Problem Description And Importance Of Of Terminating A...

Problem Description and Importance to Social Work Abortion is the medical practice of deliberately terminating a human pregnancy. Some common methods in which a termination is performed can be by early non-surgical methods where a combination of drugs is provided to stop of the development of the pregnancy or through more evasive and violent measures such as a vacuum aspiration. While these methods all carry the risk of causing severe and long-lasting physical health conditions for the woman involved, the purpose of this literature review was to examine the data as it relates to the psychological implications of terminating a pregnancy. Additionally, through studying the emotional and psychological responses of women who have experienced abortions, social workers will have a better understanding of how to serve a client who may have experienced such a traumatic event. Also, with an increased knowledge of this practice, a social worker may be better equipped to advocate for the rights of the client and for the unborn child as well. With this wealth of information, a social worker can strive to offer clients the resources and education that are necessary in making informed decisions as it relates to reproductive health and family planning. It is critical that social workers remain as unbiased as possible when dealing with such a controversial and highly divided issue in the professional realm. Also, it is imperative that we as a people reach realistic resolutions as itShow MoreRelated Abortion from an Ethical Point of View Essay1938 Words   |  8 Pagesabortion has been examined through it?s scientific and religious side, in this assignment we will try and examine abortion from an ethical point of view. The best way for someone to refer to abortion on an ethical basis would probably be through the description and evaluation of the subject based on two of the most known theoretical approaches: those of Kant?s and of Utilitarianism (Act and Rule). Beginning with the approach of Utilitarianism, we must say that Utilitarianism, is concerned basically withRead MoreUtilitarianism Facing Abortion4725 Words   |  19 Pagesany situation is one that satisfies most people’s preferences. Abortion Benefits Abortion is a sensitive topic that requires a considerable amount of understanding when addressing the ethics behind it. Abortion is defined as the termination of pregnancy thus ending the life of the embryo/fetus prematurely. Ones ethical justification for abortion from a rule-utilitarianism standpoint: When using the rule-utilitarian consequential principle of ethics, we establish a set of general morals and rulesRead MoreGenetics, Disease Counseling4765 Words   |  20 Pageschild born with Tay Sach s disease to relate to and for on going support. All members of the team should be able to work together to help this couple find answers, support and information they need to prepare them for what to expect during the pregnancy, after the child is born, and the development process as the child ages. The high risk obstetrician or perinatologist is chosen to assist in Rita s prenatal care, as well as providing individualized care to optimize her health discuss and fetalRead MorePerformance Appraisal System in Banking Sector7726 Words   |  31 PagesAnum Ameer Fatima Shahid Sheema Atta Section H Submitted on 1st November, 2010 Table of Contents Chapter 1: Introduction 2 Background 2 Overview of topic 5 Significance Of the study: 10 Research objectives: 11 Operational Definitions 11 Problem statements 17 Research Questions and Hypothesis 18 Theoretical frameworks 21 Chapter 2: Literature review: 21 Chapter 3: Methodology 30 References 32 Chapter 1: Introduction Background Human Resource Management (HRM) is the term used to describeRead MoreStudy Guide Essay25129 Words   |  101 Pagespermission from the publisher, except for the inclusion of brief quotation in review. Copyright  © 2014 by California Coast University BAM 411 Human Resource Management Syllabus Course Number BAM 411 Course Title Human Resource Management Course Description This course provides a thorough review of essential human resource management concepts and techniques. Current research and developments in the field are covered and trends in human resource management are presented. Reliability, validity, generalizabilityRead MoreFundamentals of Hrm263904 Words   |  1056 PagesEntrepreneurial Enterprise 48 HRM in a Global Environment 48 HR and Corporate Ethics Summary 50 Demonstrating Comprehension: Questions for Review 51 Key Terms 51 52 HRM Workshop 49 Guarding Against Discrimination Practices 65 DID YOU KNOW?: Is a Problem Brewing? 66 Determining Potential Discriminatory Practices 66 The 4/5ths Rule 66 Restricted Policy 66 Geographical Comparisons 67 McDonnell-Douglas Test 67 Responding to an EEO Charge 67 Business Necessity 68 Bona Fide Occupational QualificationsRead MoreOcd - Symptoms, Causes, Treatment131367 Words   |  526 Pagesexpanded cognitive-behavioral model that might provide a more complete account of obsessional phenomena. This new formulation of obsessions emphasizes the importance of faulty secondary appraisals of mental control, as well as the erroneous primary appraisals of the obsession itself. Chapters 8 through 13 provide step-by-step, detailed descriptions of cognitive and behavioral strategies for the assessment and treatment of OCD. Chapter 8 offers an evaluation of various assessment instruments for OCDRead MoreHuman Resources Management150900 Words   |  604 Pages HR managers participate in developing strategies and ensure that human resource dimensions are considered. almost 18%. Over 40 work teams meet regularly to discuss work goals, track their performance against established measures, and discuss problems and issues. Employee turnover is also extremely low in most areas. Transitions in HR management are also paying off in the Bank of Montreal, based in Montreal, Quebec. Emphasizing human resources has involved 35,000 employees in organizational successRead MoreSSD2 Module 2 Notes Essay23331 Words   |  94 Pagesstill other cases, NCOs wore unauthorized grade insignia, leaving little if any documentation. The Year - 1775 At the beginning of the Revolutionary War, the Continental Army did not have consistent uniforms, and the problem of distinguishing rank was often difficult. To solve this problem, in July 1775, General George Washington ordered designations of grade for officers and noncommissioned officers. All sergeants were to be distinguished by a red epaulette or a strip of red cloth sewn on the rightRead MoreDeveloping Management Skills404131 Words   |  1617 Pages978-0-13-612100-8 1. Management—-Study and teaching. 2. Management—Problems, exercises, etc. Kim S. II. Title. HD30.4.W46 2011 658.40071 173—dc22 I. Cameron, 2009040522 10 9 8 7 6 5 4 3 2 ISBN 10: 0-13-612100-4 ISBN 13: 978-0-13-612100-8 B R I E F TA B L E O F C O N T E N T S Preface xvii Introduction 1 PART I 1 2 3 PERSONAL SKILLS 44 Developing Self-Awareness 45 Managing Personal Stress 105 Solving Problems Analytically and Creatively 167 PART II 4 5 6 7 INTERPERSONAL

Relationship Between Religion and Art in Medieval,...

In a brightly-lit corner of St Peter’s Basilica, sitting behind a clear panel of glass, is Michelangelo’s Pietà  . A marble-white sculpture of the Mother Mary, her eyes downcast, gazes at her Son who lies dead across her lap. She seems both devastated and deep in thought. She is young and beautiful, in line with the old belief that a perfect soul meant a perfect outward appearance (Smart 122). She is famous and celebrated, and is visited by Christians from every nation. In another part of the world, The Holy Virgin Mary by Chris Ofili resides in the Brooklyn Art Museum. It is a painting of Mary atop a pile of elephant feces, the Virgin herself made with the same substance, while surrounded by cutouts from pornographic magazines. The work†¦show more content†¦The Church became less of a holy symbol of God’s presence on earth, and more of a machine to help ambitious men up the ladder of political power and influence (Murray Michelangelo 7). The Age of Enlightenment changed the medieval time’s thirst for God to a thirst for knowledge and science (Gardner 396). In present times, the influence of the Church continues to decline. â€Å"The 21st century is seeing the most intense attacks on belief in God in general and the Roman Catholic Church in particular.† (Tiglao A13)This is not at all helped by the countless scandals endured by the Vatican today. Well-known examples include their opposition to stem cell research (zu Eltz et al. 211) and sex abuse cases involving priests. The controversy of sexually abusive priests has proven so outrageous that many have demanded the dismissal of countless Church officials and even Pope Benedict XVI himself (â€Å"Pope undeterred by abuse scandal, reform calls† 8). Religion has endured a rocky road over the course of history, and so has art. Indeed it has evolved from the solemn themes of medieval art, to the romantic, whimsical mood of Renaissance art, to the shock value of contemporary art. The Medieval times has its share of famous art styles, two of the most significant being Byzantine and Gothic. The Byzantine era of art was one of the Western world’s longest and most unique. It was bestShow MoreRelatedMedieval Italy, By Ian Hughes, Jacob Burckhardt, And David Lines2167 Words   |  9 Pagescan be termed as the art of active learning whereby one comprehends the main arguments of a particular author and puts them down in different words while ensuring that he does not erode the intended meaning. This paper seeks to examine the works of several authors including Jansen Katherine, Ian Hughes, Jacob Burckhardt, and David Lines who expound on the history of Italy in the medieval ages. Review of the Literatures A critical analysis of Jansen’s work entitled â€Å"Medieval Italy: Texts in Translation†Read MoreElizabeth Woodville And Anne Boleyn1747 Words   |  7 PagesStarkey , Alison Weir , and David Gunn , even though they offer insights on topic largely relegated to popular histories and romances; women, in fact, receive little merit for their Courtly careers. Yet, it is important to recognize that the late medieval and Tudor Court offered an increasing number of roles for women to fill, as well as, a semblance of stability. The key to the ability for young women to cultivate an image and use it to her advantage in pursuing marriages or advantages emerges fromRead MoreThe Balance Of Rationality And Spirituality1241 Words   |  5 PagesAshley Lamphere Professor Matytsin 9/18/15 Renaissance Humanism: The Balance of Rationality and Spirituality The Renaissance was a period of cultural and intellectual rebirth, when the arts, sciences, religion evolved and transformed society. Those who defined its features and contours perceived it as a complete break from an imaged â€Å"Dark Ages,† when Europeans had purportedly turned their backs on antiquity. Renaissance historians, intellectuals, and theologians â€Å"rediscovered† Greek and RomanRead MoreBirth Of Venus By Botticelli And Child Enthroned With Saints By Duccio1680 Words   |  7 PagesArtist in the prehistoric and medieval periods used art to illustrate ideas and concepts affecting their prehistoric societies. Most of the artistic works of this time and their presentation had a cultural and stylistic significance. The arts portrayed a particular ideas concepts and themes. An example of this works includes, Birth of Venus by Botticelli and Child Enthroned with Saints by Duccio. The paper seeks to compare and contrast these two works basing on the difference s in artistic stylesRead MoreThe Renaissance Period3406 Words   |  14 Pagesin this dissertation is that the Renaissance in Europe, with specific emphasis on Italy, during the 15th Century, was the most influential period in developing the ‘early modern’ human society. Many believe that this was due to its almost perfect location between Western Europe and the Eastern shore of the Mediterranean. By analysing various factors and sources, as well as different aspects of society, for example political factors and the views of contemporary texts, it will provide enlighteningRead Morehistory of philosophy5031 Words   |  21 PagesPlatonic Scholastic Periods Ancient Medieval Modern Contemporary Literature Aesthetics Epistemology Ethics Logic Metaphysics Political philosophy Branches Aesthetics Epistemology Ethics Logic Metaphysics Political philosophy Social philosophy Lists Index Outline Years Problems Publications Theories Glossary Philosophers   Philosophy portal v t e The  history of philosophy  is the study of philosophical ideas and concepts through time. Issues specifically related to historyRead MoreEssay on The History of Catholicism an How Its Depicted1201 Words   |  5 Pagesreorganization, which in a space of thirty years gave to the Church an altogether new appearance. What happened was a true renascence in the fullest etymological sense, more impressive from a Christian point of view than the Renaissance of art and letters upon which contemporary Europe was priding itself. The so-called `counter-reformation did not begin with the Council of Trent, long after Luther; its origins and initial achievements were much anterior to the fame of Wittenberg. It was undertakenRead MoreEssay on The European Renaissance2182 Words   |  9 PagesEurope fell into a period of darkness. Within it, learning was suppressed and knowledge didn’t advance. However, by a turn into the 1400’s, there was a â€Å"rebirth† of learning: the Renaissance. The Renaissance was marked by an intense awaking in the visible world and in the knowledge derived from the experiences rather than religion and wise tales. It turned away from the abstract speculations and interest in life after death which is characterized in the Middle Ages. Although Christianity was not forgottenRead MoreEssay about The Influence of The English Renaissance1790 Words   |  8 Pagesis the English Renaissance? It was known as the period of rebirth and was the period in European civilization that immediately followed the middle ages. Its popularity grew by a surge of interest in classical learning and values. It was primarily a time of revi val after a long period of social decline and stagnation. The renaissance was a cultural and artistic movement dating from the early 16th to the early 17th centuries. It is associated with the pan-European renaissance that many culturalRead MoreBlending of Renaissance and Reformation in Paradise Lost2288 Words   |  10 PagesParadise Lost, on the basis of religion, Bible and as a great writer he advances his writing in a classical manner. The theme of Paradise Lost is Biblical as it shows the wrongdoing of Adam and Eve by the influence of Satan and the justice of God for sinners. Milton writes Paradise Lost in such a style which holds classical flavor. So, Milton shows Biblical theme in classical mood. We can also say that Milton’s mind is shaped and moulded by the influence of the Renaissance and the Reformation. On the

An insight to foreign policy its strategic - MyAssignmenthelp.com

Question: Discuss about the An insight to foreign policy its strategic. Answer: Introduction This is a study, which will conduct a comparative analysis of soft power and hard power in the UAE. The effectiveness of soft and hard power will depend on the accessibility of the resources in power. Thus, maintaining large military and maintaining good relationships with various other countries is essential for maintaining diplomatic supremacy. Hard power is difficult to obtain for smaller nations but UAE has strong relationship with the United States, which is a significant transformation in UAE foreign policy. However, the government structure of UAE is complex so combing hard and soft power in feasible proportions is essential. Background and problem definition United Arab Emirates political framework includes elements of absolute, presidential and federal monarchy. There are seven monarchies in the United Arab Emirates constitutions. The leader of Abu Dhabi holds the head of state and Presidential post. On the other hand, the leader of Dubai holds the position of Prime minister of the country. Thus, different monarchs rule the seven emirates, which is the main reason for difference in style of diplomacy approach (Lee 2015). It is evident from the fact that Abu Dhabi prefers using hard power as strategic approach whereas Doha has preferred using soft power as their strategic approach. The priorities of their leaders have determined the strategies applied by each of the gulf states. The countries able to incorporate elements of both soft and hard power are known as smart power companies. UAE has formed strong diplomatic relationship with the United States of America after the 9/11 due to the involvement of terrorists from Emirates. UAE has been aggressive in using hard power and assist maintain peace in Afghanistan. However, implementing soft power is essential for the growth of the nation. In the recent years, UAE has been praised for aiding in various international issues and have attempted to portray them as tolerant, progressive and open country. The country has major human rights issues and instead of solving these issues, they are spending generously on foreign matters. Thus, the suppression of local labours, 85% of it are foreign immigrants, have been overlooked (McGeehan 2015). These workers have rights less than the Emirati citizens and highlight the extremely unfair sponsor based employment system. The UAE government has not been able to deal with this illegal process of recruiting foreign labours and confiscation of passports of employees by their employees. Human trafficking and forced labour is a major issue, which has remained unaddressed. This shows that UAE has not been able to maintain the bala nce and implement smart power. Objectives To evaluate the various soft power and hard power strategies in UAE To identify the effective and suitable strategies for gaining diplomatic supremacy To recommend suitable strategies appropriate for gaining diplomatic supremacy Research question What is the impact of soft power in UAE? What is the impact of hard power in UAE? What is the suitable way of unifying UAE? What are the critical factors for gaining diplomatic supremacy in UAE? Literature review Implementation of the soft power and hard power are the key elements for the countries to maintain their diplomatic supremacy in the current global political scenario. This is due to the reason that, with the reduction in the difference between the developed and developing countries, the competition among them is increasing. Thus, it is of urgent need for them to utilize their capability and resources to influence the global politics. However, there are two types of power that can be exercised by the countries namely, soft and hard power. UAE is one of most developed economies in the Middle Eastern regions with having huge reserve of oil and foreign currency. Thus, the resources for their exercise of hard and soft power are also increasing with time. Influence of soft power in global politics According to Pamment (2014), the importance of soft power is rapidly increasing in the current scenario of foreign diplomacy. This is due to the reason that, major countries in the current global scenario are having military might and in the present era of globalization, countries promoting military power will face loss. Thus, they are more promoting their soft power including culture, tourism, heritage and identity to enhance their position in the global market. The authors have stated that, initiation of the soft power have added advantage for the countries due to the fact that, it will enhance the branding of the countries in positive manner. According to Grix and Lee (2013), soft power is mainly practiced by the nations in order to lure the maximum attraction towards them. They have also stated that the elements to be included as the soft power are increasing with time. Some of them are organizing mega sports events, cultural activities and tourism. It helps the countries to enhance their goodwill and reputation in the global scenario. Moreover, the authors have also stated that, soft power will also help in initiating in the hard power. This is due to the reason that, the more soft power will be initiated by the countries; the more will their resources to initiate hard power. Influence of hard power in global politics Hard power is being practices from the ancient time as the mode of diplomacy between the countries. In addition, various major superpowers are practicing in the current situation also. Though, practicing of hard power helps the countries to have benefits in less time compared to practicing soft power but, it creates negative image and foreign relations about the particular country. According to llgen (2016), apart from the soft power, practicing of hard power also helps in enhancing the country position in the global scenario. Moreover, they have also stated that, in the current global scenario, different cartels are present between different countries. Thus, if any particular country is not having any resources for practicing hard power, then it will be difficult for them to align with any alliance or cartels. According to Klare (2015), hard power is not included to only showcasing military strength, but also includes economic power. This is due to the fact that, in the current era of globalization, economical war prevails among the countries. According to the author, globalization increased the dependency of the countries on other. Thus, countries with having more resources are enjoying the upper hand over others. Thus, the bargaining power of these countries is more in the global political scenario. In this case, practicing of soft power is not important or necessary for these countries. Soft power diplomacy by UAE In the recent time, UAE is the forerunner among the Middle Eastern countries in terms of development. Dubai and Abu Dhabi are known as the global business hub. Moreover, their domestic infrastructure can be compared to any western countries. According to Carvalho Pinto (2014), the practice of soft power by UAE helped them to change their global perception from follower to role model. The domestic infrastructure, political stability and favorable economy are being effectively promoted by their government in order to enhance their influence. This helped them to gain the worldwide recognition along with increase in the foreign investment. Thus, according to the author, with the increase in the investment and economy, the influential power of them also got increased. According to Ragab (2017), soft power being practiced by UAE helped them to gain more political influence in the Middle Eastern regions. According to the author, UAE is the united front of seven monarchies including Dubai and Abu Dhabi. They have used the advanced infrastructure of Dubai as their tool of soft diplomacy. In addition, another tool being used by them is the tourism. Dubai stands on the top charts of top destination for the global tourist every year. This helped them to create the positive image in the global scenario. The positive image of them helped to get closer with the leading economies in the world and having more value in the political scenario of Middle East. Hard power diplomacy by UAE Apart from the soft power, UAE also practice hard power in order to maintain their supremacy in the Middle Eastern region. According to Ulrichsen (2016), Middle Eastern region is one of the most disturbed areas with having increased threat of terrorism and conflict with other countries. This, it is important for UAE to maintain their military strengths to safeguard their interest. One of the hard powers being possessed by them is the association with NATO. UAE is the first country in the Middle Eastern region, which have collaboration with NATO. Thus, this helped to have the support of global superpowers such as United States. It helps them to have more value in the international political scenario. According to Hosen (2016), hard power is important for UAE due to the increasing conflict with other countries in the Middle Eastern region. The author have also stated that, with the increase in the collaboration with United States and arms deal with them, the hard power diplomacy is ever increasing. Threats such ISIS is also contributing in enhancing the hard power policy of UAE. Research methodology A research methodology will include fundamental and applied methods. In fundamental research, universal principles, relationships and processes are examined to expand knowledge. In applied research, a particular management problem will be identified and evaluated to identify a specific business problem. The study will consist of fundamental research where the study will analyse the political and social issues to identify the appropriate solution. The study will consist of secondary analysis of data and qualitative analysis will be used. The methodology will identify the research philosophy, research design, sampling, research approach, reliability, validity and sampling. Research philosophies used in social research will consist of realism, interpretivism, positivism, post positivism and pragmatism (Knobe and Nichols 2013). According to Taylor, Bogdan and DeVault (2015), identification of research philosophy may seem to be intense and profound but it follows a definite structure. Positivism is a philosophy, which will observe the overall phenomenon to identify relevant findings in the study. Realism includes critical and direct realism where the personal human sense is either rejected or accepted. Post positivism philosophy will reject all the methods proposed by positivism philosophy. It assumes that there is no difference between day-to-day and scientific approach (OGorman, Lochrie and Watson 2014). Pragmatism takes assumptions made by all the above philosophies to implement multiple research approaches. It is used in mixed methods where quantitative and qualitative analysis of data is included. Interpretivism consists of analysis of small sample s ize and qualitative analysis is conducted. In this study, analysis of secondary data will be executed and consist of qualitative analysis of data so interpretivism has been selected as the research philosophy. There are two types of research approaches, one is deductive approach and other is the inductive approach (Sekaran and Bougie 2016). Deductive approach is used for confirming the theories mentioned in the literature of a study. Inductive approach is will identify new outcomes and no predefined outcomes will be set. Deductive approach will identify the cause of any phenomenon to prove the taken assumptions whereas inductive approach will interpret the meaning of the qualitative data collected in the study. Deductive approach is used for quantitative analysis of data but can be used for qualitative analysis but in most of the occasions, using inductive approach will provide better interpretation of the data collected (Teherani et al. 2015). This is possible, as the approach is not bounded by predefined assumptions. In this currents study, deductive approach has been rejected as no hypothesis will assumed and tested. The study will consist of inductive approach where there will be narra tive description and constant comparison among the collected data to identify the patterns. Data collection method will consist of secondary analysis and will include analysis of articles and peer reviewed journals. The study will analyse case studies and develop themes to provide better analysis of data. Thus, case study analysis and thematic analysis will be the methods of secondary analysis of data (Silverman 2016). The development of different themes will be based on the objectives developed. The qualitative analysis will consist of semi structured, open ended questions and in-depth interviews. In case study analysis similar cases related to the topic will be highlighted, compared and analysed to establish the findings of the study. In thematic analysis, themes will be formed based the objectives and various instances will be analysed to recognise the findings. Continuous comparison is the method of analysing the variables in the study. Sampling is a method of collection the data sample, and in academic researches probabilistic and non-probabilistic sampling will be used. Sampling is used for selecting particular population sample from the whole population. Probabilistic sampling is implemented in large data samples whereas non-probabilistic sampling is used for smaller sample size (Best and Kahn 2016). When there is huge population, then the sample size for the study is randomly selected using probabilistic sampling. There are different methods in probabilistic sampling such as simple random sampling, stratified sampling, systematic sampling and cluster sampling (Palinkas et al. 2015). Probabilistic sampling provides the whole population non-zero chance of participating in the study and randomization is the fundamental doctrine of probabilistic sampling. On the contrary, in non-probabilistic sampling, sample population is selected non-randomly and particular set of population have the opportunity of being selected. Non-probabilistic sampling consists of methods such as convenience sampling, snowball sampling, quota sampling and judgement sampling (Sekaran and Bougie 2016). Non-probabilistic sampling is used to save time and cost which is a huge liability of probabilistic sampling method. It is also used in cases where there is less availability of appropriate data. However, in this study simple random sampling has been used to collect 5 articles and 10 peer reviewed journals which will be analysed based on the objectives and goals set in the study. Reliability and validity is an issue which has to be addressed while conducting a research. In academic and business studies, having high reliability signifies that other researchers will be able to draw the same sets of conclusions in similar research topics (Bryman and Bell 2015). Validity is extremely crucial for obtaining a valid result from the study as it will examine whether all the prescribed methods are followed or not. Ethical consideration is essential for considering business and academic research. The privacy of the sample population should be maintained. However, this study is based on secondary data so no plagiarised content has been used in the study (Creswell and Poth 2017). The data provided in the study is authentic and proper evidence has been provided to confirm these facts. Research plan Main activities/ stages Week1 Week2 Week3 Week4 Week5 Week 6 Topic Selection Data collection from secondary sources Framing layout of the research Literature review Formation of the research Plan Selection of the Appropriate Research Techniques Secondary data collection Analysis Interpretation of Data Collection Conclusion of the Study Formation of Rough Draft Submission of Final Work Table 1: Gantt chart (Source: as created by author) Conclusion The conclusion drawn from the study is that maintaining a balance between hard and soft power is essential in modern world of globalization. The objective of has been formulated and based on that appropriate methods have been selected. The study is likely to provide positive result if reliability and validity is kept high. References Best, J.W. and Kahn, J.V., 2016.Research in education. Pearson Education India. Bryman, A. and Bell, E., 2015.Business research methods. Oxford University Press, USA. Carvalho Pinto, V., 2014. From Follower to Role Model: The Transformation to the UAE's International Self-Image.Journal of Arabian Studies,4(2), pp.231-243. Creswell, J.W. and Poth, C.N., 2017.Qualitative inquiry and research design: Choosing among five approaches. Sage publications. Grix, J. and Lee, D., 2013. Soft power, sports mega-events and emerging states: The lure of the politics of attraction.Global society,27(4), pp.521-536. Hosen, M.K., 2016. POWER POLITICS AND THE EMERGENCE OF TERRORISM IN THE MIDDLE EAST.Journal of Asian and African Social Science and Humanities (ISSN 2413-2748),2(2), pp.139-151. Ilgen, T.L. ed., 2016.Hard power, soft power and the future of transatlantic relations. Routledge. Klare, M., 2015. Hard power, soft power, and energy power.Foreign Affairs. com. Knobe, J. and Nichols, S. eds., 2013.Experimental philosophy(Vol. 2). Oxford University Press. Lee, J.T., 2015. Soft power and cultural diplomacy: Emerging education hubs in Asia.Comparative Education,51(3), pp.353-374. McGeehan, N., 2015.Some Hard Truths about the UAE's Soft Power. [online] Human Rights Watch. Available at: https://www.hrw.org/news/2013/04/15/some-hard-truths-about-uaes-soft-power [Accessed 6 Jan. 2018]. OGorman, K., Lochrie, S. and Watson, A., 2014. Research philosophy and case studies.Research Methods for Business Management, pp.152-172. Palinkas, L.A., Horwitz, S.M., Green, C.A., Wisdom, J.P., Duan, N. and Hoagwood, K., 2015. Purposeful sampling for qualitative data collection and analysis in mixed method implementation research.Administration and Policy in Mental Health and Mental Health Services Research,42(5), pp.533-544. Pamment, J., 2014. Articulating influence: Toward a research agenda for interpreting the evaluation of soft power, public diplomacy and nation brands.Public Relations Review,40(1), pp.50-59. Ragab, E., 2017. Beyond Money and Diplomacy: Regional Policies of Saudi Arabia and UAE after the Arab Spring.The International Spectator,52(2), pp.37-53. Sekaran, U. and Bougie, R., 2016.Research methods for business: A skill building approach. John Wiley Sons. Silverman, D. ed., 2016.Qualitative research. Sage. Taylor, S.J., Bogdan, R. and DeVault, M., 2015.Introduction to qualitative research methods: A guidebook and resource. John Wiley Sons. Teherani, A., Martimianakis, T., Stenfors-Hayes, T., Wadhwa, A. and Varpio, L., 2015. Choosing a qualitative research approach.Journal of graduate medical education,7(4), pp.669-670. Ulrichsen, K., 2016.The United Arab Emirates: Power, Politics and Policy-making. Taylor Francis.

Greensleeve Analysis free essay sample

The form of the piece also allows for the musician to add their own Improvisation, and for the performance I saw, Anna would constantly strum wrought all the strings scale in a descending and ascending manner in order to portray the dynamics and pure elegance of the harp. Therefore, Greensville is a prominent and classic composition for its historic eminence, its simple, yet influential form, and most Importantly, Its soothing, captivating, and Iconic rhythm.Many musical pieces we listen to today follow a repetitive verse and chorus form, which is actually the main form that is used in the piece Greensville. Coming from the Renaissance period, where singing was prominent and instrumentation was barely soused on, using this simple and memorable progression Is actually common for many pieces during this time. More specifically, the piece Is played In romances form, which is a form most popular during the Early Baroque Period and revolves around four chords serving as the repeating bass supporting a main melody. We will write a custom essay sample on Greensleeve Analysis or any similar topic specifically for you Do Not WasteYour Time HIRE WRITER Only 13.90 / page In addition, Greensville Is also provided with emotional lyrics about the unrequited love Henry the VIII had for Anne Blenny after she rejected him, which helps portray the message and essence of the composition at a more engaging perspective. The piece is introduced with the first verse of the piece and we start to understand the form as the supporting chords are played with the left hand and the plucking of the melody Is played with the right hand The chords and melody are played in an adagio tempo and are antiphonal to each other as the chords play first following by the melody.These musical elements demonstrates the sorrow mood of the piece as Henry expresses his feelings after being left discourteously by the love of his life. The chorus Is then played with the chords and melody working more cohesively and sounding more uplifting as they change key in order to show that the love Henry has for his joy, delight, and heart of gold remains true and positive (0:43-1:15). The second v erse then changes dramatically as the chords transition to a high, minor key and are played In fast, separate notes rather than Just as a strum. At this point, the drama and dynamics of the harp shows how Henry Is 1 OFF Anne. The chorus is repeated (1:52-2:26) as the key goes back to major and tempo back to adagio, further maintaining the recurring somber theme of the piece. The hired verse goes back to original key and tempo as the first verse, bringing down the drama of the piece in order to show Henry hopelessly and mournfully praying to Sod for the love of Anne. (2:27-3:03).

Cover Letter 122345 Essays (312 words) - Accounts Receivable

Marlon Josephs 3715 village estates ct. Cumming, Georgia | 770-296-6826 | [emailprotected] 11/11/18 Dear Ashley Jones, I would like to bring in my job experience as office clerk and junior accountant. I have been working for six years in the accounting of medium-sized companies in the metal trade and printing and publishing sectors.Already in my activity in metal trading I gained experience in international business transactions including customs declarations, while as a junior accountant in publishing I became familiar with the peculiarities of working with larger subscriber bases. The main focus of my previous activities was on accounts receivable accounting, including dunning, as well as data preparation and analysis in cooperation with other departments such as receivables management, controlling and marketing. Recently, I successfully completed my training as an "accountant (IHK)".I would now like to apply the expertise gained in an adequate position, which unfortunately my current employer can not offer me for the foreseeable future.In addition to the technica l requirements, I am tempted by the job advertised by you to enter a fast-growing and future-oriented industry with the changes and upheavals that are likely to occur again and again. Extreme care and absolute reliability are a natural part of my work.In addition, I work with a lot of team spirit and joy across departments and have already gained extensive experience in my previous activities. In everyday dealings, I am absolutely secure with MS Office, the relevant SAP modules and have some years of experience in dealing with other accounting software.I speak good English and have a solid basic knowledge of the French language. My notice period is six weeks to the end of the month.I look forward to personally discussing the possibilities of working with you. Sincerely, Sincerely , Marlon Josephs

Hulu Has Live Sports Goal Celebration Professor Ramos Blog

Hulu Has Live Sports Goal Celebration This is a commercial from Hulu with some of the United States women’s soccer players. The ad begins with the team passing the ball to each other and go all the way up to roughly around 15 yards away from the goal post. They then complete their play by scoring a goal to the left side of the goal post passing above the goalie’s fingertips. After the soccer players score they celebrate their goal by forming a human couch, an ottoman, and a television with one person sitting on the couch with a remote in hand watching the human made television. One of the female players is behind the television dancing to complete the display of the television. While this celebration is occurring a famous former player from the United States soccer team Mia Hamm asks two of the coaches on the sideline what they players are doing. They respond by saying that it is their new celebration goal and they are calling it â€Å"Hulu has live sports†. Mia Hamm follows up with another question asking how much Hulu will be paying them for this, and the two women just giggle and laugh. At the end of the commercial it shows the team all together side by side of each other as if to take a team picture wearing green uniforms saying Hulu has live sports with two pallets full of money dropping from a crane hook on the other side of the players. Towards the very end of the commercial where the team is together, this scene has multiple objects and other things with green details throughout the background. There are green text shown in the background in the stadium to represent the colors of the Hulu Company. They have certain seats colored green throughout the stadium so it can read out Hulu from a distance. There are also banners shown that say no cable required, which is another great way to interest their viewers. This is adding another reason to get Hulu other than Hulu having live sports included. The appeal of ethos is to convince or persuade the audience of ones’ character or credibility. This appeal is being used in this advertisement mainly because of the famous and well-known athletes in the commercial. Research suggests that over time, as heroes retire and disappear from the spotlight, their appeal begins to increase, even more than when they were performing (Lunardo, Renaud, et al. 692). This commercial is not in any way formal, it is more causal and normal type of presentation that can bring different types of viewers to stay interested because there is a little bit of comedy and like it was discussed earlier famous athletes/ celebrities. They also use the sport soccer to catch the viewers’ attention. Soccer is a very popular sport that is well known all around the world. To combine all of these together this advertisement has a very good chance to catch many sorts of viewers and to keep them hooked. â€Å"And finally children’s books are up to three times more likely to contain only male role models† (Adams-Blair 45). This sentence by Adams- Blair is very intriguing because the author is trying to allow the readers to have a clear image of how many children’s books’ contain only male role models. This mean that very few books have a only female role models to inspire children as they grow. This is a very important message that show be acknowledged because many kids could grow up thinking that only men or boys will be successful or better to achieve certain tasks. In the Hulu advertisement there are only female athletes and there are no men shown in this video. This can allow their viewers to understand that woman are capable of doing what men do. In this case it indicates that the women’s United States soccer team are female role models that can inspire kids as they grow to know that women too can do things like playing professional soccer. The emotion set for on this advertisement for certain people could be excitement or happiness. For example soccer fans might find this commercial fun or exciting because it involves soccer. Many people enjoy watching games and are very entertained just to watch a match. There is also joy and happiness seeing peoples’ favorite team on television. The appeal of logos is an appeal of logic, to convince an audience based off of reasoning. There are some good reasoning in this commercial that Hulu uses to logically convince their viewers to understand that it would benefit themselves to get Hulu. The main benefit of Hulu in this case is that they stream live sports for both female sand males. This in my perspective was viewed as Hulu having live sports for anyone, that Hulu will and does not discriminate based on gender. There is a bubble map in the article â€Å"Effectiveness of Absurdity in Advertising across Cultures.† This map describes how some viewers’ reactions could be based on how they can relate to the situation or what is happening in the advertisement. The first bubble on the map says absurdity, they use this word to let the readers know that this can literally be anything and that it could be as crazy as possible or something that is reasonable either or. Then there are two bubble for the next part that read recall and attitude towards ad. These two bubbles will show how the readers or viewers can reaction to the absurdity in the first bubble. So in the Hulu advertisement there can be different ways for the audience to react to the commercial. Either the viewers can recall or relate to the situation on the screen or they can have a certain opinion on the advertisement good or bad. Hulu is giving the sport of soccer to allow the viewers to relate to the commercial or recall a similar experience they had. This is all logical strategies used to appeal or interest viewers to get Hulu with live sports. The audience will have a better connection to the advertisement because they can relate situation. In conclusion, Hulu is using soccer to persuade the viewers to sign up for a Hulu account. The appeals used were pathos, ethos and logos. Hulu wants their audience to know that they will have live sports available and that there will not be any cable required to access these games. In the commercial the appeal of ethos is the one to mainly stand out because of all the famous athletes from the United States Women’s National Team that appear throughout the video. They also include a former player from the United States team Mia Hamm who was a great player and is a good role models for young kids. This advertisement used comedy and positive environment to set the emotion. Seeing professional female athletes can bring joy and excitement to people seeing them on commercials and intrigue the audience to continue to watch the video so Hulu can convince people to get Hulu with live sports. Work Cited Page Adams-Blair, Heater R. â€Å"The Importance of Physical Education and Sport in the Lives of Young Female.†International Sports Journal, vol. 6, no. 1, Winter 2002, p. 45.EBSCOhost, search.ebscohost.com/login.aspx?direct=truedb=a9hAN=6539181site=ehost-live. Gelbrich, Katja, et al. â€Å"Effectiveness of Absurdity in Advertising Across Cultures.†Ã‚  Journal of Promotion Management, vol. 18, no. 4, Oct. 2012, pp. 393–413.  EBSCOhost, doi:10.1080/10496491.2012.693058. Lunardo, Renaud, et al. â€Å"Celebrities as Human Brands: An Investigation of the Effects of Personality and Time on Celebrities’ Appeal.†Ã‚  Journal of Marketing Management, vol. 31, no. 5–6, May 2015, pp. 685–712.  EBSCOhost, doi:10.1080/0267257X.2015.1008548.

Leglization of Marijuana Research Paper Example | Topics and Well Written Essays - 750 words

Leglization of Marijuana - Research Paper Example Firstly, a comparison between alcohol and cigarettes shows that the use of marijuana has mild health risks and losses to the society. This is a great paradox since alcohol and cigarettes have not been banned despite their greater damage potential. This scenario further worsens owing to the ease of availability of the two products. On the contrary, to get marijuana, one must do it in secret so as not to arouse suspicion. Such hypocrisy and unfairness to marijuana users ought to end (Legalizationofmarijuana.com, 2010). Secondly, prohibiting marijuana has served to increase the black market that goes as far as to even corrupt the judicial system. There is massive bribing of judges that occurs to secure the release of rich marijuana dealers. Such arrests have led to America ending up as the largest jailor nation overcrowding jails, resulting in the release of more dangerous criminals such as murderers. On average, drug dealers are sentenced at a rate that is five times higher than the rate of those arrested for manslaughter. Such unfair severity in terms of punishment has led to the resignation of judges who do not wish to belong to a corrupt system (Legalizationofmarijuana.com, 2010). In addition, many farmers in America have turned to growing marijuana in their cornfields. This is because marijuana farming has become a lucrative venture with a bushel selling for up to 70,000 dollars. This is in stark contrast to that of corn, which rakes in a few dollars per bushel. Clearly, marijuana is fast substituting corn as the major cash crop in America. Failing to legalize marijuana is turning innocent farmers on whom the country‘s survival depends into criminals. Legislation of marijuana will work better than simply decriminalizing or medicalizing it. Decriminalisation serves to legalize the possession of little amounts of the drug although it does not put an end to the enormous black market or allow for simpler taxation.

How does low income level relates to child abuse Term Paper

How does low income level relates to child abuse - Term Paper Example The main concern of a poor class is to survive and combat with poverty. The poverty problem is a dilemma which gives rise to child sexual abuse since the families are not concerned about child protection. The way children are maltreated, misuse, and neglect have many times escorted them to the vulnerability of child abuse. However in the United States, child abuse is not a new issue, since children have been the subject of various types of abuse for decades, therefore concern for abused children now demands action from private citizens as well as the government. Despite the existence and active participation of child welfare programs, child abuse is a common problem confronted by the United States. One reason for the widespread of this quandary is the fact that economic resources and political structure varies according to the social determinants for people who live in urban and rural regions (Kenney et al, 2001, p. xv). Child abuse some decades ago was seen as a problem of physical battering and the deliberate intention to harm the child, mainly by parents. It was in the 1970s that the meaning of the term child abuse expanded to include not only physical harm of the child, but also sexual or emotional maltreatment by parents or caretakers since abuse does not have to be deliberate infliction, but can also take the form of omission to act resulting in neglect of the childs needs. The main concern pertains to what our communities consider as child abuse, for example in many community cases in the professional consensus in the United States it was a concern as to what constitutes abuse or neglect of a child. When analyzed on the basis of community research it was found that all agreed to consider a child with fractured bones from repeated beatings as abused, while a child who is not given the minimum amount of food, clothing, or attention necessary for survival or a young child left unfed in a room as

Critical Essay Example | Topics and Well Written Essays - 1000 words

Critical - Essay Example They established a system to investigate the membrane dynamics of the events occurring at the interface of HIV-1 infected and receptor expressing T cells. The authors selected appropriate CD4+/CXCR4+ T cell lines for the study and maintained them in an antibiotic supplemented cell growth medium and established the purity of the cell lines at a level greater than 90% by flow cytometry by indirect immunofluorescence. These CD4+ cells were labeled as target cells. Jurkat CE 6.1 cells infected with HIV-1 strain LAI were used as effector cells. After phenotyping the cells for surface Env and CD4 expression, the effector and the target cells were mixed in equal quantities on cover slips, with or without inclusion of mAb (monoclonal antibody). For specific time intervals after which they were fixed and stained. Kinetic studies were conducted in separate experiments by immunostaining of conjugates for specific mAbs. Appropriate software and methods for confocal microscopy and photography wer e employed. Inhibition of cytoskeletal rearrangement and signaling were studied in separate experiments. Cell-cell fusion assay and transmission electron microscopy were the other experiments conducted. The authors have been able to develop a novel system to study the cell to cell dissemination of HIV-1 by demonstrating a close packing and concentration of the virus particles in the plasma membranes of both effector and target cells, though they could not actually demonstrate the formation of a synapse between the two cells, which they suggest is the most likely mechanism. The role of an actin dependent mechanism in the Env-dependent recruitment of CD4, CXCR4, and LFA-1 has successfully been demonstrated. This cytoskeleton dependent receptor movement during infection of the target cells along with formation of an adhesive junction has been proposed as the likely

Analysis of Botnet Security Threats

Analysis of Botnet Security Threats CHAPTER 1 INTRODUCTION 1.1 Introduction During the last few decades, we have seen the dramatically rise of the Internet and its applications to the point which they have become a critical part of our lives. Internet security in that way has become more and more important to those who use the Internet for work, business, entertainment or education. Most of the attacks and malicious activities on the Internet are carried out by malicious applications such as Malware, which includes viruses, trojan, worms, and botnets. Botnets become a main source of most of the malicious activities such as scanning, distributed denial-of-service (DDoS) activities, and malicious activities happen across the Internet. 1.2 Botnet Largest Security Threat A bot is a software code, or a malware that runs automatically on a compromised machine without the users permission. The bot code is usually written by some criminal groups. The term â€Å"bot† refers to the compromised computers in the network. A botnet is essentially a network of bots that are under the control of an attacker (BotMaster). Figure 1.1 illustrates a typical structure of a botnet. A bot usually take advantage of sophisticated malware techniques. As an example, a bot use some techniques like keylogger to record user private information like password and hide its existence in the system. More importantly, a bot can distribute itself on the internet to increase its scale to form a bot army. Recently, attackers use compromised Web servers to contaminate those who visit the websites through drive-by download [6]. Currently, a botnet contains thousands of bots, but there is some cases that botnet contain several millions of bots [7]. Actually bots differentiate themselves from other kind of worms by their ability to receive commands from attacker remotely [32]. Attacker or better call it botherder control bots through different protocols and structures. The Internet Relay Chat (IRC) protocol is the earliest and still the most commonly used CC channel at present. HTTP is also used because Http protocol is permitted in most networks. Centralized structure botnets was very successful in the past but now botherders use decentralized structure to avoid single point of failure problem. Unlike previous malware such as worms, which are used probably for entertaining, botnets are used for real financial abuse. Actually Botnets can cause many problems as some of them listed below: i. Click fraud. A botmaster can easily profit by forcing the bots to click on advertisement for the purpose of personal or commercial abuse. ii. Spam production. Majority of the email on the internet is spam. iii. DDoS attacks. A bot army can be commanded to begin a distributed denial-of-service attack against any machine. iv. Phishing. Botnets are widely used to host malicious phishing sites. Criminals usually send spam messages to deceive users to visit their forged web sites, so that they can obtain users critical information such as usernames, passwords. 1.3 Botnet in-Depth Nowadays, the most serious manifestation of advanced malware is Botnet. To make distinction between Botnet and other kinds of malware, the concepts of Botnet have to understand. For a better understanding of Botnet, two important terms, Bot and BotMaster have been defined from another point of views. Bot Bot is actually short for robot which is also called as Zombie. It is a new type of malware [24] installed into a compromised computer which can be controlled remotely by BotMaster for executing some orders through the received commands. After the Bot code has been installed into the compromised computers, the computer becomes a Bot or Zombie [25]. Contrary to existing malware such as virus and worm which their main activities focus on attacking the infecting host, bots can receive commands from BotMaster and are used in distributed attack platform. BotMaster BotMaster is also known as BotHerder, is a person or a group of person which control remote Bots. Botnets- Botnets are networks consisting of large number of Bots. Botnets are created by the BotMaster to setup a private communication infrastructure which can be used for malicious activities such as Distributed Denial-of-Service (DDoS), sending large amount of SPAM or phishing mails, and other nefarious purpose [26, 27, 28]. Bots infect a persons computer in many ways. Bots usually disseminate themselves across the Internet by looking for vulnerable and unprotected computers to infect. When they find an unprotected computer, they infect it and then send a report to the BotMaster. The Bot stay hidden until they are announced by their BotMaster to perform an attack or task. Other ways in which attackers use to infect a computer in the Internet with Bot include sending email and using malicious websites, but common way is searching the Internet to look for vulnerable and unprotected computers [29]. The activities associated with Botnet can be classified into three parts: (1) Searching searching for vulnerable and unprotected computers. (2) Dissemination the Bot code is distributed to the computers (targets), so the targets become Bots. (3) sign-on the Bots connect to BotMaster and become ready to receive command and control traffic. The main difference between Botnet and other kind of malwares is the existence of Command-and-Control (CC) infrastructure. The CC allows Bots to receive commands and malicious capabilities, as devoted by BotMaster. BotMaster must ensure that their CC infrastructure is sufficiently robust to manage thousands of distributed Bots across the globe, as well as resisting any attempts to shutdown the Botnets. However, detection and mitigation techniques against Botnets have been increased [30,31]. Recently, attackers are also continually improving their approaches to protect their Botnets. The first generation of Botnets utilized the IRC (Internet Relay Chat) channels as their Common-and-Control (CC) centers. The centralized CC mechanism of such Botnet has made them vulnerable to being detected and disabled. Therefore, new generation of Botnet which can hide their CC communication have emerged, Peer-to-Peer (P2P) based Botnets. The P2P Botnets do not experience from a single point of failur e, because they do not have centralized CC servers [35]. Attackers have accordingly developed a range of strategies and techniques to protect their CC infrastructure. Therefore, considering the CC function gives better understanding of Botnet and help defenders to design proper detection or mitigation techniques. According to the CC channel we categorize Botnets into three different topologies: a) Centralized; b) Decentralized and c) Hybrid. In Section 1.1.4, these topologies have been analyzed and completely considered the protocols that are currently being used in each model. 1.4 Botnet Topologies According to the Command-and-Control(CC) channel, Botnet topology is categorized into three different models, the Centralized model, the Decentralized model and Hybrid model. 1.4.1 Centralized Model The oldest type of topology is the centralized model. In this model, one central point is responsible for exchanging commands and data between the BotMaster and Bots. In this model, BotMaster chooses a host (usually high bandwidth computer) to be the central point (Command-and-Control) server of all the Bots. The CC server runs certain network services such as IRC or HTTP. The main advantage of this model is small message latency which cause BotMaster easily arranges Botnet and launch attacks. Since all connections happen through the CC server, therefore, the CC is a critical point in this model. In other words, CC server is the weak point in this model. If somebody manages to discover and eliminates the CC server, the entire Botnet will be worthless and ineffective. Thus, it becomes the main drawback of this model. A lot of modern centralized Botnets employed a list of IP addresses of alternative CC servers, which will be used in case a CC server discovered and has been taken offline. Since IRC and HTTP are two common protocols that CC server uses for communication, we consider Botnets in this model based on IRC and HTTP. Figure 1.2 shows the basic communication architecture for a Centralized model. There are two central points that forward commands and data between the BotMaster and his Bots. 1.4.1.1 Botnets based on IRC The IRC is a type of real-time Internet text messaging or synchronous conferencing [36]. IRC protocol is based on the Client Server model that can be used on many computers in distributed networks. Some advantages which made IRC protocol widely being used in remote communication for Botnets are: (i) low latency communication; (ii) anonymous real-time communication; (iii) ability of Group (many-to-many) and Private (one-to-one) communication; (iv) simple to setup and (v) simple commands. The basic commands are connect to servers, join channels and post messages in the channels; (vi) very flexibility in communication. Therefore IRC protocol is still the most popular protocol being used in Botnet communication. In this model, BotMasters can command all of their Bots or command a few of the Bots using one-to-one communication. The CC server runs IRC service that is the same with other standard IRC service. Most of the time BotMaster creates a channel on the IRC server that all the bots can connect, which instruct each connected bot to do the BotMasters commands. Figure 1.3 showed that there is one central IRC server that forwards commands and data between the BotMaster and his Bots. Puri [38] presented the procedures and mechanism of Botnet based on IRC, as shown in Figure. 1.4. Bots infection and control process [38]: i. The attacker tries to infect the targets with Bots. ii. After the Bot is installed on target machine, it will try to connect to IRC server. In this while a random nickname will be generate that show the bot in attackers private channel. iii. Request to the DNS server, dynamic mapping IRC servers IP address. iv. The Bot will join the private IRC channel set up by the attacker and wait for instructions from the attacker. Most of these private IRC channel is set as the encrypted mode. v. Attacker sends attack instruction in private IRC channel. vi. The attacker tries to connect to private IRC channel and send the authentication password. vii. Bots receive instructions and launch attacks such as DDoS attacks. 1.4.1.2 Botnet based on HTTP The HTTP protocol is an additional well-known protocol used by Botnets. Because IRC protocol within Botnets became well-known, internet security researchers gave more consideration to monitoring IRC traffic to detect Botnet. Consequently, attackers started to use HTTP protocol as a Command-and-Control communication channel to make Botnets become more difficult to detect. The main advantage of using the HTTP protocol is hiding Botnets traffics in normal web traffics, so it can easily passes firewalls and avoid IDS detection. Usually firewalls block incoming and outgoing traffic to not needed ports, which usually include the IRC port. 1.4.2 Decentralized model Due to major disadvantage of Centralized model-Central Command-and-Control (CC)-attackers tried to build another Botnet communication topology that is harder to discover and to destroy. Hence, they decided to find a model in which the communication system does not heavily depending on few selected servers and even discovering and destroying a number of Bots. As a result, attackers take advantage of Peer-to-Peer (P2P) communication as a Command-and-Control (CC) pattern which is much harder to shut down in the network. The P2P based CC model will be used considerably in Botnets in the future, and definitely Botnets that use P2P based CC model impose much bigger challenge for defense of networks. In the P2P model, as shown in Fig. 1.6, there is no Centralized point for communication. Each Bot have some connections to the other Bots of the same Botnet and Bots act as both Clients and servers. A new Bot must know some addresses of the Botnet to connect there. If Bots in the Botnet are taken offline, the Botnet can still continue to operate under the control of BotMaster. P2P Botnets aim at removing or hiding the central point of failure which is the main weakness and vulnerability of Centralized model. Some P2P Botnets operate to a certain extent decentralized and some completely decentralized. Those Botnets that are completely decentralized allow a BotMaster to insert a command into any Bots. Since P2P Botnets usually allow commands to be injected at any node in the network, the authentication of commands become essential to prevent other nodes from injecting incorrect commands. For a better understanding in this model, some characteristics and important features of famous P2P Botnets have been mentioned: Slapper: Allows the routing of commands to distinct nodes. Uses Public key and private key cryptography to authenticate commands. BotMasters sign commands with private key and only those nodes which has corresponding public key can verify the commands [42]. Two important weak points are: (a) its list of known Bots contains all (or almost all) of the Botnet. Thus, one single captured Bot would expose the entire Botnet to defenders [42] (b) its sophisticated communication mechanism produces lot traffic, making it vulnerable to monitoring via network flow analysis. Sinit: This Bot uses random searching to discove other Bots to communicate with. It can results in an easy detection due to the extensive probing traffic [34]. Nugache: Its weakness is based on its reliance on a seed list of 22 IP addresses during its bootstrap process [47]. Phatbot: Uses Gnutella cache server for its bootstrap process which can be easily shutdown. Also its WASTE P2P protocol has a scalability problem across a long network [48]. Strom worm: it uses a P2p overnet protocl to control compromised hosts. The communication protocol for this Bot can be classified into five steps, as describes below :[37] i. Connect to Overnet Bots try to join Overnet network. Each Bot initially has hard-coded binary files which is included the IP addresses of P2P-based Botnet nodes. ii. Search and Download Secondary Injection URL Bot uses hard-coded keys to explore for and download the URL on the Overnet network [37]. iii. Decrypt Secondary Injection URL compromised hosts take advantages of a key(hard coded) to decrypt the URL. iv. Download Secondary Injection compromised hosts attempt to download the second injection from a server(probably web server). It could be infected files or updated files or list of the P2P nodes [37]. 1.4.3 Hybrid model The Bots in the Hybrid Botnet are categorized into two groups: 1) Servant Bots Bots in the first group are called as servant Bots, because they behave as both clients and servers, which have static, routable IP addresses and are accessible from the entire Internet. 2) Client Bots Bots in the second group is called as client Bots since they do not accept incoming connections. This group contains the remaining Bots, including:- (a) Bots with dynamically designated IP addresses; (b) Bots with Non-routable IP addresses; and (c) Bots behind firewalls which they cannot be connected from the global Internet. 1.5 Background of the Problem Botnets which are controlled remotely by BotMasters can launch huge denial of service attacks, several infiltration attacks, can be used to spread spam and also conduct malicious activities [115]. While bot army activity has, so far, been limited to criminal activity, their potential for causing large- scale damage to the entire internet is immeasurable [115]. Therefore, Botnets are one of the most dangerous types of network-based attack today because they involve the use of very large, synchronized groups of hosts for their malicious activities. Botnets obtain their power by size, both in their increasing bandwidth and in their reach. As mentioned before Botnets can cause severe network disruptions through huge denial- of-service attacks, and the danger of this interruption can charge enterprises big sums in extortion fees. Botnets are also used to harvest personal, corporate, or government sensitive information for sale on a blooming organized crime market. 1.6 Statement of the Problem Recently, botnets are using new type of command-and-control(CC) communication which is totally decentralized. They utilize peer-to-peer style communication. Tracking the starting point and activity of this botnet is much more complicated due to the Peer-to-Peer communication infrastructure. Combating botnets is usually an issue of discovering their weakness: their central position of command, or CC server. This is typically an IRC network that all bots connect to central point, however with the use of P2P method; we cannot find any central point of command. In the P2P networks each bots in searching to connect other peers which can receive or broadcast commands through network. Therefore, an accurate detection and fighting method is required to prevent or stop such dangerous networks. 1.7 Research Questions a. What are the main differences between centralized and decentralized botnets? b. What is the best and efficient general extensible solution for detecting non-specific Peer-to- Peer botnets? 1.8 Objectives of the Study i. To develop a network-based framework for Peer-to-Peer botnets detection by common behavior in network communication. ii. To study the behavior of bots and recognizing behavioral similarities across multiple bots in order to develop mentioned framework. 1.9 Scope of the Study The project scope is limited to developing some algorithms pertaining to our proposed framework. This algorithms are using for decreasing traffics by filtering it, classifying intended traffics, monitoring traffics and the detection of malicious activities. 1.10 Significance of the study Peer-to-Peer botnets are one of the most sophisticated types of cyber crime today. They give the full control of many computers around to world to exploit them for malicious activities purpose such as spread of virus and worm, spam distribution and DDoS attack. Therefore, studying the behavior of P2P botnets and develop a technique that can detect them is important and high-demanded. 1.11 Summary Understanding the Botnet Command-and-Control(CC) is a critical part in recognizing how to best protect against the overall botnet threat. The CC channels utilized by the Botnets will often show the type and degree of actions an enterprise can follow in either blocking or shutting down a botnet, and the probability of success. It is also obvious that attackers have been trying for years to move away from Centralized CC channels, and are achieving some success using Decentralized(P2P) CC channels over the last 5 or so years. Therefore in this chapter we have defined a classification for better understanding of Botnets CC channels, which is included Centralized, Decentralized, and Hybrid model and tried to evaluate recognized protocols in each of them. Understanding the communication topologies in Botnets is essential to precisely identify, detect and mitigate the ever-increasing Botnets threats. CHAPTER 2 LITERATURE REVIEW 2.1 Introduction Before majority of botnets was using IRC (Internet Relay Chat) as a communication protocol for Command and Control(CC) mechanism. Therefore, many researches tried to develop botnet detection scheme which was based on analysis of IRC traffic [50]. As a result, attackers decided to develop more sophisticated botnets, such as Storm worm and Nugache toward the utilization of P2P networks for CC infrastructures. In response to this movement, researches have proposed various models of botnets detection that are based on P2P infrastructure [5]. One key advantage of both IRC and HTTP Botnet is the use of central Command and Control. This characteristic provides the attacker with very well-organized communication. However, the assets also considers as a main disadvantage to the attacker [8]. The threat of the Botnet can be decreased and possibly omitted if the central CC is taken over or taken down [8]. The method that is starting to come out is P2P structure for Botnet interaction. There is not any centralized centre for P2P botnets. Any nodes in P2P botnet behave as client and server as well. If any point in the network is shut down the botnet still can continue its operation. The storm botnet is one of the main and recognized recent P2P botnets. It customized the overnet P2P file-sharing application which is based on the Kademlia distributed hash table algorithm [55] and exploit it for its CC infrastructure. Recently many researchers specially in the anti-virus community and electronic media concentrated on storm worm [56,57]. 2.2 Background and History A peer-to-peer network is a network of computers that any computer in the network can behave as both a client and a server. Some explanation of peer-to-peer networks does not need any form of centralized coordination. This definition is more comfortable because the attacker may be interested in hybrid architectures [8]. 2.2.1 History The table 2.1 shows a summary of some well-known bots and P2P protocols. The range of time from the first bots, EggDrop, until the Storm Worm P2P bot is newly released. The first non-malicious bot was EggDrop that came up many years ago, and we know it as one of the first IRC bots that came to market. GTBot that have many other categories is another well-known malicious bot, that its variants are IRC client, mIRC.exe[61]. After a while, P2P protocols have been used for Botnet activities. Napster is one of the first bot that used P2P as its communication. Napster built an platform that permit all bots can find each other and share files with each other in the network. In this bot, file sharing has been done in the centralized server that we can say it was not completely a P2P botnet. Therefore, all bots have to upload an index of their files to the centralized server and also if they are looking for other files among all bots, have to search in centralized server. If it can find any file that looking for, then can directly connect to that bot and download what they want. Nowadays, because Napster has been shutdown as their service recognized as illegal service, many other P2P service focusing on avoiding such finding. After few years after Napster, Gnutella protocol came up as the first completely P2P services. Actually after Gnutellas , as shown in Table 2.1, many other P2P protocols have been released, such as Kademilia and Chord. This two new p2p service are using distributed hash table as a method for finding information in the peer-to-peer networks. Agobot is another malicious P2P bot that came up recently and become widespread because of good design and modular code base [61]. Nowadays many researchers are concentrating on P2P bots and there is an anticipation that P2P bots will reach to the stage that Centralized botnets will not been used any more in the future. Table 2.1: P2P based Botnets 2.3 Peers-to-Peer Overlay Networks Overlay networks are categorized into two categories: Structured and Unstructured. All nodes in first category can connect to most X peers regarding some conditions for identification of nodes that those peers want to connect. However in unstructured type there is not any specified limit for the number of peers that they can connect, in spite of the fact that there is not any condition for connecting to other peers. Overnet is a good example of structured p2p networks and Chorf is a good example of unstructured P2P networks. 2.3.1 Brief overview of Overnet One of the popular file sharing networks is Overnet that use for their design use distributed hash table (DHT) algorithm that called Kademlia[55]. Each node produces a 128-bit id for joining the network and also use for sending to other node for introducing itself. Actually each node in the network saves the information about other nodes in order to route query messages. 2.3.2 Brief overview of Gnutella Gnutellas is a unstructured file sharing network. In this network, when a node like n want to connect to a node like m, use a ping message to inform the other node for its presence. As long as node m received ping message, then send it back to other nodes in its neighbor and also send a Pong message to the sender of ping message that was node n. this transaction among node let them to learn about each other. 2.4 Botnet Detection In particular, to compare existing botnet detection techniques, different methods are described and then disadvantages of each method are mentioned respectively. 2.4.1 Honeypot-based tracking Honeypot can be used to collect bots for analyzing its behavior and signatures and also for tracking botnets. But using honeypots have several limitations. The most important limitation is because of limited scale of exploited activities that can track. And also it cannot capture the bots that use the method of propagation other than scanning, such as spam. And finally it can only give report for infection machines that are anticipated and put in the network as trap system. So it means that it can not give a report for those computers that are infected with bot in the network but are not devoted as trap machines. So we can come to this conclusion that generally in this technique we have to wait until one bot in the network infect our system and then we can track or analyze the machine. 2.4.2 Intrusion detection systems Intrusion detection techniques can be categorized into two categories: host-based and network-based solution. Host-based techniques are used for recognizing malware binaries such as viruses. A good example of this type is anti-virus detection systems. However, we know that anti-virus are good for just virus detection. The most important disadvantages of anti-virus are that bots can easily evade the detection technique by changing their signatures easily, because the detection system cannot update their databases consistency. And also bots can disable any anti-virus tools in the system to protect themselves from detection. Network- based intrusion detection system is another method for detection that is used in the field of botnet detection. Snort[67] and Bro[68] are the two well-known signature based detection system that are used currently. They use a database as signatures of famous malicious activities to detect botnets or any other malware. Actually if our objective is using this technique for botnet detection, we have to keep updating the database and recognizing all malware quickly to make a signature of it and add to our database. For solving this solving this problem recently researchers are using anomaly based IDS that can detect malicious activities based on behavior of malware or detection techniques. 2.4.3 Bothunter : Dialog correlation-based Botnet detection This technique developed an evidence-trail approach for detecting successful bot infection with patterns during communication for infection process. In this strategy, bot infection pattern are modeled to use for recognizing the whole process of infection of botnet in the network. All behavior that occur the bot infection such as target scanning, CC establishment, binary downloading and outbound propagation have to model by this method. This method gathers an evidence-trail of connected infection process for each internal machine and then tries to look for a threshold combination of sequences that will convince the condition for bot infection [32]. The BotHunter use snort with adding two anomaly-detection components to it that are SLADE (Statistical payLoad Anomaly Detection Engine) and SCADE (Statistical scan Anomaly Detection Engine). SCADE produce internal and external scan detection warnings that are weighted for criticality toward malware scanning patterns. SLADE perform a byte-distribution payload anomaly detection of incoming packets, providing a matching non-signature approach in inbound exploit detection [32 ]. Slade use an n-gram payload examination of traffics that have typical malware intrusions. SCADE execute some port scan analysis for incoming and outgoing traffics. Actually BotHunter has a link between scan and alarm intrusion that shows a host has been infected. When a adequate sequence of alerts is established to match BotHunters infection dialog model, a comprehensive report is created to get all the related events participants that have a rule in infection dialog [32]. This method provides some important features: i. This technique concentrates on malware detection by IDS-driven dialog correlation. This model shows an essential network processes that occur during a successful bot infection. ii. This technique has one IDS-independent dialog correlation engine and three bot-specific sensors. This technique can automatically produce a report of whole detection of bot, as well as the infection of agent, identification of the computer that has been infected and source of Command and Control centre. 2.4.3.1 Bot infection sequences Actually understanding bot infection life processes is a challenging work for protection of network in the future. The major work in this area is differentiating between successful bot infection and background exploit attempt. For reaching to this point analysis of two-way dialog flow between internal hosts and external hosts (internet) is needed. In a good design network which uses filtering at gateway, the threats of direct exploitations are limited. However, contemporary malware families are highly flexible in their ability to attack vulnerable hosts through email attachments, infected P2P media, and drive-by download infections [32]. 2.4.3.2 Modeling the infection dialog process The bot distribution model can conclude by an analysis of external communication traffics that shows the behavior of relevant botnet. Incoming scan and utilize alarms are not enough to state a winning malware infection, as are assumed that a stable stream of scan and exploit signals will be observed from the way out monitor [32]. Figure 2.1 shows the process of bot infection in BotHunter that used for evaluating network flows through eight stages. This model is almost similar with the model that Rajab et al. presented for IRC detection model. The model that they proposed has early initial scanning that is a preceding consideration happen in form of IP exchange and pointing vulnerable ports. Actually figure 2.1 is not aimed for a strict ordering of infection events that happen during bot infection. The important issue here is that bot dialog processes analysis have to be strong to the absence of some dialog events and must not need strong sequencing on the order in bound dialog is conducted. One solution to solve the problem of sequence order and event is to use a weighted event threshold system that take smallest essential sparse sequences of events under which bot profile statement can be initiated [32]. For instance, it is possible put weighting and threshold system for the look of each event in a way that a smallest set of event is important prior of bot detection. 2.4.3.3 Design and implementation More attention devoted for designing a passive network monitoring system in this part which be able of identifying the bidirectional warning signs when internal hosts are infected with b Analysis of Botnet Security Threats Analysis of Botnet Security Threats CHAPTER 1 INTRODUCTION 1.1 Introduction During the last few decades, we have seen the dramatically rise of the Internet and its applications to the point which they have become a critical part of our lives. Internet security in that way has become more and more important to those who use the Internet for work, business, entertainment or education. Most of the attacks and malicious activities on the Internet are carried out by malicious applications such as Malware, which includes viruses, trojan, worms, and botnets. Botnets become a main source of most of the malicious activities such as scanning, distributed denial-of-service (DDoS) activities, and malicious activities happen across the Internet. 1.2 Botnet Largest Security Threat A bot is a software code, or a malware that runs automatically on a compromised machine without the users permission. The bot code is usually written by some criminal groups. The term â€Å"bot† refers to the compromised computers in the network. A botnet is essentially a network of bots that are under the control of an attacker (BotMaster). Figure 1.1 illustrates a typical structure of a botnet. A bot usually take advantage of sophisticated malware techniques. As an example, a bot use some techniques like keylogger to record user private information like password and hide its existence in the system. More importantly, a bot can distribute itself on the internet to increase its scale to form a bot army. Recently, attackers use compromised Web servers to contaminate those who visit the websites through drive-by download [6]. Currently, a botnet contains thousands of bots, but there is some cases that botnet contain several millions of bots [7]. Actually bots differentiate themselves from other kind of worms by their ability to receive commands from attacker remotely [32]. Attacker or better call it botherder control bots through different protocols and structures. The Internet Relay Chat (IRC) protocol is the earliest and still the most commonly used CC channel at present. HTTP is also used because Http protocol is permitted in most networks. Centralized structure botnets was very successful in the past but now botherders use decentralized structure to avoid single point of failure problem. Unlike previous malware such as worms, which are used probably for entertaining, botnets are used for real financial abuse. Actually Botnets can cause many problems as some of them listed below: i. Click fraud. A botmaster can easily profit by forcing the bots to click on advertisement for the purpose of personal or commercial abuse. ii. Spam production. Majority of the email on the internet is spam. iii. DDoS attacks. A bot army can be commanded to begin a distributed denial-of-service attack against any machine. iv. Phishing. Botnets are widely used to host malicious phishing sites. Criminals usually send spam messages to deceive users to visit their forged web sites, so that they can obtain users critical information such as usernames, passwords. 1.3 Botnet in-Depth Nowadays, the most serious manifestation of advanced malware is Botnet. To make distinction between Botnet and other kinds of malware, the concepts of Botnet have to understand. For a better understanding of Botnet, two important terms, Bot and BotMaster have been defined from another point of views. Bot Bot is actually short for robot which is also called as Zombie. It is a new type of malware [24] installed into a compromised computer which can be controlled remotely by BotMaster for executing some orders through the received commands. After the Bot code has been installed into the compromised computers, the computer becomes a Bot or Zombie [25]. Contrary to existing malware such as virus and worm which their main activities focus on attacking the infecting host, bots can receive commands from BotMaster and are used in distributed attack platform. BotMaster BotMaster is also known as BotHerder, is a person or a group of person which control remote Bots. Botnets- Botnets are networks consisting of large number of Bots. Botnets are created by the BotMaster to setup a private communication infrastructure which can be used for malicious activities such as Distributed Denial-of-Service (DDoS), sending large amount of SPAM or phishing mails, and other nefarious purpose [26, 27, 28]. Bots infect a persons computer in many ways. Bots usually disseminate themselves across the Internet by looking for vulnerable and unprotected computers to infect. When they find an unprotected computer, they infect it and then send a report to the BotMaster. The Bot stay hidden until they are announced by their BotMaster to perform an attack or task. Other ways in which attackers use to infect a computer in the Internet with Bot include sending email and using malicious websites, but common way is searching the Internet to look for vulnerable and unprotected computers [29]. The activities associated with Botnet can be classified into three parts: (1) Searching searching for vulnerable and unprotected computers. (2) Dissemination the Bot code is distributed to the computers (targets), so the targets become Bots. (3) sign-on the Bots connect to BotMaster and become ready to receive command and control traffic. The main difference between Botnet and other kind of malwares is the existence of Command-and-Control (CC) infrastructure. The CC allows Bots to receive commands and malicious capabilities, as devoted by BotMaster. BotMaster must ensure that their CC infrastructure is sufficiently robust to manage thousands of distributed Bots across the globe, as well as resisting any attempts to shutdown the Botnets. However, detection and mitigation techniques against Botnets have been increased [30,31]. Recently, attackers are also continually improving their approaches to protect their Botnets. The first generation of Botnets utilized the IRC (Internet Relay Chat) channels as their Common-and-Control (CC) centers. The centralized CC mechanism of such Botnet has made them vulnerable to being detected and disabled. Therefore, new generation of Botnet which can hide their CC communication have emerged, Peer-to-Peer (P2P) based Botnets. The P2P Botnets do not experience from a single point of failur e, because they do not have centralized CC servers [35]. Attackers have accordingly developed a range of strategies and techniques to protect their CC infrastructure. Therefore, considering the CC function gives better understanding of Botnet and help defenders to design proper detection or mitigation techniques. According to the CC channel we categorize Botnets into three different topologies: a) Centralized; b) Decentralized and c) Hybrid. In Section 1.1.4, these topologies have been analyzed and completely considered the protocols that are currently being used in each model. 1.4 Botnet Topologies According to the Command-and-Control(CC) channel, Botnet topology is categorized into three different models, the Centralized model, the Decentralized model and Hybrid model. 1.4.1 Centralized Model The oldest type of topology is the centralized model. In this model, one central point is responsible for exchanging commands and data between the BotMaster and Bots. In this model, BotMaster chooses a host (usually high bandwidth computer) to be the central point (Command-and-Control) server of all the Bots. The CC server runs certain network services such as IRC or HTTP. The main advantage of this model is small message latency which cause BotMaster easily arranges Botnet and launch attacks. Since all connections happen through the CC server, therefore, the CC is a critical point in this model. In other words, CC server is the weak point in this model. If somebody manages to discover and eliminates the CC server, the entire Botnet will be worthless and ineffective. Thus, it becomes the main drawback of this model. A lot of modern centralized Botnets employed a list of IP addresses of alternative CC servers, which will be used in case a CC server discovered and has been taken offline. Since IRC and HTTP are two common protocols that CC server uses for communication, we consider Botnets in this model based on IRC and HTTP. Figure 1.2 shows the basic communication architecture for a Centralized model. There are two central points that forward commands and data between the BotMaster and his Bots. 1.4.1.1 Botnets based on IRC The IRC is a type of real-time Internet text messaging or synchronous conferencing [36]. IRC protocol is based on the Client Server model that can be used on many computers in distributed networks. Some advantages which made IRC protocol widely being used in remote communication for Botnets are: (i) low latency communication; (ii) anonymous real-time communication; (iii) ability of Group (many-to-many) and Private (one-to-one) communication; (iv) simple to setup and (v) simple commands. The basic commands are connect to servers, join channels and post messages in the channels; (vi) very flexibility in communication. Therefore IRC protocol is still the most popular protocol being used in Botnet communication. In this model, BotMasters can command all of their Bots or command a few of the Bots using one-to-one communication. The CC server runs IRC service that is the same with other standard IRC service. Most of the time BotMaster creates a channel on the IRC server that all the bots can connect, which instruct each connected bot to do the BotMasters commands. Figure 1.3 showed that there is one central IRC server that forwards commands and data between the BotMaster and his Bots. Puri [38] presented the procedures and mechanism of Botnet based on IRC, as shown in Figure. 1.4. Bots infection and control process [38]: i. The attacker tries to infect the targets with Bots. ii. After the Bot is installed on target machine, it will try to connect to IRC server. In this while a random nickname will be generate that show the bot in attackers private channel. iii. Request to the DNS server, dynamic mapping IRC servers IP address. iv. The Bot will join the private IRC channel set up by the attacker and wait for instructions from the attacker. Most of these private IRC channel is set as the encrypted mode. v. Attacker sends attack instruction in private IRC channel. vi. The attacker tries to connect to private IRC channel and send the authentication password. vii. Bots receive instructions and launch attacks such as DDoS attacks. 1.4.1.2 Botnet based on HTTP The HTTP protocol is an additional well-known protocol used by Botnets. Because IRC protocol within Botnets became well-known, internet security researchers gave more consideration to monitoring IRC traffic to detect Botnet. Consequently, attackers started to use HTTP protocol as a Command-and-Control communication channel to make Botnets become more difficult to detect. The main advantage of using the HTTP protocol is hiding Botnets traffics in normal web traffics, so it can easily passes firewalls and avoid IDS detection. Usually firewalls block incoming and outgoing traffic to not needed ports, which usually include the IRC port. 1.4.2 Decentralized model Due to major disadvantage of Centralized model-Central Command-and-Control (CC)-attackers tried to build another Botnet communication topology that is harder to discover and to destroy. Hence, they decided to find a model in which the communication system does not heavily depending on few selected servers and even discovering and destroying a number of Bots. As a result, attackers take advantage of Peer-to-Peer (P2P) communication as a Command-and-Control (CC) pattern which is much harder to shut down in the network. The P2P based CC model will be used considerably in Botnets in the future, and definitely Botnets that use P2P based CC model impose much bigger challenge for defense of networks. In the P2P model, as shown in Fig. 1.6, there is no Centralized point for communication. Each Bot have some connections to the other Bots of the same Botnet and Bots act as both Clients and servers. A new Bot must know some addresses of the Botnet to connect there. If Bots in the Botnet are taken offline, the Botnet can still continue to operate under the control of BotMaster. P2P Botnets aim at removing or hiding the central point of failure which is the main weakness and vulnerability of Centralized model. Some P2P Botnets operate to a certain extent decentralized and some completely decentralized. Those Botnets that are completely decentralized allow a BotMaster to insert a command into any Bots. Since P2P Botnets usually allow commands to be injected at any node in the network, the authentication of commands become essential to prevent other nodes from injecting incorrect commands. For a better understanding in this model, some characteristics and important features of famous P2P Botnets have been mentioned: Slapper: Allows the routing of commands to distinct nodes. Uses Public key and private key cryptography to authenticate commands. BotMasters sign commands with private key and only those nodes which has corresponding public key can verify the commands [42]. Two important weak points are: (a) its list of known Bots contains all (or almost all) of the Botnet. Thus, one single captured Bot would expose the entire Botnet to defenders [42] (b) its sophisticated communication mechanism produces lot traffic, making it vulnerable to monitoring via network flow analysis. Sinit: This Bot uses random searching to discove other Bots to communicate with. It can results in an easy detection due to the extensive probing traffic [34]. Nugache: Its weakness is based on its reliance on a seed list of 22 IP addresses during its bootstrap process [47]. Phatbot: Uses Gnutella cache server for its bootstrap process which can be easily shutdown. Also its WASTE P2P protocol has a scalability problem across a long network [48]. Strom worm: it uses a P2p overnet protocl to control compromised hosts. The communication protocol for this Bot can be classified into five steps, as describes below :[37] i. Connect to Overnet Bots try to join Overnet network. Each Bot initially has hard-coded binary files which is included the IP addresses of P2P-based Botnet nodes. ii. Search and Download Secondary Injection URL Bot uses hard-coded keys to explore for and download the URL on the Overnet network [37]. iii. Decrypt Secondary Injection URL compromised hosts take advantages of a key(hard coded) to decrypt the URL. iv. Download Secondary Injection compromised hosts attempt to download the second injection from a server(probably web server). It could be infected files or updated files or list of the P2P nodes [37]. 1.4.3 Hybrid model The Bots in the Hybrid Botnet are categorized into two groups: 1) Servant Bots Bots in the first group are called as servant Bots, because they behave as both clients and servers, which have static, routable IP addresses and are accessible from the entire Internet. 2) Client Bots Bots in the second group is called as client Bots since they do not accept incoming connections. This group contains the remaining Bots, including:- (a) Bots with dynamically designated IP addresses; (b) Bots with Non-routable IP addresses; and (c) Bots behind firewalls which they cannot be connected from the global Internet. 1.5 Background of the Problem Botnets which are controlled remotely by BotMasters can launch huge denial of service attacks, several infiltration attacks, can be used to spread spam and also conduct malicious activities [115]. While bot army activity has, so far, been limited to criminal activity, their potential for causing large- scale damage to the entire internet is immeasurable [115]. Therefore, Botnets are one of the most dangerous types of network-based attack today because they involve the use of very large, synchronized groups of hosts for their malicious activities. Botnets obtain their power by size, both in their increasing bandwidth and in their reach. As mentioned before Botnets can cause severe network disruptions through huge denial- of-service attacks, and the danger of this interruption can charge enterprises big sums in extortion fees. Botnets are also used to harvest personal, corporate, or government sensitive information for sale on a blooming organized crime market. 1.6 Statement of the Problem Recently, botnets are using new type of command-and-control(CC) communication which is totally decentralized. They utilize peer-to-peer style communication. Tracking the starting point and activity of this botnet is much more complicated due to the Peer-to-Peer communication infrastructure. Combating botnets is usually an issue of discovering their weakness: their central position of command, or CC server. This is typically an IRC network that all bots connect to central point, however with the use of P2P method; we cannot find any central point of command. In the P2P networks each bots in searching to connect other peers which can receive or broadcast commands through network. Therefore, an accurate detection and fighting method is required to prevent or stop such dangerous networks. 1.7 Research Questions a. What are the main differences between centralized and decentralized botnets? b. What is the best and efficient general extensible solution for detecting non-specific Peer-to- Peer botnets? 1.8 Objectives of the Study i. To develop a network-based framework for Peer-to-Peer botnets detection by common behavior in network communication. ii. To study the behavior of bots and recognizing behavioral similarities across multiple bots in order to develop mentioned framework. 1.9 Scope of the Study The project scope is limited to developing some algorithms pertaining to our proposed framework. This algorithms are using for decreasing traffics by filtering it, classifying intended traffics, monitoring traffics and the detection of malicious activities. 1.10 Significance of the study Peer-to-Peer botnets are one of the most sophisticated types of cyber crime today. They give the full control of many computers around to world to exploit them for malicious activities purpose such as spread of virus and worm, spam distribution and DDoS attack. Therefore, studying the behavior of P2P botnets and develop a technique that can detect them is important and high-demanded. 1.11 Summary Understanding the Botnet Command-and-Control(CC) is a critical part in recognizing how to best protect against the overall botnet threat. The CC channels utilized by the Botnets will often show the type and degree of actions an enterprise can follow in either blocking or shutting down a botnet, and the probability of success. It is also obvious that attackers have been trying for years to move away from Centralized CC channels, and are achieving some success using Decentralized(P2P) CC channels over the last 5 or so years. Therefore in this chapter we have defined a classification for better understanding of Botnets CC channels, which is included Centralized, Decentralized, and Hybrid model and tried to evaluate recognized protocols in each of them. Understanding the communication topologies in Botnets is essential to precisely identify, detect and mitigate the ever-increasing Botnets threats. CHAPTER 2 LITERATURE REVIEW 2.1 Introduction Before majority of botnets was using IRC (Internet Relay Chat) as a communication protocol for Command and Control(CC) mechanism. Therefore, many researches tried to develop botnet detection scheme which was based on analysis of IRC traffic [50]. As a result, attackers decided to develop more sophisticated botnets, such as Storm worm and Nugache toward the utilization of P2P networks for CC infrastructures. In response to this movement, researches have proposed various models of botnets detection that are based on P2P infrastructure [5]. One key advantage of both IRC and HTTP Botnet is the use of central Command and Control. This characteristic provides the attacker with very well-organized communication. However, the assets also considers as a main disadvantage to the attacker [8]. The threat of the Botnet can be decreased and possibly omitted if the central CC is taken over or taken down [8]. The method that is starting to come out is P2P structure for Botnet interaction. There is not any centralized centre for P2P botnets. Any nodes in P2P botnet behave as client and server as well. If any point in the network is shut down the botnet still can continue its operation. The storm botnet is one of the main and recognized recent P2P botnets. It customized the overnet P2P file-sharing application which is based on the Kademlia distributed hash table algorithm [55] and exploit it for its CC infrastructure. Recently many researchers specially in the anti-virus community and electronic media concentrated on storm worm [56,57]. 2.2 Background and History A peer-to-peer network is a network of computers that any computer in the network can behave as both a client and a server. Some explanation of peer-to-peer networks does not need any form of centralized coordination. This definition is more comfortable because the attacker may be interested in hybrid architectures [8]. 2.2.1 History The table 2.1 shows a summary of some well-known bots and P2P protocols. The range of time from the first bots, EggDrop, until the Storm Worm P2P bot is newly released. The first non-malicious bot was EggDrop that came up many years ago, and we know it as one of the first IRC bots that came to market. GTBot that have many other categories is another well-known malicious bot, that its variants are IRC client, mIRC.exe[61]. After a while, P2P protocols have been used for Botnet activities. Napster is one of the first bot that used P2P as its communication. Napster built an platform that permit all bots can find each other and share files with each other in the network. In this bot, file sharing has been done in the centralized server that we can say it was not completely a P2P botnet. Therefore, all bots have to upload an index of their files to the centralized server and also if they are looking for other files among all bots, have to search in centralized server. If it can find any file that looking for, then can directly connect to that bot and download what they want. Nowadays, because Napster has been shutdown as their service recognized as illegal service, many other P2P service focusing on avoiding such finding. After few years after Napster, Gnutella protocol came up as the first completely P2P services. Actually after Gnutellas , as shown in Table 2.1, many other P2P protocols have been released, such as Kademilia and Chord. This two new p2p service are using distributed hash table as a method for finding information in the peer-to-peer networks. Agobot is another malicious P2P bot that came up recently and become widespread because of good design and modular code base [61]. Nowadays many researchers are concentrating on P2P bots and there is an anticipation that P2P bots will reach to the stage that Centralized botnets will not been used any more in the future. Table 2.1: P2P based Botnets 2.3 Peers-to-Peer Overlay Networks Overlay networks are categorized into two categories: Structured and Unstructured. All nodes in first category can connect to most X peers regarding some conditions for identification of nodes that those peers want to connect. However in unstructured type there is not any specified limit for the number of peers that they can connect, in spite of the fact that there is not any condition for connecting to other peers. Overnet is a good example of structured p2p networks and Chorf is a good example of unstructured P2P networks. 2.3.1 Brief overview of Overnet One of the popular file sharing networks is Overnet that use for their design use distributed hash table (DHT) algorithm that called Kademlia[55]. Each node produces a 128-bit id for joining the network and also use for sending to other node for introducing itself. Actually each node in the network saves the information about other nodes in order to route query messages. 2.3.2 Brief overview of Gnutella Gnutellas is a unstructured file sharing network. In this network, when a node like n want to connect to a node like m, use a ping message to inform the other node for its presence. As long as node m received ping message, then send it back to other nodes in its neighbor and also send a Pong message to the sender of ping message that was node n. this transaction among node let them to learn about each other. 2.4 Botnet Detection In particular, to compare existing botnet detection techniques, different methods are described and then disadvantages of each method are mentioned respectively. 2.4.1 Honeypot-based tracking Honeypot can be used to collect bots for analyzing its behavior and signatures and also for tracking botnets. But using honeypots have several limitations. The most important limitation is because of limited scale of exploited activities that can track. And also it cannot capture the bots that use the method of propagation other than scanning, such as spam. And finally it can only give report for infection machines that are anticipated and put in the network as trap system. So it means that it can not give a report for those computers that are infected with bot in the network but are not devoted as trap machines. So we can come to this conclusion that generally in this technique we have to wait until one bot in the network infect our system and then we can track or analyze the machine. 2.4.2 Intrusion detection systems Intrusion detection techniques can be categorized into two categories: host-based and network-based solution. Host-based techniques are used for recognizing malware binaries such as viruses. A good example of this type is anti-virus detection systems. However, we know that anti-virus are good for just virus detection. The most important disadvantages of anti-virus are that bots can easily evade the detection technique by changing their signatures easily, because the detection system cannot update their databases consistency. And also bots can disable any anti-virus tools in the system to protect themselves from detection. Network- based intrusion detection system is another method for detection that is used in the field of botnet detection. Snort[67] and Bro[68] are the two well-known signature based detection system that are used currently. They use a database as signatures of famous malicious activities to detect botnets or any other malware. Actually if our objective is using this technique for botnet detection, we have to keep updating the database and recognizing all malware quickly to make a signature of it and add to our database. For solving this solving this problem recently researchers are using anomaly based IDS that can detect malicious activities based on behavior of malware or detection techniques. 2.4.3 Bothunter : Dialog correlation-based Botnet detection This technique developed an evidence-trail approach for detecting successful bot infection with patterns during communication for infection process. In this strategy, bot infection pattern are modeled to use for recognizing the whole process of infection of botnet in the network. All behavior that occur the bot infection such as target scanning, CC establishment, binary downloading and outbound propagation have to model by this method. This method gathers an evidence-trail of connected infection process for each internal machine and then tries to look for a threshold combination of sequences that will convince the condition for bot infection [32]. The BotHunter use snort with adding two anomaly-detection components to it that are SLADE (Statistical payLoad Anomaly Detection Engine) and SCADE (Statistical scan Anomaly Detection Engine). SCADE produce internal and external scan detection warnings that are weighted for criticality toward malware scanning patterns. SLADE perform a byte-distribution payload anomaly detection of incoming packets, providing a matching non-signature approach in inbound exploit detection [32 ]. Slade use an n-gram payload examination of traffics that have typical malware intrusions. SCADE execute some port scan analysis for incoming and outgoing traffics. Actually BotHunter has a link between scan and alarm intrusion that shows a host has been infected. When a adequate sequence of alerts is established to match BotHunters infection dialog model, a comprehensive report is created to get all the related events participants that have a rule in infection dialog [32]. This method provides some important features: i. This technique concentrates on malware detection by IDS-driven dialog correlation. This model shows an essential network processes that occur during a successful bot infection. ii. This technique has one IDS-independent dialog correlation engine and three bot-specific sensors. This technique can automatically produce a report of whole detection of bot, as well as the infection of agent, identification of the computer that has been infected and source of Command and Control centre. 2.4.3.1 Bot infection sequences Actually understanding bot infection life processes is a challenging work for protection of network in the future. The major work in this area is differentiating between successful bot infection and background exploit attempt. For reaching to this point analysis of two-way dialog flow between internal hosts and external hosts (internet) is needed. In a good design network which uses filtering at gateway, the threats of direct exploitations are limited. However, contemporary malware families are highly flexible in their ability to attack vulnerable hosts through email attachments, infected P2P media, and drive-by download infections [32]. 2.4.3.2 Modeling the infection dialog process The bot distribution model can conclude by an analysis of external communication traffics that shows the behavior of relevant botnet. Incoming scan and utilize alarms are not enough to state a winning malware infection, as are assumed that a stable stream of scan and exploit signals will be observed from the way out monitor [32]. Figure 2.1 shows the process of bot infection in BotHunter that used for evaluating network flows through eight stages. This model is almost similar with the model that Rajab et al. presented for IRC detection model. The model that they proposed has early initial scanning that is a preceding consideration happen in form of IP exchange and pointing vulnerable ports. Actually figure 2.1 is not aimed for a strict ordering of infection events that happen during bot infection. The important issue here is that bot dialog processes analysis have to be strong to the absence of some dialog events and must not need strong sequencing on the order in bound dialog is conducted. One solution to solve the problem of sequence order and event is to use a weighted event threshold system that take smallest essential sparse sequences of events under which bot profile statement can be initiated [32]. For instance, it is possible put weighting and threshold system for the look of each event in a way that a smallest set of event is important prior of bot detection. 2.4.3.3 Design and implementation More attention devoted for designing a passive network monitoring system in this part which be able of identifying the bidirectional warning signs when internal hosts are infected with b