Debates on Modernist Art Installations

Debates on Modernist machination Inst solelyationsStanding within the entranceway, the atrium rises above, skylights permeating the inky and surreal give away area, each sub social organisation glinting beneath the early morning sunlight. Nearby elevators climb exposed and metallic, offsetting the historical and juvenile paintings on nearby walls with their mechanistic contrast. This bet of the Museum of Modern Art (MOMA) in New York is both breathtaking and inspiring except constantly criticized as a detraction from the main p contrivanceicipants in this voyeuristical journeying, the art forms. In todays expanding global community, there is a inhabitd evolution of cultural definition, atomic number 53 which is no longer the responsibility of the elders or the overseeing governmental body. Instead, cultural emulsion has been allocated to the increasingly vocal members of social niches, the propagators of coinciding dissent and support, and within this melt down pot, ther e lingers an uncertain future for the world of new art, as critic and corporation alike vie for equal say in placement and value. No longer is the industry controlled by the definitive opinions of the bourgeoisie, nor is it evolved done the hold out of a single revolutionary artist. Instead, art is an experiential form of community, one which is intimately related to the acquaintance of the viewer and the intention of the artist. Within this cooperative experience, however, there is one more singular and remarkable player, the macrocosmal architecture itself. It is from within these walls (or outside of them in some cases) that the viewer retrieves their spatial perception, and thereby a unique frame of reference to the art as it is viewed. The future of moderne art constitutions lies within the ability to link imaginative architecture and spectacular art, a task which has proved difficult for m some(prenominal) global facilities. Ultimately, the spirit of architecture is one which hind end be easily integrated into the creative maxims of a devouring(prenominal) society and as culture evades popular dispersion amid mass media clutter it is the responsibility of the institution to revive identity and implication. Artistic representation evolved from a question, the inseparable struggle of a humanity determined to indentify an elusive meaning, a broad spectrum of thought which necessitated expression and discussion.1 Historically, this impetus was founded on the religious iconography which was so pervasive in the centuries preceding the postmodernist era. Critics such as Ruskin challenged that the artist himself was a conduit of morality from which innate goodness and meritorious intent were required instruments of his art form.2 Yet this surmise could not hold in a society which continued to evade such limiting thought processes and introduce sweet and more radical ideas, variables of requisite more than revolution. The rise of modernism thun der mug be attributed to an institutionalization of radical doubt, a necessitated gathering of hypotheses from which leftist tenacity can course among multiple sources of authority.3 It is from within this new structure that the architectural merits of the institution became divergent from their historical representation. Out of the cube with white walls and steady flow of viewers evolved a frame pee of loticipation, one which challenged architects to redefine their structures, creating true destinations to traverse a more discriminating postmodern voyeur.The roots of modernism, according to Williams (1992) became a terminus, a limiter among artists who acted outside of the sphere of the large institution, thereby relegate inwroughtly assumed true artistic talent to the halls of mega-institutions where their modernity would flourish appropriately.4 It was this realignment of art to institutional display which enabled a such(prenominal) broader public viewership, undermining t he nature of elitism and discrimination. Lind (2007) notes that collaboration was an necessary factor in the evolution of postmodernism, forming the expectations of community among artists and viewers, an active depiction which endeavored to draw the participants into the unique aesthetic of the art itself and away from the group-think expectations evoked by society.5 Collaborative art would become more of a lifestyle than a form, enable the structure to become much more significant, actively introducing the public to the merits of participation. As artists collaborate, so do the viewers, actively interpreting their vision and subjecting it to internal modes of expectation and perception. This cultural dissolution by means of creative depiction is one of the most essential evolutions within the modern art institution and it allow continue to define the structure of future establishments as viewers and artists actively participate in their experience.In looking for examples of thi s revolution of design, the Museum of Modern Art (MOMA) in New York recognized the modernist movement and integrated Bauhaus-style architecture to become a global symbol for a new and utopian representation of exhibitionism.6 The ideologies which underlie utopianism in art are a culturally divergent need for connectivism, a variability which can operate both functionally and introspectively, thereby challenging the propensity of acceptance and replacing it with a question of what. The revised institution now enjoyed a supple mental institution for developing this question into a lifestyle, one in which viewers would embark on an ethereal journey, whether they were immediately aware of it or not, partaking in exhibitions by the actually basis of their viewership. The ability to modify both spatial and visual stimuli succession integrating an artists unique vision and meaning enabled a cultural dialogue which became much more substantial than that of a simple meander through with( predicate) a while cubicle with painted blemishes hung at eye level. Werner (2005) offers a nostalgic horizon of traditional institutions as structures designed to pre attend to the cultural capital of a rapidly evolving population and from these conservation tactics, inspire scholarship and educated debate.7 Yet it was the escape of debate, the limitations which inebriated the artistic community in the modernist era that evolved to awaken these participants during the revolution of postmodernism.Yet there is no evasion of historical context, and the stereotypical cube lingers as prominently as modern structures themselves occupy social import. Yet, whereas the cubist nature of historical institutions continues to pervade popular particular opinion, recognizing the merits of art over the environmental variables, evolutionary thinkers such as Zaha Hadid note that it is the activation of participation within an exhibit which determines the emotional response evoked from the viewer. 8 Should the four walled container be replicated fashion after room as it is in many scenarios, there is special(a) participation and a lack of interactivity, therefore, minimizing the relationship surrounded by visitor and artist. Similarly, variable angles and limitless perspective can also detract from the art itself, thereby making the institution a structural deviant and overcoming the artistic meaning through gauche architecture. There is a balance between structure and deconstruction in spaces, one which is not readily intuited and is as important to the merits of the art as the quality of the artists medium. Combinative meaning represents the necessary steps taken to ensure that viewers are culturally and visually induced in their institutional journey and as global amplification broadens the screen background of participation, the architectural framework plays an intimate role in experiential influence.There is an underlying debate which unfortunately shrouds the meri ts of institutional participation, relegating their role to that of a corporate philanderer, a by-day street troller seeking monetary reward for singular experiences. By Werners (2005) perception, the value basis of the institution itself is founded on the relationship between social net worth and capital economy.9 Therefore, should the public perceive artworks to be valuable, their readiness with capital backing to support this whimsy should coordinate with their imputed interests. The museum interprets popular culture, establishes demarcations of perceived representation, and then displays artifacts to support a desirous and discerning visitor base who feels an innate draw towards their now appropriately shed cultural offering. Yet within this altruistic idealism, there is a limiter inflamed by the nature of the architectural value itself. In order to appropriately valuate a incident artists work, the externally implied value of the institution should be added to the socially define valuation. In this way, status for structure and aestheticism are coupled with societal and capitalist value structures intimately uniting artist and establishment. The question which is then raised is whether the value of the art or the value of the institution is preponderant, and in which way can anxious critics ascribe a numerical quality to cultural aphorisms?The nature of commodification within the post-modernist society is one in which self-identification through means of lifestyle adaptation becomes greatly enhanced, almost to the point of religious zeal.10 As museum clientele moved evolved from the elitist bourgeoisie to a much broader base of attendee, delimitate installations in terms of expectation became a much more difficult task. In continuing the legacy of dominating cultural theory, the curator and his team continue to retain responsibility for influencing exactly what this self-identification entails, parading their perceived value by way of artistic insta llation. Ruskin and his modernist ideals reminded that society must regulate itself through attention to intrinsic values and prevention of this capability should be undone and disintegrated from the constructs of an appropriately inclined social body.11 Therefore, in spite of the proclivity towards radicalism, there has always been an assumed need for collectivist theory, from which architectural deviance retains a unique capability for defining the nature of the artistic experience. If the curator is to define identity, then the structure itself defies this definition, instead realigning its mission with that of the viewer, an evolving, variable, and discerning participant in a cultural exchange which continues to linger outside of stringent definition.It is from this agreement that Foster (2002) looks the idea that the institution is as important to art as the art is to the institution.12 This dissolution of parity into spatially distinctive relationships sustains the nature of consumerism, thereby redirecting interests towards branded influence. The institution is no longer simply a four-walled blanch spot, it is now a faade essential to the perception of art and inclusive of interactivity as well as interpretive guidance. The commodification of society is directly responsible for perception within the artistic institution, and in spite of the merits of traditionalist theory, the idea of construed man is no longer a marketable brand. Instead, reality becomes a participant that as experience determines cognitive perception. The architectural evolution of the integrated structure thereby initiates each unique introspection and enables a passing collectivism that inspires and challenges while at the comparable time, represents cultural reactivation.Rem Koolhaas (2006) in a recent interview challenged that architecture serves as a balancing point between the outgoing and future, exacting a form of control in a social structure where control was essentia lly indefinable.13 His perception of institutional architecture idolizes the modularity of architectural structures, enabling the display and innate motion of artistic endeavors through the translatable nature of the buildings. It is this translation which then questions whether the art can simply be considered a work of the artist or should be reattributed to a cooperative process with the architect. Architectural influence becomes an intimate relationship between space and localization, returning responsibility to the installation specialists, as their placement becomes an essential part of the perceived meaning and cultural dispersion. The ability to manipulate meaning by simply moving a work of art to a different location or juxtaposing it with a contrasting work is a remarkable power, one which shapes the nature of cultural purpose in the modern era much more than was allowed under modernist structure.Douglas (1986) sustains this idea that the institution is responsible for g enerating the blueprint for a collectivist memory, one which is framed in semipolitical and social maxims yet comported by means of display and interactivity.14 There is a framework of mediation which is highlighted by the architectural infrastructure of the art museum within this collaborative dialogue, visitors are equally challenged and consoled through the principles of display, messaging, and revelation. Remarkably, voyeurism assumes a unique role within the new architecture, evolving to placate the needs of visual stimulation while at the same time establishing an intimacy of experience in which the visitor is unwittingly linked with the architecture and art simultaneously. There is a new collectivism, one which links experience, theory, discussion, and does so within the constructs of what can be considered a corporately moderated exhibition. The installation team in their determination of goals and objectives must placate both perceived social values as and evolve their pla cement to meet strict standards of visual responsibility. Yet the subjective nature of such placement simply evades any available scientific valuation of its intricacies, as the person who is interpreting a specific piece in the matter of situating is simply intoning their own perception of cultural meaning, thereby imparting this upon all viewers who enter that space.Within this expectation of compliance, there is a unique debate surrounding subjectivism and the responsibility of artistic veneration, yet limited conclusions from which to situate any sincerely definitive argument. Vidokle (2007) challenged that art in general is an establishment of conditions which are necessary for creative production, therefore undermining any expectation that art could be truly taught to a group of desirous students.15 Spawning from this conclusion, the belief that artistic placement could have a singular dimension is equally as flawed, and thereby challenges the curator to look for both the m erits of architectural influence and artistic variables to ensure that a work is portrayed representative of the artists expected meaning. Interestingly, this offerment alone raises yet another challenge to the merits of meaning in that as placement is subjective, the artists vision is subjective, and the visitors perception is also subjective, there is limited objectification which can translate across the broad scope of artistic representation and define the true meaning of any work of art. Integrating the architecture of an institution into the visually provocative nature of art offers a socially collaborative incidence of inspiration, one which enables curator, artist, and viewer to coalesce, bringing singular, and remarkable insight to light upon a unique cultural connection within the museums walls.In considering the merits of other forms of artistic representation, such as those which are take out of the four walled structure and placed in public view, there are similar vari ables which determine the architecture of the native environment and assist in determining the unique meaning of the piece in relationship to its placement. The value of material representation was not self-evident at the outset and that like all inventions material representation was point upon, coherent with, and dialectically related to the contemporaneous neurological, social, technological, and ideational context.16 When a particular subject is placed within public view, there are an infinite progeny of variables which can influence perception, inclusive but not limited to, weather, natural environment, crowd flow, and political climate. If one were to view Rachael Whitreads water tower on a clouded day with internal angst reminiscent of Joan of Arc on her deathbed, the perception of clarity and purpose might be obscured by these subjective sentiments. Therefore, there is a recognition that art must be interpreted through the constructs of internally generated, experientiall y driven, conditions in order to ensure that its palpability resonates with each unique viewer. As art is extracted from the institution, the institution adjusts to become the environment. This evolution proffers a unique vision of globalized community, as placing out of context representations within unique settings, such as Antony Gormleys another place at various stages of drown on any foreign shoreline, enables a broad range of viewers to explore their personal understanding of such figures without the storyline or scripted meaning which might be readily available in a museum.From these arguments spawns the constructs of a new dimension in art appreciation, one which vitiates any perceived notion of institution, and instead places the idea of institution in the hands of the viewer. The relationship between art and the institutional architecture is one of symbiosis, a collusion of cultural inoculation from which there is one surviving beneficiary, the museum, as capital rewards are disguised as essential culture-needy pittances. Bourdieu and Darbel (1992) strengthen that the true function of the museum is to reinforce cultural brotherhood in the form of sacristy.17 Yet there is another responsibility which has evolved over the bypast decade, one which evokes a sense of internal turmoil from the institutional oversight committee, but retains public appreciation when implemented within an appropriate scope. In spite of the need for capitalist sustenance, the museums responsibility has yet to alter from its original path of cultural enlightenment and in turn, collectivist assimilation. No longer must the comodification of society undermine the need for self-identity, as identity lingers within the institutional halls, defined by subjectivism and interpreted internally, in spite of architecture or obscure efforts at creative placement. To activate internal modes of observation within a viewer corrupted by a society that bombards with constant stimuli requir es a pairing of both architectural extravagance and artistic uniqueness. Whereas artists may endeavor to impart meaning to their viewer through images or representations, the architect engenders a sense of being and belonging through their hallways and trusses and archways which is entirely collaborative and evidentiary of the current social clime.There is a discussion which evolves from this argument as to the relationship between space and structure. In consideration for the nature of art, a connectivity which can be easily broken by distraction or unforeseen variables, could it be that architecture has exceeded its boundaries by exploding in modern institutions on such a grandiose scale? Adorno (1992) addressed this issue from the standpoint of artistic autonomy and the realignment of the new sociopolitical debate with that of historical responsibility. By his definition, Adorno recognizes that the committed works of the political debater will often assume a role of expectation, a maxim of necessity which requires that the viewer also appreciate a similar political viewpoint.18 Yet if representation is subjective, then could viewership also take on subjective qualities? The reality is that autonomy in art is the recognition that indication is variable, divergent, and oftentimes completely distant from original meaning. Therefore, given the nature of architecture, could the institutional structure itself be considered an autonomous representation of current cultural and social ideologies? The reality is that the institution is no longer the combatant in the artistic community, it is the internalization of prescribed commodification which undermines the capabilities of need voyeurs. Their assumptions and wrongfully inspired intuition becomes nothing more than a derivative of the blueprint which has been established by a desensitized society corrupted by mass media and broad scale image distribution. Appreciation for the merits of a particular work of art be comes intimately related to internally generated necessity, and participants should therefore embrace the inclusion of architectural drama and aesthetic into this equation.As the curators of MOMA can attest, the affected state of voyeurism in conjunction with eccentric architecture or visually stimulating structures can lead critics to challenge the capacity for viewers to truly appreciate their attending objective, the art.19 As the grand atrium is a vast and spacious area, ripe with distractions ranging from marbled flooring to elevators, visual stimulation is easily reduced to a combinative effort, the candid observer environmentally and artistically influenced simultaneously. Yet, there is a differentiation which must be addressed regarding what is gauche over-stimulation or simply installed experience. In the case of MOMA, the outside distractions are minimal when considering the inspiring nature of the artistic stimuli. Wallach characterizes it as a spectacularized space, on e which is designed with free-floating intensity which will both overwhelm but stimulate reverential appreciation.20 The redefinition of space over the past decades is a function of necessity as well as a creative interpretation on the part of the architect and his team. Introducing variable structures into the social structure by means of architectural ingenuity furthers the propagation of art, enticing attendees and allowing corporate overseers to compete for urban space with a new breed of remarkable architecture.Artist Martin Kemp, in a recent interview, noted that there has been an adjustment to the artistic display process over the past decades, one in which the viewer is now often integrated into the artists meaning by way of publication or installation aids.21 His view is that juxtaposition of self-contradictory or complementary art forms within a particular installation offer the viewer visual stimulation otherwise unappreciable given the distance between particular works. It is within this new age ideology that the al-Qaidas of the future of the modern art museum are formed, as contrast and collaboration are two original visual aspects within the scope of institutions that can be manipulated and imparted to an unsuspecting viewer. Placing a renaissance painting next to one from the 1980s offers the remarkable ability to explore socio-cultural ideals across generations and historical legacies. Similarly, the evolving architecture of the institution allows the placement of modern zeal next to that of historic propriety. Therefore, as Kemp challenges that contrast is the wave of the future, the structural qualities of museums across the human beings are already forming similar opinions for an unwitting viewer. Corporate influence over this perceived disconnect will continue to establish and evoke remarkable wraith with limited understanding of their participation in the creative definition of modern society. eyepatch many critics may challenge tha t they are absolutely sure of their manipulation of cultural distribution, there is an inability to predict the nature of the art/viewer relationship which challenges any preconception of response. In truth, the viewer response should be an mingled part of the artistic process, and through study and further understanding, recognition of qualifying contrast can assist in defining the future of artistic creation.Zaha Hadid in her recent interview with Hans Ulrich Obrist recognizes the extremely pivotal role which the museum architecture plays in terms of exhibitionism and the structural variables which can directly influence the viewer and their journey through a particular installation.22 Most importantly, her perception of relationship is an essential development within the modern architectural environment, as experiential voyeurism becomes a foundation for artistic appreciation. Her vision likens institutional architecture to designing a laboratory within which both critic and art ist can dialogue, actively partaking in a conversation of perception through which ideas can be developed, disintegrated, and resurrected, drastically shaping the future of artistic endeavor. If each installation is considered just that, an experiment, there is substantial hazard for an extremely collaborative process, one in which viewer insights shape the future of institutions. Benjamin (2006) challenged that authenticity in art is a form of transmission which is defined by physical duration and historical testimony.23 Yet when testimony is directly linked to the nature of subjective relevance, in that a foreign viewer will not experience the political fire of a native who witnessed the collapse of the Berlin Wall, and physical duration is limited by the social and institutional variables, there can be no perceived authenticity in art. Benjamins interpretation is not errant, but simply too narrow in scope to identify with a modern era of intensified visual acumen. There is a dra matic shift towards remarkableness, one which is engendered with the cultural and social traits of a melting pot, not simply those of unique social or ethnic classes. Exhibitionism, as recognized by Hadid, is becoming a tool of unification, and in this way, will serve as a mode of global collaboration within the laboratory of the institution.In order to fully explore the nature of the institution in the modern era, it becomes important to note the evolution of the critic, and more importantly, those who are responsible for determining the future of artistic endeavors. Montmann (2006) challenges the evolution of the art institutions a direct result of a power shift from the traditional bourgeoisie and their monopolization of socially legitimized ideologies to a function of populist mandate, controlled by a homogenized corporate vision.24 This evolution is a direct result of the fragmented nature of popular society as the stratification which once divided aristocrat and peasant is no longer applicable as globalized consumerism now radically changes the fleeting voyeurism which so defined the historical role of the museum and its definitive influence. Sennett (2006) reminds that the habitual nature of the past has been abandoned for selective and subjective interpretation of interactions within a limited time frame.25 Thereby, the institution itself is charged with meeting the needs of a niche based audience, one with conflicting perceptions, needs, and demands, and one which strategically navigates within a broadening geographical sphere to imbue their own theories within the minds of other nomadic voyeurs. Therefore, as institutional criticism evolves to encompass the architectural merits of a particular museum, the fleeting visitors who frequent its doorways are challenged to appropriate meaning from a similarly fleeting interpretation by an overly critical eye. The nature of architecture within the institution is one which should entice and embrace its visit ors, not incite critical contempt and irascible scripting. Yet, given the nature of a society no longer defined by the bourgeoisie minority, the much more vocal public base will continue to evoke a sense of dread each time a change enters the artistic community.Across the globe, modern museums are taking note of architectural merits. Oil pissed countries such as the United Arab Emirates are paving the way for spectacular structures in exotic locations who offer collections of the worlds greatest artists throughout the annals of history. This encapsulation beneath the expectation of destination travel presents a unique focal point for the museums of the future as community is no longer defined in terms of geographic localization. As art evolves to encompass the nature of global humanity, the subjective nature of viewers equalizes with this radical adjustment, appreciating the socio-political evolution of artistic heroes and the institutions which house their work. The expansion of these destination facilities continues to evolve towards corporate ownership and patronage yet the relationship between viewer and art form cannot be dissolved. Tactically, as these conglomerates actively barter for diverse installations for their exhibits, the ability to contrast a broad range of subjects within a singular house of creativity is expanded, thereby verifying the merits of architectural evolution. While the future of participants in the modern museum may remain uncertain given the nature of electronic distribution, the necessity for such structures will remain a natural part of social evolution. The connectivity inspired by architectural and artistic creativity incites a sense of community which, when explored from a global perspective, is all the more necessitated in this modern era.BibliographyAdorno, Theodor. Art, Autonomy and Mass Culture. In Art in Modern Culture An Anthology of Critical Texts, eds. Francis Frascina and Jonathan Harris, 74-79. New York HarperCol lins Publishers Inc., 1992.Benjamin, Walter. Walter Benjamin Selected Writings, Vol. 3. London Belknap, 2006.Bourdieu, Pierre Darbel, Alain. The Love of Art. In Art in Modern Culture An Anthology of Critical Texts, eds. Francis Frascina and Jonathan Harris, 174-180. New York HarperCollins Publishers Inc., 1992.Douglas, Mary. How Institutions Think. Syracuse, New York Syracuse University Press, 1986.Foster, Hal. Design and Crime and other Diatribes. London Verso, 2002.Giddens, Anthony. Modernity and Self-Identity Self and fiat in the Late Modern Age. In Art in Modern Culture An Anthology of Critical Texts, eds. Francis Frascina and Jonathan Harris, 17-22. New York HarperCollins Publishers Inc., 1992.Obrist, Hans Ulrich. Rem Koolhaas. Ehrenstr Verlad der Buchhandlung Walther Konig, Koln, 2006.Obrist, Hans Ulrich. Zaha Hadid. Ehrenstr Verlad der Buchhandlung Walther Konig, Koln, 2007.Raney, Karen. Art in Question. London Continuum, 2003.Montmann, Nina. Art and its Institutions. In Mon tmann, Nina, ed. Art and its Institutions Current Conflicts, Critique and Collaborations, ed. Nina Montmann, 8-17. London Black Dog Publishing, 2006.Sennett, Richard. The Culture of the New Capitalism. New Haven Yale University Press, 2006.Vidokle, Anton. Exhibition as School in a Divided City, In Taking the Matter Into Common Hands, eds. J

Analysis of Botnet Security Threats

Analysis of Botnet Security ThreatsCHAPTER 1INTRODUCTION1.1 IntroductionDuring the last few decades, we catch seen the dramatically rise of the profit and its applications to the header which they catch locomote a captious kick downstairs of our lives. Internet security in that way has become more than and more primary(prenominal) to those who utilise the Internet for work, business, recreation or education.Most of the attacks and poisonous activities on the Internet be carried out by malicious applications such as Malw ar, which embroils vir procedures, trojan, worms, and botnets. Botnets become a important(prenominal) antecedent of closely of the malicious activities such as s stoogening, distrisolelyed defensive measure-of- service of process (DDoS) activities, and malicious activities overhaul across the Internet.1.2 Botnet Largest Security ThreatA bot is a softw atomic matter 18 formula, or a malw ar that runs automatically on a compromised machine without the users permission. The bot code is unremarkably written by m all criminal groups. The term bot refers to the compromised data processors in the electronic interlock. A botnet is inbredly a lucre of bots that ar under the control of an aggressor (BotMaster). Figure 1.1 illustrates a classifiable structure of a botnet.A bot commonly run through receipts of advance(a) malware techniques. As an recitation, a bot use roughly(prenominal) techniques like keylogger to record user individual(a) in figure of speechation like password and cutis its existence in the arranging. More importantly, a bot elicit distri entirelye itself on the internet to increase its scale to form a bot army. Recently, attackers use compromised Web hordes to contaminate those who visit the websites finished drive-by transfer 6. Currently, a botnet contains thousands of bots, exactly t here(predicate) is some cases that botnet contain several millions of bots 7. genuinely bots variediat e themselves from otherwise kind of worms by their ability to ask oer commands from attacker impertinently 32. assaulter or better call it botherder control bots by means of different protocols and structures. The Internet pass Chat (IRC) protocol is the earliest and still the close commonly utilize CC stemma at present. HTTP is excessively utilize be give Http protocol is permitted in nearly nets. centralize structure botnets was rattling triple-crown in the past but promptly botherders use change structure to avoid single point of failure riddle.Unlike previous malware such as worms, which are use belike for entertaining, botnets are utilise for real financial abuse. Actually Botnets bay window cause m whatever problems as some of them makeed infrai. Click fraud. A botmaster put up tardily simoleons by forcing the bots to click on advertisement for the purpose of personal or commercial abuse.ii. Spam production. Majority of the email on the internet is e-mail.iii. DDoS attacks. A bot army tail assembly be commanded to begin a distributed denial-of-service attack against whatever machine.iv. Phishing. Botnets are widely used to entertain malicious phishing sites. Criminals usually send junk e-mail kernels to shit users to visit their forged web sites, so that they brook obtain users critical information such as usernames, passwords.1.3 Botnet in-Depthpresent, the most(prenominal) serious manifestation of mod malware is Botnet. To father distinction amid Botnet and other kinds of malware, the concepts of Botnet swallow to understand. For a better collar of Botnet, two important terms, Bot and BotMaster accept been defined from another point of views.Bot Bot is rattling short circuit for robot which is likewise called as Zombie. It is a spick-and-span guinea pig of malware 24 installed into a compromised computer which hatful be controlled remotely by BotMaster for executing some secernates through the received commands. After the Bot code has been installed into the compromised computers, the computer becomes a Bot or Zombie 25. Contrary to existing malware such as computer computer virus and worm which their main activities emphasis on attacking the sullying phalanx, bots can receive commands from BotMaster and are used in distributed attack platform.BotMaster BotMaster is also known as BotHerder, is a person or a group of person which control remote Bots. Botnets- Botnets are networks consisting of large number of Bots. Botnets are created by the BotMaster to setup a private communication understructure which can be used for malicious activities such as Distributed Denial-of-Service (DDoS), sending large amount of SPAM or phishing mails, and other nefarious purpose 26, 27, 28. Bots spoil a persons computer in umteen ways.Bots usually disseminate themselves across the Internet by sayinging for vulnerable and unprotected computers to infect. When they retrieve an unprotected com puter, they infect it and and past send a traverse to the BotMaster. The Bot stay hidden until they are announced by their BotMaster to perform an attack or task. Other ways in which attackers use to infect a computer in the Internet with Bot include sending email and utilize malicious websites, but common way is intrusive the Internet to smell for vulnerable and unprotected computers 29. The activities associated with Botnet can be classified into three parts (1) Searching searching for vulnerable and unprotected computers. (2) Dissemination the Bot code is distributed to the computers ( signals), so the targets become Bots. (3) sign-on the Bots consort to BotMaster and become ready to receive command and control work.The main difference between Botnet and other kind of malwares is the existence of Command-and-Control (CC) infrastructure. The CC allows Bots to receive commands and malicious capabilities, as prone by BotMaster. BotMaster must(prenominal) ensure that the ir CC infrastructure is sufficiently robust to manage thousands of distributed Bots across the globe, as considerably as resisting whatsoever adjudicates to shutdown the Botnets. However, maculation and mitigation techniques against Botnets have been increased 30,31. Recently, attackers are also continually improving their approaches to protect their Botnets. The premier(prenominal) generation of Botnets utilise the IRC (Internet put across Chat) channels as their Common-and-Control (CC) centers. The modify CC mechanism of such Botnet has made them vulnerable to being followed and disabled. so, invigorated generation of Botnet which can hide their CC communication have emerged, Peer-to-Peer (P2P) solution Botnets. The P2P Botnets do not experience from a single point of failure, because they do not have centralized CC servers 35. Attackers have accordingly developed a range of strategies and techniques to protect their CC infrastructure.Therefore, considering the CC fun ction gives better understanding of Botnet and help defenders to soma proper signal encounterion or mitigation techniques. According to the CC channel we categorize Botnets into three different topologies a) Centralized b) Decentralized and c) crossbred. In Section 1.1.4, these topologies have been analyzed and totally considered the protocols that are currently being used in to all(prenominal) hotshot warning.1.4 Botnet TopologiesAccording to the Command-and-Control(CC) channel, Botnet topology is categorise into three different examples, the Centralized model, the Decentralized model and Hybrid model.1.4.1 Centralized ModelThe oldest type of topology is the centralized model. In this model, maven central point is responsible for exchanging commands and data between the BotMaster and Bots. In this model, BotMaster chooses a host (usually uplifted bandwidth computer) to be the central point (Command-and-Control) server of all the Bots. The CC server runs certain network services such as IRC or HTTP. The main utility of this model is small message latency which cause BotMaster easily arranges Botnet and launch attacks.Since all connections happen through the CC server, therefore, the CC is a critical point in this model. In other words, CC server is the weak point in this model. If somebody manages to discover and eliminates the CC server, the unblemished Botnet will be grievous-for-nothing and ineffective. Thus, it becomes the main drawback of this model. A lot of modern centralized Botnets employed a list of IP addresses of alternative CC servers, which will be used in case a CC server discovered and has been taken offline.Since IRC and HTTP are two common protocols that CC server uses for communication, we consider Botnets in this model establish on IRC and HTTP. Figure 1.2 shows the base communication architecture for a Centralized model. There are two central points that forward commands and data between the BotMaster and his Bots.1.4.1. 1 Botnets based on IRCThe IRC is a type of real-time Internet text messaging or synchronous conferencing 36. IRC protocol is based on the Client host model that can be used on many computers in distributed networks. Some advantages which made IRC protocol widely being used in remote communication for Botnets are (i) low latency communication (ii) anonymous real-time communication (iii) ability of Group (many-to-many) and Private ( matched) communication (iv) simplistic to setup and (v) simple commands. The basic commands are connect to servers, join channels and post messages in the channels (vi) very flexibility in communication. Therefore IRC protocol is still the most everyday protocol being used in Botnet communication.In this model, BotMasters can command all of their Bots or command a few of the Bots using one-to-one communication. The CC server runs IRC service that is the same with other standard IRC service. Most of the time BotMaster creates a channel on the IRC server that all the bots can connect, which inculcate apiece connected bot to do the BotMasters commands. Figure 1.3 showed that there is one central IRC server that forwards commands and data between the BotMaster and his Bots.Puri 38 presented the procedures and mechanism of Botnet based on IRC, as shown in Figure. 1.4.Bots transmission and control process 38i. The attacker tries to infect the targets with Bots.ii. After the Bot is installed on target machine, it will try to connect to IRC server. In this while a random nickname will be generate that show the bot in attackers private channel.iii. Request to the DNS server, dynamic mapping IRC servers IP address.iv. The Bot will join the private IRC channel set up by the attacker and wait for steerings from the attacker. Most of these private IRC channel is set as the encrypted mode.v. Attacker sends attack instruction in private IRC channel.vi. The attacker tries to connect to private IRC channel and send the au sotication password.v ii. Bots receive instructions and launch attacks such as DDoS attacks.1.4.1.2 Botnet based on HTTPThe HTTP protocol is an additional well-known protocol used by Botnets. Because IRC protocol within Botnets became well-known, internet security researchers gave more consideration to monitoring IRC traffic to detect Botnet. Consequently, attackers started to use HTTP protocol as a Command-and-Control communication channel to make Botnets become more difficult to detect. The main advantage of using the HTTP protocol is concealing Botnets traffics in normal web traffics, so it can easily passes firewalls and avoid IDS spying. Usually firewalls block incoming and outgoing traffic to not needed ports, which usually include the IRC port.1.4.2 Decentralized modelDue to major disadvantage of Centralized model-Central Command-and-Control (CC)-attackers tried to build another Botnet communication topology that is harder to discover and to destroy. Hence, they decided to notice a model in whi ch the communication system does not heavily depending on few selected servers and even discovering and destroying a number of Bots.As a result, attackers take advantage of Peer-to-Peer (P2P) communication as a Command-and-Control (CC) embodiment which is much harder to shut down in the network. The P2P based CC model will be used easily in Botnets in the future, and definitely Botnets that use P2P based CC model impose much bigger challenge for defense of networks.In the P2P model, as shown in Fig. 1.6, there is no Centralized point for communication. Each Bot have some connections to the other Bots of the same Botnet and Bots act as both Clients and servers. A new Bot must know some addresses of the Botnet to connect there. If Bots in the Botnet are taken offline, the Botnet can still observe to operate under the control of BotMaster.P2P Botnets aim at removing or hiding the central point of failure which is the main weakness and vulnerability of Centralized model. Some P2P Bot nets operate to a certain extent deconcentrate and some completely decentralized. Those Botnets that are completely decentralized allow a BotMaster to insert a command into any Bots. Since P2P Botnets usually allow commands to be injected at any thickener in the network, the authentication of commands become essential to prevent other bosss from injecting incorrect commands.For a better understanding in this model, some characteristics and important features of historied P2P Botnets have been mentioned Slapper Allows the routing of commands to distinct nodes. Uses Public key and private key cryptography to authenticate commands. BotMasters sign commands with private key and only those nodes which has interchangeable normal key can verify the commands 42. Two important weak points are (a) its list of known Bots contains all (or almost all) of the Botnet. Thus, one single captured Bot would give away the entire Botnet to defenders 42 (b) its sophisticated communication mechanism produces lot traffic, making it vulnerable to monitoring via network flow analysis. Sinit This Bot uses random searching to discove other Bots to communicate with. It can results in an easy detection due to the extensive probing traffic 34. Nugache Its weakness is based on its reliance on a seed list of 22 IP addresses during its bootstrap process 47. Phatbot Uses Gnutella cache server for its bootstrap process which can be easily shutdown. Also its WASTE P2P protocol has a scalability problem across a long network 48. Strom worm it uses a P2p overnet protocl to control compromised hosts. The communication protocol for this Bot can be classified into five steps, as describes below 37 i. Connect to Overnet Bots try to join Overnet network. Each Bot initially has hard-coded binary agitates which is included the IP addresses of P2P-based Botnet nodes. ii. Search and Download Secondary Injection URL Bot uses hard-coded keys to explore for and transfer the URL on the Overnet netwo rk 37. iii. Decrypt Secondary Injection URL compromised hosts take advantages of a key(hard coded) to decrypt the URL. iv. Download Secondary Injection compromised hosts attempt to download the second injection from a server(probably web server). It could be give files or updated files or list of the P2P nodes 37.1.4.3 Hybrid modelThe Bots in the Hybrid Botnet are categorized into two groups1) Servant Bots Bots in the first group are called as servant Bots, because they behave as both clients and servers, which have static, routable IP addresses and are neighborly from the entire Internet.2) Client Bots Bots in the second group is called as client Bots since they do not accept incoming connections. This group contains the remaining Bots, including- (a) Bots with dynamically designated IP addresses (b) Bots with Non-routable IP addresses and (c) Bots behind firewalls which they cannot be connected from the global Internet.1.5 Background of the ProblemBotnets which are controlle d remotely by BotMasters can launch huge denial of service attacks, several infiltration attacks, can be used to spread spam and also conduct malicious activities 115. While bot army activity has, so far, been exceptional to criminal activity, their potential for causing large- scale damage to the entire internet is immeasurable 115. Therefore, Botnets are one of the most dangerous types of network-based attack today because they posit the use of very large, synchronized groups of hosts for their malicious activities.Botnets obtain their power by size, both in their increasing bandwidth and in their reach. As mentioned before Botnets can cause severe network disruptions through huge denial- of-service attacks, and the danger of this interruption can charge enterprises big sums in extortion fees. Botnets are also used to harvest-feast personal, corporate, or government sensitive information for sale on a blooming organized crime market.1.6 Statement of the ProblemRecently, botnet s are using new type of command-and-control(CC) communication which is totally decentralized. They utilize peer-to-peer style communication. Tracking the starting point and activity of this botnet is much more complicated due to the Peer-to-Peer communication infrastructure.Combating botnets is usually an turn up of discovering their weakness their central position of command, or CC server. This is typically an IRC network that all bots connect to central point, however with the use of P2P mode we cannot find any central point of command. In the P2P networks each bots in searching to connect other peers which can receive or broadcast commands through network. Therefore, an dead-on(prenominal) detection and fighting method is required to prevent or stop such dangerous networks.1.7 Research Questionsa. What are the main differences between centralized and decentralized botnets?b. What is the vanquish and efficient general extensible solution for detecting non-specific Peer-to- Pe er botnets?1.8 Objectives of the Studyi. To develop a network-based framework for Peer-to-Peer botnets detection by common appearance in network communication.ii. To study the conduct of bots and recognizing portal similarities across multiple bots in order to develop mentioned framework.1.9 Scope of the StudyThe project scope is hold to ontogeny some algorithms pertaining to our proposed framework. This algorithms are using for decreasing traffics by filtering it, classifying intended traffics, monitoring traffics and the detection of malicious activities.1.10 Significance of the studyPeer-to-Peer botnets are one of the most sophisticated types of cyber crime today. They give the full control of many computers around to world to exploit them for malicious activities purpose such as spread of virus and worm, spam distribution and DDoS attack. Therefore, studying the behavior of P2P botnets and develop a technique that can detect them is important and high-demanded.1.11 SummaryUn derstanding the Botnet Command-and-Control(CC) is a critical part in recognizing how to best protect against the overall botnet threat. The CC channels utilized by the Botnets will often show the type and degree of actions an enterprise can see in either blocking or shutting down a botnet, and the probability of success.It is also obvious that attackers have been trying for years to strike away from Centralized CC channels, and are achieving some success using Decentralized(P2P) CC channels over the last 5 or so years. Therefore in this chapter we have defined a classification for better understanding of Botnets CC channels, which is included Centralized, Decentralized, and Hybrid model and tried to evaluate recognized protocols in each of them. Understanding the communication topologies in Botnets is essential to precisely identify, detect and mitigate the ever-increasing Botnets threats.CHAPTER 2LITERATURE REVIEW2.1 IntroductionBefore majority of botnets was using IRC (Internet Relay Chat) as a communication protocol for Command and Control(CC) mechanism. Therefore, many researches tried to develop botnet detection scheme which was based on analysis of IRC traffic 50. As a result, attackers decided to develop more sophisticated botnets, such as Storm worm and Nugache toward the utilization of P2P networks for CC infrastructures. In response to this movement, researches have proposed conglomerate models of botnets detection that are based on P2P infrastructure 5.One key advantage of both IRC and HTTP Botnet is the use of central Command and Control. This characteristic provides the attacker with very well-organized communication. However, the assets also considers as a main disadvantage to the attacker 8. The threat of the Botnet can be decreased and possibly omitted if the central CC is taken over or taken down 8. The method that is starting to come out is P2P structure for Botnet interaction. There is not any centralized centre for P2P botnets. whatsoe ver nodes in P2P botnet behave as client and server as well. If any point in the network is shut down the botnet still can continue its operation.The wedge botnet is one of the main and recognized recent P2P botnets. It customized the overnet P2P file- overlap application which is based on the Kademlia distributed hash table algorithm 55 and exploit it for its CC infrastructure. Recently many researchers specially in the anti-virus community and electronic media concentrated on storm worm 56,57.2.2 Background and HistoryA peer-to-peer network is a network of computers that any computer in the network can behave as both a client and a server.Some explanation of peer-to-peer networks does not need any form of centralized coordination. This definition is more comfortable because the attacker may be interested in hybrid architectures 8.2.2.1 HistoryThe table 2.1 shows a compendium of some well-known bots and P2P protocols. The range of time from the first bots, EggDrop, until the Sto rm Worm P2P bot is newly released. The first non-malicious bot was EggDrop that came up many years ago, and we know it as one of the first IRC bots that came to market. GTBot that have many other categories is another well-known malicious bot, that its variants are IRC client, mIRC.exe61.After a while, P2P protocols have been used for Botnet activities. Napster is one of the first bot that used P2P as its communication. Napster built an platform that permit all bots can find each other and share files with each other in the network. In this bot, file sharing has been done in the centralized server that we can say it was not completely a P2P botnet. Therefore, all bots have to upload an index of their files to the centralized server and also if they are aspect for other files among all bots, have to search in centralized server. If it can find any file that looking for, then can directly connect to that bot and download what they compliments. Nowadays, because Napster has been shut down as their service recognized as illegal service, many other P2P service counseling on avoiding such finding.After few years after Napster, Gnutella protocol came up as the first completely P2P services. Actually after Gnutellas , as shown in hedge 2.1, many other P2P protocols have been released, such as Kademilia and Chord. This two new p2p service are using distributed hash table as a method for finding information in the peer-to-peer networks.Agobot is another malicious P2P bot that came up recently and become widespread because of dandy design and modular code base 61. Nowadays many researchers are concentrating on P2P bots and there is an anticipation that P2P bots will reach to the stage that Centralized botnets will not been used any more in the future.Table 2.1 P2P based Botnets2.3 Peers-to-Peer Overlay NetworksOverlay networks are categorized into two categories Structured and Unstructured. All nodes in first category can connect to most X peers regarding some condit ions for identification of nodes that those peers want to connect. However in unstructured type there is not any specified limit for the number of peers that they can connect, in spite of the fact that there is not any condition for connecting to other peers. Overnet is a good example of structured p2p networks and Chorf is a good example of unstructured P2P networks.2.3.1 Brief overview of OvernetOne of the popular file sharing networks is Overnet that use for their design use distributed hash table (DHT) algorithm that called Kademlia55. Each node produces a 128-bit id for joining the network and also use for sending to other node for introducing itself. Actually each node in the network saves the information astir(predicate) other nodes in order to route query messages.2.3.2 Brief overview of GnutellaGnutellas is a unstructured file sharing network. In this network, when a node like n want to connect to a node like m, use a ping message to inform the other node for its presence. As long as node m received ping message, then send it back to other nodes in its neighbor and also send a Pong message to the vector of ping message that was node n. this transaction among node let them to learn about each other.2.4 Botnet spyingIn particular, to compare existing botnet detection techniques, different methods are described and then disadvantages of each method are mentioned respectively.2.4.1 Honeypot-based trackHoneypot can be used to collect bots for analyzing its behavior and hints and also for tracking botnets. But using honeypots have several limitations. The most important limitation is because of limited scale of exploited activities that can track. And also it cannot capture the bots that use the method of propagation other than interpretning, such as spam. And finally it can only give report for transmission machines that are anticipated and put in the network as trap system. So it means that it can not give a report for those computers that are giv e with bot in the network but are not devoted as trap machines. So we can come to this conclusion that generally in this technique we have to wait until one bot in the network infect our system and then we can track or analyze the machine.2.4.2 Intrusion detection systemsIntrusion detection techniques can be categorized into two categories host-based and network-based solution. Host-based techniques are used for recognizing malware binaries such as viruses. A good example of this type is anti-virus detection systems. However, we know that anti-virus are good for fair(a) virus detection. The most important disadvantages of anti-virus are that bots can easily evade the detection technique by changing their signatures easily, because the detection system cannot update their databases consistency. And also bots can disable any anti-virus tools in the system to protect themselves from detection.Network- based intrusion detection system is another method for detection that is used in the area of botnet detection. Snort67 and Bro68 are the two well-known signature based detection system that are used currently. They use a database as signatures of famous malicious activities to detect botnets or any other malware. Actually if our objective is using this technique for botnet detection, we have to keep updating the database and recognizing all malware quickly to make a signature of it and add to our database. For solving this solving this problem recently researchers are using unusual person based IDS that can detect malicious activities based on behavior of malware or detection techniques.2.4.3 Bothunter Dialog correlation-based Botnet detectionThis technique developed an evidence-trail approach for detecting successful bot infection with patterns during communication for infection process. In this strategy, bot infection pattern are modeled to use for recognizing the whole process of infection of botnet in the network. All behavior that occur the bot infection su ch as target scanning, CC establishment, binary downloading and outbound propagation have to model by this method. This method gathers an evidence-trail of connected infection process for each internal machine and then tries to look for a verge combination of sequences that will convince the condition for bot infection 32.The BotHunter use snort with adding two anomaly-detection components to it that are SLADE (Statistical payLoad Anomaly Detection Engine) and SCADE (Statistical scan Anomaly Detection Engine). SCADE produce internal and external scan detection warnings that are weighted for criticality toward malware scanning patterns. SLADE perform a byte-distribution onus anomaly detection of incoming packets, providing a matching non-signature approach in inbound exploit detection 32 .Slade use an n-gram payload examination of traffics that have typical malware intrusions. SCADE persist some port scan analysis for incoming and outgoing traffics. Actually BotHunter has a link be tween scan and alarm intrusion that shows a host has been infected. When a adequate sequence of alerts is established to match BotHunters infection dialog model, a comprehensive report is created to get all the related events participants that have a rule in infection dialog 32. This method provides some important featuresi. This technique concentrates on malware detection by IDS-driven dialog correlation. This model shows an essential network processes that occur during a successful bot infection.ii. This technique has one IDS-independent dialog correlation engine and three bot-specific sensors. This technique can automatically produce a report of whole detection of bot, as well as the infection of agent, identification of the computer that has been infected and source of Command and Control centre.2.4.3.1 Bot infection sequencesActually understanding bot infection life processes is a challenging work for protection of network in the future. The major work in this area is different iating between successful bot infection and background exploit attempt. For reaching to this point analysis of two-way dialog flow between internal hosts and external hosts (internet) is needed. In a good design network which uses filtering at gateway, the threats of direct exploitations are limited. However, contemporary malware families are highly flexible in their ability to attack vulnerable hosts through email attachments, infected P2P media, and drive-by download infections 32.2.4.3.2 Modeling the infection dialog processThe bot distribution model can conclude by an analysis of external communication traffics that shows the behavior of pertinent botnet. Incoming scan and utilize alarms are not enough to state a winning malware infection, as are assumed that a lasting sprout of scan and exploit signals will be observed from the way out monitor 32.Figure 2.1 shows the process of bot infection in BotHunter that used for evaluating network flows through eight stages. This model is almost similar with the model that Rajab et al. presented for IRC detection model. The model that they proposed has early initial scanning that is a preceding consideration happen in form of IP exchange and pointing vulnerable ports. Actually figure 2.1 is not aimed for a strict ordering of infection events that happen during bot infection.The important resultant here is that bot dialog processes analysis have to be strong to the absence of some dialog events and must not need strong sequencing on the order in bound dialog is conducted. One solution to solve the problem of sequence order and event is to use a weighted event threshold system that take smallest essential sparse sequences of events under which bot profile statement can be initiated 32. For instance, it is possible put weighting and threshold system for the look of each event in a way that a smallest set of event is important prior of bot detection.2.4.3.3 Design and implementationMore attention devoted for shrewd a passive network monitoring system in this part which be able of identifying the bidirectional warning signs when internal hosts are infected with bAnalysis of Botnet Security ThreatsAnalysis of Botnet Security ThreatsCHAPTER 1INTRODUCTION1.1 IntroductionDuring the last few decades, we have seen the dramatically rise of the Internet and its applications to the point which they have become a critical part of our lives. Internet security in that way has become more and more important to those who use the Internet for work, business, entertainment or education.Most of the attacks and malicious activities on the Internet are carried out by malicious applications such as Malware, which includes viruses, trojan, worms, and botnets. Botnets become a main source of most of the malicious activities such as scanning, distributed denial-of-service (DDoS) activities, and malicious activities happen across the Internet.1.2 Botnet Largest Security ThreatA bot is a software code, or a malware th at runs automatically on a compromised machine without the users permission. The bot code is usually written by some criminal groups. The term bot refers to the compromised computers in the network. A botnet is essentially a network of bots that are under the control of an attacker (BotMaster). Figure 1.1 illustrates a typical structure of a botnet.A bot usually take advantage of sophisticated malware techniques. As an example, a bot use some techniques like keylogger to record user private information like password and hide its existence in the system. More importantly, a bot can distribute itself on the internet to increase its scale to form a bot army. Recently, attackers use compromised Web servers to contaminate those who visit the websites through drive-by download 6. Currently, a botnet contains thousands of bots, but there is some cases that botnet contain several millions of bots 7.Actually bots differentiate themselves from other kind of worms by their ability to receive c ommands from attacker remotely 32. Attacker or better call it botherder control bots through different protocols and structures. The Internet Relay Chat (IRC) protocol is the earliest and still the most commonly used CC channel at present. HTTP is also used because Http protocol is permitted in most networks. Centralized structure botnets was very successful in the past but now botherders use decentralized structure to avoid single point of failure problem.Unlike previous malware such as worms, which are used probably for entertaining, botnets are used for real financial abuse. Actually Botnets can cause many problems as some of them listed belowi. Click fraud. A botmaster can easily profit by forcing the bots to click on advertisement for the purpose of personal or commercial abuse.ii. Spam production. Majority of the email on the internet is spam.iii. DDoS attacks. A bot army can be commanded to begin a distributed denial-of-service attack against any machine.iv. Phishing. Botnets are widely used to host malicious phishing sites. Criminals usually send spam messages to deceive users to visit their forged web sites, so that they can obtain users critical information such as usernames, passwords.1.3 Botnet in-DepthNowadays, the most serious manifestation of advanced malware is Botnet. To make distinction between Botnet and other kinds of malware, the concepts of Botnet have to understand. For a better understanding of Botnet, two important terms, Bot and BotMaster have been defined from another point of views.Bot Bot is actually short for robot which is also called as Zombie. It is a new type of malware 24 installed into a compromised computer which can be controlled remotely by BotMaster for executing some orders through the received commands. After the Bot code has been installed into the compromised computers, the computer becomes a Bot or Zombie 25. Contrary to existing malware such as virus and worm which their main activities focus on attacking the infe cting host, bots can receive commands from BotMaster and are used in distributed attack platform.BotMaster BotMaster is also known as BotHerder, is a person or a group of person which control remote Bots. Botnets- Botnets are networks consisting of large number of Bots. Botnets are created by the BotMaster to setup a private communication infrastructure which can be used for malicious activities such as Distributed Denial-of-Service (DDoS), sending large amount of SPAM or phishing mails, and other nefarious purpose 26, 27, 28. Bots infect a persons computer in many ways.Bots usually disseminate themselves across the Internet by looking for vulnerable and unprotected computers to infect. When they find an unprotected computer, they infect it and then send a report to the BotMaster. The Bot stay hidden until they are announced by their BotMaster to perform an attack or task. Other ways in which attackers use to infect a computer in the Internet with Bot include sending email and usin g malicious websites, but common way is searching the Internet to look for vulnerable and unprotected computers 29. The activities associated with Botnet can be classified into three parts (1) Searching searching for vulnerable and unprotected computers. (2) Dissemination the Bot code is distributed to the computers (targets), so the targets become Bots. (3) sign-on the Bots connect to BotMaster and become ready to receive command and control traffic.The main difference between Botnet and other kind of malwares is the existence of Command-and-Control (CC) infrastructure. The CC allows Bots to receive commands and malicious capabilities, as devoted by BotMaster. BotMaster must ensure that their CC infrastructure is sufficiently robust to manage thousands of distributed Bots across the globe, as well as resisting any attempts to shutdown the Botnets. However, detection and mitigation techniques against Botnets have been increased 30,31. Recently, attackers are also continually impr oving their approaches to protect their Botnets. The first generation of Botnets utilized the IRC (Internet Relay Chat) channels as their Common-and-Control (CC) centers. The centralized CC mechanism of such Botnet has made them vulnerable to being detected and disabled. Therefore, new generation of Botnet which can hide their CC communication have emerged, Peer-to-Peer (P2P) based Botnets. The P2P Botnets do not experience from a single point of failure, because they do not have centralized CC servers 35. Attackers have accordingly developed a range of strategies and techniques to protect their CC infrastructure.Therefore, considering the CC function gives better understanding of Botnet and help defenders to design proper detection or mitigation techniques. According to the CC channel we categorize Botnets into three different topologies a) Centralized b) Decentralized and c) Hybrid. In Section 1.1.4, these topologies have been analyzed and completely considered the protocols that are currently being used in each model.1.4 Botnet TopologiesAccording to the Command-and-Control(CC) channel, Botnet topology is categorized into three different models, the Centralized model, the Decentralized model and Hybrid model.1.4.1 Centralized ModelThe oldest type of topology is the centralized model. In this model, one central point is responsible for exchanging commands and data between the BotMaster and Bots. In this model, BotMaster chooses a host (usually high bandwidth computer) to be the central point (Command-and-Control) server of all the Bots. The CC server runs certain network services such as IRC or HTTP. The main advantage of this model is small message latency which cause BotMaster easily arranges Botnet and launch attacks.Since all connections happen through the CC server, therefore, the CC is a critical point in this model. In other words, CC server is the weak point in this model. If somebody manages to discover and eliminates the CC server, the entire Botne t will be worthless and ineffective. Thus, it becomes the main drawback of this model. A lot of modern centralized Botnets employed a list of IP addresses of alternative CC servers, which will be used in case a CC server discovered and has been taken offline.Since IRC and HTTP are two common protocols that CC server uses for communication, we consider Botnets in this model based on IRC and HTTP. Figure 1.2 shows the basic communication architecture for a Centralized model. There are two central points that forward commands and data between the BotMaster and his Bots.1.4.1.1 Botnets based on IRCThe IRC is a type of real-time Internet text messaging or synchronous conferencing 36. IRC protocol is based on the Client Server model that can be used on many computers in distributed networks. Some advantages which made IRC protocol widely being used in remote communication for Botnets are (i) low latency communication (ii) anonymous real-time communication (iii) ability of Group (many-to-m any) and Private (one-to-one) communication (iv) simple to setup and (v) simple commands. The basic commands are connect to servers, join channels and post messages in the channels (vi) very flexibility in communication. Therefore IRC protocol is still the most popular protocol being used in Botnet communication.In this model, BotMasters can command all of their Bots or command a few of the Bots using one-to-one communication. The CC server runs IRC service that is the same with other standard IRC service. Most of the time BotMaster creates a channel on the IRC server that all the bots can connect, which instruct each connected bot to do the BotMasters commands. Figure 1.3 showed that there is one central IRC server that forwards commands and data between the BotMaster and his Bots.Puri 38 presented the procedures and mechanism of Botnet based on IRC, as shown in Figure. 1.4.Bots infection and control process 38i. The attacker tries to infect the targets with Bots.ii. After the Bot is installed on target machine, it will try to connect to IRC server. In this while a random nickname will be generate that show the bot in attackers private channel.iii. Request to the DNS server, dynamic mapping IRC servers IP address.iv. The Bot will join the private IRC channel set up by the attacker and wait for instructions from the attacker. Most of these private IRC channel is set as the encrypted mode.v. Attacker sends attack instruction in private IRC channel.vi. The attacker tries to connect to private IRC channel and send the authentication password.vii. Bots receive instructions and launch attacks such as DDoS attacks.1.4.1.2 Botnet based on HTTPThe HTTP protocol is an additional well-known protocol used by Botnets. Because IRC protocol within Botnets became well-known, internet security researchers gave more consideration to monitoring IRC traffic to detect Botnet. Consequently, attackers started to use HTTP protocol as a Command-and-Control communication channel to ma ke Botnets become more difficult to detect. The main advantage of using the HTTP protocol is hiding Botnets traffics in normal web traffics, so it can easily passes firewalls and avoid IDS detection. Usually firewalls block incoming and outgoing traffic to not needed ports, which usually include the IRC port.1.4.2 Decentralized modelDue to major disadvantage of Centralized model-Central Command-and-Control (CC)-attackers tried to build another Botnet communication topology that is harder to discover and to destroy. Hence, they decided to find a model in which the communication system does not heavily depending on few selected servers and even discovering and destroying a number of Bots.As a result, attackers take advantage of Peer-to-Peer (P2P) communication as a Command-and-Control (CC) pattern which is much harder to shut down in the network. The P2P based CC model will be used considerably in Botnets in the future, and definitely Botnets that use P2P based CC model impose much bi gger challenge for defense of networks.In the P2P model, as shown in Fig. 1.6, there is no Centralized point for communication. Each Bot have some connections to the other Bots of the same Botnet and Bots act as both Clients and servers. A new Bot must know some addresses of the Botnet to connect there. If Bots in the Botnet are taken offline, the Botnet can still continue to operate under the control of BotMaster.P2P Botnets aim at removing or hiding the central point of failure which is the main weakness and vulnerability of Centralized model. Some P2P Botnets operate to a certain extent decentralized and some completely decentralized. Those Botnets that are completely decentralized allow a BotMaster to insert a command into any Bots. Since P2P Botnets usually allow commands to be injected at any node in the network, the authentication of commands become essential to prevent other nodes from injecting incorrect commands.For a better understanding in this model, some characteristic s and important features of famous P2P Botnets have been mentioned Slapper Allows the routing of commands to distinct nodes. Uses Public key and private key cryptography to authenticate commands. BotMasters sign commands with private key and only those nodes which has corresponding public key can verify the commands 42. Two important weak points are (a) its list of known Bots contains all (or almost all) of the Botnet. Thus, one single captured Bot would expose the entire Botnet to defenders 42 (b) its sophisticated communication mechanism produces lot traffic, making it vulnerable to monitoring via network flow analysis. Sinit This Bot uses random searching to discove other Bots to communicate with. It can results in an easy detection due to the extensive probing traffic 34. Nugache Its weakness is based on its reliance on a seed list of 22 IP addresses during its bootstrap process 47. Phatbot Uses Gnutella cache server for its bootstrap process which can be easily shutdown. Also its WASTE P2P protocol has a scalability problem across a long network 48. Strom worm it uses a P2p overnet protocl to control compromised hosts. The communication protocol for this Bot can be classified into five steps, as describes below 37 i. Connect to Overnet Bots try to join Overnet network. Each Bot initially has hard-coded binary files which is included the IP addresses of P2P-based Botnet nodes. ii. Search and Download Secondary Injection URL Bot uses hard-coded keys to explore for and download the URL on the Overnet network 37. iii. Decrypt Secondary Injection URL compromised hosts take advantages of a key(hard coded) to decrypt the URL. iv. Download Secondary Injection compromised hosts attempt to download the second injection from a server(probably web server). It could be infected files or updated files or list of the P2P nodes 37.1.4.3 Hybrid modelThe Bots in the Hybrid Botnet are categorized into two groups1) Servant Bots Bots in the first group are called as ser vant Bots, because they behave as both clients and servers, which have static, routable IP addresses and are accessible from the entire Internet.2) Client Bots Bots in the second group is called as client Bots since they do not accept incoming connections. This group contains the remaining Bots, including- (a) Bots with dynamically designated IP addresses (b) Bots with Non-routable IP addresses and (c) Bots behind firewalls which they cannot be connected from the global Internet.1.5 Background of the ProblemBotnets which are controlled remotely by BotMasters can launch huge denial of service attacks, several infiltration attacks, can be used to spread spam and also conduct malicious activities 115. While bot army activity has, so far, been limited to criminal activity, their potential for causing large- scale damage to the entire internet is immeasurable 115. Therefore, Botnets are one of the most dangerous types of network-based attack today because they involve the use of very la rge, synchronized groups of hosts for their malicious activities.Botnets obtain their power by size, both in their increasing bandwidth and in their reach. As mentioned before Botnets can cause severe network disruptions through huge denial- of-service attacks, and the danger of this interruption can charge enterprises big sums in extortion fees. Botnets are also used to harvest personal, corporate, or government sensitive information for sale on a blooming organized crime market.1.6 Statement of the ProblemRecently, botnets are using new type of command-and-control(CC) communication which is totally decentralized. They utilize peer-to-peer style communication. Tracking the starting point and activity of this botnet is much more complicated due to the Peer-to-Peer communication infrastructure.Combating botnets is usually an issue of discovering their weakness their central position of command, or CC server. This is typically an IRC network that all bots connect to central point, how ever with the use of P2P method we cannot find any central point of command. In the P2P networks each bots in searching to connect other peers which can receive or broadcast commands through network. Therefore, an accurate detection and fighting method is required to prevent or stop such dangerous networks.1.7 Research Questionsa. What are the main differences between centralized and decentralized botnets?b. What is the best and efficient general extensible solution for detecting non-specific Peer-to- Peer botnets?1.8 Objectives of the Studyi. To develop a network-based framework for Peer-to-Peer botnets detection by common behavior in network communication.ii. To study the behavior of bots and recognizing behavioral similarities across multiple bots in order to develop mentioned framework.1.9 Scope of the StudyThe project scope is limited to developing some algorithms pertaining to our proposed framework. This algorithms are using for decreasing traffics by filtering it, classifyin g intended traffics, monitoring traffics and the detection of malicious activities.1.10 Significance of the studyPeer-to-Peer botnets are one of the most sophisticated types of cyber crime today. They give the full control of many computers around to world to exploit them for malicious activities purpose such as spread of virus and worm, spam distribution and DDoS attack. Therefore, studying the behavior of P2P botnets and develop a technique that can detect them is important and high-demanded.1.11 SummaryUnderstanding the Botnet Command-and-Control(CC) is a critical part in recognizing how to best protect against the overall botnet threat. The CC channels utilized by the Botnets will often show the type and degree of actions an enterprise can follow in either blocking or shutting down a botnet, and the probability of success.It is also obvious that attackers have been trying for years to move away from Centralized CC channels, and are achieving some success using Decentralized(P2P) CC channels over the last 5 or so years. Therefore in this chapter we have defined a classification for better understanding of Botnets CC channels, which is included Centralized, Decentralized, and Hybrid model and tried to evaluate recognized protocols in each of them. Understanding the communication topologies in Botnets is essential to precisely identify, detect and mitigate the ever-increasing Botnets threats.CHAPTER 2LITERATURE REVIEW2.1 IntroductionBefore majority of botnets was using IRC (Internet Relay Chat) as a communication protocol for Command and Control(CC) mechanism. Therefore, many researches tried to develop botnet detection scheme which was based on analysis of IRC traffic 50. As a result, attackers decided to develop more sophisticated botnets, such as Storm worm and Nugache toward the utilization of P2P networks for CC infrastructures. In response to this movement, researches have proposed various models of botnets detection that are based on P2P infrastructure 5.One key advantage of both IRC and HTTP Botnet is the use of central Command and Control. This characteristic provides the attacker with very well-organized communication. However, the assets also considers as a main disadvantage to the attacker 8. The threat of the Botnet can be decreased and possibly omitted if the central CC is taken over or taken down 8. The method that is starting to come out is P2P structure for Botnet interaction. There is not any centralized centre for P2P botnets. Any nodes in P2P botnet behave as client and server as well. If any point in the network is shut down the botnet still can continue its operation.The storm botnet is one of the main and recognized recent P2P botnets. It customized the overnet P2P file-sharing application which is based on the Kademlia distributed hash table algorithm 55 and exploit it for its CC infrastructure. Recently many researchers specially in the anti-virus community and electronic media concentrated on storm worm 56,57.2 .2 Background and HistoryA peer-to-peer network is a network of computers that any computer in the network can behave as both a client and a server.Some explanation of peer-to-peer networks does not need any form of centralized coordination. This definition is more comfortable because the attacker may be interested in hybrid architectures 8.2.2.1 HistoryThe table 2.1 shows a summary of some well-known bots and P2P protocols. The range of time from the first bots, EggDrop, until the Storm Worm P2P bot is newly released. The first non-malicious bot was EggDrop that came up many years ago, and we know it as one of the first IRC bots that came to market. GTBot that have many other categories is another well-known malicious bot, that its variants are IRC client, mIRC.exe61.After a while, P2P protocols have been used for Botnet activities. Napster is one of the first bot that used P2P as its communication. Napster built an platform that permit all bots can find each other and share files with each other in the network. In this bot, file sharing has been done in the centralized server that we can say it was not completely a P2P botnet. Therefore, all bots have to upload an index of their files to the centralized server and also if they are looking for other files among all bots, have to search in centralized server. If it can find any file that looking for, then can directly connect to that bot and download what they want. Nowadays, because Napster has been shutdown as their service recognized as illegal service, many other P2P service focusing on avoiding such finding.After few years after Napster, Gnutella protocol came up as the first completely P2P services. Actually after Gnutellas , as shown in Table 2.1, many other P2P protocols have been released, such as Kademilia and Chord. This two new p2p service are using distributed hash table as a method for finding information in the peer-to-peer networks.Agobot is another malicious P2P bot that came up recently and b ecome widespread because of good design and modular code base 61. Nowadays many researchers are concentrating on P2P bots and there is an anticipation that P2P bots will reach to the stage that Centralized botnets will not been used any more in the future.Table 2.1 P2P based Botnets2.3 Peers-to-Peer Overlay NetworksOverlay networks are categorized into two categories Structured and Unstructured. All nodes in first category can connect to most X peers regarding some conditions for identification of nodes that those peers want to connect. However in unstructured type there is not any specified limit for the number of peers that they can connect, in spite of the fact that there is not any condition for connecting to other peers. Overnet is a good example of structured p2p networks and Chorf is a good example of unstructured P2P networks.2.3.1 Brief overview of OvernetOne of the popular file sharing networks is Overnet that use for their design use distributed hash table (DHT) algorithm that called Kademlia55. Each node produces a 128-bit id for joining the network and also use for sending to other node for introducing itself. Actually each node in the network saves the information about other nodes in order to route query messages.2.3.2 Brief overview of GnutellaGnutellas is a unstructured file sharing network. In this network, when a node like n want to connect to a node like m, use a ping message to inform the other node for its presence. As long as node m received ping message, then send it back to other nodes in its neighbor and also send a Pong message to the sender of ping message that was node n. this transaction among node let them to learn about each other.2.4 Botnet DetectionIn particular, to compare existing botnet detection techniques, different methods are described and then disadvantages of each method are mentioned respectively.2.4.1 Honeypot-based trackingHoneypot can be used to collect bots for analyzing its behavior and signatures and also for t racking botnets. But using honeypots have several limitations. The most important limitation is because of limited scale of exploited activities that can track. And also it cannot capture the bots that use the method of propagation other than scanning, such as spam. And finally it can only give report for infection machines that are anticipated and put in the network as trap system. So it means that it can not give a report for those computers that are infected with bot in the network but are not devoted as trap machines. So we can come to this conclusion that generally in this technique we have to wait until one bot in the network infect our system and then we can track or analyze the machine.2.4.2 Intrusion detection systemsIntrusion detection techniques can be categorized into two categories host-based and network-based solution. Host-based techniques are used for recognizing malware binaries such as viruses. A good example of this type is anti-virus detection systems. However, w e know that anti-virus are good for just virus detection. The most important disadvantages of anti-virus are that bots can easily evade the detection technique by changing their signatures easily, because the detection system cannot update their databases consistency. And also bots can disable any anti-virus tools in the system to protect themselves from detection.Network- based intrusion detection system is another method for detection that is used in the field of botnet detection. Snort67 and Bro68 are the two well-known signature based detection system that are used currently. They use a database as signatures of famous malicious activities to detect botnets or any other malware. Actually if our objective is using this technique for botnet detection, we have to keep updating the database and recognizing all malware quickly to make a signature of it and add to our database. For solving this solving this problem recently researchers are using anomaly based IDS that can detect malic ious activities based on behavior of malware or detection techniques.2.4.3 Bothunter Dialog correlation-based Botnet detectionThis technique developed an evidence-trail approach for detecting successful bot infection with patterns during communication for infection process. In this strategy, bot infection pattern are modeled to use for recognizing the whole process of infection of botnet in the network. All behavior that occur the bot infection such as target scanning, CC establishment, binary downloading and outbound propagation have to model by this method. This method gathers an evidence-trail of connected infection process for each internal machine and then tries to look for a threshold combination of sequences that will convince the condition for bot infection 32.The BotHunter use snort with adding two anomaly-detection components to it that are SLADE (Statistical payLoad Anomaly Detection Engine) and SCADE (Statistical scan Anomaly Detection Engine). SCADE produce internal an d external scan detection warnings that are weighted for criticality toward malware scanning patterns. SLADE perform a byte-distribution payload anomaly detection of incoming packets, providing a matching non-signature approach in inbound exploit detection 32 .Slade use an n-gram payload examination of traffics that have typical malware intrusions. SCADE execute some port scan analysis for incoming and outgoing traffics. Actually BotHunter has a link between scan and alarm intrusion that shows a host has been infected. When a adequate sequence of alerts is established to match BotHunters infection dialog model, a comprehensive report is created to get all the related events participants that have a rule in infection dialog 32. This method provides some important featuresi. This technique concentrates on malware detection by IDS-driven dialog correlation. This model shows an essential network processes that occur during a successful bot infection.ii. This technique has one IDS-indepe ndent dialog correlation engine and three bot-specific sensors. This technique can automatically produce a report of whole detection of bot, as well as the infection of agent, identification of the computer that has been infected and source of Command and Control centre.2.4.3.1 Bot infection sequencesActually understanding bot infection life processes is a challenging work for protection of network in the future. The major work in this area is differentiating between successful bot infection and background exploit attempt. For reaching to this point analysis of two-way dialog flow between internal hosts and external hosts (internet) is needed. In a good design network which uses filtering at gateway, the threats of direct exploitations are limited. However, contemporary malware families are highly flexible in their ability to attack vulnerable hosts through email attachments, infected P2P media, and drive-by download infections 32.2.4.3.2 Modeling the infection dialog processThe bot distribution model can conclude by an analysis of external communication traffics that shows the behavior of relevant botnet. Incoming scan and utilize alarms are not enough to state a winning malware infection, as are assumed that a stable stream of scan and exploit signals will be observed from the way out monitor 32.Figure 2.1 shows the process of bot infection in BotHunter that used for evaluating network flows through eight stages. This model is almost similar with the model that Rajab et al. presented for IRC detection model. The model that they proposed has early initial scanning that is a preceding consideration happen in form of IP exchange and pointing vulnerable ports. Actually figure 2.1 is not aimed for a strict ordering of infection events that happen during bot infection.The important issue here is that bot dialog processes analysis have to be strong to the absence of some dialog events and must not need strong sequencing on the order in bound dialog is conducted. On e solution to solve the problem of sequence order and event is to use a weighted event threshold system that take smallest essential sparse sequences of events under which bot profile statement can be initiated 32. For instance, it is possible put weighting and threshold system for the look of each event in a way that a smallest set of event is important prior of bot detection.2.4.3.3 Design and implementationMore attention devoted for designing a passive network monitoring system in this part which be able of identifying the bidirectional warning signs when internal hosts are infected with b

Cannabis: The Hemp Plant :: Botany

Cannabis The Hemp PlantProbably one of the oldest plants known to man, Cannabis was cultivated for fiber, food, and medicine thousands of years beforehand it became the superstar of the drug culture (Schultes, 1973). Cannabis, as it turns out, not only has many usages, but has been employed in various ways by different cultures. Linnaeus offshoot classified Cannabis sativa in 1753 as a monotypic species (i.e., one of its kind with respect to its genus). Now, however, this question with regard to the lack of diversity of the genus has come at a lower place fire. Richard Evan Schultes proposed a polytypic classification in 1974. Many questions still remain about Cannabis. Is there one species of Cannabis or are there several or more? Many scientists have argued that the genus is monotypic. Indeed, even the Federal government and at least a dozen states have enacted marihuana laws that are based upon the self-confidence that the genus consists of only a single species, C. sativa. Ot hers, on the other hand, believe the genus is comprised of many species. For example, Russian students in the 1920s and 1930s claimed that there were at least a dozen species of Cannabis. At the time, the Russian views were not widely accepted. However, in the late 1960s scientists began to accept the idea that there were more than one species, and more investigations were initiated. Looking back, the polytypic concept of Cannabis dates to 1783 when Lamarck published an account of Cannabis indica in his Encyclopedia, (Volume 1), and fully contrasted it with the account of C. sativa (Emboden, 1974). Many species have been proposed or claimed over the years, but have been later found to be analogous to existing plants. The three species now widely accepted are C. sativa, C. indica, and C. ruderalis. Cannabis sativa is very tall, loosely branched, and the branches are remotely positioned from one another. On the other hand, C. indica is low-growing and densely branched, with more co mpact branches and with a tendency to be more conical or pyramidal in habit. Compared to other plants, C. ruderalis is small and slightly branched. However, the cannabolic content is highest in C. indica (Schultes, 1975). Cannabis plants are comprised of both staminate and pistillate plants. The female produces large amounts of seed, and the male produces pollen. The staminate plants generally are shorter in height than the pistillate. The differences between these twain necessitates two periods of harvesting.

The Beneficial Relationship of Music and Mathematics for Young Children

Many educators would agree that music has the ability to unlock doors for young children to learn the various aspects of mathematics. The relationship of the two subjects can be traced buttocks to the early stages of ancient history where they were taught together, unlike a majority of Americas public schools. Fortunately, there are public schools beginning to recognize this destruction relationship once again and thrust developed lesson plans that teach mathematics, science and music in a much more than conjunctive nature. Studies have proven time and time again that this is an excellent scholarship system to develop because children introduced to music at an early age have a higher(prenominal) grade of mathematical comprehension.The National Association for Music Education (MENC) has compiled statistical information proving how well students have done when applying musical overtones to mathematical studies. A study of 237 due south grade children used piano keyboard traini ng and recently designed math software to demonstrate improvement in math skills. The group scored 27% higher on proportional math and fractions tests than children that used only the math software (http//www.menc.org, 2005). These numbers hold true as students progress through school without deliberate to the students background. MENC continues to back their argument with the followingIn an analysis of U.S. Department of Education data on more than 25,000 secondary school students (NELS88, National Education longitudinal Survey), researchers found that students who report consistent high levels of involvement in instrumental music over the middle and high school years show importantly higher levels of mathematics proficiency by grade 12. This observation holds regardless of students socio-economic status, and differences in those who are involved with instrumental music vs. those who are not is more significant over time (2005).Being able to understand mathematics, regardless of the instruments used to teach it, is futile unless the student is able to follow through with their new found knowledge and achieve the grades they are capable of. MENC follows through with their research by stating that data from the National Education Longitudinal Study of 1988 showed that music participants real more academic honors and awards than non-music students, and that the percentage of music participants receiving As and Bs w... ...omplexities of Ancient Greek philosophy is far more complex than what young children are learning in school. However, Plato and Aristotle considered music to be something more than the warm and fuzzy romantic expressions we hear on the radio today to them, music was math (http//www.jhu.edu, 1998). Research has clear shown the potential for students to excel when an emphasis is placed on the integration of music in to their education. Studies paint a promising picture for the relationship of mathematics and music, and teachers have found rea l life ways to implement this powerful unity in their classrooms. When examples such as the curriculum from hold back Creek Elementary are available, there is no excuse for denying children such a promising opportunity to expand their chance for success. ReferencesArgabright, R (Winter, 2005). Connecting with music. General Music Today, 18(2)5. Retrieved May 15, 2005, from EBSCO research database.Bear Creek Elementary School Website. Retrieved May 15, 2005 from httpwww.bvsd.k12.co.us/schools/bearcreek/focus.shtmlCavanaugh, J. (February, 1998). Arithmetic of the soul. Retrieved May 15, 2005 from http//www.jhu.edu/jhumag/0298web/math.html