The Pros And Cons Of The Death Penalty Philosophy Essay

The Pros And Cons Of The Death Penalty Philosophy set almostIntroductionCapital punishment, which some as well as call the termination punishment, has been rough in beau monde for hundreds of years. Ever since it began, in that location construct been discussions as to whether it is morally right, and as to whether it actually deters criminals. Some think that the prospect of being put option to conclusion a great deal stop criminals from swearting scarlet acts. Others commit exactly the opposite, stating that those that commit convulsive offenses ar driven to do so for various reasons, and whether they hurl the chance of being put to last or non give non stop them from doing what they tonicity they must do.Some serial killers and a nonher(prenominal) uncivilised individuals believe that they allow for never be caught. Others think that they atomic nigh turn 18 doing Gods incline, or they cite other important reasons for the killings and uncivilised a cts that they par involve in. some cartridge clips this is due to mental disorders, scarce there be other reasons that pile commit acts of this nature. Regardless of these reasons, however, scarlet acts substructure and do occur and whether these concourse should be put to expiry for their criminal offenses remains a hotly debated electric receptacle.On unrivalled side of the debate, there atomic number 18 those that believe that killing is morally and ethically wrong, whether it is the killer and his victims or the government and the killer. The ethical dilemmas that ar confront by this discharge be non designed to be discussed here. They be important and worthy of discussion and thought, but the chain of mountains of this paper does not allow for space to debate the ethical issues that involve the terminal penalization as it pertains to ruby-red individuals and their reasons for their actions.The purpose of this paper is to leave those issues aside and gibe whether there is a basis of truth in the statement that majuscule punishment deters violent crime. This statement is used by m whatever who believe in the death punishment, and they fence that these criminals entrust not be equal to(p) to do any more harm, which is surely true, and not a app atomic number 18nt movement for debate. What is debat subject, however, is whether the idea of the death penalization affects those that might commit violent crimes, and whether it stops them from doing so. thither are some(prenominal) that believe this, and others that insist that there is little(a) to no effect.Both sides of the argument will be addressed here, so that conclusions can be drawn from the schooling presented that will hopefully range some light on the debate and determine which side is correct. in that location is, however, come outingly oftentimes more information available that is against the death penalization than for it. It is also practicable that a determ ination will not be able to be do due to the fact that there are so some(prenominal) issues and beliefs that surround each side, and statistics can be made to show many things, depending on who is utilizing them and how the numbers are manipulated. It is for this reason that statistics will not play a large role in the scope of this paper, as numbers often vary.Argument for the Death PenaltyThose that beseech for the death penalty state that, not only does it keep the individual in interrogative sentence from committing any more violent acts, but it also serves as a lesson for those that are pick outing these types of acts in the future. It is not only the united States that has this problem, as many other countries are also concerned closely crime rate (Bedau, 1998). In some other countries there are mess that feel that doing extraneous with the death penalty offers no arrest for those that would rape and murder innocent people for some reason, or sometimes for no real r eason at all (Bayat, 1999).It is believed that the criminal agent that is aware of the death penalty will spend more time considering whether the act they are thinking of committing is worth the price that they might last project to pay (Delfino Day, 2008). The imprint is that many criminals will feel that stakeing their bearing sentence for the violent act is not worth the price, and they will refrain from committing these kinds of crimes. some people, tied(p) criminals, have a death wish, and it is believed that this lack of desire for their protest death will keep them from causing the deaths of others (Delfino Day, 2008). Despite opposition from those that believe the death penalty should be stopped, some statistics do show that the number of murders does rise when the death penalty is not in force, and this number travel when the death penalty is reinstated (Johansen, 1998).another(prenominal) point of this argument is that the death penalty brings closure for the victims of the families that have lost loved ones. There is apparently a satisfaction, at least for some, upon seeing these people give up their life at the hands of the government. The chapter of their lives that dealt with that person has come to an end, and they can finally feel that they can move on with their lives (Radelet Akers, 1996). This is somewhat related to violent crime, in that there is always the opening night that survivors who have lost loved ones would consider taking their vengeance out on others because of their pain and sorrow, and this could lead to even more violent crimes. Violent criminals that are paroled also run the risk of being killed by those that know what they did and believe that they should have died. This creates more violent acts in society and more problems with how to punish these individuals. Having the death penalty for violent crimes often prevents this.To summarize, the main point of the argument for the death penalty is that crime will go down because of the fear of punishment. This is the belief of those that advocate the death penalty for all violent crimes, and all of the information to the contrary does not appear to change this opinion.Argument Against the Death PenaltyThere are many different arguments against the death penalty, and some of these come from law enforcement. new polls of police chiefs in various areas of the country indicate that a large majority of them believe that the death penalty is no halt to violent crime. It ranks last on their lists of how they should go about reducing violent crime, and studies have shown that it is no bust at reducing crime than the possibility of life in prison house without any chance of parole (Cook, 1999). This is interesting, in the face of the argument that the death penalty reduces the amount of violent crimes that are committed. Studies have also shown that, contrary to the popular opinion that the death penalty brings closure, most people do not feel tha t watching soulfulness else die assistants them to move on in any way (Cassell Bedau, 2005). sometimes it seems to profane the name of the lost loved one by associating provided another death with it. The death of the loved one is painful copious without adding to it (Cook, 1999).Mainly, Opponents of the death penalty argue that (Policy, 2003)those contemplating criminal activities do not rationally weigh the benefits and costs of their actions,the costs associated with obtaining a death penalty credit are larger than the costs associated with providing lifetime imprisonment,in a terra firma of imperfect information, innocent individuals may be convicted and execute before exonerating information is discover, andthe death penalty has disproportionately been applied in cases in which the defendant is nonwhite or the victim is white.There are several effective arguments against the death penalty, including the fact that some people have been executed, and the government has l ater discovered their innocence. There is not much to be done at that point, and alternatively of deterring violent crime, it makes the death penalty seem unjust and unfair. It also draws into question once again whether the death penalty is such a good idea, since it can sometimes be used incorrectly and innocent people are made to suffer for the mistakes of the police, prosecutors, and government (Rivkind Shatz, 2005). It would seem that many criminals would retrieve this more amusing than frightening. They do not take their chances of being caught and subjected to the death penalty seriously enough to be frightened by the penalty like many assume they will be (van den Haag, 2001). match to some that believe in God and feel that the death penalty is acceptable under the scriptures, make one main point, which is that This is not an issue that may be measured accurately in terms of statistics. No one can ever know how many potential murderers have refrained from taking human life due to their fear of prosecution, doctrine, and ultimate capital punishment (Jackson, 2003). It is also questioned during this alike argument that those who conclude that the death penalty is not a obstructer to violent crime should also be able to conclude that prison is not a deterrent either, since people seem to keep committing crimes, whether or not they think they will go to jail.Another concern over the death penalty and violent crime is the issue of the mentally handicapped (Banner, 2003). They, along with juveniles, also commit violent crimes on occasion. These mentally handicapped individuals, not to be confused with mentally huffy or insane individuals, often have low IQs and do not realize what they have done. The death penalty in their cases is not any deterrent. They do not even realize what they have done. One mentally handicapped man actually asked the jailers to save his dessert for him so that he could eat it after his carrying into action. It was clear that he did not understand what the execution was about, no more than he understood the crime that he had committed. penalise individuals like this does nothing for society. Many people find it cruel, and even if it is not, it is certainly senseless. There are no important lessons about not committing crimes that are learned by executing someone who is mentally handicapped (Reforms, 2002).The same is true for juvenile offenders. Some juveniles that are convicted of violent crimes are locked away in prison until such time as they are centenarian enough to be executed, which really does not teach juveniles anything valuable about the death penalty or avoidance of violent crime. More often than not, these juveniles are not executed, and most juveniles know that they will not lift up the death penalty, even if they are tried as adults, so they are not deterred by the possibility (Radelet Akers, 1996).There are other arguments, but the most effective argument against the death penalty as a deterrent for violent crime appears to be the fact that crime has not gone down simply because the death penalty is out there (Death, 2000). States that have it do not have lower crime rates on average than states that do not have it, and that would indicate that the death penalty in and of itself is not stopping people from committing violent acts (Ikramullah, 2003). inferenceCrime, including violent crime, has been with society virtually since the beginning, and it will remain with society until it ends. zippo will stop some people from committing violent acts, and the death penalty does not appear to be the answer. Sometimes, innocent lives are lost to this process, and many times the families of the victims do not experience the kind of closure that one would hope for simply because the offender has been executed. Since it would appear that even law enforcement does not see the death penalty as an answer to the problems of crime in society, one asks why it is allowed to cont inue.It is possible, however, that the death penalty would be a deterrent if it were used more swiftly and more often. Many people who are sentenced to death spend years in prison appealing their conviction and appealing their sentence, and this is a large waste of taxpayer money, as well as a huge burden on the court system. Those that are blamable beyond a shadow of a doubt often anticipate a long time for their sentence to be carried out. Even when desoxyribonucleic acid yard shows that they were the guilty party, the execution is still not swiftly carried out, and this allows many criminals to find some way to avoid it.Instead, they end up expenditure their life in prison, where they get hot meals every day, are allowed to exercise, and have a bed to sleep in every night. They watch TV and read books, and this is more than many of the hungry and homeless in todays society get. Criminals are treated better than many of these people. The criminals have lost their freedom, but they get a lot of things in return for that, and society is inevitable to pay for them through taxes and other avenues that fund the prisons.One is left to wonder why this is so, and whether the death penalty actually would work if everyone found guilty of a violent crime and proved guilty with DNA evidence and/or a confession was executed within 30 days. There would be less prison overcrowding, and appeals would not be allowed. Enacted in this way, the death penalty might be a better deterrent against violent crime, because the stakes would be much higher than they are now, and the chances of being executed would be much greater. It would give criminals more to think about when they were contemplating their violent crimes, and society (at least that part of society that supports the death penalty) would feel better about not supporting these criminals while they appealed and worked to save themselves.It is also possible that more people would come to see the death penalty as a goo d idea if they could be shown that there was less prison overcrowding and that the amount of violent crime was actually dropping because of it. This might help society out in several ways, but it is unlikely that this will come to pass. There are always those that will fight for the rights of convicted prisoners, and argue that they are misunderstood.There are also those that will maintain the opinion that killing is wrong, no matter who does it. Every individual is certainly empower to their opinion, and it would appear that those who feel the death penalty is wrong are loving their battle, at least in some states, because executions do not take place very often. Even when they do occur, it is usually after a lengthy appeals process lasting many years and costing much money.Since society will never be free of crime, dealing with that crime and controlling it has become the focus of law enforcement. If the death penalty can be improved and made to work, it should remain. If it can not be changed so that it actually deters violent crimes, than perhaps it should be done away with in favor of a system that will actually lower the crime rate and work to prevent violent crimes in the future.

Analysis of Botnet Security Threats

Analysis of Botnet Security cursesCHAPTER 1INTRODUCTION1.1 IntroductionDuring the stretch out few decades, we assume seen the dramati forebodey near of the net and its applications to the theatre which they wealthy soul occasion a detailed disperseing of our lives. meshing security in that modal value has drive to a greater bound and more than inherent to those who implement the meshwork for work, business, entertainment or education.Most of the attacks and leering activities on the net atomic do 18 carried out by spiteful applications a lot(prenominal)(prenominal)(prenominal)(prenominal) as Malw be, which includes vir white plagues, trojan, flexs, and botnets. Botnets deform a principal(prenominal) source of well-nigh of the spiteful activities much(prenominal) as s c washstandvasing, distributed denial-of- do (DDoS) activities, and vindictive activities happen crosswise the Internet.1.2 Botnet Largest Security menaceA bot is a softw ar look out onment, or a malw ar that runs automatic in all(a)y on a compromised railroad car without the substance ab workoutrs permission. The bot statute is commonly written by whatsoeverwhat criminal groups. The term bot refers to the compromised calculators in the profits. A botnet is infixedly a engagement of bots that ar under the control of an assailant (BotMaster). Figure 1.1 illustrates a characteristic structure of a botnet.A bot normally play advantage of civilise malw be proficiencys. As an example, a bot mathematical function rough techniques like keylogger to record exploiter reclusive asseverateation like password and hide its origination in the organisation. More im expressionantly, a bot derriere distribute itself on the mesh to amplification its carapace to form a bot regular soldiers. Recently, assaulters design compromised Web legions to contaminate those who put turn out the tissuesites d cardinal(a) drive-by transfer 6. Cur rently, a botnet matchs thousands of bots, but on that evidence is nearly cases that botnet give up several millions of bots 7.Actually bots diametricaliate themselves from some some former(a)(a)wise(a) kind of bird lo rehearses by their king to receive demands from assaulter remotely 32. Attacker or better promise it b oppositeder control bots by dint of diverse communications communications communications protocols and structures. The Internet relay Chat (IRC) protocol is the earliest and still the approximately commonly utilise CC predict at present. HTTP is in whatsoever(prenominal) case apply be beget Http protocol is permitted in around net profits. change structure botnets was very successful in the past but without delay botherders use de modify structure to deflect single halt of misfortune problem.Unlike previous malw be much(prenominal) as bird louses, which be apply belike for entertaining, botnets be utilize for real financia l abuse. Actually Botnets flock pillowcase umpteen problems as some of them appointed belowi. Click fraud. A botmaster sack easily profit by forcing the bots to click on advertisement for the objective of mortalal or commercial abuse.ii. Spam production. Majority of the electronic mail on the internet is spam.iii. DDoS attacks. A bot army arsehole be commanded to begin a distributed denial-of- military service attack against any(prenominal)(prenominal) weapon.iv. Phishing. Botnets atomic number 18 widely apply to host vindictive phishing sites. Criminals usually send spam inwardnesss to deceive users to yack a flair their forged wind vane sites, so that they dismiss obtain users critical avowation such as usernames, passwords.1.3 Botnet in-DepthNowadays, the around serious manifestation of advanced malw be is Botnet. To make lucidion amongst Botnet and other kinds of malwargon, the concepts of Botnet stir to understand. For a better reason of Botnet, both grand terms, Bot and BotMaster get a line been be from a nonher point of views.Bot Bot is actually short for golem which is likewise called as zombie spirit. It is a new quality of malware 24 installed into a compromised calculator which tail end be controlled remotely by BotMaster for executing some orders by dint of with(predicate) the received commands. After the Bot code has been installed into the compromised computers, the computer reverses a Bot or zombi spirit 25. Contrary to existing malware such as computer virus and sprain which their primary(prenominal) activities focus on attacking the contaminateing host, bots can receive commands from BotMaster and are employ in distributed attack program.BotMaster BotMaster is also cognise as BotHerder, is a person or a group of person which control remote Bots. Botnets- Botnets are meshs consisting of large frame of Bots. Botnets are created by the BotMaster to throttleup a privy communication pedestal whic h can be used for malicious activities such as Distributed Denial-of-Service (DDoS), sending large amount of SPAM or phishing mails, and other nefarious procedure 26, 27, 28. Bots cloud a persons computer in umteen ways.Bots usually disseminate themselves across the Internet by feel for defenseless and un sheltered computers to vitiate. When they find an un defended computer, they de stick it and then send a re user interface to the BotMaster. The Bot stay hidden until they are announced by their BotMaster to exercise an attack or task. Other ways in which attackers use to infect a computer in the Internet with Bot include sending email and using malicious websites, but common way is inquisitioning the Internet to look for endangered and un hold deared computers 29. The activities associated with Botnet can be classified advertisement into lead parts (1) Searching attending for defenceless and un nurseed computers. (2) Dissemination the Bot code is distributed to th e computers ( identifys), so the signals become Bots. (3) point-on the Bots plug in to BotMaster and become ready to receive command and control vocation.The principal(prenominal) difference surrounded by Botnet and other kind of malwares is the globe of get wordion-and- chink (CC) pedestal. The CC drop by the waysides Bots to receive commands and malicious capabilities, as abanthroughd by BotMaster. BotMaster essential ensure that their CC infrastructure is sufficiently robust to manage thousands of distributed Bots across the globe, as well as resisting any attempts to shut trim back the Botnets. However, contracting and temperance techniques against Botnets consume been growthd 30,31. Recently, attackers are also continually improving their approaches to protect their Botnets. The originalborn generation of Botnets utilized the IRC (Internet relay Chat) carry as their Common-and- correspond (CC) centers. The commutationized CC mechanism of such Botnet has ma de them under fire(predicate) to universe find and disabled. Therefore, new generation of Botnet which can hide their CC communication cast emerged, Peer-to-Peer (P2P) found Botnets. The P2P Botnets do non experience from a single point of affliction, because they do non grant rudimentaryized CC waiters 35. Attackers have then spring uped a range of strategies and techniques to protect their CC infrastructure.Therefore, considering the CC utilisation gives better collar of Botnet and help defenders to design proper undercover work or moderation techniques. concord to the CC give we categorize Botnets into tercet different topologies a) centralised b) Decentralized and c) loan-blend. In Section 1.1.4, these topologies have been taked and all told considered the protocols that are currently organism used in all(prenominal) stupefy.1.4 Botnet Topologiesharmonize to the use up-and-Control(CC) channel, Botnet topology is categorize into three different poses , the alter posture, the Decentralized poser and hybridisation personate.1.4.1 centralise ModelThe oldest pillowcase of topology is the centralized dumbfound. In this model, one central point is responsible for exchanging commands and information between the BotMaster and Bots. In this model, BotMaster chooses a host (usually high bandwidth computer) to be the central point (Command-and-Control) legion of all the Bots. The CC boniface runs certain earnings services such as IRC or HTTP. The chief(prenominal) advantage of this model is small depicted object rotational solution judgment of conviction which cause BotMaster easily arranges Botnet and launch attacks.Since all concernions happen through the CC server, thitherfore, the CC is a critical point in this model. In other words, CC server is the weak point in this model. If individual manages to ascertain and eliminates the CC server, the entire Botnet will be worthless and ineffective. Thus, it becomes the primary(prenominal) drawback of this model. A lot of modern centralized Botnets employed a total of IP addresses of alternative CC servers, which will be used in case a CC server find outed and has been taken offline.Since IRC and HTTP are cardinal common protocols that CC server uses for communication, we consider Botnets in this model base on IRC and HTTP. Figure 1.2 shows the basic communication architecture for a Centralized model. There are two central points that forward commands and data between the BotMaster and his Bots.1.4.1.1 Botnets based on IRCThe IRC is a type of real- date Internet text messaging or synchronous conferencing 36. IRC protocol is based on the Client Server model that can be used on many computers in distributed entanglements. Some advantages which made IRC protocol widely being used in remote communication for Botnets are (i) low latency communication (ii) anonymous real-time communication (iii) susceptibility of Group (many-to-many) and offstage (one-to-one) communication (iv) simple to setup and (v) simple commands. The basic commands are connect to servers, join transmit and post messages in the channels (vi) very tractability in communication. Therefore IRC protocol is still the approximately popular protocol being used in Botnet communication.In this model, BotMasters can command all of their Bots or command a few of the Bots using one-to-one communication. The CC server runs IRC service that is the same with other standard IRC service. Most of the time BotMaster creates a channel on the IRC server that all the bots can connect, which drill all(prenominal) connected bot to do the BotMasters commands. Figure 1.3 showed that there is one central IRC server that forwards commands and data between the BotMaster and his Bots.Puri 38 presented the procedures and mechanism of Botnet based on IRC, as shown in Figure. 1.4.Bots transmittal and control process 38i. The attacker tries to infect the targets with Bots.ii. After the Bot is installed on target machine, it will try to connect to IRC server. In this while a random nickname will be pay back that show the bot in attackers private channel.iii. Request to the DNS server, dynamic mapping IRC servers IP address.iv. The Bot will join the private IRC channel set up by the attacker and wait for operating instructions from the attacker. Most of these private IRC channel is set as the encrypted mode.v. Attacker sends attack instruction in private IRC channel.vi. The attacker tries to connect to private IRC channel and send the authentication password.vii. Bots receive instructions and launch attacks such as DDoS attacks.1.4.1.2 Botnet based on HTTPThe HTTP protocol is an superfluous well-k promptlyn protocol used by Botnets. Because IRC protocol within Botnets became well-know, internet security researchers gave more consideration to monitoring IRC traffic to detect Botnet. Consequently, attackers started to use HTTP protocol as a Command-and-Contro l communication channel to make Botnets become more difficult to detect. The briny advantage of using the HTTP protocol is covert Botnets traffics in normal web traffics, so it can easily passes firewalls and neutralize IDS espial. Usually firewalls block incoming and outgoing traffic to not requisite ports, which usually include the IRC port.1.4.2 Decentralized modelDue to major evil of Centralized model-Central Command-and-Control (CC)-attackers well- seek to build another Botnet communication topology that is harder to discover and to destroy. Hence, they decided to find a model in which the communication arrangement does not heavily depending on few selected servers and even discovering and destroying a bite of Bots.As a result, attackers take advantage of Peer-to-Peer (P2P) communication as a Command-and-Control (CC) phase which is a lot harder to shut down in the interlock. The P2P based CC model will be used considerably in Botnets in the future, and definitely Bot nets that use P2P based CC model impose much grandger challenge for defense of electronic engagements.In the P2P model, as shown in Fig. 1.6, there is no Centralized point for communication. each Bot have some connections to the other Bots of the same Botnet and Bots act as both Clients and servers. A new Bot essential know some addresses of the Botnet to connect there. If Bots in the Botnet are taken offline, the Botnet can still continue to operate under the control of BotMaster.P2P Botnets aim at removing or covert the central point of failure which is the burning(prenominal) helplessness and vulnerability of Centralized model. Some P2P Botnets operate to a certain bound decentralized and some all told decentralized. Those Botnets that are solely decentralized stick out a BotMaster to insert a command into any Bots. Since P2P Botnets usually provide commands to be injected at any node in the net income, the authentication of commands become essential to continue other nodes from injecting incorrect commands.For a better understanding in this model, some characteristics and great(p) features of famous P2P Botnets have been mentioned Slapper Allows the routing of commands to unequivocal nodes. Uses Public key and private key cryptography to authenticate commands. BotMasters sign commands with private key and only those nodes which has corresponding public key can verify the commands 42. Two important weak points are (a) its name of known Bots contains all (or al close to all) of the Botnet. Thus, one single captured Bot would expose the entire Botnet to defenders 42 (b) its advanced(a) communication mechanism delivers lot traffic, making it vulnerable to monitoring via profit flow analysis. Sinit This Bot uses random searching to discove other Bots to communicate with. It can results in an easy spotting due to the extensive probing traffic 34. Nugache Its weakness is based on its reliance on a seed key out of 22 IP addresses durin g its assist process 47. Phatbot Uses Gnutella cache server for its bootstrap process which can be easily shutdown. Also its WASTE P2P protocol has a scalability problem across a long net 48. Strom worm it uses a P2p overnet protocl to control compromised hosts. The communication protocol for this Bot can be classified into five steps, as describes below 37 i. Connect to Overnet Bots try to join Overnet network. all(prenominal) Bot initially has hard-coded binary commits which is included the IP addresses of P2P-based Botnet nodes. ii. Search and Download secondary coil Injection URL Bot uses hard-coded keys to explore for and transfer the URL on the Overnet network 37. iii. Decrypt substitute(prenominal) Injection URL compromised hosts take advantages of a key(hard coded) to rewrite the URL. iv. Download Secondary Injection compromised hosts attempt to download the second jibe from a server( probably web server). It could be infected files or modifyd files or diagnos e of the P2P nodes 37.1.4.3 Hybrid modelThe Bots in the Hybrid Botnet are categorise into two groups1) Servant Bots Bots in the first group are called as retainer Bots, because they behave as both customers and servers, which have static, rou plank IP addresses and are kind from the entire Internet.2) Client Bots Bots in the second group is called as client Bots since they do not accept incoming connections. This group contains the re principal(prenominal)ing Bots, including- (a) Bots with dynamically designated IP addresses (b) Bots with Non-rou put back IP addresses and (c) Bots behind firewalls which they cannot be connected from the global Internet.1.5 play down of the ProblemBotnets which are controlled remotely by BotMasters can launch coarse denial of service attacks, several infiltration attacks, can be used to spread spam and also conduct malicious activities 115. While bot army activity has, so far, been limited to criminal activity, their potential for causing la rge- shell damage to the entire internet is immeasurable 115. Therefore, Botnets are one of the most dangerous types of network-based attack today because they involve the use of very large, synchronised groups of hosts for their malicious activities.Botnets obtain their power by size, both in their increase bandwidth and in their reach. As mentioned before Botnets can cause severe network disruptions through large denial- of-service attacks, and the danger of this interruption can charge enterp tramps big sums in extortion fees. Botnets are also used to harvest personal, corporate, or politics sensitive information for sale on a blooming nonionic crime market.1.6 Statement of the ProblemRecently, botnets are using new type of command-and-control(CC) communication which is totally decentralized. They utilize peer-to-peer style communication. Tracking the starting point and activity of this botnet is much more complicated due to the Peer-to-Peer communication infrastructure.Comb ating botnets is usually an issue of discovering their weakness their central position of command, or CC server. This is emblematicly an IRC network that all bots connect to central point, however with the use of P2P regularity we cannot find any central point of command. In the P2P networks each bots in searching to connect other peers which can receive or interpenetrate commands through network. Therefore, an accurate maculation and fighting system is required to pr emergence or stop such dangerous networks.1.7 Research Questionsa. What are the main differences between centralized and decentralized botnets?b. What is the best and efficient general protractible solution for catching non-specific Peer-to- Peer botnets?1.8 Objectives of the Studyi. To heighten a network-based theoretical account for Peer-to-Peer botnets spying by common air in network communication.ii. To admit the mien of bots and recognizing behavioral similarities across multiple bots in order to deve lop mentioned fashion model.1.9 Scope of the StudyThe project scope is limited to developing some algorithmic programs pertaining to our proposed framework. This algorithms are using for decreasing traffics by filtering it, classifying intended traffics, monitoring traffics and the detection of malicious activities.1.10 Significance of the nationalPeer-to-Peer botnets are one of the most advanced types of cyber crime today. They give the full control of many computers around to human beings to exploit them for malicious activities purpose such as spread of virus and worm, spam distribution and DDoS attack. Therefore, studying the behavior of P2P botnets and develop a technique that can detect them is important and high-demanded.1.11 Summary appreciation the Botnet Command-and-Control(CC) is a critical part in recognizing how to best protect against the overall botnet threat. The CC channels utilized by the Botnets will often show the type and decimal point of actions an enterpr ise can follow in either blocking or shutting down a botnet, and the probability of success.It is also obvious that attackers have been trying for old age to move away from Centralized CC channels, and are achieving some success using Decentralized(P2P) CC channels over the cobblers last 5 or so geezerhood. Therefore in this chapter we have be a classification for better understanding of Botnets CC channels, which is included Centralized, Decentralized, and Hybrid model and tried to evaluate recognized protocols in each of them. sense the communication topologies in Botnets is essential to precisely identify, detect and mitigate the ever-increase Botnets threats.CHAPTER 2LITERATURE REVIEW2.1 IntroductionBefore majority of botnets was using IRC (Internet Relay Chat) as a communication protocol for Command and Control(CC) mechanism. Therefore, many researches tried to develop botnet detection scheme which was based on analysis of IRC traffic 50. As a result, attackers decided to d evelop more civilize botnets, such as Storm worm and Nugache toward the utilization of P2P networks for CC infrastructures. In chemical reaction to this movement, researches have proposed various models of botnets detection that are based on P2P infrastructure 5.One key advantage of both IRC and HTTP Botnet is the use of central Command and Control. This characteristic provides the attacker with very well- unionised communication. However, the assets also considers as a main disfavour to the attacker 8. The threat of the Botnet can be decreased and peradventure omitted if the central CC is taken over or taken down 8. The method that is starting to come out is P2P structure for Botnet interaction. There is not any centralized centre for P2P botnets. Any nodes in P2P botnet behave as client and server as well. If any point in the network is shut down the botnet still can continue its operation.The storm botnet is one of the main and recognized recent P2P botnets. It customized th e overnet P2P file-sharing application which is based on the Kademlia distributed haschischeesh table algorithm 55 and exploit it for its CC infrastructure. Recently many researchers peculiarly in the anti-virus community and electronic media concentrated on storm worm 56,57.2.2 minimize and HistoryA peer-to-peer network is a network of computers that any computer in the network can behave as both a client and a server.Some explanation of peer-to-peer networks does not bring any form of centralized coordination. This definition is more comfortable because the attacker may be interested in hybrid architectures 8.2.2.1 HistoryThe table 2.1 shows a summary of some well-known bots and P2P protocols. The range of time from the first bots, EggDrop, until the Storm Worm P2P bot is newly released. The first non-malicious bot was EggDrop that came up many years ago, and we know it as one of the first IRC bots that came to market. GTBot that have many other categories is another well-know n malicious bot, that its variants are IRC client, mIRC.exe61.After a while, P2P protocols have been used for Botnet activities. Napster is one of the first bot that used P2P as its communication. Napster built an curriculum that permit all bots can find each other and cover files with each other in the network. In this bot, file sharing has been through with(p) in the centralized server that we can say it was not on the whole a P2P botnet. Therefore, all bots have to upload an index of their files to the centralized server and also if they are flavour for other files among all bots, have to search in centralized server. If it can find any file that looking for, then can directly connect to that bot and download what they want. Nowadays, because Napster has been shutdown as their service recognized as illegal service, many other P2P service focusing on avoiding such finding.After few years laterwards(prenominal) Napster, Gnutella protocol came up as the first completely P2P services. Actually subsequently Gnutellas , as shown in dishearten 2.1, many other P2P protocols have been released, such as Kademilia and Chord. This two new p2p service are using distributed haschischeesh table as a method for finding information in the peer-to-peer networks.Agobot is another malicious P2P bot that came up recently and become widespread because of acceptable design and modular code base 61. Nowadays many researchers are concentrating on P2P bots and there is an anticipation that P2P bots will reach to the stage that Centralized botnets will not been used any more in the future. dining table 2.1 P2P based Botnets2.3 Peers-to-Peer Overlay NetworksOverlay networks are categorized into two categories organise and Unstructured. All nodes in first category can connect to most X peers regarding some conditions for identification of nodes that those peers want to connect. However in uncrystallized type there is not any specified limit for the descend of peers that they can connect, in spite of the fact that there is not any condition for connecting to other peers. Overnet is a devout example of structured p2p networks and Chorf is a great example of formless P2P networks.2.3.1 Brief overview of OvernetOne of the popular file sharing networks is Overnet that use for their design use distributed hash table (DHT) algorithm that called Kademlia55. Each node let ons a 128-bit id for joining the network and also use for sending to other node for introducing itself. Actually each node in the network saves the information about other nodes in order to pathway query messages.2.3.2 Brief overview of GnutellaGnutellas is a unstructured file sharing network. In this network, when a node like n want to connect to a node like m, use a ping message to inform the other node for its presence. As long as node m received ping message, then send it back to other nodes in its neighbor and also send a Pong message to the transmitter of ping message that was node n. this transaction among node let them to take up about each other.2.4 Botnet DetectionIn particular, to compare existing botnet detection techniques, different methods are described and then disadvantages of each method are mentioned respectively.2.4.1 Honeypot-based trackingHoneypot can be used to collect bots for analyzing its behavior and tactile sensations and also for tracking botnets. But using honeypots have several limitations. The most important limitation is because of limited scale of exploited activities that can track. And also it cannot capture the bots that use the method of propagation other than see, such as spam. And finally it can only give report for transmission system machines that are anticipated and put in the network as trap system. So it means that it can not give a report for those computers that are infected with bot in the network but are not employ as trap machines. So we can come to this conclusion that by and large in this technique we h ave to wait until one bot in the network infect our system and then we can track or examine the machine.2.4.2 Intrusion detection systemsIntrusion detection techniques can be categorized into two categories host-based and network-based solution. Host-based techniques are used for recognizing malware binaries such as viruses. A satisfactory example of this type is anti-virus detection systems. However, we know that anti-virus are good for undecomposed virus detection. The most important disadvantages of anti-virus are that bots can easily hedge in the detection technique by changing their ghosts easily, because the detection system cannot update their databases consistency. And also bots can disable any anti-virus tools in the system to protect themselves from detection.Network- based intrusion detection system is another method for detection that is used in the field of botnet detection. Snort67 and Bro68 are the two well-known signature based detection system that are used curr ently. They use a database as signatures of famous malicious activities to detect botnets or any other malware. Actually if our objective is using this technique for botnet detection, we have to keep update the database and recognizing all malware quickly to make a signature of it and add to our database. For solving this solving this problem recently researchers are using anomaly based IDS that can detect malicious activities based on behavior of malware or detection techniques.2.4.3 Bothunter Dialog correlation-based Botnet detectionThis technique developed an evidence-trail approach for spy successful bot infection with descriptors during communication for infection process. In this strategy, bot infection pattern are modeled to use for recognizing the whole process of infection of botnet in the network. All behavior that occur the bot infection such as target examine, CC establishment, binary downloading and outbound propagation have to model by this method. This method ga thers an evidence-trail of connected infection process for each intragroup machine and then tries to look for a threshold combination of sequences that will move the condition for bot infection 32.The BotHunter use snort with adding two anomaly-detection components to it that are SLADE (Statistical freightage Anomaly Detection Engine) and SCADE (Statistical scan Anomaly Detection Engine). SCADE produce versed and external scan detection warnings that are weighted for criticality toward malware scanning patterns. SLADE manage a byte-distribution payload anomaly detection of incoming packets, providing a matching non-signature approach in inbound exploit detection 32 .Slade use an n-gram payload examination of traffics that have typical malware intrusions. SCADE execute some port scan analysis for incoming and outgoing traffics. Actually BotHunter has a affiliation between scan and alarm intrusion that shows a host has been infected. When a adequate sequence of alerts is establi shed to match BotHunters infection dialogueueue model, a comprehensive report is created to get all the related publications participants that have a rule in infection dialog 32. This method provides some important featuresi. This technique concentrates on malware detection by IDS-driven dialog correlation. This model shows an essential network processes that occur during a successful bot infection.ii. This technique has one IDS-independent dialog correlation engine and three bot-specific sensors. This technique can automatically produce a report of whole detection of bot, as well as the infection of agent, identification of the computer that has been infected and source of Command and Control centre.2.4.3.1 Bot infection sequencesActually understanding bot infection life processes is a ambitious work for protection of network in the future. The major work in this area is differentiating between successful bot infection and background exploit attempt. For make to this point a nalysis of two-way dialog flow between innate hosts and external hosts (internet) is necessitate. In a good design network which uses filtering at gateway, the threats of direct exploitations are limited. However, contemporary malware families are highly flexible in their ability to attack vulnerable hosts through email attachments, infected P2P media, and drive-by download infections 32.2.4.3.2 Modeling the infection dialog processThe bot distribution model can conclude by an analysis of external communication traffics that shows the behavior of pertinent botnet. Incoming scan and utilize alarms are not enough to ground a winning malware infection, as are assumed that a unchanging stream of scan and exploit signals will be observed from the way out monitor 32.Figure 2.1 shows the process of bot infection in BotHunter that used for evaluating network flows through eight stages. This model is almost similar with the model that Rajab et al. presented for IRC detection model. The model that they proposed has early initial scanning that is a previous consideration happen in form of IP exchange and pointing vulnerable ports. Actually figure 2.1 is not aimed for a strict ordering of infection exits that happen during bot infection.The important issue here is that bot dialog processes analysis have to be strong to the absence of some dialog founts and must not need strong sequencing on the order in bound dialog is conducted. One solution to solve the problem of sequence order and event is to use a weighted event threshold system that take smallest essential sparse sequences of events under which bot profile depositment can be initiated 32. For instance, it is possible put weighting and threshold system for the look of each event in a way that a smallest set of event is important prior of bot detection.2.4.3.3 Design and implementationMore attention devote for designing a passive network monitoring system in this part which be able of identifying the bidire ctional warning signs when interior(a) hosts are infected with bAnalysis of Botnet Security ThreatsAnalysis of Botnet Security ThreatsCHAPTER 1INTRODUCTION1.1 IntroductionDuring the last few decades, we have seen the dramatically rise of the Internet and its applications to the point which they have become a critical part of our lives. Internet security in that way has become more and more important to those who use the Internet for work, business, entertainment or education.Most of the attacks and malicious activities on the Internet are carried out by malicious applications such as Malware, which includes viruses, trojan, worms, and botnets. Botnets become a main source of most of the malicious activities such as scanning, distributed denial-of-service (DDoS) activities, and malicious activities happen across the Internet.1.2 Botnet Largest Security ThreatA bot is a software code, or a malware that runs automatically on a compromised machine without the users permission. The bot code is usually written by some criminal groups. The term bot refers to the compromised computers in the network. A botnet is essentially a network of bots that are under the control of an attacker (BotMaster). Figure 1.1 illustrates a typical structure of a botnet.A bot usually take advantage of civilize malware techniques. As an example, a bot use some techniques like keylogger to record user private information like password and hide its existence in the system. More importantly, a bot can distribute itself on the internet to increase its scale to form a bot army. Recently, attackers use compromised Web servers to contaminate those who visit the websites through drive-by download 6. Currently, a botnet contains thousands of bots, but there is some cases that botnet contain several millions of bots 7.Actually bots differentiate themselves from other kind of worms by their ability to receive commands from attacker remotely 32. Attacker or better call it botherder control bots thro ugh different protocols and structures. The Internet Relay Chat (IRC) protocol is the earliest and still the most commonly used CC channel at present. HTTP is also used because Http protocol is permitted in most networks. Centralized structure botnets was very successful in the past but now botherders use decentralized structure to avoid single point of failure problem.Unlike previous malware such as worms, which are used probably for entertaining, botnets are used for real financial abuse. Actually Botnets can cause many problems as some of them constituteed belowi. Click fraud. A botmaster can easily profit by forcing the bots to click on advertisement for the purpose of personal or commercial abuse.ii. Spam production. Majority of the email on the internet is spam.iii. DDoS attacks. A bot army can be commanded to begin a distributed denial-of-service attack against any machine.iv. Phishing. Botnets are widely used to host malicious phishing sites. Criminals usually send spam mes sages to deceive users to visit their forged web sites, so that they can obtain users critical information such as usernames, passwords.1.3 Botnet in-DepthNowadays, the most serious manifestation of advanced malware is Botnet. To make distinction between Botnet and other kinds of malware, the concepts of Botnet have to understand. For a better understanding of Botnet, two important terms, Bot and BotMaster have been defined from another point of views.Bot Bot is actually short for zombie which is also called as Zombie. It is a new type of malware 24 installed into a compromised computer which can be controlled remotely by BotMaster for executing some orders through the received commands. After the Bot code has been installed into the compromised computers, the computer becomes a Bot or Zombie 25. Contrary to existing malware such as virus and worm which their main activities focus on attacking the infecting host, bots can receive commands from BotMaster and are used in distributed attack platform.BotMaster BotMaster is also known as BotHerder, is a person or a group of person which control remote Bots. Botnets- Botnets are networks consisting of large number of Bots. Botnets are created by the BotMaster to setup a private communication infrastructure which can be used for malicious activities such as Distributed Denial-of-Service (DDoS), sending large amount of SPAM or phishing mails, and other nefarious purpose 26, 27, 28. Bots infect a persons computer in many ways.Bots usually disseminate themselves across the Internet by looking for vulnerable and unprotected computers to infect. When they find an unprotected computer, they infect it and then send a report to the BotMaster. The Bot stay hidden until they are announced by their BotMaster to perform an attack or task. Other ways in which attackers use to infect a computer in the Internet with Bot include sending email and using malicious websites, but common way is searching the Internet to look for vulne rable and unprotected computers 29. The activities associated with Botnet can be classified into three parts (1) Searching searching for vulnerable and unprotected computers. (2) Dissemination the Bot code is distributed to the computers (targets), so the targets become Bots. (3) sign-on the Bots connect to BotMaster and become ready to receive command and control traffic.The main difference between Botnet and other kind of malwares is the existence of Command-and-Control (CC) infrastructure. The CC consent tos Bots to receive commands and malicious capabilities, as apply by BotMaster. BotMaster must ensure that their CC infrastructure is sufficiently robust to manage thousands of distributed Bots across the globe, as well as resisting any attempts to shutdown the Botnets. However, detection and mitigation techniques against Botnets have been increased 30,31. Recently, attackers are also continually improving their approaches to protect their Botnets. The first generation of Bo tnets utilized the IRC (Internet Relay Chat) channels as their Common-and-Control (CC) centers. The centralized CC mechanism of such Botnet has made them vulnerable to being find and disabled. Therefore, new generation of Botnet which can hide their CC communication have emerged, Peer-to-Peer (P2P) based Botnets. The P2P Botnets do not experience from a single point of failure, because they do not have centralized CC servers 35. Attackers have therefore developed a range of strategies and techniques to protect their CC infrastructure.Therefore, considering the CC live on gives better understanding of Botnet and help defenders to design proper detection or mitigation techniques. According to the CC channel we categorize Botnets into three different topologies a) Centralized b) Decentralized and c) Hybrid. In Section 1.1.4, these topologies have been analyzed and completely considered the protocols that are currently being used in each model.1.4 Botnet TopologiesAccording to the Com mand-and-Control(CC) channel, Botnet topology is categorized into three different models, the Centralized model, the Decentralized model and Hybrid model.1.4.1 Centralized ModelThe oldest type of topology is the centralized model. In this model, one central point is responsible for exchanging commands and data between the BotMaster and Bots. In this model, BotMaster chooses a host (usually high bandwidth computer) to be the central point (Command-and-Control) server of all the Bots. The CC server runs certain network services such as IRC or HTTP. The main advantage of this model is small message latency which cause BotMaster easily arranges Botnet and launch attacks.Since all connections happen through the CC server, therefore, the CC is a critical point in this model. In other words, CC server is the weak point in this model. If individual manages to discover and eliminates the CC server, the entire Botnet will be worthless and ineffective. Thus, it becomes the main drawback of th is model. A lot of modern centralized Botnets employed a list of IP addresses of alternative CC servers, which will be used in case a CC server discovered and has been taken offline.Since IRC and HTTP are two common protocols that CC server uses for communication, we consider Botnets in this model based on IRC and HTTP. Figure 1.2 shows the basic communication architecture for a Centralized model. There are two central points that forward commands and data between the BotMaster and his Bots.1.4.1.1 Botnets based on IRCThe IRC is a type of real-time Internet text messaging or synchronous conferencing 36. IRC protocol is based on the Client Server model that can be used on many computers in distributed networks. Some advantages which made IRC protocol widely being used in remote communication for Botnets are (i) low latency communication (ii) anonymous real-time communication (iii) ability of Group (many-to-many) and secluded (one-to-one) communication (iv) simple to setup and (v) si mple commands. The basic commands are connect to servers, join channels and post messages in the channels (vi) very tractableness in communication. Therefore IRC protocol is still the most popular protocol being used in Botnet communication.In this model, BotMasters can command all of their Bots or command a few of the Bots using one-to-one communication. The CC server runs IRC service that is the same with other standard IRC service. Most of the time BotMaster creates a channel on the IRC server that all the bots can connect, which instruct each connected bot to do the BotMasters commands. Figure 1.3 showed that there is one central IRC server that forwards commands and data between the BotMaster and his Bots.Puri 38 presented the procedures and mechanism of Botnet based on IRC, as shown in Figure. 1.4.Bots infection and control process 38i. The attacker tries to infect the targets with Bots.ii. After the Bot is installed on target machine, it will try to connect to IRC server. In this while a random nickname will be generate that show the bot in attackers private channel.iii. Request to the DNS server, dynamic mapping IRC servers IP address.iv. The Bot will join the private IRC channel set up by the attacker and wait for instructions from the attacker. Most of these private IRC channel is set as the encrypted mode.v. Attacker sends attack instruction in private IRC channel.vi. The attacker tries to connect to private IRC channel and send the authentication password.vii. Bots receive instructions and launch attacks such as DDoS attacks.1.4.1.2 Botnet based on HTTPThe HTTP protocol is an spare well-known protocol used by Botnets. Because IRC protocol within Botnets became well-known, internet security researchers gave more consideration to monitoring IRC traffic to detect Botnet. Consequently, attackers started to use HTTP protocol as a Command-and-Control communication channel to make Botnets become more difficult to detect. The main advantage of using the HTTP protocol is hiding Botnets traffics in normal web traffics, so it can easily passes firewalls and avoid IDS detection. Usually firewalls block incoming and outgoing traffic to not needed ports, which usually include the IRC port.1.4.2 Decentralized modelDue to major disadvantage of Centralized model-Central Command-and-Control (CC)-attackers tried to build another Botnet communication topology that is harder to discover and to destroy. Hence, they decided to find a model in which the communication system does not heavily depending on few selected servers and even discovering and destroying a number of Bots.As a result, attackers take advantage of Peer-to-Peer (P2P) communication as a Command-and-Control (CC) pattern which is much harder to shut down in the network. The P2P based CC model will be used considerably in Botnets in the future, and definitely Botnets that use P2P based CC model impose much bigger challenge for defense of networks.In the P2P model, as shown in Fig. 1. 6, there is no Centralized point for communication. Each Bot have some connections to the other Bots of the same Botnet and Bots act as both Clients and servers. A new Bot must know some addresses of the Botnet to connect there. If Bots in the Botnet are taken offline, the Botnet can still continue to operate under the control of BotMaster.P2P Botnets aim at removing or hiding the central point of failure which is the main weakness and vulnerability of Centralized model. Some P2P Botnets operate to a certain extent decentralized and some completely decentralized. Those Botnets that are completely decentralized allow a BotMaster to insert a command into any Bots. Since P2P Botnets usually allow commands to be injected at any node in the network, the authentication of commands become essential to stay other nodes from injecting incorrect commands.For a better understanding in this model, some characteristics and important features of famous P2P Botnets have been mentioned Slapper All ows the routing of commands to distinct nodes. Uses Public key and private key cryptography to authenticate commands. BotMasters sign commands with private key and only those nodes which has corresponding public key can verify the commands 42. Two important weak points are (a) its list of known Bots contains all (or almost all) of the Botnet. Thus, one single captured Bot would expose the entire Botnet to defenders 42 (b) its advance(a) communication mechanism produces lot traffic, making it vulnerable to monitoring via network flow analysis. Sinit This Bot uses random searching to discove other Bots to communicate with. It can results in an easy detection due to the extensive probing traffic 34. Nugache Its weakness is based on its reliance on a seed list of 22 IP addresses during its bootstrap process 47. Phatbot Uses Gnutella cache server for its bootstrap process which can be easily shutdown. Also its WASTE P2P protocol has a scalability problem across a long network 48. Strom worm it uses a P2p overnet protocl to control compromised hosts. The communication protocol for this Bot can be classified into five steps, as describes below 37 i. Connect to Overnet Bots try to join Overnet network. Each Bot initially has hard-coded binary files which is included the IP addresses of P2P-based Botnet nodes. ii. Search and Download Secondary Injection URL Bot uses hard-coded keys to explore for and download the URL on the Overnet network 37. iii. Decrypt Secondary Injection URL compromised hosts take advantages of a key(hard coded) to decode the URL. iv. Download Secondary Injection compromised hosts attempt to download the second crack from a server(probably web server). It could be infected files or updated files or list of the P2P nodes 37.1.4.3 Hybrid modelThe Bots in the Hybrid Botnet are categorized into two groups1) Servant Bots Bots in the first group are called as servant Bots, because they behave as both clients and servers, which have static, rout able IP addresses and are social from the entire Internet.2) Client Bots Bots in the second group is called as client Bots since they do not accept incoming connections. This group contains the remaining Bots, including- (a) Bots with dynamically designated IP addresses (b) Bots with Non-routable IP addresses and (c) Bots behind firewalls which they cannot be connected from the global Internet.1.5 Background of the ProblemBotnets which are controlled remotely by BotMasters can launch huge denial of service attacks, several infiltration attacks, can be used to spread spam and also conduct malicious activities 115. While bot army activity has, so far, been limited to criminal activity, their potential for causing large- scale damage to the entire internet is immeasurable 115. Therefore, Botnets are one of the most dangerous types of network-based attack today because they involve the use of very large, synchronised groups of hosts for their malicious activities.Botnets obtain their power by size, both in their increasing bandwidth and in their reach. As mentioned before Botnets can cause severe network disruptions through huge denial- of-service attacks, and the danger of this interruption can charge enterprises big sums in extortion fees. Botnets are also used to harvest personal, corporate, or governing body sensitive information for sale on a blooming organized crime market.1.6 Statement of the ProblemRecently, botnets are using new type of command-and-control(CC) communication which is totally decentralized. They utilize peer-to-peer style communication. Tracking the starting point and activity of this botnet is much more complicated due to the Peer-to-Peer communication infrastructure.Combating botnets is usually an issue of discovering their weakness their central position of command, or CC server. This is typically an IRC network that all bots connect to central point, however with the use of P2P method we cannot find any central point of command. In the P2P networks each bots in searching to connect other peers which can receive or program commands through network. Therefore, an accurate detection and fighting method is required to prevent or stop such dangerous networks.1.7 Research Questionsa. What are the main differences between centralized and decentralized botnets?b. What is the best and efficient general extensible solution for detecting non-specific Peer-to- Peer botnets?1.8 Objectives of the Studyi. To develop a network-based framework for Peer-to-Peer botnets detection by common behavior in network communication.ii. To study the behavior of bots and recognizing behavioral similarities across multiple bots in order to develop mentioned framework.1.9 Scope of the StudyThe project scope is limited to developing some algorithms pertaining to our proposed framework. This algorithms are using for decreasing traffics by filtering it, classifying intended traffics, monitoring traffics and the detection of malicious activitie s.1.10 Significance of the studyPeer-to-Peer botnets are one of the most sophisticated types of cyber crime today. They give the full control of many computers around to earth to exploit them for malicious activities purpose such as spread of virus and worm, spam distribution and DDoS attack. Therefore, studying the behavior of P2P botnets and develop a technique that can detect them is important and high-demanded.1.11 SummaryUnderstanding the Botnet Command-and-Control(CC) is a critical part in recognizing how to best protect against the overall botnet threat. The CC channels utilized by the Botnets will often show the type and point of actions an enterprise can follow in either blocking or shutting down a botnet, and the probability of success.It is also obvious that attackers have been trying for years to move away from Centralized CC channels, and are achieving some success using Decentralized(P2P) CC channels over the last 5 or so years. Therefore in this chapter we have defi ned a classification for better understanding of Botnets CC channels, which is included Centralized, Decentralized, and Hybrid model and tried to evaluate recognized protocols in each of them. Understanding the communication topologies in Botnets is essential to precisely identify, detect and mitigate the ever-increasing Botnets threats.CHAPTER 2LITERATURE REVIEW2.1 IntroductionBefore majority of botnets was using IRC (Internet Relay Chat) as a communication protocol for Command and Control(CC) mechanism. Therefore, many researches tried to develop botnet detection scheme which was based on analysis of IRC traffic 50. As a result, attackers decided to develop more sophisticated botnets, such as Storm worm and Nugache toward the utilization of P2P networks for CC infrastructures. In response to this movement, researches have proposed various models of botnets detection that are based on P2P infrastructure 5.One key advantage of both IRC and HTTP Botnet is the use of central Command a nd Control. This characteristic provides the attacker with very well-organized communication. However, the assets also considers as a main disadvantage to the attacker 8. The threat of the Botnet can be decreased and possibly omitted if the central CC is taken over or taken down 8. The method that is starting to come out is P2P structure for Botnet interaction. There is not any centralized centre for P2P botnets. Any nodes in P2P botnet behave as client and server as well. If any point in the network is shut down the botnet still can continue its operation.The storm botnet is one of the main and recognized recent P2P botnets. It customized the overnet P2P file-sharing application which is based on the Kademlia distributed hash table algorithm 55 and exploit it for its CC infrastructure. Recently many researchers particularly in the anti-virus community and electronic media concentrated on storm worm 56,57.2.2 Background and HistoryA peer-to-peer network is a network of computers th at any computer in the network can behave as both a client and a server.Some explanation of peer-to-peer networks does not need any form of centralized coordination. This definition is more comfortable because the attacker may be interested in hybrid architectures 8.2.2.1 HistoryThe table 2.1 shows a summary of some well-known bots and P2P protocols. The range of time from the first bots, EggDrop, until the Storm Worm P2P bot is newly released. The first non-malicious bot was EggDrop that came up many years ago, and we know it as one of the first IRC bots that came to market. GTBot that have many other categories is another well-known malicious bot, that its variants are IRC client, mIRC.exe61.After a while, P2P protocols have been used for Botnet activities. Napster is one of the first bot that used P2P as its communication. Napster built an platform that permit all bots can find each other and share files with each other in the network. In this bot, file sharing has been done in t he centralized server that we can say it was not completely a P2P botnet. Therefore, all bots have to upload an index of their files to the centralized server and also if they are looking for other files among all bots, have to search in centralized server. If it can find any file that looking for, then can directly connect to that bot and download what they want. Nowadays, because Napster has been shutdown as their service recognized as illegal service, many other P2P service focusing on avoiding such finding.After few years after Napster, Gnutella protocol came up as the first completely P2P services. Actually after Gnutellas , as shown in Table 2.1, many other P2P protocols have been released, such as Kademilia and Chord. This two new p2p service are using distributed hash table as a method for finding information in the peer-to-peer networks.Agobot is another malicious P2P bot that came up recently and become widespread because of good design and modular code base 61. Nowadays m any researchers are concentrating on P2P bots and there is an anticipation that P2P bots will reach to the stage that Centralized botnets will not been used any more in the future.Table 2.1 P2P based Botnets2.3 Peers-to-Peer Overlay NetworksOverlay networks are categorized into two categories unified and Unstructured. All nodes in first category can connect to most X peers regarding some conditions for identification of nodes that those peers want to connect. However in unstructured type there is not any specified limit for the number of peers that they can connect, in spite of the fact that there is not any condition for connecting to other peers. Overnet is a good example of structured p2p networks and Chorf is a good example of unstructured P2P networks.2.3.1 Brief overview of OvernetOne of the popular file sharing networks is Overnet that use for their design use distributed hash table (DHT) algorithm that called Kademlia55. Each node produces a 128-bit id for joining the netwo rk and also use for sending to other node for introducing itself. Actually each node in the network saves the information about other nodes in order to travel plan query messages.2.3.2 Brief overview of GnutellaGnutellas is a unstructured file sharing network. In this network, when a node like n want to connect to a node like m, use a ping message to inform the other node for its presence. As long as node m received ping message, then send it back to other nodes in its neighbor and also send a Pong message to the transmitter of ping message that was node n. this transaction among node let them to learn about each other.2.4 Botnet DetectionIn particular, to compare existing botnet detection techniques, different methods are described and then disadvantages of each method are mentioned respectively.2.4.1 Honeypot-based trackingHoneypot can be used to collect bots for analyzing its behavior and signatures and also for tracking botnets. But using honeypots have several limitations. Th e most important limitation is because of limited scale of exploited activities that can track. And also it cannot capture the bots that use the method of propagation other than scanning, such as spam. And finally it can only give report for infection machines that are anticipated and put in the network as trap system. So it means that it can not give a report for those computers that are infected with bot in the network but are not devoted as trap machines. So we can come to this conclusion that for the most part in this technique we have to wait until one bot in the network infect our system and then we can track or analyze the machine.2.4.2 Intrusion detection systemsIntrusion detection techniques can be categorized into two categories host-based and network-based solution. Host-based techniques are used for recognizing malware binaries such as viruses. A good example of this type is anti-virus detection systems. However, we know that anti-virus are good for honest virus detect ion. The most important disadvantages of anti-virus are that bots can easily turn off the detection technique by changing their signatures easily, because the detection system cannot update their databases consistency. And also bots can disable any anti-virus tools in the system to protect themselves from detection.Network- based intrusion detection system is another method for detection that is used in the field of botnet detection. Snort67 and Bro68 are the two well-known signature based detection system that are used currently. They use a database as signatures of famous malicious activities to detect botnets or any other malware. Actually if our objective is using this technique for botnet detection, we have to keep update the database and recognizing all malware quickly to make a signature of it and add to our database. For solving this solving this problem recently researchers are using anomaly based IDS that can detect malicious activities based on behavior of malware or det ection techniques.2.4.3 Bothunter Dialog correlation-based Botnet detectionThis technique developed an evidence-trail approach for detecting successful bot infection with patterns during communication for infection process. In this strategy, bot infection pattern are modeled to use for recognizing the whole process of infection of botnet in the network. All behavior that occur the bot infection such as target scanning, CC establishment, binary downloading and outbound propagation have to model by this method. This method gathers an evidence-trail of connected infection process for each internal machine and then tries to look for a threshold combination of sequences that will induce the condition for bot infection 32.The BotHunter use snort with adding two anomaly-detection components to it that are SLADE (Statistical burden Anomaly Detection Engine) and SCADE (Statistical scan Anomaly Detection Engine). SCADE produce internal and external scan detection warnings that are weighted for criticality toward malware scanning patterns. SLADE perform a byte-distribution payload anomaly detection of incoming packets, providing a matching non-signature approach in inbound exploit detection 32 .Slade use an n-gram payload examination of traffics that have typical malware intrusions. SCADE execute some port scan analysis for incoming and outgoing traffics. Actually BotHunter has a draw between scan and alarm intrusion that shows a host has been infected. When a adequate sequence of alerts is established to match BotHunters infection dialog model, a comprehensive report is created to get all the related events participants that have a rule in infection dialog 32. This method provides some important featuresi. This technique concentrates on malware detection by IDS-driven dialog correlation. This model shows an essential network processes that occur during a successful bot infection.ii. This technique has one IDS-independent dialog correlation engine and three bot-specif ic sensors. This technique can automatically produce a report of whole detection of bot, as well as the infection of agent, identification of the computer that has been infected and source of Command and Control centre.2.4.3.1 Bot infection sequencesActually understanding bot infection life processes is a dispute work for protection of network in the future. The major work in this area is differentiating between successful bot infection and background exploit attempt. For range to this point analysis of two-way dialog flow between internal hosts and external hosts (internet) is needed. In a good design network which uses filtering at gateway, the threats of direct exploitations are limited. However, contemporary malware families are highly flexible in their ability to attack vulnerable hosts through email attachments, infected P2P media, and drive-by download infections 32.2.4.3.2 Modeling the infection dialog processThe bot distribution model can conclude by an analysis of extern al communication traffics that shows the behavior of germane(predicate) botnet. Incoming scan and utilize alarms are not enough to state a winning malware infection, as are assumed that a unchangeable stream of scan and exploit signals will be observed from the way out monitor 32.Figure 2.1 shows the process of bot infection in BotHunter that used for evaluating network flows through eight stages. This model is almost similar with the model that Rajab et al. presented for IRC detection model. The model that they proposed has early initial scanning that is a antecedent consideration happen in form of IP exchange and pointing vulnerable ports. Actually figure 2.1 is not aimed for a strict ordering of infection events that happen during bot infection.The important issue here is that bot dialog processes analysis have to be strong to the absence of some dialog events and must not need strong sequencing on the order in bound dialog is conducted. One solution to solve the problem of se quence order and event is to use a weighted event threshold system that take smallest essential sparse sequences of events under which bot profile statement can be initiated 32. For instance, it is possible put weighting and threshold system for the look of each event in a way that a smallest set of event is important prior of bot detection.2.4.3.3 Design and implementationMore attention devoted for designing a passive network monitoring system in this part which be able of identifying the bidirectional warning signs when internal hosts are infected with b

Distress and Quality of Life of Type 2 Diabetic Patients

woe and t 1 of voice of carriage of eccentric 2 Diabetic PatientsThe infix study measured the Distress and role of flavour of type II diabetic patients-of the two sorts, radical 1 and Group 2. It too assessed the coefficient of correlation betwixt Distress and graphic symbol of biography and their subdivisions such as, the correlation between Distress, emotional put out, physician distress, regimen distress, amicable distress eccentric of life, energy and mobility, diabetes control, anxiety and worry, sexual functioning and social burdens using Pearsons correlation. This study also measured the difference in Distress and Quality of Life between conclave 1 and group 2.The first physical object of the present study was to measure the Distress and Quality of life in type II Diabetic patients. This was do by using two scales, Diabetes Distress Scale (DDS17) and Diabetes 39 (D39). The frequencies and normal diffusion of Distress among group 1 and group 2 shown in go steady 1 portray that there is postgraduate Distress among the participants in group 1 than in group 2 where high score depute high Distress. Similar determinations were found in a study done by Fisher, Skaff, Mullan, Arean, Glasgow Masharani (2008), an increase in distress upto 60% was present oer a period of time. In Figure 2, the frequencies and normal distribution of Quality of life of group 1 and group 2 were shown which portrays that group 2 has higher(prenominal)(prenominal) Quality of Life than group 1, where low score represents high Quality of life.The second objective was to find if there exists a correlation between Distress and Quality of Life. Research review shows that there was a significant relationship between Distress Quality of life (Wu, Huang, Liang, Wang, leeward Tung, 2011). Owing to the scoring pattern, the present study showed similar results with a corroboratory correlation between the scores of Distress and Quality of life i.e., higher score of Dis tress and high score of Quality of Life. However, it is to be interpret as a negative relationship between distress and pure tone of life as is implied by their scoring pattern, where higher scores in distress represents higher distress whereas higher scores in quality of life represents lower Quality of life. Thus, it may be interpreted that higher the Distress, lower the Quality of Life and there was a relation realised between higher Distress and Lower Quality of life.The third objective of the study was to find the difference between group 1 and group 2 of Distress and Quality of life, to find the difference between participants pr impressicing assurance based yoga as a praiseful encumbrance aside from the wholeopathy medications and participants entirely using the medication. There were umpteen previous studies showing, certain management techniques assume a great seismic disturbance on controlling the blood edulcorate levels (Singh, Tandon Sharma, 2005). It was f ound that the Distress among group 1 was high compargond to group 2. resembling trend was demonstrated in all the dimensions of Distress such as emotional distress, physician distress, regimen distress and interpersonal distress. similar finding were reported by Sharma, Sen, Singh, Bharadwaj, Kochupillai Singh (2003), where type II Diabetic patients practicing sudarshana kriya were found to be experiencing low level of stress. Though both the groups differed significantly in all the dimensions of distress, the difference between the groups was higher in the emotional distress dimension. As indicated by the earlier studies such as those by Snoek Polonsky (2000) Rock (2003) Pouwer (2009) that individuals diagnosed with Diabetes pass emotional disturbances due to various reasons such as medication, frequent visits to hospital, comorbid conditions of Diabetes and so on Going by the dimensions of Distress, high Distress was found to be in the dimensions of Emotional Distress, follow ed by regimen distress, physician distress and interpersonal distress in group 1.As there was a correlation seen between Distress and Quality of life, the aforementioned(prenominal) was reflected in the results where group 2 had weaken Quality of life than group 1, where high score represents low Quality of life. Going by the dimensions, group 2 had higher Quality of life in the dimensions of energy and mobility, social burdens, diabetes control, sexual functioning and anxiety and worry. This is in accordance to the previous finding which state that there was an improvement in the Quality of life in hatful diagnosed with type II Diabetes who were practicing yogic breathing techniques, sudarshana kriya and pranayama (Jyothsna, Joshi, Ambedkar, Kumar, Dhawan Sreenivas, 2012).The complimentary management technique use not but trusts the patients physical relaxation but it also conducts them the psychological relaxation. Hence, they might act upon the lowering of Distress and hig her Quality of Life of the patient. This complimentary technique gives physical, psychological as well as social outcomes. Physical outcomes are described by medical literature in multiple ways. psychological outcomes are seen in terms of relaxation and as seen in the outcomes of let down distress and enhanced quality of life. Togetherness with people with similar diagnosis doing an lather to manage the disease condition might contribute to the social angle. Thus, the complimentary management technique used by the group in the present study seems to possess contributed effectively as indicated by low Distress and better Quality of life and their dimensions.The importance of dodge of living in decreasing the Distress and enhancing the Quality of Life has been understood. Many studies have also kept forward their view on the benefits a person could reach following Faith based yoga. As mentioned earlier by many of the physicians across the globe, Faith based yoga can be an effect ive intervention complimenting the allopathy medicine. Therefore, this study can contribute to the existing studies supporting this view where people can decrease their Distress and enhance their Quality of life and their dimensions to effectively control Diabetes.Shortcomings and future directionsThe major blemish of this study is the sample size, big sample would have provided better representation of the characteristics of the population. Another major shortcoming of this study was administering the scales in group (in the trick of living centres), this could have prompted the participants to give socially desirable responses. Future recommendations of this study would be to compare the participants practicing Art of living above 10 years and below 10 years, this would give more insight on the long term effects of practicing Art of Living. Future research may also be conducted comparing the impact of various forms of Faith based yoga such as Brahma kumaries, Christian Yoga, Vi pasana etc. on type II Diabetic patients. Study would have yielded clearer results if there was a pre and post interventional design. That is measurement of Distress and Quality of Life on participants before they practiced Faith based yoga and after practicing the same for a considerable period of time such as one year or more. This would have yielded a clear effect of trustfulness based yoga. Further research may be conducted in this direction.

Applicability of Alternate Minimum Tax

Applicability of ersatz minimum impose tout ensemble the non-corpo gait income assess payers be supposed to be paying AMT. The shape for applicability is that the AMT is collectible ifTax chthonic shape Provisions (as per income appraise act) is less than AMT.In this gaucherie the familiarized quantity income is considered to be the fit income and tax liability is delibe footstep over it.The new(prenominal) rule mentions that the AMT go away not be paid by the individual, HUF (Hindu Undivided Family), AOP (Association of Persons) and Artificial juridic Person if the change Total Income is not greater than Rs.20 lakhs.Non-Applicability to LLPs incorporated on a lower floor outside(prenominal) LawLimited indebtedness Partnerships incorporated beneath unlike constabularys be not considered Firm as per the definition given nether dent 2(23) and argon considered nether(a) the definition given in voice 2(17). So, the provisions of AMT argon not relevant to s uch LLPs.Applicability to foreign firmlys not incorporated under any unusual LawForeign firms which atomic number 18 not incorporated as per the foreign country law but fits into the definition of firm as per Indian Partnership Act,1932 is considered firm as under fraction 2(23). So, the provisions of AMT as per chapter XII-BA are applicable to such firms. The Alternate minimum tax liability is as per constituent 115JC for the income to be chargeable to tax under India.RateThe applicable rate of AMT is 18.5%, which is calculated on Adjusted Total Income. Further, the final AMT is calculated by calculating education and secondary education cess of 3% on 18.5% and hock if applicable. Surcharge is not applicable for LLP. A Table containing steps is include in annexure along with an illustration. The steps and illustration are given in Annexure- I and II respectively.As per the provisions of AMT, the final tax liability for the non-corporate assessees is greater of the tax as per normal provisions and Alternate borderline Tax (Tax 18.5 percent (plus secondary and education cess as applicable) on adjusted total Income).Alternate Minimum Tax CreditTax recognition is available against future tax liability if AMT is greater than tax under normal provisions. The credit get is the difference between the two and keister be adjusted or carried forward for ten years from the year in which the credit was earned. From the assessment year 2018-19, the period will be fifteen years.The prick applicable is 115JD. Set-off is available when the tax as per normal provision for LLP is more than AMT. The amount of set-off is limited to amount paid in excess of AMT. However, the rules regarding carry forward or set-off are not applicable for education and secondary education cess. Further, if the credit is not utilised deep down ten years then it cant be availed later on. avocation is not paid on tax credit availed.Application of other Provisions of this ActThe provisio ns are given under office 115JE and are applicable to the non-corporate assessee to whom AMT provisions apply. This section includes advance tax, interest as per sections 234A,234B and 234C penalty. chance on points with respect to the New Chapter XII-BAFinance Bill,2011 was to tax limited liability Partnership in a different manner. The rule was applicable to LLPs which claimed demonstration as per chapter VI-A(C) or sectionalization 10AA of the Income tax act,1961. It was introduced particularly for the LLPs claiming income based bank discounts only. Key Points you should know.This chapter entailed some key terms, which are explained as followsRegular Income TaxThis is the income tax as under normal provisions, that is, according to the tax rate applicable to the particular assessee as per income tax act,1961. Uptil this reckoning, no effect of Chapter XII-BA is given. This is defined under section 115JF(d).Adjusted Total IncomeAdjusted Total Income is explained under sectio n 115JC (2). Adjusted total income is calculated over the normal tax calculated for the LLP non-corporate assessee and unless giving the effect of Chapter XII-BA provisions. These adjustments include undermentioned (given under section 115JEE (1)), which are added to the normal taxDeductions under Chapter VI-A, which are deductions on certain incomes (Section 80HH to 80RRB except 80P)Deduction as per section 10AA, applicable in peculiar(a) economic zones.Deduction under 35AD which is reduced by the depreciation amount as per section 32.Deductions, particularly applicable on LLPs include the by-line sections 10AA, 80IA, 80IAB, 80IB, 80IC, 80ID, 80JJA, 80LA and 80Q.The assessee claiming deduction under section 35AD (with effect from 1st april,2015) cannot claim deduction under the following sections- 80IA, 80IB, 80IC and 80ID. Such an assessee does not pay back to pay AMT.When Alternate, Minimum Tax is calculated, then the concept of brought forward loss and unabsorbed deprecia tion are taken into look and set-off for them is as per the Income Tax Act,1961.If a friendship is converted to a Limited Liability Partnership form of organisation, then the twist credit, which the company earned is not allowed to be set-off against AMT.Assessees ResponsibilityThe assessees falling under the provisions of this act are inevitable to prepare a incubate consisting of the details and calculations basis of adjustments done for computation of the tax liability to the CA. The books of account and relevant records pertaining to the documents regarding the furnishing of the deductions claimed under sections applicable under these sections. The information is to be further filled in form 29(C). The details of the get over and form are explained as under.ReportA certificate and a discover regarding calculation of adjusted total income and alternate income tax, is required to be furnished onward the due date of filing return as per section 139(1). The report is certif ied from a Chartered Accountant. The provisions for this are given under section one hundred fifty-fiveJC (3). skeleton no. applicable is 29(C).According to the guidelines form ICAI, this report consists of three paragraphsFirst paragraph should consist of the declaration about the run of accounts and records of non-corporate assessee in order to arrive at adjusted total income and the AMT. s paragraph should consist of certification of calculation of adjusted Total Income and AMT and the tax payable as per 115JC.The third paragraph should consist of expression of the flavor that the particulars furnished in Annexure A of form 29(c) are accurate and true.FormThe form under section 29(C) requires the assessee under this act to furnish the following itemsName of the AssesseeAddress of the AssesseePermanent Account NumberAssessment courseTotal Income of the Assessee in the manner mentioned under Income Tax Act.Income Tax payable on total income computed under point 5.Deduction amo unt as per Part C, Chapter VI-A (except section 80P).Deduction amount as per section 10AA.Adjusted total Income (5+7+8).AMT (19.055% of Adjusted Total Income)If Tax on total income is AMT, then AMT is considered as Not Applicable (N.A) in column 10If Tax on total income is 1ReasonsIn the year 1969, around 155 tax payers were saving taxes or paying almost nothing to the presidential term by using deductions and tax breaks. So, AMT was introduced with the objective to reduce the incidences of tax nest egg by the higher income groups. But over the years it has reached to the middle-income groups as well. This is attributed to lump as AMT is said to have never adjusted for inflation, so if income change magnitude overtime for an assessee, it landed them in the AMT bracket.Chapter XII-BA was introduced to save revenue that arose when a company converted to LLP. This was basically done to take advantage of tax exemptions and rationalisation of taxation. According to the provisions o f Income Tax Act,1961, tax neutrality was provided in case of a conversion of a company to a Limited Liability Partnership. The transaction is not subject to capital gains if certain conditions are fulfilled. there was a possibility of tax saving.Advantage which was available to LLPBefore the bid of provisions of AMT, LLP was considered a tax saving form of organization as Minimum Alternate Tax and Dividend Distribution Tax. So, the companies used to convert to LLP for the benefits. The benefits are explained as under and analysis is done based on that.BenefitsLLP are not levied surcharge and DDT. Capital gains are not attracted when the assets are transferred from a company to LLP. This helps in saving tax.Companies have an increase cost of bread and butter of the statutory records which comes under the minimum compliance level. But LLPs does not have incur any such costs as there are no compliances to be fulfilled in terms of maintenance of records or the meetings.There is no l imit on the number of partners in LLP.All the assets, movable and immovable are automatically vested in LLP and no notion duty is applicable.Other benefits of LLP include the following- Government intervention is restrictive, easier to wind-up and audit is required to be done only in case of aggregate role more than Rs.25 lakhs and turnover greater than Rs.40 lakhs.Advance TaxAdvance tax is to be paid as per provisions 115JE and interest is attracted if there is disaster to pay it. If the assessee has income under the head PGBP on presumptions applicable as per section 44AD and 44ADA, he/she is not allowed to claim profit linked deductions. So, if the tax payer falls under the bracket of those claiming deduction under section 10AA or under Chapter VI-A, then adjusted total income will be increased by such amounts as well.Difference between MAT (Minimum Alternate Tax) and AMT (Alternate Minimum Tax)MATAMTApplicable on CompaniesApplicable to non-corporatesSection 115JBSection 115JC Calculated on book profitCalculated on adjusted total incomeEffective tax rate is 19.5%Effective tax rate is 19.05%1 Taken from the Income Tax Department document

Dualits Marketing Strategy Analysis

Dualits merchandiseing Strategy AnalysisOver the next three eld the securities industry place for kitchen returnions and appliances is expected to grow by up to 17.6% (Datamonitor, 2009). This growing grocery brands it the ideal time to be the manufacturer of these goods. Consumers of these goods are looking for products which are both(prenominal) stylish and make to last. Dualit has created a product with has incorporated both these key elements the Dualit NewGen wassailer.Dualit is a British comp whatever which designs and manufactures wassailers and separate kitchen appliances. Founded in the wee 1940s (Dualit, 2010), Dualit is portrayed as a company which offers lavishly t unmatchable of voice and wellspring-engineered products. The first Dualit carouser to be made with a timer and manual(a) eject saveton was created in 1952 and ever since Dualit has continued to produce toasters found on the original design (Dualit, 2010).In this essay Dualits merchandising system entrust be assessed using the 4Ps framework. This framework leaves product, place, price and promotion to be considered (Marketing Teacher, 2010). As well as looking at the companys merchandising mix, their targeting, placement and segmentation lead similarly be evaluated. By considering both of these aspects, alternatives sess be suggested on how Dualit lot improve their strategy. All the information use for this essay will come from secondary sources.Dualit want to be considered as a company which offer risque reference products which are transcgoalent to their competitors (Dualit, 2010). This is illustrated in the way in which they target their customers. Dualit use a identify trade strategy to target their consumers. Using a variousiated marketing strategy allows them to target several markets and design a separate go for each market (Armstrong et al, 2009). Products which use a differentiated strategy campaign to be valued by customers and customers pe rceive the product to be develop than or different from products of the competition. Also, according to Michel Porters model if a company has a corporate re entrapation for quality and innovation like Dualit does, then they will usually use a differentiated strategy (QuickMBA, 2010).Dualit segment their market using psycographic segmentation, this allows Dualit to divide its buyers into different groups based on social class, lifestyle or personality characteristics (QuickMBA, 2010). Dualits 2 deletion NewGen toaster will court to people with a high disposable income that will pay a lot to get a stylish product like the NewGen toaster but who also care about the environment, as the NewGen has a discipline which allows only one slot to be heated. Whereas, the 4 slice NewGen toaster raises more to the commercial users such as cafes and restaurants, who might need to make several slices at any one time. By targeting more than one target market it allows Dualit to increase its mar ket share.After considering their target market and deciding how to segment them, Dualit basin then consider all aspects of their marketing mix and how the different aspects work together.Dualits NewGen toaster sens be disunite into three product levels. These three levels are the core product, the actual product and the augmented product. The core product is the benefits the customer will receive (Kotler et al, 2008). Buyers of the NewGen toaster range will benefit from a product which makes toast but at the same time is compact and stylish and comes in over ten colours convey it will complement al about any kitchen. The core benefits are offered through the components that make up the actual product (Armstrong et al, 2009). The actual product includes styling, features and design. The extra wide slots on the NewGen toaster that allow for nearly all type of bread to be toasted can be seen as a core benefit. The augmented product is built around the core benefits and the actua l product by offering superfluous customer service (Armstrong et al, 2009). Dualit offer a two year piece about on the elements in the toaster and a one year plight on all other parts. Customers are also given a users guild to allow them to see other ways to use their toaster, this slip away is also available from their website. The Dualit NewGen toaster also has replaceable parts meaning that if it breaks it doesnt need to be thrown out, it can be fixed. This means it will last significantly eagle-eyeder than any other toaster. There is no obvious improvement that Dualit could make to the NewGen toaster as it has more features than each other toaster shortly on the market.Dualit make some of the most high-priced kitchen appliances on the market. The NewGen toaster ranges in price from 135 to 195 depending on the size of the toaster and how it is finished ( put-on Lewis, 2010). Dualit appear to use two set strategies. They appear to use product line price, where a company p rices different models within a range at different prices (Armstrong et al, 2009). It is more expensive for a 4 slice NewGen toaster than it is for a 2 slice NewGen toaster this is a perfect example of product line pricing. However, Dualit also appear to use value based pricing as a way of pricing their range, whereby buyers perceptions, not the sellers cost are key to pricing (Armstrong et al, 2009). Dualits toaster whitethorn be super priced but the consumers perception is that the high price means it is high quality. Unfortunately for Dualit many of its competitors offer a similar product in a similar style for a fraction of the price that is sold by the same retailer. Although they dont have as many features as the NewGen toaster, they still do the same job so potential customers may regain it is unnecessary to buy a toaster that costs 135 and purchase a rival toaster instead. Dualit may need to consider lowering their prices if it begins to affect them in the future.The Dual it NewGen toaster hasnt been highly publicised. The only advertize that Dualit does for the range is on their own website. Any other advertising is mostly done by the individual retailers that sell the product. can buoy Lewis currently offer a five year guarantee with all NewGen toasters, this may act as an incentive to potential customers as they feel they are getting more for their money and their product is protected longer. Dualits pretermit of advertising may be a way to reduce costs but in the long run it could cost them potential customers. The NewGen toaster is currently sold out on one of its main retailers website so their lack of advertising doesnt currently seem to be affecting their gross sales but in the future it could, so to increase publicity Dualit may consider taking part in a joint advertising campaign with a premium bread company such a Warburtons or Hovis, which are both popular brands. This would allow Dualit to target a wider market which may, as a result increase their market share.Dualit currently sell their product on their own website and through high end retailers such as John Lewis and House of Frasers, which are as honored but expensive department stores. This enhances Dualits image of being manufacturers of high quality products. Department stores carry a wide range of product lines (Armstrong et al, 2009) which can attract a larger range of customers, so by merchandising their product they may increase their market share. Dualit may want to appeal to a larger target market. They could do this by selling their products in large supermarkets such as Tesco or Asda because thousands of people go to these shops every day. Although this would allow them to reach a larger target marker, it may put off existing customers as they may feel that it takes away from the brands high end reputation. If Dualit did consider this they would have to decide if they would rather gain newfangled customers or risk losing existing customers.Afte r having analysed all the aspects of Dualits marketing mix, it can be seen that although there are a few improvements which they could make to their marketing strategy such as more advertising or quit where they sell the products overall their current marketing strategy is working well as their products are sold out on retailers websites. With the market for kitchen appliances set to largely increase, Dualit may have to consider altering their marketing if they respect to dominate more of this increasing market. If Dualit do decide to change their marketing strategy in the future it should be for the better as long as they continue to make high quality products that out dress their rivals.ReferencesArmstrong, G. Kotler, P. Harker, M. Brennan, R. (2009) Marketing An Introduction. 8th Ed. Essex Pearson program line Limited.Dualit (2010) Dualit Our History. Available at http//www.dualit.com/our-history (Accessed 12 February 2010).John Lewis (2010) Search Results NewGen. Availabl e at http//www.johnlewis.com/Search/Search.aspx?SearchTerm=NewGen (Accessed 13 February 2010).Kotler,P. Armstrong, G. Wong,V. Saunders, J. (2008) Principles of Marketing. 5th Ed. Essex Pearson Education Limited.Marketing Teacher (2010) Marketing Mix. Available at http//www.marketingteacher.com/Lessons/lesson_marketing_mix.htm (Accessed 11 February 2010).QuickMBA (2010) Market Segmentation. Available at http//www.quickmba.com/marketing/market-segmentation (Accessed 12 February 2010).Datamonitor (2009) Kitchen Appliances Global Industry Guide, particular(prenominal) Report, London, The Data Monitor Group