Blood Promise Chapter Twenty-Five

His eyes widened in shock, lips parting. Even though I knew this wasn't a silver stake, it might as well have been. To run it through his heart, I had had to act as decisively as I would have if delivering a killing blow. I'd had to finally accept my Dimitri's death. This one was a Strigoi. There was no future with him. I would not join him. That still didn't make some part of me want to stop and lie down beside him, though, or at the very least see what happened next. After that initial surprise, his features and breathing had gone still, giving the illusion of death. That's all it was, however-an illusion. I'd seen it before. I probably had five minutes at most before he healed up and shook this off. I had no time to mourn for what was and what might have been. I had to act now. No hesitation. I ran my hands over him, searching his clothes for anything that might be of use. I found a set of keys and some cash. I pocketed the keys and started to leave the cash but realized I might actually need it on the off chance I escaped this place. My own money had been taken when I arrived. I also swept up some of the jewelry on the table. Finding buyers for that kind of thing in big Russian cities wasn't too difficult. If I made it to said city. I stood up off the bed and gave Dimitri one last pained look. A few of the tears I'd hidden from him earlier now ran down my face. That was all I could allow myself. If I had a later, I'd mourn then. Before leaving, my gaze lingered on the stake. I wanted to take it with me; it was my only weapon. Pulling it out would mean he'd wake up in about a minute. I needed the extra time. With a sigh, I turned my back on him, hoping I'd find a weapon elsewhere. I sprinted over to the suite's door and punched in the code again. It unlocked, and I stepped into the corridor. Before going to the next door, I examined the one I'd just stepped through. To get into the suite, there was another keypad. Entry also required a code. Backing up a little, I struck and kicked the keypad as hard as I could. I did it twice more, until the tiny red light on it went out. I didn't know if that would affect the lock on the inside of the suite, but in the movies, damaging electronic locks always seemed to work. Turning my attention to the next lock, I tried to remember the numbers Inna had told me. They weren't etched as strongly in my head as the first. I punched in seven numbers. The little light stayed red. â€Å"Damn.† It was possible she'd lied about this set, but somehow, I suspected my memory was the culprit here. I tried again, knowing the clock was ticking on how long I had until Dimitri came after me. The red light flashed again. What were those numbers? I tried to visualize them in my head and finally decided I wasn't entirely sure about the last two. I reversed their order the next time I put in the code. The light flashed green, and the door unlocked. Of course, there was a security system of a different sort outside. A Strigoi. And not just any Strigoi: It was Marlen. The one I'd tortured in the alley. The one who hated me because I'd disgraced him in front of Galina. He was clearly on guard duty and looked as though he'd expected a boring night. Me coming out the door was a shock. That gave me, oh, about a millisecond of surprise. My first thought was to just run at him with as much brute strength as I could. I knew he would do the same to me. In fact†¦ that was exactly what he'd do. I stayed where I was, standing so that I could keep the door propped open. He came at me to stop my escape, and I stepped aside, pulling the door open wider. Now, I was neither skilled enough nor was he inept enough to simply get lured in. He stopped in the doorway, trying to get hold of me. This gave me the difficult task of trying to both fend him off and drag him into the corridor behind the door. I stepped back into the doorway, hoping he'd follow. All the while, I had to keep the door open. It was all complicated, and I would have no time to punch in the code again. We fought in the confined space. The biggest thing I had going for me was that Marlen appeared to be a young Strigoi, which made sense. Galina would want to keep around henchmen she could control. Of course, Strigoi strength and speed compensated for a lack of experience. The fact that he had been a Moroi once also meant he probably had very little training. That also was a bonus for me. Dimitri was a badass Strigoi because he'd trained as a fighter before being turned. This guy had not. So, Marlen got a couple punches in on me, one coming dangerously close to my eye. The other caught me in the stomach, knocking the air out of me for half a second. But most of the time, I was able to dodge him pretty well. This seemed to infuriate him. Getting beat up by a teenage girl didn't really score you cool points when you were a Strigoi. At one point, I even faked him out in one direction and came at him with a surprise kick -easier to do than I'd expected in that damned dress-that knocked him back a few steps. I just barely managed to keep my hand in the door when I did it, but that was all I needed. His stumble gave me a few seconds to slip out the door and into the main hall. Unfortunately, when I tried to close it, he was already trying to come through. With my hands, I tried to pull the door shut while kicking him back inside. We struggled this way for a while, and thanks to whatever luck I had left, I got the door closed enough so that only his arm was sticking through. Bracing myself, I pulled the door toward me in one huge, forceful movement. It slammed into Marlen's wrist. I half expected to see his hand detach and pop into the hall, but he'd jerked it back. Even Strigoi had certain instincts to avoid pain. Gasping-my physical strength still wasn't all it could be-I backed up. If he knew the code, this had been for nothing. A moment later, the door's handle shook but didn't open. I heard a scream of rage, and then his fists beat on the door. Score one for me. No, score one for luck. If he'd known the code, I would have been Thud. Marlen was still beating on the door, and I saw the tiniest dent appear on the metallic surface. â€Å"Oh, crap,† I said. I didn't stick around to see how many hits it'd take him to break it down. I also realized that even if I'd disabled the first lock, Dimitri would just be able to break that one down too. Dimitri†¦ No. I absolutely couldn't think of him now. As I ran down the hall, heading toward the stairs Dimitri and I traveled before, an unexpected memory suddenly popped into my head. When Dimitri had last threatened Nathan, he'd mentioned getting my stake out of a vault. What vault was that exactly? Was it here on the premises? If so, I certainly didn't have time to look. When weighing the option to search a four-story house full of vampires or run off into the countryside before they found you†¦ well, the choice was clear. And it was in the midst of that thought process that I ran into a human at the top of the stairs. He was older than Inna and carrying a stack of linens that he dropped when we collided. With almost no pause, I grabbed hold of him and swung him against the wall. I had no weapon to threaten him with and wondered how I'd assert my will now. Yet as soon as I had him pinned, he threw up his hands in a defensive gesture and began whimpering in Russian. There'd be no attacks on me here. Of course, now I had the problem of communicating what I needed. Marlen was still beating on the door, and Dimitri would be up in a couple of minutes. I glared at the human, hoping I looked terrifying. From his expression, I did. I attempted the caveman talk I had with Inna†¦ only this time the message was a little harder. â€Å"Stick,† I said in Russian. I had no clue what the word for stake was. I pointed at the silver ring I wore and made a slashing motion. â€Å"Stick. Where?† He stared at me in utter confusion and then asked, in perfect English, â€Å"Why are you talking like that?† â€Å"Oh for God's sake,† I exclaimed. â€Å"Where is the vault?† â€Å"Vault?† â€Å"A place they keep weapons?† He continued staring. â€Å"I'm looking for a silver stake.† â€Å"Oh,† he said. â€Å"That.† Uneasily, he cast his eyes in the direction of the pounding. I pushed him harder against the wall. My heart felt like it would burst out of my chest, but I tried to hide it. I wanted this guy to think I was invincible. â€Å"Ignore him. Take me to the vault. Now!† With a frightened yelp, he nodded eagerly and beckoned me down the stairs. We descended to the second floor and made a sharp turn. The halls here were as twisty as the hedge maze Dimitri had shown me, all decorated in that gold and chandelier style, and I wondered if I'd even be able to get out of the house. Attempting this detour was a risk, but I wasn't sure if I could get outside without being followed. If I was, there'd be a confrontation. I'd need to defend myself. The human led me down another hall and yet another. Finally, we reached a door that looked like any other. He stopped and peered at me expectantly. â€Å"Open it,† I said. He shook his head. â€Å"I don't have the key.† â€Å"Well, I certainly don't-wait.† I reached into my pocket and pulled out the keys I'd lifted from Dimitri. There were five keys on the ring. I tried them one at a time, and on the third one, I got a hit. The door opened. Meanwhile, my guide was casting hasty glances behind him and looked ready to bolt. â€Å"Don't even think about it,† I warned. He blanched and stayed put. The room before us wasn't very big, and while its plush white carpet and silver framed paintings made it look elegant, the room was†¦ well, basically, it looked like a junkyard. Boxes and weird objects-a lot of personal items like watches and rings in particular-lay around in no order. â€Å"What is this?† â€Å"Magic,† he said, still obviously scared out of his mind. â€Å"Magic items kept here to fade or be destroyed.† Magic†¦ ah. These were items charmed by Moroi magic. Charms always had some kind of effect on Strigoi-usually unpleasant-with stakes being the worst, since they used all four physical elements. It made sense that Strigoi would want to isolate harmful objects and get rid of â€Å"My stake!† I ran forward and picked it up, nearly dropping it because my hands were so sweaty. The stake was lying on top of a box with a length of cloth and some weird stones. Studying it, I realized it wasn't actually my stake-not that it made a difference for killing Strigoi. This stake was almost identical, save for a small geometric pattern running around its base. It was something guardians did from time to time if they felt particularly attached to their stake: have a design or initials etched into it. Holding this stake, I felt a momentary pang of sadness. This had belonged to someone who'd wielded it proudly once, someone who was now most likely dead. God only knew how many other dozens of stakes were in here, seized from other unfortunate prisoners, but I had no time to search or mourn those who had died. â€Å"Okay, now I want you to take me to†¦Ã¢â‚¬  I hesitated. Even with a stake, it'd be a lot better for me if I didn't face any more Strigoi. I had to assume there'd still be a guard at the front door. â€Å"†¦ Some room on this floor with a window that actually opens. And is far from the stairs.† The guy thought for a moment and then gave a quick nod. â€Å"This way.† I followed him through another maze of twisting corridors. â€Å"What's your name?† â€Å"Oleg.† â€Å"You know,† I said. â€Å"I'm getting out of here†¦ if you want†¦ if you want, I could take you with me.† Having someone else-a human, particularly -would definitely slow me down. Yet, my conscience wouldn't let me leave anyone behind in this place. He gave me an incredulous glance. â€Å"Why would I want to do that?† Sydney had definitely been right about humans making great sacrifices for immortality. Oleg and Inna were living proof. We rounded a corner and came face-to-face with an elaborate set of French doors. Through the etched glass, I could see book-lined shelves, stretching all the way up the walls. A library-a huge one that extended on and on, out of my sight. Better yet, I saw a large bay window opposite me, framed in heavy satin curtains the color of blood. â€Å"Perfect,† I said, pushing open the doors. That was when the nausea hit me. We weren't alone in the room. Galina sprang up from a chair near the fireplace on the far side of the room. A book dropped from her lap. I had no time to dwell on the oddity of a Strigoi having a fireside read, because she was coming right toward me. I almost might have thought Oleg had set me up, but he was cowering in a corner, his face mirroring the shock I felt. Despite the library's enormous size, she reached me in seconds. I dodged her initial attack-or tried to, at least. She was fast. Aside from Dimitri, the other Strigoi in this house were clearly the B-team, and I had forgotten just how badass a truly skilled Strigoi was. She caught me by my arm and swung me toward her, mouth open and fangs going straight for my neck. I had the stake in my hand and tried awkwardly to at least scratch her with it, but she was holding me too tightly. At last, I managed to duck a little and move my throat out of her range, but all this did was give her the opportunity to grab hold of my hair. She jerked me upright, and I screamed in pain. How she managed to hold onto my hair without ripping it right out was remarkable. Still gripping it, she shoved me into a wall. When I'd first fought with Dimitri upon my arrival, he'd been rough but hadn't wanted to kill me. Galina did. She'd taken it on faith from Dimitri that I'd be an asset, but it was obvious now that I was a real pain in the ass. Her amnesty had ended, and she was intent on killing me. I at least had the comfort of knowing she probably wouldn't turn me into a Strigoi. I'd be lunch. A shout suddenly drew my attention to the door. Dimitri stood there, face blazing with anger. Whatever illusions I'd harbored about him being his former self disappeared. That fury radiated around him, his eyes narrowed and fangs showing. The pale skin and red eyes contrasted sharply against each other. He was like a demon sent straight from hell to destroy me. He strode toward us, and the immediate thought in my head was: Well, at least this'll end things that much faster. Except†¦ it wasn't me he attacked. It was Galina. I'm not sure which of us was more surprised, but in that moment, I was totally forgotten. The Strigoi raced toward each other, and I froze, stunned at the terrible beauty of their fight. There was almost a gracefulness to the way they moved, the way they struck out and skillfully dodged each other. I stared a bit longer and then mentally slapped myself into action. This was my chance to get out of here. I couldn't get distracted. I turned to the bay window, searching frantically for a means to open it. There was none. â€Å"Son of a bitch!† Maybe Oleg had set me up after all. Or maybe there was just some mechanism that wasn't apparent to me. Regardless, I felt pretty confident there was one way to get it open. I ran to the side of the room where Galina had sat and grabbed an ornate wooden chair. It was obvious this window wasn't made of the hard-core glass that had been in my room. This stuff was similar to the library's French doors, delicate and engraved with fanciful designs, even though darkly tinted. It couldn't require that much force to break. After all that fruitless beating in my room, I took a kind of smug satisfaction in slamming the chair into it with as much force as possible. The impact made a huge hole in one side of the window, glass spraying everywhere. A few shards hit my face, but it was nothing to concern me now. Behind me, the sounds of battle raged on. There were grunts and muffled cries as they fought, as well as the occasional sound of some piece of broken furniture. I yearned to turn around and see what was going on, but I couldn't. I took the chair and swung again, breaking the other half of the window. There was now a huge hole, perfect for me to get out of. â€Å"Rose!† Dimitri's voice triggered some instinctive response in me. I glanced back and saw him still grappling with Galina. They were both exhausted, but it was clear he was getting the worst of it. But in their fighting, he kept trying to restrain her in a way that exposed her chest to me. His eyes met mine. Back when he'd been a dhampir, we'd rarely needed words to convey our thoughts. This was one of those times. I knew what he wanted me to do. He wanted me to stake her. I knew I shouldn't. I needed to hop out that window right now. I needed to let them keep fighting, even though it seemed obvious Galina was about to win. And yet†¦ despite my misgivings, some force drew me across the room, stake poised and ready. Maybe it was because I would never fully lose my pull to Dimitri, no matter what kind of monster he'd become. Maybe it was an unconscious sense of duty, since I knew he'd just saved my life. Or maybe it was because I knew one Strigoi was going to die tonight, and she was the more dangerous. But she wasn't easy to get hold of. She was fast and strong, and he was having a hard time with her. She kept wriggling around, trying to renew her attack. All she'd need to do was incapacitate him as I had; then it'd just require decapitation or burning to finish him off. I had no doubt she could arrange either. He managed to turn her slightly, giving me the best view of her chest I'd had. I moved forward-and then Dimitri slammed into me. I was addled for a moment, wondering why he'd attack me after saving me, until I realized he'd been pushed-by Nathan. Nathan had just entered the library, along with Marlen. It distracted Dimitri but not me. I still had the opening he'd given me on Galina, and I plunged my stake into her chest. It didn't go in as deeply as I would have liked, and she still managed to fight me, bucking hard. I grimaced and pushed forward, knowing the silver had to be affecting her. A moment later, I saw the pain twist her face. She faltered, and I pushed my advantage, shoving the stake in all the way. It took several seconds, but she eventually stopped moving, her body crumpling to the ground. If the other Strigoi noticed her death, they didn't pay attention. Nathan and Marlen were fixated on Dimitri. Another Strigoi-a female I didn't recognize-soon joined the face-off. I jerked my stake out of Galina and slowly began backing toward the window, hoping I wouldn't attract too much attention. My heart went out to Dimitri. He was outnumbered. I could possibly lend my strength and help him fight†¦ Of course, my strength was fading. I was still suffering from days of vampire bites and blood loss. I'd fought two Strigoi tonight and killed a powerful one. That had been my good deed, removing her from the world. The next best thing I could do would be to leave and let these Strigoi finish off Dimitri. The surviving ones would be leaderless and less of a threat. Dimitri would be free of this evil state, his soul finally able to move on to better places. And I would live (hopefully), having helped the world by killing more Strigoi. I bumped against the windowsill and looked out. Nighttime-not good. The sheer side of the manor was not ideal for climbing, either. It could be done, but it would be time consuming. I didn't have any more time. Directly below the window was a thickly leafed bush of some sort. I couldn't see it clearly and only hoped it wasn't a rosebush or something equally sharp. A second floor drop wouldn't kill me, though. Probably wouldn't even hurt-much. I climbed over the ledge, briefly meeting Dimitri's gaze as the other Strigoi moved in on him. The words came to me again: Don't hesitate. Dimitri's important lesson. But it hadn't been his first one. His first had been about what to do if I was outnumbered and out of options: Run. Time for me to run. I leapt out the window.

How Does Hitchcock Manipulate the Audience in the Shower Scene in the Film, Psycho Essay

Sir Alfred Hitchcock was an English film maker in the 20th century. He was well known for his techniques in engaging with the emotions of the audience and maximizing the feelings of anxiety and fear. Hitchcock, (also nicknamed as the master of suspense) directed more than fifty feature films of which the majority had twisted endings and thrilling plots, including violence, murder and crime. His iconic feature was to always appear in the movie. He was most likely to be seen walking through a busy crowd or across a street in some part of the film he was regarded as the greatest British film-maker and an iconic cultural figure. Psycho was one of Hitchcock’s most famous films. It was made in 1960 and although it originally received mixed reviews it was later re-reviewed resulting in 4 academy nominations. The story is about a young woman who steals a sum of money from her boss and when hiding in a motel she is brutally murdered by the psychotic hotel owner. The film is in black and white to add to the suspense with the music which originally Hitchcock wasn’t going to have. Psycho was considered Hitchcock’s best movie and is an inspiration to most horror films today. In this essay I will be describing the techniques Hitchcock uses to emphasize the fear and manipulate the audience during and leading up to the shower scene. The lead up to the shower scene starts with Marion, (who so far is thought of as the main character) driving down a highway in the busy rain making it almost impossible to see ahead of her. Whilst Marion is driving you soon come across a small lit up sign saying ‘Bates Motel’ Hitchcock uses the effect of the light to make it almost suggest it’s heavenly, this is a reassurance to the audience that Marion will be safe because she’s found somewhere to stay. However when we reach the motel it appear to be deserted until the camera zooms up to a big old fashioned house, with a small shadowed figure on the second floor, that appears to be in the shape of a woman, this at the time is a reassurance to Marion because someone is there who can help her. During this the only sound we hear is the heavy rain which fills the emptiness of the scene. A young man then appears to help her book a room, although he tries to create conversation Marion’s sentences are short, as if to portray she is in a hurry. Hitchcock then zooms in on her when she is writing her signature. We notice that she writes a different second name, this makes the audience shifty, because she’s lying. The cameras zoom onto the man who is introduced as Norman, he hesitates before picking a key, this arouses curiosity in audience as you wonder why he would pick a different room. When Norman is showing Marion the room he opens the windows and is hesitant to go into the bathroom or even say its name. He appears shifty and awkward which once again perks up interest in the audience as to why he is so shifty, you can help but feel a little worried as to why he can’t go into the bathroom. The conversations between Marion and Norman are short and awkward. As soon as Norman leaves the music starts to fill the silence and Marion wraps the money up in a newspaper to hide it, the music rises when this happens which suggests tension which makes the audience feel uncomfortable, as if she were taking a risk. Norman comes back with food for Marion and takes her into a small room behind the office to eat, as soon as you see the room stuffed birds fill the screen giving a creepy affect as if they were all watching you. As Norman talks to Marion he is constantly fiddling with his fingers as if to show that he is nervous, he also stutters some words to add to the effect. The conversation is awkward and Norman seems to be leading most of the conversation. The camera then moves to a low angle where a stuffed bird appears to be looking at Norman as he speaks, he compares the emotions of feeling empty and the light inside to go out to a damp grave which puts his emotions into context. When Marion recommends he takes his mother to an institution Norman leans in and the camera focuses on his showing his facial expression appear as anger, the music starts and his voice starts to rise as he gets angry. He then quotes, â€Å"She just goes a little mad sometimes. † This sentence sends a shiver down the audience’s spine because they assume the worst of that sentence. Questions are asked as the sentence can be interpreted in many ways. At this sentence Hitchcock zooms in on Marion’s face which appears uncomfortable and a little scared. She then rises to appear at a low angle which makes her look bigger and leaves. The camera returns to Norman who is now at a high angle shot, he appears small and desperate when he asks her to stay, you can tell from the camera angle what the answer is going to be. As soon as Marion leaves the music starts and we watch as Norman takes a painting off a wall to reveal a spy hole. We watch as Norman spies on the unsuspecting Marion as she undresses, to the audience this may appear as a typical thing for a man because they can’t help that they’re attracted to women. He then leaves to go back to the house, the music rises and builds up with tension to suggest that something is going to happen, however when the music reaches the highest pitch, Norman turns away, with his hands in his pocket as if to show his anger and energy has gone. At the beginning of the shower scene you see Marion writing calculations for her money however she later rips it up and throws it away. This almost gives the affect of a cliff-hanger which expresses the empty silence. As no-one is speaking Hitchcock emphasizes every sound possible, the opening of the shower rail, the unwrapping of the soap and the sound of the water coming from the shower, he does this to build the tension. For the next minute you see Marion happily enjoying a shower and for this reason you don’t expect anything bad to come after it, the camera moves from different angles and shots to show that she is happy. It then leads onto a wide shot where you are in full view of the shower and the curtain behind her. We see that Marion is at the bottom right hand side of the shower which almost gives the idea of vulnerability and her being trapped at one side because there is no way out if anything were to happen. Although Marion is the only moving thing in the shot you soon see a shadow appearing through the shower curtain, all the sounds are blocked as the water fills the silence and hides any other sounds you might be able to hear. As you see the shadow getting closer and darker tension and curiosity builds the camera slowly zooms into the looming shadow. (This is used by a retractable camera on the back wall. As the camera zooms in closer to the shape you can start to make out a human figure, you can feel your heart racing as you see a hand reach out to draw back the curtain. As soon as you hear the sound of the curtain being ripped back high pitched minor key music starts to reveal a terrifying figure of a women holding a break knife raised in her hand ready to kill. Hitchcock cleverly uses lighting and a low angle camera shot to shadow the face of the murderer so you don’t know who it is that kills Marion, this also adds curiosity to the fear as you don’t know who the murderer is. However the audience can assume that it is Norman’s mad mother. The next 45 seconds involve a brutal murder with sounds affect of stabbing and screaming as you watch the mad mother attack Marion. Hitchcock uses various camera shots and angle to add to the fear by constantly changing the views so you are not fully clear of what is going on, it also adds to Marion’s emotions as she struggles to prevent herself from being stabbed by the woman. At the same time you can also feel the emotions of the mother who portrays anger and revenge through the desperation of her stabbing and how she carries on to stab Marion even though she knows that she would die anyway. Hitchcock also uses a low angle shot which makes the murderer appear bigger and more superior to Marion as if to portray that she has won, and Marion won’t survive, he also uses the high angle shot to make Marion appear smaller and vulnerable. The mother then makes a swift exit leaving Marion to die as the music slows down. The camera zooms in onto Marion’s hand as it slides down the titles, Hitchcock then cleverly adds to the effect of putting Marion at the side of the shot, this almost adds effect to the fear because placing Marion in the centre of the screen may have appeared as quite tacky. The camera shows Marion put all her effect into reaching out to the shower rail as if she’s motioning for someone to help her, but then as the music stops she grabs the hand railing and falls to the floor motionless. The music almost signifies her death and murder, because when the music starts she’s frightened and screaming, thus meaning the music is high pitched but as she slowly sinks to her death the music deepens and slows down, then when she finally dies, the music stops. After that the only sound you are left with is the shower still running, the camera zooms into the drain as you see the darker shades of the water, which is the blood run down the drain. Hitchcock then cleverly zooms right into the drain, then when he zooms out, it reveals the eye of Marion as the camera rotates to reveal her motionless face. This could suggest that Marion’s life has gone down the drain, because she has nothing left. Her body appears motionless and innocent. The scene then ends with a shot viewing the money that was left behind, and the only sound is the shower running in the background. This leaves us at a cliff-hanger because Hitchcock as killed off what we though would be the main character and the $40,000 has been left, and we do not know what will happen to it. In conclusion to the evidence found we can see that Hitchcock used techniques uch as lighting, camera positions and angles, shots and sound to create suspense. He mainly uses music and silences to build the tension in the scene. The silences make the audience feel uncomfortable because this makes them expect something is going to happen. Hitchcock makes the audience expect the unexpected but then does the opposite. For example, he kills the main character off a third of a way through the movie. This adds more fear to ‘Psycho’ because unlike most horror films today, you don’t know what’s going to happen next.

What role does diversity play in nonprofit management Research Paper

What role does diversity play in nonprofit management - Research Paper Example A simple meaning of this term as defined by Jeffries & Amsden (2012) is that a group of people belonging from different ethnic, cultural, religious and social backgrounds to come a common platform and work collectively for achieving a common objective. Several researches have highlighted that the growing impact of globalization in all government, private and non-profit sectors have necessitated the need of incorporating the practice of diversity in the organization and work setup (Jeffries & Amsden, 2012). It is because an organization will be able to develop and maintain better external communication with diverse people and enterprises if it is diverse from the inside also. This is how a healthy and pluralistic working environment is established, both internal and external to the organization. Nielsen & Huang (2009) underline the fact that diversity is not a method for accomplishment but an accomplishment in itself; where people of high aptitude think and construct together without any racial barriers or differences. The concept of diversity is more advocated by the non-profit organizations than other private and governmental bodies due to their nature of work, which is intended to help and flourish every individual without considering their racial attributes (Nielsen & Huang, 2009). Williams (2012) explains that objectives of non-profit organizations can be limited in its accomplishment if the top level managers and executives are all white colours. It is essential of CEOs and owners of such enterprises to understand the power and need of implementing diversity, from the very roots to the top of the organization in order to justify their intent and mission (Williams, 2012). The absence of diversity in an organization can limit it to achieve optimum performance from its employees and inculcate new dimension for crisis management (Philanthropy, 2007). This paper is aim to discus the role of diversity in non-profits management, and how it can be taken as a tool for ensuring prosperity of the organization. The paper will present a theoretical aspect of diversity and its implementation models to illustrate the proper methodology of adopting it within the non-profit organizations. Impact of Diversity: A Theoretical View There have a number of theories dealing with the concept of theory in different dimensions. The Agency theory given by Miller (2002) defines that there always a difference between how organization objectives are perceived by managers and employees. This difference can lead to misunderstanding between the two bodies; the leader or manager and the follower or employees. Miller (2002) further explains that if all top level managers and decision makers are white, then the difference in perception can be further augmented. Hence, in non-profit organizations focus will put on only those needy people who are of the same racial background as those on the power seats (Miller, 2002). The System Theory of Luhman links the concept of dive rsity with the communication within the organization. He explains that the effectiveness of any organization is greatly influence by the communication setup of the organization. If the internal communication is weak, then there are greater chances of employees and staff of developing a negative image of the organization (Luhmann & Gilgen, 2013). In a world where everyone is highly exposed to media, people have adopted the habit of comparing their organization with what is being shown on media and there is a higher probability of developing a negative image of their organization. When people see favouritism and racial bifurcation on the media, they

Managing Communication Knowledge and Information Essay

Managing Communication Knowledge and Information - Essay Example The department focuses on integrating operations and supply chain strategy with a firm’s operations capabilities. This involves decisions that relate to the design of the processes and infrastructure needed to support these processes. Process design includes selecting the appropriate technology, sizing the process over time, determining the role of inventory in the process, and locating the process (Schultz, 2011, pg, 49). The infrastructure decisions involve the logic associated with the planning and control systems, quality assurance and control approaches, work payment structure, and organisation of system quality assurance and control approaches, work payment structure and organisation of operations and supply chain functions. This department’s operations capabilities can be viewed as portfolio best suited to adapt to the changing product and or service needs of a firm’s customers. Starbucks’ location strategy-its clustering of 20 or more stores in each urban hubwas viewed as enhancing the experience both in creating a local â€Å"Starbucks buzz’’ and in facilitating loyalty by Starbucks’ customers. Starbucks’ analysis of sales by individual store found little evidence that closely located Starbucks stores cannibalized one another’s sales. Recognizing that convenience of location was critical to driving sales; Starbucks began adding drive-through windows to some of its stores and locating stores specifically to capitalize on drive-through customers (Miles & Friedman, 2006, pg. 100). For this reason, the manager requires information to do with the corporate social responsibility (Phillip & Freeman, 2010, pg. 33). This implies that the manager requires understanding what the community around as well as the consumer perceives of the products from the company. In addition, the management in this department requires information on employee perception on the decisions being undertaken in the company. This will ensure that operations are efficient and therefore, the supply chain is up to date. As such, the manager is supposed to

Operations management Essay Example | Topics and Well Written Essays - 10000 words

Operations management - Essay Example which attempted to retain market leadership by focussing solely on improvement of operational effectiveness without paying adequate attention to the overall business strategy of brand positioning and other very important human resource issues as job satisfaction, aggressiveness, motivation, performance, trust and commitment. Both made the same mistake of forgetting the broader perspective and tried to tackle an economic and marketing issue in isolation. It was only natural that both the attempts ended in failure. There were several different types of issues that had to be resolved as the project developed. At one end was the difficulty in transposing the theoretical knowledge acquired from study modules to the practical context of the project. At the other end was the lack of skill in identifying broad trends that generally tend to affect business mandarins all over the world. There surely is a trend-setter like Toyota, but it requires the experience of a veteran researcher to be able to identify a new trend and forecast a phenomenon that will sweep the world in days to come even when it is in its nascent stage and is being experimented and fine tuned by the trend setter. This ability to immediately spot an idea that would shape tomorrow’s business and commerce can only be acquired through years of patient research and, quite obviously, is not visible in the current project. At this stage, it must be admitted that the in-depth graphical analysis of the operational wheel of Tesco or a thorough examination of the technology and production processes adopted by Morgan car manufacturing company helped the researcher to attain that analytical frame of mind. The extensive knowledge (albeit theoretical) about not only lean but also agile supply chains that the researcher obtained by undertaking several projects on this topic made him fully realise the necessity of the decoupling point

Porter's Five-Force Analysis Case Study Example | Topics and Well Written Essays - 1250 words

Porter's Five-Force Analysis - Case Study Example The first key external environmental issue in the PHARMAC case study is the importance of regulatory agencies and authorities. From the case study, three advisory committees are identified as the key regulatory factors. The Consumer Advisory Committee (CAC), the Pharmacology and Therapeutics Advisory Committee (PTAC), and the Cancer Treatment Sub Committee (CatSop) are all identifies as the key factors (Koster, Erakovic and Smith). These committees are the advisory boards to the various elements of the external environment and the decision-making organs of PHARMAC. The other key environmental factor identified is the political factor in the operations of PHARMAC. The decision that PHARMAC made; approving the nine-week trial Herceptin drug reflects the influence of vested shareholder interests in the decision-making process. The political element is particularly important for this analysis because of the vested interests of the parties. Roche industries can be identified as having som e political influence on the analysis and the decision-making process. Porter’s Five-Force Analysis An analysis of the case study can also be done using Porter’s five-force analysis, which is used to determine every facet of the organization ranging from the profitability to the competitive threat and power of the industry (Porter, 1998). The first part of the five-force analysis is the threat of new entrants into the industry, a factor that is deemed to increase the intensity of competition. From the case study, it can be concluded that there is no threat of new entrants into PHARMAC’s industry because it is a government sanctioned advisory agency. An analysis of the second element in Porter’s five-force analysis is focused on the power of suppliers, who, in this case, are identified as the drug company Roche. The case study indicates that the supplier of Herceptin had exceptional power in the market; therefore, the bargaining power was relatively high. The third factor of Potter’s five-force analysis is the bargaining power of buyers, who, in this case, are identified as the New Zealand population and the regulatory and advisory agencies. An analysis of these buyers indicate that they have relatively low power compared to the suppliers, hence the decision to fund the nine-week trial of the drug Herceptin. The threat of substitutes is also considered in the same way as the threat of new entrants. In the funding process of new drugs, the case study indicates that PHARMAC and MedSafe are the primary considerations; therefore, there is no credible threat of substitutes. The competitive rivalry within the industry, the last factor of the industry analysis, indicates that the various factions in the funding and approval industry have different bargaining powers. The drug industry is very costly; therefore, the different competitors in the industry are identified to need massive amounts of funding to succeed. The case study also i ndicates that the critical success factor in the industry is consultation and good relations between the key players in the industry. The case study reveals that PHARMAC made its decision to fund the limited trial period for Herceptin based on a cost-benefit analysis. The success of the decision-making process could have been varied if the firm had decided to perform prior consultation with the stakeholders. This can also be supported by the success of the drug in other countries and regions. The main critical success

Business Report to managment on online entertainment Essay

Business Report to managment on online entertainment - Essay Example The special features will include a visually rich content, streaming video linkages to various features, flash and banner advertisements, additional benefits to members as emails on entertainment related activities including alerts on mobile, briefs on stars and music icons, gossip related news to achieve an emotional link up, games, quizzes and event markers. The company logo and motif is as given below:- The company philosophy will be as indicated in its name, to provide holistic entertainment value to persons at one location that is its web site. EntertainmentYou.com will be located in Los Angeles the hub of all entertainment and gaming activity in the World. It will have a lean organization which would be cellular and networked. A large quantum of work will be outsourced. However a minimal required employee profile will have to be maintained. Thus there will be a number of departments. A privacy policy will also be declared. This is essential to build confidence of the customer that his personal data is safe with the company. Customer policy and terms of reference will be clearly stated and personnel will have to accept the terms and conditions before becoming members. There are a number of companies operating in the on line entertainment segment of e business. Some of these are subsidiaries of large entertainment corporations as Sony. These are operating multiple entertainment sites which offer a variety of audio and video services including movies, music and even dating services. Three of these organizations are being covered in the competitor survey given below as follows:- (a) Eonline.com - URL - http://www.eonline.com. (b) Abc.com - URL - http://www.abc.com/ (c) 1netcentral.com - http://www.1netcentral.com These sites have been selected based on the popularity ratings as per Google search, the range of services provided and the variety of communications, new media inputs and overall popularity. A varied profile of the content provided by each site has been attempted to enable drawing maximum inputs for planning EntertainYou.com. Each site is being covered in detail as given below. Eonline.com E! Online is an entertainment web site which caters for a large number of entertainment needs of the modern consumer. These include music and movie reviews, coverage of live events, branded merchandise for film, TV and music enthusiasts, in addition to the latest daily news and celebrity information. The site places its USP as a fun and some what irreverent tone. Its popularity is identified by the 2.5 million users that it gets. Being a subsidiary of E! Entertainment Television Inc which is a large producer and distributor of entertainment news and life style programmes, it has ready stock of information and content available from this reliable source. Over the years it has also created an archive of 16,000 news stories and has a wide range of popular columnists

Summary Essay Example | Topics and Well Written Essays - 500 words - 128

Summary - Essay Example Though this theory measure the voting activity in terms of individual cost and benefits, it supports the ideological difference that exist between those willing to and those not willing to vote. This means that voting is a choice according to the theory of voting in relation to the voting calculus. This article depicts the reasons behind peoples’ participation or lack of participation in voting activities. According to the article, voting is a choice based on the level of commitment, civic knowledge, and finance to support the process. The three mentioned factors are grouped under resources and any of these determines whether an individual is ready to vote. A person with poor civic skill sees no need of voting and tends to calculate its benefit in line with spent time. Again, a person engaging in a more beneficial activity apart from voting sees no need in the process and continues with a more beneficial activity. This is a clear indication that voting is a choice based the costs and benefits according to the information displayed in this article. This article explains the voting process as a choice propelled by self-interest. According to the given information, nobody can participate in an activity without an interest. Voting is a public activity that involves many people though only few people benefit from the entire process (Riker & Peter, 36). For instance, the candidates and their family relations tend to benefit largely from the voting process and this explains self-interest and the level of benefit as a motivating factor. Apart from self interest, some people vote to save a magnitude without considering their interests. Voting without self-interest is a choice as explained in this article. This makes it difficult to determine whether voting is a choice or a fundamental activity. Social Identity, Political participation, and Altruism are choices that determine the voting

Case Study on a Day Care Essay Example for Free

Case Study on a Day Care Essay When couples are engaging in family planning, there are several things that they have to take into consideration. One such thing is the care of the child or children when it is time for them to return to work. A common option over the years has been that of the day care or child care center. Parents today are realizing the importance of daycare centers in their children’s development. They are looking for daycare centers that not only will take care of their child while they are away but also will provide quality, real-life learning opportunities and experiences. These learning opportunities will ensure that children are prepared not only for their academic life in school but also for real life situations outside the daycare center and their own homes. There are five basic categories of day cares: Child care centers, educational day care, family day care, non-profit day care and subsidized day care. A child care center is a large day-care provider and is often franchised under a brand name. They often have extensive facilities, including swimming pools and large playgrounds. They also provide day care for multiple ages divided into smaller groups by age. Educational day cares are intended to provide children with pre-school learning and skills to prepare her for kindergarten or elementary school. They strive to provide children with rounded spiritual, physical, mental and emotional support to prepare them for lifes challenges. A family day care is provided in the care-givers home, usually with the providers children present. They provide a familiar and comfortable setting for your child. A family day care often is smaller than other types of day care. Non-profit day cares are run by non-profit organizations, such as churches or synagogues. They sometimes include religious schooling and are often more affordable than other types of day care because of their non-profit status. Subsidized day care programs are those that provide financial assistance either through the federal or state government or an employer. The day care visited by group five, was an educational daycare. The daycare caters to children between three (3) months and three (3) years old. At the beginning of September, there were a total of forty (40) children. Currently, there are twenty-six (26) children there. Space and Equipment The day care is clean and sanitary. There is no garbage lying around, floors are clean as they are constantly mopped when messes are made. The kitchen is large enough to facilitate the free movement when 2-3 persons are in there making food preparations. It is also away from the areas where diapers are changed and away from the bathroom. It is clear that great consideration was taken in regards to inclement weather, as the space in the day care is large enough to separate sleeping children from playing children and those who are learning. The area is large enough for everyone to play when they are unable to go outside even though the tables where they have their meals are there. There are five smoke detectors throughout the building, a fire aid kit and a fire extinguisher that are strategically places. Standard childproofing techniques are utilized, (covered outlets, safety gates, door latches). The center is secure, having a buzzer that is working and therefore, strangers are not able to just walk in from the streets. The building is properly lit and ventilated and doors are placed strategically as well to facilitate emergency exit if necessary. There is short term parking space at the front for parents and guardians who come to drop off and pick up their children. Caregivers’ Credentials/Qualifications Because the caregivers are expected to create a safe and stimulating environment for the children to develop in, it is important that the staff get formal training that will equip them with the tools necessary to do so. All the members of staff are qualified. The qualifications held are varied. There are members of staff who have Level 1 and 2 Certificates in Early Childhood Care and Development from HEART Trust NTA. Other qualification held by staff is a Certificate in Practical Nursing and Heart care and a Diploma in Early Childhood Teacher Education. Programme Activities At this stage of the child’s development, it is important to have activities that engage the children’s minds and develop skills that will be needed in further learning. At the day care, there is a structured schedule that includes plenty of time for physical activity, quiet time (including daily reading sessions for groups and individuals), group activities, individual activities, meals, snacks, and free time. The activities cover the duration of time that the children are at the day care from the moment of arrival to the time of departure. The physical activities come in varied forms including music movement (dance) and play time- outdoor play and free play. Free play is for the children to do whatever they feel like doing, whether it is engaging in imaginative play with their little friends or by themselves, playing with toys, or looking through their picture books. Outdoors, there is a slide, a swing, a monkey bar and some tires for the children to crawl through. Group activities include some aspects of the physical activities and story time, as well as their varied creative, manipulative activities. Such creative/manipulative activities include finger painting, drawing, and making things out of clay dough. This is done with the assistance of the staff. A lot of the stories are made up based on a series of pictures that are taped to the walls of the daycare. Caregivers also engage the children in picture games. The children form a ring and are shown pictures that they are to identify. Those who correctly identify the pictures get an extra treat at meal time. They are also taught nursery rhymes such as â€Å"hey diddle diddle†, and â€Å"itsy bitsy spider† and the alphabet song. There are designated times for snacks, and other meals. They do not allow the children to eat right throughout the day but encourage the habit of eating at intervals. There is also designated naptime and quiet time for the children. The activities are very appropriate as they are in keeping with Piaget’s theory of cognitive development. In the sensorimotor stage of cognitive development, which is the first stage, Piaget stresses the importance of discovery through a child’s active interaction with the environment. Between birth and age two (2), children discover the world using their senses and motor activity because they are limited by their inability to use language or symbols at this stage. Therefore, the hands on activities that they are engaged in, helps to enhance cognitive development at this stage. Teacher-child Relationships According to Erikson’s psychosocial theory of development, trust is identified as the first major developmental task of early childhood, and is established in childrens first relationship with their caregivers, parents and teachers. Trust is the first pre-requisite for effective learning. It encourages a sense of well-being and emotional security in young children, creating a solid foundation for future learning from the dynamic experiences of childhood. Without the support of early trust relationships with caring adults, children are ill-equipped to take the kinds of risk essential to the learning process. Trust develops when children come to anticipate positive experiences in the child care settings. If trust is to develop, children need sensitive and perceptive caregivers that understand childrens needs and consistently offer tender, responsive care. Having received formal training for the purpose of taking care of the children, they have an understanding of the importance of their interactions with the children and therefore treat the children accordingly. It is evident that the children trust their caregivers as they affectionately refer to them as â€Å"Auntie† and warm smile light up their tiny faces whenever they see the members of staff walk through the door. The staff plays with the children during their playtime. There is prompt responsiveness to the cries or outbursts of the children and reassurance is given when the infant is crying, except in cases when the child is throwing a tantrum. In such instances, the infant is spoken to firmly but gently. The ratio of teacher to child is 1: 6. However, the caretakers try to share their attentions evenly among the children. They tend to group the children together when they are interacting with them so that none is left out. There were demonstrations of positive reinforcement from the caregivers. When a child did not like what was prepared for them to eat, he or she was coaxed into eating by the use of various methods, one of which was to pretend that the spoonful of food was an airplane loaded with niceties. The child was praised when he or she would chew the food and swallow it. The caregiver would also reward the child with the option of having their juice before the water if the food was eaten. A sense of autonomy is identified as the second major developmental task of early childhood and is developed when a child is allowed to practice newly acquired physical skills. At the daycare, the children are encouraged to do things for themselves. There are toddlers who prefer to feed themselves, even though they make a bit of a mess when they do. Nonetheless, they are allowed to do so. They are encouraged to pick up after themselves and therefore run around picking up toys when they are done playing. During outdoor play, the older and stronger children are allowed to climb the monkey bars by themselves with the ‘Auntie’ hovering close by to give assistance if it is needed. Recommendations A good day care is one that has a good reputation. No one will want to send their child/children to a daycare that has a bad track record. Established ground rules and policies are important and this is something a good day care has. These rules and policies should include what to do when a child gets sick, or has an accident while at the daycare, schedule pick up times (even though there should be some amount of flexibility with this), safety policies, etcetera. A good day care has a stimulating curriculum that is age appropriate. As these are the formative of a child’s life, activities should be geared at setting a foundation of later learning. The day care should have a license that is current. This is an indication that the day care is in legal operation. Qualified staff is also important. Parents want to know that when they drop their children off at the day care, they are in good hands. The facilities should be clean and safe as well. The day care of study can be considered to be a good one. However, there are a few things that could be done to improve the facility. The acquisition of more qualified staff is something that should be looked into. Even though the caregivers try to pay attention to all the children in their care, it can be taxing for one staff member to have to oversee six children at once, especially during play time. There is a need for more toys for the children, especially building blocks. There is presently a toy drive going on to help with the endeavor of procuring more toys. In doing so, they can look into getting another slide as the tiny one that is there cannot suffice for all the children that want to use it during outdoor play. They need to also look into getting straps or bars put on the swing as there are children who have a habit of getting in and out of the swing while it is in flight. This can be very harmful to them. The monkey bar is also a cause of concern as it is very dangerous, especially for the smaller children. The spaces between each bar are too wide and therefore adjustments may have to be made by putting plastic or wooden bars in between each space to reduce the width that the children will have to climb on. There is a gate at the end of one of the driveways that is too far from the ground and so the ball continues to go under the gate when the children play in the driveway. They need to lower the gate or put something to block the opening so that the ball does not run onto the road. Closing Remarks Members of group five (5) can conclude that the visit to the day care was a productive one. The time spent with the children was thoroughly enjoyed as there was more than mere observation. The day care is a great one and should become better if the things in the afore mentioned recommendations are taken into consideration. Group five would recommend this day care to parents and guardians seeking one as they take into consideration the holistic development of the children.

To what extent are the poems Nothings changed and Half-caste a message of protest Essay Example for Free

To what extent are the poems Nothings changed and Half-caste a message of protest Essay The two poems, Nothings changed by Tatamkhulu Afrika and Half-caste by John Agard, both deal with issues of race. Nothings changed describes the return to district six after the apartheid in South Africa it presents a voice angry that nothing has changed since the apartheid has been abolished, and that racial segregation still exists. Half-caste also communicates a protest against racial prejudice. It questions the use of the term half-caste and promotes more open views. The discontent behind both messages is clear in their tones. From the start Afrika sets a bitter and angry mood, the hot, white, inwards turning anger of my eyes the use of how deeply resentful he is about what is going on. Also the alliteration of the strong t consonant enhances the frustrated quality of this phrase. On the other hand Half-caste challenges the reader with a mocking phrase Excuse me standing on one leg Im half-caste. This appears to set up a more relaxed atmosphere in first three lines. The poet makes this more assertive with his use of imperatives such as excuse and explain. Throughout the poem he continues to play with the term half caste but the light atmosphere is soon over ridden by the seriousness of the message. Nothings changed is written in six main stanzas which draw attention to the harsh reality of district six. Interestingly there is a mini stanza of two lines no sign says it is but we know where we belong. this could show the racial segregation enforced and illustrates that although it is not official everybody accepts the unwritten rule. Afrika uses the power of three and the skin and the soft and the hot to demonstrate how complete and overwhelming the anger is. Also use of the refrain like phrases no board says it is and no sign says it is continue to emphasise how embedded the segregation is in society. The structure in Half caste is less obvious although it has strong implications. For example the unequal line lengths so spiteful deem dont want de sun pass/ ah rass suggest an odd untidiness and imbalance. As in nothings changed Agard uses refrain to reinforce an idea, explain yuself/ what yu mean. Although here is is more aggressive and upfront. It is repeated as he demands for an answer. There is a flow to the poem created by enjambment with no punctuation. This could reflect the release of anger. The forward slashes add pauses ? is a half-caste weather/ well in dat case which keep the reader aware of the theme of standing up against society. Both poets continue to develop the themes through rhyme and rhythm. In Nothings changed there is half rhyme, for example trees and cuisine. This could symbolise inequality and a sense of uprising against what society imposes. The rhythm is heavy and strong with hard consonant sounds like trodden and gatepost this gives a feeling of oppression. Also there is enjambment, which is shown when the poet says seeding grasses thrust/ beaded seeds/ into trouser cuffs this suggests urgency to release anger it is building up to the last line, nothings changed the short sentence ends the flow and implies defeat as the protest is replaced by acceptance that the separation still stands. Similarly the rhyme in Half-caste is random which continues the theme. The main images highlighted by rhyme such as mix a black key with a white key is a half-caste symphony. The rhythm is uneven which again emphasises the concept of half. The interesting use of colloquial language provides lots of focus on the sounds of words for example yu, de or dem which makes the rhythm more confident and direct. In nothings changed the poet begins with monosyllabic language. The first line is small round hard stone click which echoes the sound of walking on gravel this sensory language draws in the reader to the message. He uses words showing oppression like trodden on, crunched, and crushed this conveys the aggressive nature of district 6. Afrika also uses lots of heat associated words like flaring, hot white and burn. These immediately portray a build up of anger. He uses pronouns such as I press my nose making it a more personal account which engages the reader with the personal emotions. On another level he could be expressing the voice of black people against discrimination. Similarly Agard uses pronouns he engages the audience by saying yu which is directing the poem to a wide audience. He also uses colloquial language like wha, yu and on dem cloud this is Jamaican slang which sets up a background and displays his pride to be from that culture. His repeated use of the term half-caste reminds us of the taboo of the term inflicting guilt upon the reader. The clever use of half links all the imagery listening to yu wid de keen half of mih ear. This is all leading up to the last line when he challenges the reader to accept him as a whole person. Afrika uses subtle imagery like tall purple flowering amiable weeds The word weeds suggests inferiority but a struggling to stand tall against segregation. He uses personification to describe the whites only inn it squats shows how unwanted the white people are, because they impose on the black people. A strong metaphor clear panes is like a physical representation of the social barrier. It lets the wealth of the white people be seen. This is emphasised by the contrast of images created. Linen falls, the single rose are compared to bunny chows and plastic tables. Here a clear gap of living standard is shown. I think the most important image in the poem is leaving a small mean O of small mean mouth which describes the circular mark of breath on the window. This shape will disappear, and metaphorically describes how his voice of protest is lost within him. The imagery that Agard uses imagery is based around these of mix and half. Opposites like black and white and light and shadow shows two extremes which in people should be accepted as equals. He also says things like half of mih ear , half of mih eye and half-hand these are unrealistic concepts which is mocking the term half-caste. He uses a metaphor of Tchaikovsky writing a symphony and Picasso mixing colours. The use of an artist and a composer gives out a message universally. Also using art and music, pleasant things, shows how wrong and unpleasant using the term half-caste is. Finally, the change in imagery at the end of the poem shows Agards encouragement of open mindedness. He uses whole and tomorrow which suggest in the future the prejudice can change. Overall both poems show a protest although I think half-caste is defiant outwards protest that chalenges the reader with clever imagery and language. Nothings changed seems to show protest and anger held within or inwards turning anger. It also shows frustration of accepting the harsh life of being an inferior in South Africa.

Mobile Ad Hoc Network Intrusion Detection System (IDS)

Mobile Ad Hoc Network Intrusion Detection System (IDS) Chapter 1 1. Introduction Mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs) are relatively new communication paradigms. MANETs do not require expensive base stations or wired infrastructure. Nodes within radio range of each other can communicate directly over wireless links, and those that are far apart use other nodes as relays. Each host in a MANET also acts as a router as routes are mostly multichip. The lack of fixed infrastructure and centralized authority makes a MANET suitable for a broad range of applications in both military and civilian environments. For example, a MANET could be deployed quickly for military communications in the battlefield. A MANET also could be deployed quickly in scenarios such as a meeting room, a city transportation wireless network, for fire fighting, and so on. To form such a cooperative and self configurable network, every mobile host should be a friendly node and willing to relay messages for others. In the original design of a MANET, global trustworthiness in nodes within the whole network is a fundamental security assumption. Recent progress in wireless communications and micro electro mechanical systems (MEMS) technology has made it feasible to build miniature wireless sensor nodes that integrate sensing, data processing, and communicating capabilities. These miniature wireless sensor nodes can be extremely small, as tiny as a cubic centimeter. Compared with conventional computers, the low-cost, battery-powered, sensor nodes have a limited energy supply, stringent processing and communications capabilities, and memory is scarce. The design and implementation of relevant services for WSNs must keep these limitations in mind. Based on the collaborative efforts of a large number of sensor nodes, WSNs have become good candidates to provide economically viable solutions for a wide range of applications, such as environmental monitoring, scientific data collection, health monitoring, and military operations. Despite the wide variety of potential applications, MANETs and WSNs often are deployed in adverse or even hostile environments. Therefore, they cannot be readily deployed without first addressing security challenges. Due to the features of an open medium, the low degree of physical security of mobile nodes, a dynamic topology, a limited power supply, and the absence of a central management point, MANETs are more vulnerable to malicious attacks than traditional wired networks are. In WSNs, the lack of physical security combined with unattended operations make sensor nodes prone to a high risk of being captured and compromised, making WSNs vulnerable to a variety of attacks. A mobile ad hoc network (MANET) is a self-configuring network that is formed automatically by a collection of mobile nodes without the help of a fixed infrastructure or centralized management. Each node is equipped with a wireless transmitter and receiver, which allow it to communicate with other nodes in its radio communication range. In order for a node to forward a packet to a node that is out of its radio range, the cooperation of other nodes in the network is needed; this is known as multi-hop communication. Therefore, each node must act as both a host and a router at the same time. The network topology frequently changes due to the mobility of mobile nodes as they move within, move into, or move out of the network. A MANET with the characteristics described above was originally developed for military purposes, as nodes are scattered across a battlefield and there is no infrastructure to help them form a network. In recent years, MANETs have been developing rapidly and are increasingly being used in many applications, ranging from military to civilian and commercial uses, since setting up such networks can be done without the help of any infrastructure or interaction with a human. Some examples are: search-and-rescue missions, data collection, and virtual classrooms and conferences where laptops, PDA or other mobile devices share wireless medium and communicate to each other. As MANETs become widely used, the security issue has become one of the primary concerns. For example, most of the routing protocols proposed for MANETs assume that every node in the network is cooperative and not malicious [1]. Therefore, only one compromised node can cause the failure of the entire network. There are both passive and active attacks in MANETs. For passive at tacks, packets containing secret information might be eavesdropped, which violates confidentiality. Active attacks, including injecting packets to invalid destinations into the network, deleting packets, modifying the contents of packets, and impersonating other nodes violate availability, integrity, authentication, and non-repudiation. Proactive approaches such as cryptography and authentication were first brought into consideration, and many techniques have been proposed and implemented. However, these applications are not sufficient. If we have the ability to detect the attack once it comes into the network, we can stop it from doing any damage to the system or any data. Here is where the intrusion detection system comes in. Intrusion detection can be defined as a process of monitoring activities in a system, which can be a computer or network system. The mechanism by which this is achieved is called an intrusion detection system (IDS). An IDS collects activity information and then analyzes it to determine whether there are any activities that violate the security rules. Once AN ID determines that an unusual activity or an activity that is known to be an attack occurs, it then generates an alarm to alert the security administrator. In addition, IDS can also initiate a proper response to the malicious activity. Although there are several intrusion detection techniques developed for wired networks today, they are not suitable for wireless networks due to the differences in their characteristics. Therefore, those techniques must be modified or new techniques must be developed to make intrusion detection work effectively in MANETs. In this paper, we classify the architectures for IDS in MANETs, each of which is suitable for different network infrastructures. Current intrusion detection systems corresponding to those architectures are reviewed and compared. Chapter 2 Background 2.1 Intrusion Detection System (IDS) Many historical events have shown that intrusion prevention techniques alone, such as encryption and authentication, which are usually a first line of defense, are not sufficient. As the system become more complex, there are also more weaknesses, which lead to more security problems. Intrusion detection can be used as a second wall of defense to protect the network from such problems. If the intrusion is detected, a response can be initiated to prevent or minimize damage to the system. To make intrusion detection systems work, basic assumptions are made. The first assumption is that user and program activities are observable. The second assumption, which is more important, is that normal and intrusive activities must have distinct behaviors, as intrusion detection must capture and analyze system activity to determine if the system is under attack. Intrusion detection can be classified based on audit data as either host- based or network-based. A network-based IDS captures and analyzes packets from network tra ±c while a host-based IDS uses operating system or application logs in its analysis. Based on detection techniques, IDS can also be classified into three categories as follows [2]. Anomaly detection systems: The normal profiles (or normal behaviors) of users are kept in the system. The system compares the captured data with these profiles, and then treats any activity that deviates from the baseline as a possible intrusion by informing system administrators or initializing a proper response. Misuse detection systems: The system keeps patterns (or signatures) of known attacks and uses them to compare with the captured data. Any matched pattern is treated as an intrusion. Like a virus detection system, it cannot detect new kinds of attacks. Specification-based detection: The system defines a set of constraints that describe the correct operation of a program or protocol. Then, it monitors the execution of the program with respect to the defined constraints. 2.2 Intrusion Detection in MANETs Many intrusion detection systems have been proposed in traditional wired networks, where all track must go through switches, routers, or gateways. Hence, IDS can be added to and implemented in these devices easily [17, 18]. On the other hand, MANETs do not have such devices. Moreover, the medium is wide open, so both legitimate and malicious users can access it. Furthermore, there is no clear separation between normal and unusual activities in a mobile environment. Since nodes can move arbitrarily, false routing information could be from a compromised node or a node that has outdated information. Thus, the current IDS techniques on wired networks cannot be applied directly to MANETs. Many intrusion detection systems have been proposed to suit the characteristics of MANETs, some of which will be discussed in the next sections. 2.3 Architectures for IDS in MANETs The network infrastructures that MANETs can be configured to are either at or multi-layer, depending on the applications. Therefore, the optimal IDS architecture for a MANET may depend on the network infrastructure itself [9]. In an network infrastructure, all nodes are considered equal, thus it may be suitable for applications such as virtual classrooms or conferences. On the contrary, some nodes are considered different in the multi-layered network infrastructure. Nodes may be partitioned into clusters with one cluster head for each cluster. To communicate within the cluster, nodes can communicate directly. However, communication across the clusters must be done through the cluster head. This infrastructure might be well suited for military applications. 2.3.1 Stand-alone Intrusion Detection Systems In this architecture, an intrusion detection system is run on each node independently to determine intrusions. Every decision made is based only on information collected at its own node, since there is no cooperation among nodes in the network. Therefore, no data is exchanged. Besides, nodes in the same network do not know anything about the situation on other nodes in the network as no alert information is passed. Although this architecture is not elective due to its limitations, it may be suitable in a network where not all nodes are capable of running IDS or have IDS installed. This architecture is also more suitable for an network infrastructure than for multi-layered network infrastructure. Since information on each individual node might not be enough to detect intrusions, this architecture has not been chosen in most of the IDS for MANETs. 2.3.2 Distributed and Cooperative Intrusion Detection Systems Since the nature of MANETs is distributed and requires cooperation of other nodes, Zhang and Lee [1] have proposed that the intrusion detection and response system in MANETs should also be both distributed and cooperative as shown in Figure 1. Every node participates in intrusion detection and response by having an IDS agent running on them. An IDS agent is responsible for detecting and collecting local events and data to identify possible intrusions, as well as initiating a response independently. However, neighboring IDS agents cooperatively participate in global intrusion detection actions when the evidence is inconclusive. Similarly to stand-alone IDS architecture, this architecture is more suitable for a network infrastructure, not multi-layered one. 2.3.3 Hierarchical Intrusion Detection Systems Hierarchical IDS architectures extend the distributed and cooperative IDS architectures and have been proposed for multi-layered network infrastructures where the network is divided into clusters. Clusterheads of each cluster usually have more functionality than other members in the clusters, for example routing packets across clusters. Thus, these cluster heads, in some sense, act as control points which are similar to switches, routers, or gateways in wired networks. The same concept of multi-layering is applied to intrusion detection systems where hierarchical IDS architecture is proposed. Each IDS agent is run on every member node and is responsible locally for its node, i.e., monitoring and deciding on locally detected intrusions. A clusterhead is responsible locally for its node as well as globally for its cluster, e.g. monitoring network packets and initiating a global response when network intrusion is detected. 2.3.4 Mobile Agent for Intrusion Detection Systems A concept of mobile agents has been used in several techniques for intrusion detection systems in MANETs. Due to its ability to move through the large network, each mobile agent is assigned to perform only one specific task, and then one or more mobile agents are distributed into each node in the network. This allows the distribution of the intrusion detection tasks. There are several advantages for using mobile agents [2]. Some functions are not assigned to every node; thus, it helps to reduce the consumption of power, which is scarce in mobile ad hoc networks. It also provides fault tolerance such that if the network is partitioned or some agents are destroyed, they are still able to work. Moreover, they are scalable in large and varied system environments, as mobile agents tend to be independent of platform architectures. However, these systems would require a secure module where mobile agents can be stationed to. Additionally, mobile agents must be able to protect themselves from the secure modules on remote hosts as well. Mobile-agent-based IDS can be considered as a distributed and cooper ative intrusion detection technique as described in Section 3.2. Moreover, some techniques also use mobile agents combined with hierarchical IDS, for example, what will be described in Section 4.3. 2.4 Sample Intrusion Detection Systems for MANETs Since the IDS for traditional wired systems are not well-suited to MANETs, many researchers have proposed several IDS especially for MANETs, which some of them will be reviewed in this section. 2.4.1 Distributed and Cooperative IDS As described in Section 3.2, Zhang and Lee also proposed the model for distributed and cooperative IDS as shown in Figure 2 [1]. The model for an IDS agent is structured into six modules. The local data collection module collects real-time audit data, which includes system and user activities within its radio range. This collected data will be analyzed by the local detection engine module for evidence of anomalies. If an anomaly is detected with strong evidence, the IDS agent can determine independently that the system is under attack and initiate a response through the local response module (i.e., alerting the local user) or the global response module (i.e., deciding on an action), depending on the type of intrusion, the type of network protocols and applications, and the certainty of the evidence. If an anomaly is detected with weak or inconclusive evidence, the IDS agent can request the cooperation of neighboring IDS agents through a cooperative detection engine module, which communicates to other agents through a secure communication module. 2.4.2 Local Intrusion Detection System (LIDS) Albers et al. [3] proposed a distributed and collaborative architecture of IDS by using mobile agents. A Local Intrusion Detection System (LIDS) is implemented on every node for local concern, which can be extended for global concern by cooperating with other LIDS. Two types of data are exchanged among LIDS: security data and intrusion alerts. In order to analyze the possible intrusion, data must be obtained from what the LIDS detect, along with additional information from other nodes. Other LIDS might be run on different operating systems or use data from different activities such as system, application, or network activities; therefore, the format of this raw data might be different, which makes it hard for LIDS to analyze. However, such difficulties can be solved by using SNMP (Simple Network Management Protocol) data located in MIBs (Management Information Base) as an audit data source. Such a data source not only eliminates those difficulties, but also reduces the in-Figure 3: L IDS Architecture in A Mobile Node [3] crease in using additional resources to collect audit data if an SNMP agent is already run on each node. To obtain additional information from other nodes, the authors proposed mobile agents to be used to transport SNMP requests to other nodes. In another words, to distribute the intrusion detection tasks. The idea differs from traditional SNMP in that the traditional approach transfers data to the requesting node for computation while this approach brings the code to the data on the requested node. This is initiated due to untrustworthiness of UDP messages practiced in SNMP and the active topology of MANETs. As a result, the amount of exchanged data is tremendously reduced. Each mobile agent can be assigned a specific task which will be achieved in an autonomous and asynchronous fashion without any help from its LIDS. The LIDS architecture is shown in Figure 3, which consists of  ² Communication Framework: To facilitate for both internal and external communication with a LIDS. Local LIDS Agent: To be responsible for local intrusion detection and local response. Also, it reacts to intrusion alerts sent from other nodes to protect itself against this intrusion. Local MIB Agent: To provide a means of collecting MIB variables for either mobile agents or the Local LIDS Agent. Local MIB Agent acts as an interface with SNMP agent, if SNMP exists and runs on the node, or with a tailor-made agent developed specifically to allow up- dates and retrievals of the MIB variables used by intrusion detection, if none exists. Mobile Agents (MA): They are distributed from its LID to collect and process data on other nodes. The results from their evaluation are then either sent back to their LIDS or sent to another node for further investigation. Mobile Agents Place: To provide a security control to mobile agents. For the methodology of detection, Local IDS Agent can use either anomaly or misuse detection. However, the combination of two mechanisms will offer the better model. Once the local intrusion is detected, the LIDS initiate a response and inform the other nodes in the network. Upon receiving an alert, the LIDS can protect itself against the intrusion. 2.4.3 Distributed Intrusion Detection System Using Multiple Sensors Kachirski and Guha [4] proposed a multi-sensor intrusion detection system based on mobile agent technology. The system can be divided into three main modules, each of which represents a mobile agent with certain func- tionality: monitoring, decision-making or initiating a response. By separate in functional tasks into categories and assigning each task to a different agent, the workload is distributed which is suitable for the characteristics of MANETs. In addition, the hierarchical structure of agents is also developed in this intrusion detection system as shown in Figure 4. Monitoring agent: Two functions are carried out at this class of agent: network monitoring and host monitoring. A host-based monitor agent hosting system-level sensors and user-activity sensors is run on every node to monitor within the node, while a monitor agent with a network monitoring sensor is run only on some selected nodes to monitor at packet-level to capture packets going through the network within its radio ranges. Action agent: Every node also hosts this action agent. Since every node hosts a host-based monitoring agent, it can determine if there is any suspicious or unusual activities on the host node based on anomaly detection. When there is strong evidence supporting the anomaly detected, this action agent can initiate a response, such as terminating the process or blocking a user from the network. Decision agent: The decision agent is run only on certain nodes, mostly those nodes that run network monitoring agents. These nodes collect all packets within its radio range and analyze them to determine whether the network is under attack. Moreover, from the previous paragraph, if the local detection agent cannot make a decision on its own due to insufficient evidence, its local detection agent reports to this decision agent in order to investigate further. This is done by using packet-monitoring results that comes from the network-monitoring sensor that is running locally. If the decision agent concludes that the node is malicious, the action module of the agent running on that node as described above will carry out the response. The network is logically divided into clusters with a single cluster head for each cluster. This clusterhead will monitor the packets within the cluster and only packets whose originators are in the same cluster are captured and investigated. This means that the network monitoring agent (with network monitoring sensor) and the decision agent are run on the cluster head. In this mechanism, the decision agent performs the decision-making based on its own collected information from its network-monitoring sensor; thus, other nodes have no influence on its decision. This way, spooffing attacks and false accusations can be prevented. 2.4.4 Dynamic Hierarchical Intrusion Detection Architecture Since nodes move arbitrarily across the network, a static hierarchy is not suitable for such dynamic network topology. Sterne et al. [16] proposed a dynamic intrusion detection hierarchy that is potentially scalable to large networks by using clustering like those in Section 4.3 and 5.5. However, it can be structured in more than two levels as shown in Figure 5. Nodes labeled 1 are the first level clusterheads while nodes labeled 2 are the second level clusterheads and so on. Members of the first level of the cluster are called leaf nodes. Every node has the responsibilities of monitoring (by accumulating counts and statistics), logging, analyzing (i.e., attack signature matching or checking on packet headers and payloads), responding to intrusions detected if there is enough evidence, and alerting or reporting to cluster heads. Clues treads, in addition, must also perform: Data fusion/integration and data reduction: Clusterheads aggregate and correlate reports from members of the cluster and data of their own. Data reduction may be involved to avoid conflicting data, bogus data and overlapping reports. Besides, cluster heads may send the requests to their children for additional information in order to correlate reports correctly. Intrusion detection computations: Since different attacks require different sets of detected data, data on a single node might not be able to detect the attack, e.g., DDoS attack, and thus clusterheads also analyze the consolidated data before passing to upper levels. Security Management: The uppermost levels of the hierarchy have the authority and responsibility for managing the detection and response capabilities of the clusters and cluster heads below them. They may send the signatures update, or directives and policies to alter the configurations for intrusion detection and response. These update and directives will flow from the top of the hierarchy to the bottom. To form the hierarchical structure, every node uses clustering, which is typically used in MANETs to construct routes, to self-organize into local neighborhoods (first level clusters) and then select neighborhood representatives (cluster heads). These representatives then use clustering to organize themselves into the second level and select the representatives. This process continues until all nodes in the network are part of the hierarchy. The authors also suggested criteria on selecting cluster heads. Some of these criteria are: Connectivity: the number of nodes within one hop Proximity: members should be within one hop of its cluster head Resistance to compromise (hardening): the probability that the node will not be compromised. This is very important for the upper level cluster heads. Processing power, storage capacity, energy remaining, bandwidth cape abilities Additionally, this proposed architecture does not rely solely on promiscuous node monitoring like many proposed architectures, due to its unreliability as described in. Therefore, this architecture also supports direct periodic reporting where packet counts and statistics are sent to monitoring nodes periodically. 2.4.5 Zone-Based Intrusion Detection System (ZBIDS) Sun et al. [24] has proposed an anomaly-based two-level no overlapping Zone-Based Intrusion Detection System (ZBIDS). By dividing the network in Figure 6 into nonoverlapping zones (zone A to zone me), nodes can be categorized into two types: the intrazone node and the interzone node (or a gateway node). Considering only zone E, node 5, 9, 10 and 11 are intrazone nodes, while node 2, 3, 6, and 8 are interzone nodes which have physical connections to nodes in other zones. The formation and maintenance of zones requires each node to know its own physical location and to map its location to a zone map, which requires prior design setup. Each node has an IDS agent run on it which the model of the agent is shown in Figure 7. Similar to an IDS agent proposed by Zhang and Lee (Figure 2), the data collection module and the detection engine are re-sponsible for collecting local audit data (for instance, system call activities, and system log les) and analyzing collected data for any sign of intrusion respectively. In addition, there may be more than one for each of these modules which allows collecting data from various sources and using different detection techniques to improve the detection performance. The local aggregation and correlation (LACE) module is responsible for combining the results of these local detection engines and generating alerts if any abnormal behavior is detected. These alerts are broadcasted to other nodes within the same zone. However, for the global aggregation and correlation (GACE), its functionality depends on the type of the node. As described in Figure 7, if the node is an intrazone node, it only sends the generated alerts to the interzone nodes. Whereas, if the node is an interzone node, it receives alerts from other intrazone nodes, aggregates and correlates those alerts with its own alerts, and then generates alarms. Moreover, the GACE also cooperates with the GACEs of the neighboring interzone nodes to have more accurate information to detect the intrusion. Lastly, the intrusion response module is responsible for handling the alarms generated from the GACE. The local aggregation and correlation Algorithm used in ZBIDS is based on a local Markov chain anomaly detection. IDS agent rust creates a normal profile by constructing a Markov chain from the routing cache. A valid change in the routing cache can be characterized by the Markov chain detection model with probabilities, otherwise, its considered abnormal, and the alert will be generated. For the global aggregation and correlation algorithm, its based on information provided in the received alerts containing the type, the time, and the source of the attacks. 2.5 Intrusion Detection Techniques for Node Cooperation in MANETs Since there is no infrastructure in mobile ad hoc networks, each node must rely on other nodes for cooperation in routing and forwarding packets to the destination. Intermediate nodes might agree to forward the packets but actually drop or modify them because they are misbehaving. The simulations in [5] show that only a few misbehaving nodes can degrade the performance of the entire system. There are several proposed techniques and protocols to detect such misbehavior in order to avoid those nodes, and some schemes also propose punishment as well [6, 7]. 2.5.1 Watchdog and Pathrater Two techniques were proposed by Marti, Giuli, and Baker [5], watchdog and pathrater, to be added on top of the standard routing protocol in ad hoc networks. The standard is Dynamic Source Routing protocol (DSR) [8]. A watchdog identifies the misbehaving nodes by eavesdropping on the transmission of the next hop. A pathrater then helps to find the routes that do not contain those nodes. In DSR, the routing information is defined at the source node. This routing information is passed together with the message through intermediate nodes until it reaches the destination. Therefore, each intermediate node in the path should know who the next hop node is. In addition, listening to the next hops transmission is possible because of the characteristic of wireless networks if node A is within range of node B, A can overhear communication to and from B. Figure 8 shows how the watchdog works. Assume that node S wants to send a packet to node D, which there exists a path from S to D through nodes A, B, and C. Consider now that A has already received a packet from S destined to D. The packet contains a message and routing information. When A forwards this packet to B, A also keeps a copy of the packet in its buffer. Then, it promiscuously listens to the transmission of B to make sure that B forwards to C. If the packet overheard from B (represented by a dashed line) matches that stored in the buffer, it means that B really forwards to the next hop (represented as a solid line). It then removes the packet from the buffer. However, if theres no matched packet after a certain time, the watchdog increments the failures counter for node B. If this counter exceeds the threshold, A concludes that B is misbehaving and reports to the source node S. Path rater performs the calculation of the path metric for each path. By keeping the rating of every node in the network that it knows, the path metric can be calculated by combining the node rating together with link re- liability, which is collected from past experience. Obtaining the path metric for all available paths, the pathrater can choose the path with the highest metric. In addition, if there is no such link reliability information, the path metric enables the pathrater to select the shortest path too. As a result, paths containing misbehaving nodes will be avoided. From the result of the simulation, the system with these two techniques is quite effective for choosing paths to avoid misbehaving nodes. However, those misbehaving nodes are not punished. In contrast, they even benefit from the network. Therefore, misbehaving nodes are encouraged to continue their behaviors. Chapter 3 3. Literature survey 3.1 Introduction The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. The nature of mobility creates new vulnerabilities that do not exist in a fixed wired network, and yet many of the proven security measures turn out to be ineffective. Therefore, the traditional way of protecting networks with firewalls and encryption software is no longer sufficient. We need to develop new architecture and mechanisms to protect the wireless networks and mobile computing applications. The implication of mobile computing on network security research can be further demonstrated by the follow case. Recently (Summer 2001) an Internet worm called Code Red has spread rapidly to infect many of the Windows-based server machines. To prevent this type of worm attacks from spreading into intranets, many. This paper Mobile Ad Hoc Network Intrusion Detection System (IDS) Mobile Ad Hoc Network Intrusion Detection System (IDS) Chapter 1 1. Introduction Mobile ad hoc networks (MANETs) and wireless sensor networks (WSNs) are relatively new communication paradigms. MANETs do not require expensive base stations or wired infrastructure. Nodes within radio range of each other can communicate directly over wireless links, and those that are far apart use other nodes as relays. Each host in a MANET also acts as a router as routes are mostly multichip. The lack of fixed infrastructure and centralized authority makes a MANET suitable for a broad range of applications in both military and civilian environments. For example, a MANET could be deployed quickly for military communications in the battlefield. A MANET also could be deployed quickly in scenarios such as a meeting room, a city transportation wireless network, for fire fighting, and so on. To form such a cooperative and self configurable network, every mobile host should be a friendly node and willing to relay messages for others. In the original design of a MANET, global trustworthiness in nodes within the whole network is a fundamental security assumption. Recent progress in wireless communications and micro electro mechanical systems (MEMS) technology has made it feasible to build miniature wireless sensor nodes that integrate sensing, data processing, and communicating capabilities. These miniature wireless sensor nodes can be extremely small, as tiny as a cubic centimeter. Compared with conventional computers, the low-cost, battery-powered, sensor nodes have a limited energy supply, stringent processing and communications capabilities, and memory is scarce. The design and implementation of relevant services for WSNs must keep these limitations in mind. Based on the collaborative efforts of a large number of sensor nodes, WSNs have become good candidates to provide economically viable solutions for a wide range of applications, such as environmental monitoring, scientific data collection, health monitoring, and military operations. Despite the wide variety of potential applications, MANETs and WSNs often are deployed in adverse or even hostile environments. Therefore, they cannot be readily deployed without first addressing security challenges. Due to the features of an open medium, the low degree of physical security of mobile nodes, a dynamic topology, a limited power supply, and the absence of a central management point, MANETs are more vulnerable to malicious attacks than traditional wired networks are. In WSNs, the lack of physical security combined with unattended operations make sensor nodes prone to a high risk of being captured and compromised, making WSNs vulnerable to a variety of attacks. A mobile ad hoc network (MANET) is a self-configuring network that is formed automatically by a collection of mobile nodes without the help of a fixed infrastructure or centralized management. Each node is equipped with a wireless transmitter and receiver, which allow it to communicate with other nodes in its radio communication range. In order for a node to forward a packet to a node that is out of its radio range, the cooperation of other nodes in the network is needed; this is known as multi-hop communication. Therefore, each node must act as both a host and a router at the same time. The network topology frequently changes due to the mobility of mobile nodes as they move within, move into, or move out of the network. A MANET with the characteristics described above was originally developed for military purposes, as nodes are scattered across a battlefield and there is no infrastructure to help them form a network. In recent years, MANETs have been developing rapidly and are increasingly being used in many applications, ranging from military to civilian and commercial uses, since setting up such networks can be done without the help of any infrastructure or interaction with a human. Some examples are: search-and-rescue missions, data collection, and virtual classrooms and conferences where laptops, PDA or other mobile devices share wireless medium and communicate to each other. As MANETs become widely used, the security issue has become one of the primary concerns. For example, most of the routing protocols proposed for MANETs assume that every node in the network is cooperative and not malicious [1]. Therefore, only one compromised node can cause the failure of the entire network. There are both passive and active attacks in MANETs. For passive at tacks, packets containing secret information might be eavesdropped, which violates confidentiality. Active attacks, including injecting packets to invalid destinations into the network, deleting packets, modifying the contents of packets, and impersonating other nodes violate availability, integrity, authentication, and non-repudiation. Proactive approaches such as cryptography and authentication were first brought into consideration, and many techniques have been proposed and implemented. However, these applications are not sufficient. If we have the ability to detect the attack once it comes into the network, we can stop it from doing any damage to the system or any data. Here is where the intrusion detection system comes in. Intrusion detection can be defined as a process of monitoring activities in a system, which can be a computer or network system. The mechanism by which this is achieved is called an intrusion detection system (IDS). An IDS collects activity information and then analyzes it to determine whether there are any activities that violate the security rules. Once AN ID determines that an unusual activity or an activity that is known to be an attack occurs, it then generates an alarm to alert the security administrator. In addition, IDS can also initiate a proper response to the malicious activity. Although there are several intrusion detection techniques developed for wired networks today, they are not suitable for wireless networks due to the differences in their characteristics. Therefore, those techniques must be modified or new techniques must be developed to make intrusion detection work effectively in MANETs. In this paper, we classify the architectures for IDS in MANETs, each of which is suitable for different network infrastructures. Current intrusion detection systems corresponding to those architectures are reviewed and compared. Chapter 2 Background 2.1 Intrusion Detection System (IDS) Many historical events have shown that intrusion prevention techniques alone, such as encryption and authentication, which are usually a first line of defense, are not sufficient. As the system become more complex, there are also more weaknesses, which lead to more security problems. Intrusion detection can be used as a second wall of defense to protect the network from such problems. If the intrusion is detected, a response can be initiated to prevent or minimize damage to the system. To make intrusion detection systems work, basic assumptions are made. The first assumption is that user and program activities are observable. The second assumption, which is more important, is that normal and intrusive activities must have distinct behaviors, as intrusion detection must capture and analyze system activity to determine if the system is under attack. Intrusion detection can be classified based on audit data as either host- based or network-based. A network-based IDS captures and analyzes packets from network tra ±c while a host-based IDS uses operating system or application logs in its analysis. Based on detection techniques, IDS can also be classified into three categories as follows [2]. Anomaly detection systems: The normal profiles (or normal behaviors) of users are kept in the system. The system compares the captured data with these profiles, and then treats any activity that deviates from the baseline as a possible intrusion by informing system administrators or initializing a proper response. Misuse detection systems: The system keeps patterns (or signatures) of known attacks and uses them to compare with the captured data. Any matched pattern is treated as an intrusion. Like a virus detection system, it cannot detect new kinds of attacks. Specification-based detection: The system defines a set of constraints that describe the correct operation of a program or protocol. Then, it monitors the execution of the program with respect to the defined constraints. 2.2 Intrusion Detection in MANETs Many intrusion detection systems have been proposed in traditional wired networks, where all track must go through switches, routers, or gateways. Hence, IDS can be added to and implemented in these devices easily [17, 18]. On the other hand, MANETs do not have such devices. Moreover, the medium is wide open, so both legitimate and malicious users can access it. Furthermore, there is no clear separation between normal and unusual activities in a mobile environment. Since nodes can move arbitrarily, false routing information could be from a compromised node or a node that has outdated information. Thus, the current IDS techniques on wired networks cannot be applied directly to MANETs. Many intrusion detection systems have been proposed to suit the characteristics of MANETs, some of which will be discussed in the next sections. 2.3 Architectures for IDS in MANETs The network infrastructures that MANETs can be configured to are either at or multi-layer, depending on the applications. Therefore, the optimal IDS architecture for a MANET may depend on the network infrastructure itself [9]. In an network infrastructure, all nodes are considered equal, thus it may be suitable for applications such as virtual classrooms or conferences. On the contrary, some nodes are considered different in the multi-layered network infrastructure. Nodes may be partitioned into clusters with one cluster head for each cluster. To communicate within the cluster, nodes can communicate directly. However, communication across the clusters must be done through the cluster head. This infrastructure might be well suited for military applications. 2.3.1 Stand-alone Intrusion Detection Systems In this architecture, an intrusion detection system is run on each node independently to determine intrusions. Every decision made is based only on information collected at its own node, since there is no cooperation among nodes in the network. Therefore, no data is exchanged. Besides, nodes in the same network do not know anything about the situation on other nodes in the network as no alert information is passed. Although this architecture is not elective due to its limitations, it may be suitable in a network where not all nodes are capable of running IDS or have IDS installed. This architecture is also more suitable for an network infrastructure than for multi-layered network infrastructure. Since information on each individual node might not be enough to detect intrusions, this architecture has not been chosen in most of the IDS for MANETs. 2.3.2 Distributed and Cooperative Intrusion Detection Systems Since the nature of MANETs is distributed and requires cooperation of other nodes, Zhang and Lee [1] have proposed that the intrusion detection and response system in MANETs should also be both distributed and cooperative as shown in Figure 1. Every node participates in intrusion detection and response by having an IDS agent running on them. An IDS agent is responsible for detecting and collecting local events and data to identify possible intrusions, as well as initiating a response independently. However, neighboring IDS agents cooperatively participate in global intrusion detection actions when the evidence is inconclusive. Similarly to stand-alone IDS architecture, this architecture is more suitable for a network infrastructure, not multi-layered one. 2.3.3 Hierarchical Intrusion Detection Systems Hierarchical IDS architectures extend the distributed and cooperative IDS architectures and have been proposed for multi-layered network infrastructures where the network is divided into clusters. Clusterheads of each cluster usually have more functionality than other members in the clusters, for example routing packets across clusters. Thus, these cluster heads, in some sense, act as control points which are similar to switches, routers, or gateways in wired networks. The same concept of multi-layering is applied to intrusion detection systems where hierarchical IDS architecture is proposed. Each IDS agent is run on every member node and is responsible locally for its node, i.e., monitoring and deciding on locally detected intrusions. A clusterhead is responsible locally for its node as well as globally for its cluster, e.g. monitoring network packets and initiating a global response when network intrusion is detected. 2.3.4 Mobile Agent for Intrusion Detection Systems A concept of mobile agents has been used in several techniques for intrusion detection systems in MANETs. Due to its ability to move through the large network, each mobile agent is assigned to perform only one specific task, and then one or more mobile agents are distributed into each node in the network. This allows the distribution of the intrusion detection tasks. There are several advantages for using mobile agents [2]. Some functions are not assigned to every node; thus, it helps to reduce the consumption of power, which is scarce in mobile ad hoc networks. It also provides fault tolerance such that if the network is partitioned or some agents are destroyed, they are still able to work. Moreover, they are scalable in large and varied system environments, as mobile agents tend to be independent of platform architectures. However, these systems would require a secure module where mobile agents can be stationed to. Additionally, mobile agents must be able to protect themselves from the secure modules on remote hosts as well. Mobile-agent-based IDS can be considered as a distributed and cooper ative intrusion detection technique as described in Section 3.2. Moreover, some techniques also use mobile agents combined with hierarchical IDS, for example, what will be described in Section 4.3. 2.4 Sample Intrusion Detection Systems for MANETs Since the IDS for traditional wired systems are not well-suited to MANETs, many researchers have proposed several IDS especially for MANETs, which some of them will be reviewed in this section. 2.4.1 Distributed and Cooperative IDS As described in Section 3.2, Zhang and Lee also proposed the model for distributed and cooperative IDS as shown in Figure 2 [1]. The model for an IDS agent is structured into six modules. The local data collection module collects real-time audit data, which includes system and user activities within its radio range. This collected data will be analyzed by the local detection engine module for evidence of anomalies. If an anomaly is detected with strong evidence, the IDS agent can determine independently that the system is under attack and initiate a response through the local response module (i.e., alerting the local user) or the global response module (i.e., deciding on an action), depending on the type of intrusion, the type of network protocols and applications, and the certainty of the evidence. If an anomaly is detected with weak or inconclusive evidence, the IDS agent can request the cooperation of neighboring IDS agents through a cooperative detection engine module, which communicates to other agents through a secure communication module. 2.4.2 Local Intrusion Detection System (LIDS) Albers et al. [3] proposed a distributed and collaborative architecture of IDS by using mobile agents. A Local Intrusion Detection System (LIDS) is implemented on every node for local concern, which can be extended for global concern by cooperating with other LIDS. Two types of data are exchanged among LIDS: security data and intrusion alerts. In order to analyze the possible intrusion, data must be obtained from what the LIDS detect, along with additional information from other nodes. Other LIDS might be run on different operating systems or use data from different activities such as system, application, or network activities; therefore, the format of this raw data might be different, which makes it hard for LIDS to analyze. However, such difficulties can be solved by using SNMP (Simple Network Management Protocol) data located in MIBs (Management Information Base) as an audit data source. Such a data source not only eliminates those difficulties, but also reduces the in-Figure 3: L IDS Architecture in A Mobile Node [3] crease in using additional resources to collect audit data if an SNMP agent is already run on each node. To obtain additional information from other nodes, the authors proposed mobile agents to be used to transport SNMP requests to other nodes. In another words, to distribute the intrusion detection tasks. The idea differs from traditional SNMP in that the traditional approach transfers data to the requesting node for computation while this approach brings the code to the data on the requested node. This is initiated due to untrustworthiness of UDP messages practiced in SNMP and the active topology of MANETs. As a result, the amount of exchanged data is tremendously reduced. Each mobile agent can be assigned a specific task which will be achieved in an autonomous and asynchronous fashion without any help from its LIDS. The LIDS architecture is shown in Figure 3, which consists of  ² Communication Framework: To facilitate for both internal and external communication with a LIDS. Local LIDS Agent: To be responsible for local intrusion detection and local response. Also, it reacts to intrusion alerts sent from other nodes to protect itself against this intrusion. Local MIB Agent: To provide a means of collecting MIB variables for either mobile agents or the Local LIDS Agent. Local MIB Agent acts as an interface with SNMP agent, if SNMP exists and runs on the node, or with a tailor-made agent developed specifically to allow up- dates and retrievals of the MIB variables used by intrusion detection, if none exists. Mobile Agents (MA): They are distributed from its LID to collect and process data on other nodes. The results from their evaluation are then either sent back to their LIDS or sent to another node for further investigation. Mobile Agents Place: To provide a security control to mobile agents. For the methodology of detection, Local IDS Agent can use either anomaly or misuse detection. However, the combination of two mechanisms will offer the better model. Once the local intrusion is detected, the LIDS initiate a response and inform the other nodes in the network. Upon receiving an alert, the LIDS can protect itself against the intrusion. 2.4.3 Distributed Intrusion Detection System Using Multiple Sensors Kachirski and Guha [4] proposed a multi-sensor intrusion detection system based on mobile agent technology. The system can be divided into three main modules, each of which represents a mobile agent with certain func- tionality: monitoring, decision-making or initiating a response. By separate in functional tasks into categories and assigning each task to a different agent, the workload is distributed which is suitable for the characteristics of MANETs. In addition, the hierarchical structure of agents is also developed in this intrusion detection system as shown in Figure 4. Monitoring agent: Two functions are carried out at this class of agent: network monitoring and host monitoring. A host-based monitor agent hosting system-level sensors and user-activity sensors is run on every node to monitor within the node, while a monitor agent with a network monitoring sensor is run only on some selected nodes to monitor at packet-level to capture packets going through the network within its radio ranges. Action agent: Every node also hosts this action agent. Since every node hosts a host-based monitoring agent, it can determine if there is any suspicious or unusual activities on the host node based on anomaly detection. When there is strong evidence supporting the anomaly detected, this action agent can initiate a response, such as terminating the process or blocking a user from the network. Decision agent: The decision agent is run only on certain nodes, mostly those nodes that run network monitoring agents. These nodes collect all packets within its radio range and analyze them to determine whether the network is under attack. Moreover, from the previous paragraph, if the local detection agent cannot make a decision on its own due to insufficient evidence, its local detection agent reports to this decision agent in order to investigate further. This is done by using packet-monitoring results that comes from the network-monitoring sensor that is running locally. If the decision agent concludes that the node is malicious, the action module of the agent running on that node as described above will carry out the response. The network is logically divided into clusters with a single cluster head for each cluster. This clusterhead will monitor the packets within the cluster and only packets whose originators are in the same cluster are captured and investigated. This means that the network monitoring agent (with network monitoring sensor) and the decision agent are run on the cluster head. In this mechanism, the decision agent performs the decision-making based on its own collected information from its network-monitoring sensor; thus, other nodes have no influence on its decision. This way, spooffing attacks and false accusations can be prevented. 2.4.4 Dynamic Hierarchical Intrusion Detection Architecture Since nodes move arbitrarily across the network, a static hierarchy is not suitable for such dynamic network topology. Sterne et al. [16] proposed a dynamic intrusion detection hierarchy that is potentially scalable to large networks by using clustering like those in Section 4.3 and 5.5. However, it can be structured in more than two levels as shown in Figure 5. Nodes labeled 1 are the first level clusterheads while nodes labeled 2 are the second level clusterheads and so on. Members of the first level of the cluster are called leaf nodes. Every node has the responsibilities of monitoring (by accumulating counts and statistics), logging, analyzing (i.e., attack signature matching or checking on packet headers and payloads), responding to intrusions detected if there is enough evidence, and alerting or reporting to cluster heads. Clues treads, in addition, must also perform: Data fusion/integration and data reduction: Clusterheads aggregate and correlate reports from members of the cluster and data of their own. Data reduction may be involved to avoid conflicting data, bogus data and overlapping reports. Besides, cluster heads may send the requests to their children for additional information in order to correlate reports correctly. Intrusion detection computations: Since different attacks require different sets of detected data, data on a single node might not be able to detect the attack, e.g., DDoS attack, and thus clusterheads also analyze the consolidated data before passing to upper levels. Security Management: The uppermost levels of the hierarchy have the authority and responsibility for managing the detection and response capabilities of the clusters and cluster heads below them. They may send the signatures update, or directives and policies to alter the configurations for intrusion detection and response. These update and directives will flow from the top of the hierarchy to the bottom. To form the hierarchical structure, every node uses clustering, which is typically used in MANETs to construct routes, to self-organize into local neighborhoods (first level clusters) and then select neighborhood representatives (cluster heads). These representatives then use clustering to organize themselves into the second level and select the representatives. This process continues until all nodes in the network are part of the hierarchy. The authors also suggested criteria on selecting cluster heads. Some of these criteria are: Connectivity: the number of nodes within one hop Proximity: members should be within one hop of its cluster head Resistance to compromise (hardening): the probability that the node will not be compromised. This is very important for the upper level cluster heads. Processing power, storage capacity, energy remaining, bandwidth cape abilities Additionally, this proposed architecture does not rely solely on promiscuous node monitoring like many proposed architectures, due to its unreliability as described in. Therefore, this architecture also supports direct periodic reporting where packet counts and statistics are sent to monitoring nodes periodically. 2.4.5 Zone-Based Intrusion Detection System (ZBIDS) Sun et al. [24] has proposed an anomaly-based two-level no overlapping Zone-Based Intrusion Detection System (ZBIDS). By dividing the network in Figure 6 into nonoverlapping zones (zone A to zone me), nodes can be categorized into two types: the intrazone node and the interzone node (or a gateway node). Considering only zone E, node 5, 9, 10 and 11 are intrazone nodes, while node 2, 3, 6, and 8 are interzone nodes which have physical connections to nodes in other zones. The formation and maintenance of zones requires each node to know its own physical location and to map its location to a zone map, which requires prior design setup. Each node has an IDS agent run on it which the model of the agent is shown in Figure 7. Similar to an IDS agent proposed by Zhang and Lee (Figure 2), the data collection module and the detection engine are re-sponsible for collecting local audit data (for instance, system call activities, and system log les) and analyzing collected data for any sign of intrusion respectively. In addition, there may be more than one for each of these modules which allows collecting data from various sources and using different detection techniques to improve the detection performance. The local aggregation and correlation (LACE) module is responsible for combining the results of these local detection engines and generating alerts if any abnormal behavior is detected. These alerts are broadcasted to other nodes within the same zone. However, for the global aggregation and correlation (GACE), its functionality depends on the type of the node. As described in Figure 7, if the node is an intrazone node, it only sends the generated alerts to the interzone nodes. Whereas, if the node is an interzone node, it receives alerts from other intrazone nodes, aggregates and correlates those alerts with its own alerts, and then generates alarms. Moreover, the GACE also cooperates with the GACEs of the neighboring interzone nodes to have more accurate information to detect the intrusion. Lastly, the intrusion response module is responsible for handling the alarms generated from the GACE. The local aggregation and correlation Algorithm used in ZBIDS is based on a local Markov chain anomaly detection. IDS agent rust creates a normal profile by constructing a Markov chain from the routing cache. A valid change in the routing cache can be characterized by the Markov chain detection model with probabilities, otherwise, its considered abnormal, and the alert will be generated. For the global aggregation and correlation algorithm, its based on information provided in the received alerts containing the type, the time, and the source of the attacks. 2.5 Intrusion Detection Techniques for Node Cooperation in MANETs Since there is no infrastructure in mobile ad hoc networks, each node must rely on other nodes for cooperation in routing and forwarding packets to the destination. Intermediate nodes might agree to forward the packets but actually drop or modify them because they are misbehaving. The simulations in [5] show that only a few misbehaving nodes can degrade the performance of the entire system. There are several proposed techniques and protocols to detect such misbehavior in order to avoid those nodes, and some schemes also propose punishment as well [6, 7]. 2.5.1 Watchdog and Pathrater Two techniques were proposed by Marti, Giuli, and Baker [5], watchdog and pathrater, to be added on top of the standard routing protocol in ad hoc networks. The standard is Dynamic Source Routing protocol (DSR) [8]. A watchdog identifies the misbehaving nodes by eavesdropping on the transmission of the next hop. A pathrater then helps to find the routes that do not contain those nodes. In DSR, the routing information is defined at the source node. This routing information is passed together with the message through intermediate nodes until it reaches the destination. Therefore, each intermediate node in the path should know who the next hop node is. In addition, listening to the next hops transmission is possible because of the characteristic of wireless networks if node A is within range of node B, A can overhear communication to and from B. Figure 8 shows how the watchdog works. Assume that node S wants to send a packet to node D, which there exists a path from S to D through nodes A, B, and C. Consider now that A has already received a packet from S destined to D. The packet contains a message and routing information. When A forwards this packet to B, A also keeps a copy of the packet in its buffer. Then, it promiscuously listens to the transmission of B to make sure that B forwards to C. If the packet overheard from B (represented by a dashed line) matches that stored in the buffer, it means that B really forwards to the next hop (represented as a solid line). It then removes the packet from the buffer. However, if theres no matched packet after a certain time, the watchdog increments the failures counter for node B. If this counter exceeds the threshold, A concludes that B is misbehaving and reports to the source node S. Path rater performs the calculation of the path metric for each path. By keeping the rating of every node in the network that it knows, the path metric can be calculated by combining the node rating together with link re- liability, which is collected from past experience. Obtaining the path metric for all available paths, the pathrater can choose the path with the highest metric. In addition, if there is no such link reliability information, the path metric enables the pathrater to select the shortest path too. As a result, paths containing misbehaving nodes will be avoided. From the result of the simulation, the system with these two techniques is quite effective for choosing paths to avoid misbehaving nodes. However, those misbehaving nodes are not punished. In contrast, they even benefit from the network. Therefore, misbehaving nodes are encouraged to continue their behaviors. Chapter 3 3. Literature survey 3.1 Introduction The rapid proliferation of wireless networks and mobile computing applications has changed the landscape of network security. The nature of mobility creates new vulnerabilities that do not exist in a fixed wired network, and yet many of the proven security measures turn out to be ineffective. Therefore, the traditional way of protecting networks with firewalls and encryption software is no longer sufficient. We need to develop new architecture and mechanisms to protect the wireless networks and mobile computing applications. The implication of mobile computing on network security research can be further demonstrated by the follow case. Recently (Summer 2001) an Internet worm called Code Red has spread rapidly to infect many of the Windows-based server machines. To prevent this type of worm attacks from spreading into intranets, many. This paper