey: The National Patient Safety Foundation (NPSF) commissioned a phone survey in 1997 to review patient opinions about medical mistakes. The findings showed that 42% of people believed they had personally experienced a medical mistake. In these cases, the error affected them personally (33%), a relative (48%), or a friend (19%) (Wrongdiagnosis, 2010). Patients that were given the survey have experienced the following medical errors: Misdiagnosis (40%), Medication error (28%), Medical procedure error (22%), Administrative error (4%), Communication error (2%), Incorrect laboratory results (2%), Equipment malfunction (1%), and Other error (7%). Patient safety should be the number one concern for health care organizations. Health care managers are held accountable for ensuring that patients are provided with quality care. They are also accountable for the patients that are injured or die due to a providerà ¢Ãƒ ¢Ã¢â‚¬Å¡Ã‚ ¬Ãƒ ¢Ã¢â‚¬Å¾Ã‚ ¢s medical error. The health care industries along with scientific researchers have developed tools in which the quality of care can be measured. Organizations can use these tools to determine if effective care is being provided. Once they have determined the level of care they are providing, they can educate providers on what they are doing both wrong and right. The most common method used to determine the quality of care, is through the use of surveys. Health care organizations can provide staff and patients with surveys to determine what areas the organization can improve and sustain. These surveys will not be provided to every patient the provider has treated but only a selected few will be surveyed. Quality measurement in the healthcare industry requires a large amount of resources and funding. Researchers will most likely use methods that have worked before and have provide them with data; they could use to enhance the level of care the organization is providing. Healthcare researchers are constantly trying to find ways in which the completely eliminate medical errors. Due to the continuous cycle of experienced providers leaving and new providers being hired, medical errors in many cases will never be eliminated. Health care organizations can however implement the necessary control measures to ensure that patients are not misdiagnosed or the wrong limb is not amputated (Cohen, 2007). Healthcare organizations can decrease medical errors by establishing a continuous quality improvement plan that calls for the development of a multidisciplinary team to research and investigate the causes of medical errors. The Department of Veteran Affairs uses a CQI model developed by the Joint Commission to reduce the number or medical mistakes made by providers. Joint Commissions surveys all the Veteran Affairs Medical centers to see whether their staff is following the medical policies and regulations in providing quality care. Joint Commission has also established policies regarding how health care organizations will report and handle sentinel events. A sentinel event is an unexpected occurrence involving death or serious physical or psychological injury, or the risk thereof. Serious injury specifically includes loss of limb or function. The phrase, or the risk thereof includes any process variation for which a recurrence would carry a significant chance of a serious adverse outcome. Such events are called sentinel because they signal the need for immediate investigation and response (Jointcommission, 2010). In conclusion medical errors can occur at anytime while a patient is receiving care. It is important that health care providers communicate and provide education to their staff on reducing the number of medical errors, the facility has encountered. Medical errors can lead to the organization being sued by the patient or the patient family member. Law suites can be devastating for any organization to go through and can reduce the amount of funds that have been allotted to providing quality care. Therefore it is important that medical errors are reduced and even eliminated.

Mobile Ad Hoc Network Intrusion Detection System (IDS)

Mobile Ad Hoc Network Intrusion Detection System (IDS) Chapter 1 1. Introduction Mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs) are relatively new communication paradigms. MANETs do not require expensive base stations or wired infrastructure. Nodes within radio range of each other can communicate directly over wireless links, and those that are far apart use other nodes as relays. Each host in a MANET also acts as a router as routes are mostly multichip. The lack of fixed infrastructure and centralized authority makes a MANET suitable for a broad range of applications in both military and civilian environments. For example, a MANET could be deployed quickly for military communications in the battlefield. A MANET also could be deployed quickly in scenarios such as a meeting room, a city transportation wireless network, for fire fighting, and so on. To form such a cooperative and self configurable network, every mobile host should be a friendly node and willing to relay messages for others. In the original design of a MANET, global trustworthiness in nodes within the whole network is a fundamental security assumption. Recent progress in wireless communications and micro electro mechanical systems (MEMS) technology has made it feasible to build miniature wireless sensor nodes that integrate sensing, data processing, and communicating capabilities. These miniature wireless sensor nodes can be extremely small, as tiny as a cubic centimeter. Compared with conventional computers, the low-cost, battery-powered, sensor nodes have a limited energy supply, stringent processing and communications capabilities, and memory is scarce. The design and implementation of relevant services for WSNs must keep these limitations in mind. Based on the collaborative efforts of a large number of sensor nodes, WSNs have become good candidates to provide economically viable solutions for a wide range of applications, such as environmental monitoring, scientific data collection, health monitoring, and military operations. Despite the wide variety of potential applications, MANETs and WSNs often are deployed in adverse or even hostile environments. Therefore, they cannot be readily deployed without first addressing security challenges. Due to the features of an open medium, the low degree of physical security of mobile nodes, a dynamic topology, a limited power supply, and the absence of a central management point, MANETs are more vulnerable to malicious attacks than traditional wired networks are. In WSNs, the lack of physical security combined with unattended operations make sensor nodes prone to a high risk of being captured and compromised, making WSNs vulnerable to a variety of attacks. A mobile ad hoc network (MANET) is a self-configuring network that is formed automatically by a collection of mobile nodes without the help of a fixed infrastructure or centralized management. Each node is equipped with a wireless transmitter and receiver, which allow it to communicate with other nodes in its radio communication range. In order for a node to forward a packet to a node that is out of its radio range, the cooperation of other nodes in the network is needed; this is known as multi-hop communication. Therefore, each node must act as both a host and a router at the same time. The network topology frequently changes due to the mobility of mobile nodes as they move within, move into, or move out of the network. A MANET with the characteristics described above was originally developed for military purposes, as nodes are scattered across a battlefield and there is no infrastructure to help them form a network. In recent years, MANETs have been developing rapidly and are increasingly being used in many applications, ranging from military to civilian and commercial uses, since setting up such networks can be done without the help of any infrastructure or interaction with a human. Some examples are: search-and-rescue missions, data collection, and virtual classrooms and conferences where laptops, PDA or other mobile devices share wireless medium and communicate to each other. As MANETs become widely used, the security issue has become one of the primary concerns. For example, most of the routing protocols proposed for MANETs assume that every node in the network is cooperative and not malicious [1]. Therefore, only one compromised node can cause the failure of the entire network. There are both passive and active attacks in MANETs. For passive at tacks, packets containing secret information might be eavesdropped, which violates confidentiality. Active attacks, including injecting packets to invalid destinations into the network, deleting packets, modifying the contents of packets, and impersonating other nodes violate availability, integrity, authentication, and non-repudiation. Proactive approaches such as cryptography and authentication were first brought into consideration, and many techniques have been proposed and implemented. However, these applications are not sufficient. If we have the ability to detect the attack once it comes into the network, we can stop it from doing any damage to the system or any data. Here is where the intrusion detection system comes in. Intrusion detection can be defined as a process of monitoring activities in a system, which can be a computer or network system. The mechanism by which this is achieved is called an intrusion detection system (IDS). An IDS collects activity information and then analyzes it to determine whether there are any activities that violate the security rules. Once AN ID determines that an unusual activity or an activity that is known to be an attack occurs, it then generates an alarm to alert the security administrator. In addition, IDS can also initiate a proper response to the malicious activity. Although there are several intrusion detection techniques developed for wired networks today, they are not suitable for wireless networks due to the differences in their characteristics. Therefore, those techniques must be modified or new techniques must be developed to make intrusion detection work effectively in MANETs. In this paper, we classify the architectures for IDS in MANETs, each of which is suitable for different network infrastructures. Current intrusion detection systems corresponding to those architectures are reviewed and compared. Chapter 2 Background 2.1 Intrusion Detection System (IDS) Many historical events have shown that intrusion prevention techniques alone, such as encryption and authentication, which are usually a first line of defense, are not sufficient. As the system become more complex, there are also more weaknesses, which lead to more security problems. Intrusion detection can be used as a second wall of defense to protect the network from such problems. If the intrusion is detected, a response can be initiated to prevent or minimize damage to the system. To make intrusion detection systems work, basic assumptions are made. The first assumption is that user and program activities are observable. The second assumption, which is more important, is that normal and intrusive activities must have distinct behaviors, as intrusion detection must capture and analyze system activity to determine if the system is under attack. Intrusion detection can be classified based on audit data as either host- based or network-based. A network-based IDS captures and analyzes packets from network tra ±c while a host-based IDS uses operating system or application logs in its analysis. Based on detection techniques, IDS can also be classified into three categories as follows [2]. Anomaly detection systems: The normal profiles (or normal behaviors) of users are kept in the system. The system compares the captured data with these profiles, and then treats any activity that deviates from the baseline as a possible intrusion by informing system administrators or initializing a proper response. Misuse detection systems: The system keeps patterns (or signatures) of known attacks and uses them to compare with the captured data. Any matched pattern is treated as an intrusion. Like a virus detection system, it cannot detect new kinds of attacks. Specification-based detection: The system defines a set of constraints that describe the correct operation of a program or protocol. Then, it monitors the execution of the program with respect to the defined constraints. 2.2 Intrusion Detection in MANETs Many intrusion detection systems have been proposed in traditional wired networks, where all track must go through switches, routers, or gateways. Hence, IDS can be added to and implemented in these devices easily [17, 18]. On the other hand, MANETs do not have such devices. Moreover, the medium is wide open, so both legitimate and malicious users can access it. Furthermore, there is no clear separation between normal and unusual activities in a mobile environment. Since nodes can move arbitrarily, false routing information could be from a compromised node or a node that has outdated information. Thus, the current IDS techniques on wired networks cannot be applied directly to MANETs. Many intrusion detection systems have been proposed to suit the characteristics of MANETs, some of which will be discussed in the next sections. 2.3 Architectures for IDS in MANETs The network infrastructures that MANETs can be configured to are either at or multi-layer, depending on the applications. Therefore, the optimal IDS architecture for a MANET may depend on the network infrastructure itself [9]. In an network infrastructure, all nodes are considered equal, thus it may be suitable for applications such as virtual classrooms or conferences. On the contrary, some nodes are considered different in the multi-layered network infrastructure. Nodes may be partitioned into clusters with one cluster head for each cluster. To communicate within the cluster, nodes can communicate directly. However, communication across the clusters must be done through the cluster head. This infrastructure might be well suited for military applications. 2.3.1 Stand-alone Intrusion Detection Systems In this architecture, an intrusion detection system is run on each node independently to determine intrusions. Every decision made is based only on information collected at its own node, since there is no cooperation among nodes in the network. Therefore, no data is exchanged. Besides, nodes in the same network do not know anything about the situation on other nodes in the network as no alert information is passed. Although this architecture is not elective due to its limitations, it may be suitable in a network where not all nodes are capable of running IDS or have IDS installed. This architecture is also more suitable for an network infrastructure than for multi-layered network infrastructure. Since information on each individual node might not be enough to detect intrusions, this architecture has not been chosen in most of the IDS for MANETs. 2.3.2 Distributed and Cooperative Intrusion Detection Systems Since the nature of MANETs is distributed and requires cooperation of other nodes, Zhang and Lee [1] have proposed that the intrusion detection and response system in MANETs should also be both distributed and cooperative as shown in Figure 1. Every node participates in intrusion detection and response by having an IDS agent running on them. An IDS agent is responsible for detecting and collecting local events and data to identify possible intrusions, as well as initiating a response independently. However, neighboring IDS agents cooperatively participate in global intrusion detection actions when the evidence is inconclusive. Similarly to stand-alone IDS architecture, this architecture is more suitable for a network infrastructure, not multi-layered one. 2.3.3 Hierarchical Intrusion Detection Systems Hierarchical IDS architectures extend the distributed and cooperative IDS architectures and have been proposed for multi-layered network infrastructures where the network is divided into clusters. Clusterheads of each cluster usually have more functionality than other members in the clusters, for example routing packets across clusters. Thus, these cluster heads, in some sense, act as control points which are similar to switches, routers, or gateways in wired networks. The same concept of multi-layering is applied to intrusion detection systems where hierarchical IDS architecture is proposed. Each IDS agent is run on every member node and is responsible locally for its node, i.e., monitoring and deciding on locally detected intrusions. A clusterhead is responsible locally for its node as well as globally for its cluster, e.g. monitoring network packets and initiating a global response when network intrusion is detected. 2.3.4 Mobile Agent for Intrusion Detection Systems A concept of mobile agents has been used in several techniques for intrusion detection systems in MANETs. Due to its ability to move through the large network, each mobile agent is assigned to perform only one specific task, and then one or more mobile agents are distributed into each node in the network. This allows the distribution of the intrusion detection tasks. There are several advantages for using mobile agents [2]. Some functions are not assigned to every node; thus, it helps to reduce the consumption of power, which is scarce in mobile ad hoc networks. It also provides fault tolerance such that if the network is partitioned or some agents are destroyed, they are still able to work. Moreover, they are scalable in large and varied system environments, as mobile agents tend to be independent of platform architectures. However, these systems would require a secure module where mobile agents can be stationed to. Additionally, mobile agents must be able to protect themselves from the secure modules on remote hosts as well. Mobile-agent-based IDS can be considered as a distributed and cooper ative intrusion detection technique as described in Section 3.2. Moreover, some techniques also use mobile agents combined with hierarchical IDS, for example, what will be described in Section 4.3. 2.4 Sample Intrusion Detection Systems for MANETs Since the IDS for traditional wired systems are not well-suited to MANETs, many researchers have proposed several IDS especially for MANETs, which some of them will be reviewed in this section. 2.4.1 Distributed and Cooperative IDS As described in Section 3.2, Zhang and Lee also proposed the model for distributed and cooperative IDS as shown in Figure 2 [1]. The model for an IDS agent is structured into six modules. The local data collection module collects real-time audit data, which includes system and user activities within its radio range. This collected data will be analyzed by the local detection engine module for evidence of anomalies. If an anomaly is detected with strong evidence, the IDS agent can determine independently that the system is under attack and initiate a response through the local response module (i.e., alerting the local user) or the global response module (i.e., deciding on an action), depending on the type of intrusion, the type of network protocols and applications, and the certainty of the evidence. If an anomaly is detected with weak or inconclusive evidence, the IDS agent can request the cooperation of neighboring IDS agents through a cooperative detection engine module, which communicates to other agents through a secure communication module. 2.4.2 Local Intrusion Detection System (LIDS) Albers et al. [3] proposed a distributed and collaborative architecture of IDS by using mobile agents. A Local Intrusion Detection System (LIDS) is implemented on every node for local concern, which can be extended for global concern by cooperating with other LIDS. Two types of data are exchanged among LIDS: security data and intrusion alerts. In order to analyze the possible intrusion, data must be obtained from what the LIDS detect, along with additional information from other nodes. Other LIDS might be run on different operating systems or use data from different activities such as system, application, or network activities; therefore, the format of this raw data might be different, which makes it hard for LIDS to analyze. However, such difficulties can be solved by using SNMP (Simple Network Management Protocol) data located in MIBs (Management Information Base) as an audit data source. Such a data source not only eliminates those difficulties, but also reduces the in-Figure 3: L IDS Architecture in A Mobile Node [3] crease in using additional resources to collect audit data if an SNMP agent is already run on each node. To obtain additional information from other nodes, the authors proposed mobile agents to be used to transport SNMP requests to other nodes. In another words, to distribute the intrusion detection tasks. The idea differs from traditional SNMP in that the traditional approach transfers data to the requesting node for computation while this approach brings the code to the data on the requested node. This is initiated due to untrustworthiness of UDP messages practiced in SNMP and the active topology of MANETs. As a result, the amount of exchanged data is tremendously reduced. Each mobile agent can be assigned a specific task which will be achieved in an autonomous and asynchronous fashion without any help from its LIDS. The LIDS architecture is shown in Figure 3, which consists of  ² Communication Framework: To facilitate for both internal and external communication with a LIDS. Local LIDS Agent: To be responsible for local intrusion detection and local response. Also, it reacts to intrusion alerts sent from other nodes to protect itself against this intrusion. Local MIB Agent: To provide a means of collecting MIB variables for either mobile agents or the Local LIDS Agent. Local MIB Agent acts as an interface with SNMP agent, if SNMP exists and runs on the node, or with a tailor-made agent developed specifically to allow up- dates and retrievals of the MIB variables used by intrusion detection, if none exists. Mobile Agents (MA): They are distributed from its LID to collect and process data on other nodes. The results from their evaluation are then either sent back to their LIDS or sent to another node for further investigation. Mobile Agents Place: To provide a security control to mobile agents. For the methodology of detection, Local IDS Agent can use either anomaly or misuse detection. However, the combination of two mechanisms will offer the better model. Once the local intrusion is detected, the LIDS initiate a response and inform the other nodes in the network. Upon receiving an alert, the LIDS can protect itself against the intrusion. 2.4.3 Distributed Intrusion Detection System Using Multiple Sensors Kachirski and Guha [4] proposed a multi-sensor intrusion detection system based on mobile agent technology. The system can be divided into three main modules, each of which represents a mobile agent with certain func- tionality: monitoring, decision-making or initiating a response. By separate in functional tasks into categories and assigning each task to a different agent, the workload is distributed which is suitable for the characteristics of MANETs. In addition, the hierarchical structure of agents is also developed in this intrusion detection system as shown in Figure 4. Monitoring agent: Two functions are carried out at this class of agent: network monitoring and host monitoring. A host-based monitor agent hosting system-level sensors and user-activity sensors is run on every node to monitor within the node, while a monitor agent with a network monitoring sensor is run only on some selected nodes to monitor at packet-level to capture packets going through the network within its radio ranges. Action agent: Every node also hosts this action agent. Since every node hosts a host-based monitoring agent, it can determine if there is any suspicious or unusual activities on the host node based on anomaly detection. When there is strong evidence supporting the anomaly detected, this action agent can initiate a response, such as terminating the process or blocking a user from the network. Decision agent: The decision agent is run only on certain nodes, mostly those nodes that run network monitoring agents. These nodes collect all packets within its radio range and analyze them to determine whether the network is under attack. Moreover, from the previous paragraph, if the local detection agent cannot make a decision on its own due to insufficient evidence, its local detection agent reports to this decision agent in order to investigate further. This is done by using packet-monitoring results that comes from the network-monitoring sensor that is running locally. If the decision agent concludes that the node is malicious, the action module of the agent running on that node as described above will carry out the response. The network is logically divided into clusters with a single cluster head for each cluster. This clusterhead will monitor the packets within the cluster and only packets whose originators are in the same cluster are captured and investigated. This means that the network monitoring agent (with network monitoring sensor) and the decision agent are run on the cluster head. In this mechanism, the decision agent performs the decision-making based on its own collected information from its network-monitoring sensor; thus, other nodes have no influence on its decision. This way, spooffing attacks and false accusations can be prevented. 2.4.4 Dynamic Hierarchical Intrusion Detection Architecture Since nodes move arbitrarily across the network, a static hierarchy is not suitable for such dynamic network topology. Sterne et al. [16] proposed a dynamic intrusion detection hierarchy that is potentially scalable to large networks by using clustering like those in Section 4.3 and 5.5. However, it can be structured in more than two levels as shown in Figure 5. Nodes labeled 1 are the first level clusterheads while nodes labeled 2 are the second level clusterheads and so on. Members of the first level of the cluster are called leaf nodes. Every node has the responsibilities of monitoring (by accumulating counts and statistics), logging, analyzing (i.e., attack signature matching or checking on packet headers and payloads), responding to intrusions detected if there is enough evidence, and alerting or reporting to cluster heads. Clues treads, in addition, must also perform: Data fusion/integration and data reduction: Clusterheads aggregate and correlate reports from members of the cluster and data of their own. Data reduction may be involved to avoid conflicting data, bogus data and overlapping reports. Besides, cluster heads may send the requests to their children for additional information in order to correlate reports correctly. Intrusion detection computations: Since different attacks require different sets of detected data, data on a single node might not be able to detect the attack, e.g., DDoS attack, and thus clusterheads also analyze the consolidated data before passing to upper levels. Security Management: The uppermost levels of the hierarchy have the authority and responsibility for managing the detection and response capabilities of the clusters and cluster heads below them. They may send the signatures update, or directives and policies to alter the configurations for intrusion detection and response. These update and directives will flow from the top of the hierarchy to the bottom. To form the hierarchical structure, every node uses clustering, which is typically used in MANETs to construct routes, to self-organize into local neighborhoods (first level clusters) and then select neighborhood representatives (cluster heads). These representatives then use clustering to organize themselves into the second level and select the representatives. This process continues until all nodes in the network are part of the hierarchy. The authors also suggested criteria on selecting cluster heads. Some of these criteria are: Connectivity: the number of nodes within one hop Proximity: members should be within one hop of its cluster head Resistance to compromise (hardening): the probability that the node will not be compromised. This is very important for the upper level cluster heads. Processing power, storage capacity, energy remaining, bandwidth cape abilities Additionally, this proposed architecture does not rely solely on promiscuous node monitoring like many proposed architectures, due to its unreliability as described in. Therefore, this architecture also supports direct periodic reporting where packet counts and statistics are sent to monitoring nodes periodically. 2.4.5 Zone-Based Intrusion Detection System (ZBIDS) Sun et al. [24] has proposed an anomaly-based two-level no overlapping Zone-Based Intrusion Detection System (ZBIDS). By dividing the network in Figure 6 into nonoverlapping zones (zone A to zone me), nodes can be categorized into two types: the intrazone node and the interzone node (or a gateway node). Considering only zone E, node 5, 9, 10 and 11 are intrazone nodes, while node 2, 3, 6, and 8 are interzone nodes which have physical connections to nodes in other zones. The formation and maintenance of zones requires each node to know its own physical location and to map its location to a zone map, which requires prior design setup. Each node has an IDS agent run on it which the model of the agent is shown in Figure 7. Similar to an IDS agent proposed by Zhang and Lee (Figure 2), the data collection module and the detection engine are re-sponsible for collecting local audit data (for instance, system call activities, and system log les) and analyzing collected data for any sign of intrusion respectively. In addition, there may be more than one for each of these modules which allows collecting data from various sources and using different detection techniques to improve the detection performance. The local aggregation and correlation (LACE) module is responsible for combining the results of these local detection engines and generating alerts if any abnormal behavior is detected. These alerts are broadcasted to other nodes within the same zone. However, for the global aggregation and correlation (GACE), its functionality depends on the type of the node. As described in Figure 7, if the node is an intrazone node, it only sends the generated alerts to the interzone nodes. Whereas, if the node is an interzone node, it receives alerts from other intrazone nodes, aggregates and correlates those alerts with its own alerts, and then generates alarms. Moreover, the GACE also cooperates with the GACEs of the neighboring interzone nodes to have more accurate information to detect the intrusion. Lastly, the intrusion response module is responsible for handling the alarms generated from the GACE. The local aggregation and correlation Algorithm used in ZBIDS is based on a local Markov chain anomaly detection. IDS agent rust creates a normal profile by constructing a Markov chain from the routing cache. A valid change in the routing cache can be characterized by the Markov chain detection model with probabilities, otherwise, its considered abnormal, and the alert will be generated. For the global aggregation and correlation algorithm, its based on information provided in the received alerts containing the type, the time, and the source of the attacks. 2.5 Intrusion Detection Techniques for Node Cooperation in MANETs Since there is no infrastructure in mobile ad hoc networks, each node must rely on other nodes for cooperation in routing and forwarding packets to the destination. Intermediate nodes might agree to forward the packets but actually drop or modify them because they are misbehaving. The simulations in [5] show that only a few misbehaving nodes can degrade the performance of the entire system. There are several proposed techniques and protocols to detect such misbehavior in order to avoid those nodes, and some schemes also propose punishment as well [6, 7]. 2.5.1 Watchdog and Pathrater Two techniques were proposed by Marti, Giuli, and Baker [5], watchdog and pathrater, to be added on top of the standard routing protocol in ad hoc networks. The standard is Dynamic Source Routing protocol (DSR) [8]. A watchdog identifies the misbehaving nodes by eavesdropping on the transmission of the next hop. A pathrater then helps to find the routes that do not contain those nodes. In DSR, the routing information is defined at the source node. This routing information is passed together with the message through intermediate nodes until it reaches the destination. Therefore, each intermediate node in the path should know who the next hop node is. In addition, listening to the next hops transmission is possible because of the characteristic of wireless networks if node A is within range of node B, A can overhear communication to and from B. Figure 8 shows how the watchdog works. Assume that node S wants to send a packet to node D, which there exists a path from S to D through nodes A, B, and C. Consider now that A has already received a packet from S destined to D. The packet contains a message and routing information. When A forwards this packet to B, A also keeps a copy of the packet in its buffer. Then, it promiscuously listens to the transmission of B to make sure that B forwards to C. If the packet overheard from B (represented by a dashed line) matches that stored in the buffer, it means that B really forwards to the next hop (represented as a solid line). It then removes the packet from the buffer. However, if theres no matched packet after a certain time, the watchdog increments the failures counter for node B. If this counter exceeds the threshold, A concludes that B is misbehaving and reports to the source node S. Path rater performs the calculation of the path metric for each path. By keeping the rating of every node in the network that it knows, the path metric can be calculated by combining the node rating together with link re- liability, which is collected from past experience. Obtaining the path metric for all available paths, the pathrater can choose the path with the highest metric. In addition, if there is no such link reliability information, the path metric enables the pathrater to select the shortest path too. As a result, paths containing misbehaving nodes will be avoided. From the result of the simulation, the system with these two techniques is quite effective for choosing paths to avoid misbehaving nodes. However, those misbehaving nodes are not punished. In contrast, they even benefit from the network. Therefore, misbehaving nodes are encouraged to continue their behaviors. Chapter 3 3. Literature survey 3.1 Introduction The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. The nature of mobility creates new vulnerabilities that do not exist in a fixed wired network, and yet many of the proven security measures turn out to be ineffective. Therefore, the traditional way of protecting networks with firewalls and encryption software is no longer sufficient. We need to develop new architecture and mechanisms to protect the wireless networks and mobile computing applications. The implication of mobile computing on network security research can be further demonstrated by the follow case. Recently (Summer 2001) an Internet worm called Code Red has spread rapidly to infect many of the Windows-based server machines. To prevent this type of worm attacks from spreading into intranets, many. This paper Mobile Ad Hoc Network Intrusion Detection System (IDS) Mobile Ad Hoc Network Intrusion Detection System (IDS) Chapter 1 1. Introduction Mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs) are relatively new communication paradigms. MANETs do not require expensive base stations or wired infrastructure. Nodes within radio range of each other can communicate directly over wireless links, and those that are far apart use other nodes as relays. Each host in a MANET also acts as a router as routes are mostly multichip. The lack of fixed infrastructure and centralized authority makes a MANET suitable for a broad range of applications in both military and civilian environments. For example, a MANET could be deployed quickly for military communications in the battlefield. A MANET also could be deployed quickly in scenarios such as a meeting room, a city transportation wireless network, for fire fighting, and so on. To form such a cooperative and self configurable network, every mobile host should be a friendly node and willing to relay messages for others. In the original design of a MANET, global trustworthiness in nodes within the whole network is a fundamental security assumption. Recent progress in wireless communications and micro electro mechanical systems (MEMS) technology has made it feasible to build miniature wireless sensor nodes that integrate sensing, data processing, and communicating capabilities. These miniature wireless sensor nodes can be extremely small, as tiny as a cubic centimeter. Compared with conventional computers, the low-cost, battery-powered, sensor nodes have a limited energy supply, stringent processing and communications capabilities, and memory is scarce. The design and implementation of relevant services for WSNs must keep these limitations in mind. Based on the collaborative efforts of a large number of sensor nodes, WSNs have become good candidates to provide economically viable solutions for a wide range of applications, such as environmental monitoring, scientific data collection, health monitoring, and military operations. Despite the wide variety of potential applications, MANETs and WSNs often are deployed in adverse or even hostile environments. Therefore, they cannot be readily deployed without first addressing security challenges. Due to the features of an open medium, the low degree of physical security of mobile nodes, a dynamic topology, a limited power supply, and the absence of a central management point, MANETs are more vulnerable to malicious attacks than traditional wired networks are. In WSNs, the lack of physical security combined with unattended operations make sensor nodes prone to a high risk of being captured and compromised, making WSNs vulnerable to a variety of attacks. A mobile ad hoc network (MANET) is a self-configuring network that is formed automatically by a collection of mobile nodes without the help of a fixed infrastructure or centralized management. Each node is equipped with a wireless transmitter and receiver, which allow it to communicate with other nodes in its radio communication range. In order for a node to forward a packet to a node that is out of its radio range, the cooperation of other nodes in the network is needed; this is known as multi-hop communication. Therefore, each node must act as both a host and a router at the same time. The network topology frequently changes due to the mobility of mobile nodes as they move within, move into, or move out of the network. A MANET with the characteristics described above was originally developed for military purposes, as nodes are scattered across a battlefield and there is no infrastructure to help them form a network. In recent years, MANETs have been developing rapidly and are increasingly being used in many applications, ranging from military to civilian and commercial uses, since setting up such networks can be done without the help of any infrastructure or interaction with a human. Some examples are: search-and-rescue missions, data collection, and virtual classrooms and conferences where laptops, PDA or other mobile devices share wireless medium and communicate to each other. As MANETs become widely used, the security issue has become one of the primary concerns. For example, most of the routing protocols proposed for MANETs assume that every node in the network is cooperative and not malicious [1]. Therefore, only one compromised node can cause the failure of the entire network. There are both passive and active attacks in MANETs. For passive at tacks, packets containing secret information might be eavesdropped, which violates confidentiality. Active attacks, including injecting packets to invalid destinations into the network, deleting packets, modifying the contents of packets, and impersonating other nodes violate availability, integrity, authentication, and non-repudiation. Proactive approaches such as cryptography and authentication were first brought into consideration, and many techniques have been proposed and implemented. However, these applications are not sufficient. If we have the ability to detect the attack once it comes into the network, we can stop it from doing any damage to the system or any data. Here is where the intrusion detection system comes in. Intrusion detection can be defined as a process of monitoring activities in a system, which can be a computer or network system. The mechanism by which this is achieved is called an intrusion detection system (IDS). An IDS collects activity information and then analyzes it to determine whether there are any activities that violate the security rules. Once AN ID determines that an unusual activity or an activity that is known to be an attack occurs, it then generates an alarm to alert the security administrator. In addition, IDS can also initiate a proper response to the malicious activity. Although there are several intrusion detection techniques developed for wired networks today, they are not suitable for wireless networks due to the differences in their characteristics. Therefore, those techniques must be modified or new techniques must be developed to make intrusion detection work effectively in MANETs. In this paper, we classify the architectures for IDS in MANETs, each of which is suitable for different network infrastructures. Current intrusion detection systems corresponding to those architectures are reviewed and compared. Chapter 2 Background 2.1 Intrusion Detection System (IDS) Many historical events have shown that intrusion prevention techniques alone, such as encryption and authentication, which are usually a first line of defense, are not sufficient. As the system become more complex, there are also more weaknesses, which lead to more security problems. Intrusion detection can be used as a second wall of defense to protect the network from such problems. If the intrusion is detected, a response can be initiated to prevent or minimize damage to the system. To make intrusion detection systems work, basic assumptions are made. The first assumption is that user and program activities are observable. The second assumption, which is more important, is that normal and intrusive activities must have distinct behaviors, as intrusion detection must capture and analyze system activity to determine if the system is under attack. Intrusion detection can be classified based on audit data as either host- based or network-based. A network-based IDS captures and analyzes packets from network tra ±c while a host-based IDS uses operating system or application logs in its analysis. Based on detection techniques, IDS can also be classified into three categories as follows [2]. Anomaly detection systems: The normal profiles (or normal behaviors) of users are kept in the system. The system compares the captured data with these profiles, and then treats any activity that deviates from the baseline as a possible intrusion by informing system administrators or initializing a proper response. Misuse detection systems: The system keeps patterns (or signatures) of known attacks and uses them to compare with the captured data. Any matched pattern is treated as an intrusion. Like a virus detection system, it cannot detect new kinds of attacks. Specification-based detection: The system defines a set of constraints that describe the correct operation of a program or protocol. Then, it monitors the execution of the program with respect to the defined constraints. 2.2 Intrusion Detection in MANETs Many intrusion detection systems have been proposed in traditional wired networks, where all track must go through switches, routers, or gateways. Hence, IDS can be added to and implemented in these devices easily [17, 18]. On the other hand, MANETs do not have such devices. Moreover, the medium is wide open, so both legitimate and malicious users can access it. Furthermore, there is no clear separation between normal and unusual activities in a mobile environment. Since nodes can move arbitrarily, false routing information could be from a compromised node or a node that has outdated information. Thus, the current IDS techniques on wired networks cannot be applied directly to MANETs. Many intrusion detection systems have been proposed to suit the characteristics of MANETs, some of which will be discussed in the next sections. 2.3 Architectures for IDS in MANETs The network infrastructures that MANETs can be configured to are either at or multi-layer, depending on the applications. Therefore, the optimal IDS architecture for a MANET may depend on the network infrastructure itself [9]. In an network infrastructure, all nodes are considered equal, thus it may be suitable for applications such as virtual classrooms or conferences. On the contrary, some nodes are considered different in the multi-layered network infrastructure. Nodes may be partitioned into clusters with one cluster head for each cluster. To communicate within the cluster, nodes can communicate directly. However, communication across the clusters must be done through the cluster head. This infrastructure might be well suited for military applications. 2.3.1 Stand-alone Intrusion Detection Systems In this architecture, an intrusion detection system is run on each node independently to determine intrusions. Every decision made is based only on information collected at its own node, since there is no cooperation among nodes in the network. Therefore, no data is exchanged. Besides, nodes in the same network do not know anything about the situation on other nodes in the network as no alert information is passed. Although this architecture is not elective due to its limitations, it may be suitable in a network where not all nodes are capable of running IDS or have IDS installed. This architecture is also more suitable for an network infrastructure than for multi-layered network infrastructure. Since information on each individual node might not be enough to detect intrusions, this architecture has not been chosen in most of the IDS for MANETs. 2.3.2 Distributed and Cooperative Intrusion Detection Systems Since the nature of MANETs is distributed and requires cooperation of other nodes, Zhang and Lee [1] have proposed that the intrusion detection and response system in MANETs should also be both distributed and cooperative as shown in Figure 1. Every node participates in intrusion detection and response by having an IDS agent running on them. An IDS agent is responsible for detecting and collecting local events and data to identify possible intrusions, as well as initiating a response independently. However, neighboring IDS agents cooperatively participate in global intrusion detection actions when the evidence is inconclusive. Similarly to stand-alone IDS architecture, this architecture is more suitable for a network infrastructure, not multi-layered one. 2.3.3 Hierarchical Intrusion Detection Systems Hierarchical IDS architectures extend the distributed and cooperative IDS architectures and have been proposed for multi-layered network infrastructures where the network is divided into clusters. Clusterheads of each cluster usually have more functionality than other members in the clusters, for example routing packets across clusters. Thus, these cluster heads, in some sense, act as control points which are similar to switches, routers, or gateways in wired networks. The same concept of multi-layering is applied to intrusion detection systems where hierarchical IDS architecture is proposed. Each IDS agent is run on every member node and is responsible locally for its node, i.e., monitoring and deciding on locally detected intrusions. A clusterhead is responsible locally for its node as well as globally for its cluster, e.g. monitoring network packets and initiating a global response when network intrusion is detected. 2.3.4 Mobile Agent for Intrusion Detection Systems A concept of mobile agents has been used in several techniques for intrusion detection systems in MANETs. Due to its ability to move through the large network, each mobile agent is assigned to perform only one specific task, and then one or more mobile agents are distributed into each node in the network. This allows the distribution of the intrusion detection tasks. There are several advantages for using mobile agents [2]. Some functions are not assigned to every node; thus, it helps to reduce the consumption of power, which is scarce in mobile ad hoc networks. It also provides fault tolerance such that if the network is partitioned or some agents are destroyed, they are still able to work. Moreover, they are scalable in large and varied system environments, as mobile agents tend to be independent of platform architectures. However, these systems would require a secure module where mobile agents can be stationed to. Additionally, mobile agents must be able to protect themselves from the secure modules on remote hosts as well. Mobile-agent-based IDS can be considered as a distributed and cooper ative intrusion detection technique as described in Section 3.2. Moreover, some techniques also use mobile agents combined with hierarchical IDS, for example, what will be described in Section 4.3. 2.4 Sample Intrusion Detection Systems for MANETs Since the IDS for traditional wired systems are not well-suited to MANETs, many researchers have proposed several IDS especially for MANETs, which some of them will be reviewed in this section. 2.4.1 Distributed and Cooperative IDS As described in Section 3.2, Zhang and Lee also proposed the model for distributed and cooperative IDS as shown in Figure 2 [1]. The model for an IDS agent is structured into six modules. The local data collection module collects real-time audit data, which includes system and user activities within its radio range. This collected data will be analyzed by the local detection engine module for evidence of anomalies. If an anomaly is detected with strong evidence, the IDS agent can determine independently that the system is under attack and initiate a response through the local response module (i.e., alerting the local user) or the global response module (i.e., deciding on an action), depending on the type of intrusion, the type of network protocols and applications, and the certainty of the evidence. If an anomaly is detected with weak or inconclusive evidence, the IDS agent can request the cooperation of neighboring IDS agents through a cooperative detection engine module, which communicates to other agents through a secure communication module. 2.4.2 Local Intrusion Detection System (LIDS) Albers et al. [3] proposed a distributed and collaborative architecture of IDS by using mobile agents. A Local Intrusion Detection System (LIDS) is implemented on every node for local concern, which can be extended for global concern by cooperating with other LIDS. Two types of data are exchanged among LIDS: security data and intrusion alerts. In order to analyze the possible intrusion, data must be obtained from what the LIDS detect, along with additional information from other nodes. Other LIDS might be run on different operating systems or use data from different activities such as system, application, or network activities; therefore, the format of this raw data might be different, which makes it hard for LIDS to analyze. However, such difficulties can be solved by using SNMP (Simple Network Management Protocol) data located in MIBs (Management Information Base) as an audit data source. Such a data source not only eliminates those difficulties, but also reduces the in-Figure 3: L IDS Architecture in A Mobile Node [3] crease in using additional resources to collect audit data if an SNMP agent is already run on each node. To obtain additional information from other nodes, the authors proposed mobile agents to be used to transport SNMP requests to other nodes. In another words, to distribute the intrusion detection tasks. The idea differs from traditional SNMP in that the traditional approach transfers data to the requesting node for computation while this approach brings the code to the data on the requested node. This is initiated due to untrustworthiness of UDP messages practiced in SNMP and the active topology of MANETs. As a result, the amount of exchanged data is tremendously reduced. Each mobile agent can be assigned a specific task which will be achieved in an autonomous and asynchronous fashion without any help from its LIDS. The LIDS architecture is shown in Figure 3, which consists of  ² Communication Framework: To facilitate for both internal and external communication with a LIDS. Local LIDS Agent: To be responsible for local intrusion detection and local response. Also, it reacts to intrusion alerts sent from other nodes to protect itself against this intrusion. Local MIB Agent: To provide a means of collecting MIB variables for either mobile agents or the Local LIDS Agent. Local MIB Agent acts as an interface with SNMP agent, if SNMP exists and runs on the node, or with a tailor-made agent developed specifically to allow up- dates and retrievals of the MIB variables used by intrusion detection, if none exists. Mobile Agents (MA): They are distributed from its LID to collect and process data on other nodes. The results from their evaluation are then either sent back to their LIDS or sent to another node for further investigation. Mobile Agents Place: To provide a security control to mobile agents. For the methodology of detection, Local IDS Agent can use either anomaly or misuse detection. However, the combination of two mechanisms will offer the better model. Once the local intrusion is detected, the LIDS initiate a response and inform the other nodes in the network. Upon receiving an alert, the LIDS can protect itself against the intrusion. 2.4.3 Distributed Intrusion Detection System Using Multiple Sensors Kachirski and Guha [4] proposed a multi-sensor intrusion detection system based on mobile agent technology. The system can be divided into three main modules, each of which represents a mobile agent with certain func- tionality: monitoring, decision-making or initiating a response. By separate in functional tasks into categories and assigning each task to a different agent, the workload is distributed which is suitable for the characteristics of MANETs. In addition, the hierarchical structure of agents is also developed in this intrusion detection system as shown in Figure 4. Monitoring agent: Two functions are carried out at this class of agent: network monitoring and host monitoring. A host-based monitor agent hosting system-level sensors and user-activity sensors is run on every node to monitor within the node, while a monitor agent with a network monitoring sensor is run only on some selected nodes to monitor at packet-level to capture packets going through the network within its radio ranges. Action agent: Every node also hosts this action agent. Since every node hosts a host-based monitoring agent, it can determine if there is any suspicious or unusual activities on the host node based on anomaly detection. When there is strong evidence supporting the anomaly detected, this action agent can initiate a response, such as terminating the process or blocking a user from the network. Decision agent: The decision agent is run only on certain nodes, mostly those nodes that run network monitoring agents. These nodes collect all packets within its radio range and analyze them to determine whether the network is under attack. Moreover, from the previous paragraph, if the local detection agent cannot make a decision on its own due to insufficient evidence, its local detection agent reports to this decision agent in order to investigate further. This is done by using packet-monitoring results that comes from the network-monitoring sensor that is running locally. If the decision agent concludes that the node is malicious, the action module of the agent running on that node as described above will carry out the response. The network is logically divided into clusters with a single cluster head for each cluster. This clusterhead will monitor the packets within the cluster and only packets whose originators are in the same cluster are captured and investigated. This means that the network monitoring agent (with network monitoring sensor) and the decision agent are run on the cluster head. In this mechanism, the decision agent performs the decision-making based on its own collected information from its network-monitoring sensor; thus, other nodes have no influence on its decision. This way, spooffing attacks and false accusations can be prevented. 2.4.4 Dynamic Hierarchical Intrusion Detection Architecture Since nodes move arbitrarily across the network, a static hierarchy is not suitable for such dynamic network topology. Sterne et al. [16] proposed a dynamic intrusion detection hierarchy that is potentially scalable to large networks by using clustering like those in Section 4.3 and 5.5. However, it can be structured in more than two levels as shown in Figure 5. Nodes labeled 1 are the first level clusterheads while nodes labeled 2 are the second level clusterheads and so on. Members of the first level of the cluster are called leaf nodes. Every node has the responsibilities of monitoring (by accumulating counts and statistics), logging, analyzing (i.e., attack signature matching or checking on packet headers and payloads), responding to intrusions detected if there is enough evidence, and alerting or reporting to cluster heads. Clues treads, in addition, must also perform: Data fusion/integration and data reduction: Clusterheads aggregate and correlate reports from members of the cluster and data of their own. Data reduction may be involved to avoid conflicting data, bogus data and overlapping reports. Besides, cluster heads may send the requests to their children for additional information in order to correlate reports correctly. Intrusion detection computations: Since different attacks require different sets of detected data, data on a single node might not be able to detect the attack, e.g., DDoS attack, and thus clusterheads also analyze the consolidated data before passing to upper levels. Security Management: The uppermost levels of the hierarchy have the authority and responsibility for managing the detection and response capabilities of the clusters and cluster heads below them. They may send the signatures update, or directives and policies to alter the configurations for intrusion detection and response. These update and directives will flow from the top of the hierarchy to the bottom. To form the hierarchical structure, every node uses clustering, which is typically used in MANETs to construct routes, to self-organize into local neighborhoods (first level clusters) and then select neighborhood representatives (cluster heads). These representatives then use clustering to organize themselves into the second level and select the representatives. This process continues until all nodes in the network are part of the hierarchy. The authors also suggested criteria on selecting cluster heads. Some of these criteria are: Connectivity: the number of nodes within one hop Proximity: members should be within one hop of its cluster head Resistance to compromise (hardening): the probability that the node will not be compromised. This is very important for the upper level cluster heads. Processing power, storage capacity, energy remaining, bandwidth cape abilities Additionally, this proposed architecture does not rely solely on promiscuous node monitoring like many proposed architectures, due to its unreliability as described in. Therefore, this architecture also supports direct periodic reporting where packet counts and statistics are sent to monitoring nodes periodically. 2.4.5 Zone-Based Intrusion Detection System (ZBIDS) Sun et al. [24] has proposed an anomaly-based two-level no overlapping Zone-Based Intrusion Detection System (ZBIDS). By dividing the network in Figure 6 into nonoverlapping zones (zone A to zone me), nodes can be categorized into two types: the intrazone node and the interzone node (or a gateway node). Considering only zone E, node 5, 9, 10 and 11 are intrazone nodes, while node 2, 3, 6, and 8 are interzone nodes which have physical connections to nodes in other zones. The formation and maintenance of zones requires each node to know its own physical location and to map its location to a zone map, which requires prior design setup. Each node has an IDS agent run on it which the model of the agent is shown in Figure 7. Similar to an IDS agent proposed by Zhang and Lee (Figure 2), the data collection module and the detection engine are re-sponsible for collecting local audit data (for instance, system call activities, and system log les) and analyzing collected data for any sign of intrusion respectively. In addition, there may be more than one for each of these modules which allows collecting data from various sources and using different detection techniques to improve the detection performance. The local aggregation and correlation (LACE) module is responsible for combining the results of these local detection engines and generating alerts if any abnormal behavior is detected. These alerts are broadcasted to other nodes within the same zone. However, for the global aggregation and correlation (GACE), its functionality depends on the type of the node. As described in Figure 7, if the node is an intrazone node, it only sends the generated alerts to the interzone nodes. Whereas, if the node is an interzone node, it receives alerts from other intrazone nodes, aggregates and correlates those alerts with its own alerts, and then generates alarms. Moreover, the GACE also cooperates with the GACEs of the neighboring interzone nodes to have more accurate information to detect the intrusion. Lastly, the intrusion response module is responsible for handling the alarms generated from the GACE. The local aggregation and correlation Algorithm used in ZBIDS is based on a local Markov chain anomaly detection. IDS agent rust creates a normal profile by constructing a Markov chain from the routing cache. A valid change in the routing cache can be characterized by the Markov chain detection model with probabilities, otherwise, its considered abnormal, and the alert will be generated. For the global aggregation and correlation algorithm, its based on information provided in the received alerts containing the type, the time, and the source of the attacks. 2.5 Intrusion Detection Techniques for Node Cooperation in MANETs Since there is no infrastructure in mobile ad hoc networks, each node must rely on other nodes for cooperation in routing and forwarding packets to the destination. Intermediate nodes might agree to forward the packets but actually drop or modify them because they are misbehaving. The simulations in [5] show that only a few misbehaving nodes can degrade the performance of the entire system. There are several proposed techniques and protocols to detect such misbehavior in order to avoid those nodes, and some schemes also propose punishment as well [6, 7]. 2.5.1 Watchdog and Pathrater Two techniques were proposed by Marti, Giuli, and Baker [5], watchdog and pathrater, to be added on top of the standard routing protocol in ad hoc networks. The standard is Dynamic Source Routing protocol (DSR) [8]. A watchdog identifies the misbehaving nodes by eavesdropping on the transmission of the next hop. A pathrater then helps to find the routes that do not contain those nodes. In DSR, the routing information is defined at the source node. This routing information is passed together with the message through intermediate nodes until it reaches the destination. Therefore, each intermediate node in the path should know who the next hop node is. In addition, listening to the next hops transmission is possible because of the characteristic of wireless networks if node A is within range of node B, A can overhear communication to and from B. Figure 8 shows how the watchdog works. Assume that node S wants to send a packet to node D, which there exists a path from S to D through nodes A, B, and C. Consider now that A has already received a packet from S destined to D. The packet contains a message and routing information. When A forwards this packet to B, A also keeps a copy of the packet in its buffer. Then, it promiscuously listens to the transmission of B to make sure that B forwards to C. If the packet overheard from B (represented by a dashed line) matches that stored in the buffer, it means that B really forwards to the next hop (represented as a solid line). It then removes the packet from the buffer. However, if theres no matched packet after a certain time, the watchdog increments the failures counter for node B. If this counter exceeds the threshold, A concludes that B is misbehaving and reports to the source node S. Path rater performs the calculation of the path metric for each path. By keeping the rating of every node in the network that it knows, the path metric can be calculated by combining the node rating together with link re- liability, which is collected from past experience. Obtaining the path metric for all available paths, the pathrater can choose the path with the highest metric. In addition, if there is no such link reliability information, the path metric enables the pathrater to select the shortest path too. As a result, paths containing misbehaving nodes will be avoided. From the result of the simulation, the system with these two techniques is quite effective for choosing paths to avoid misbehaving nodes. However, those misbehaving nodes are not punished. In contrast, they even benefit from the network. Therefore, misbehaving nodes are encouraged to continue their behaviors. Chapter 3 3. Literature survey 3.1 Introduction The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. The nature of mobility creates new vulnerabilities that do not exist in a fixed wired network, and yet many of the proven security measures turn out to be ineffective. Therefore, the traditional way of protecting networks with firewalls and encryption software is no longer sufficient. We need to develop new architecture and mechanisms to protect the wireless networks and mobile computing applications. The implication of mobile computing on network security research can be further demonstrated by the follow case. Recently (Summer 2001) an Internet worm called Code Red has spread rapidly to infect many of the Windows-based server machines. To prevent this type of worm attacks from spreading into intranets, many. This paper