update chapters

Thesis_Docs/Nikkhah_Nasab-Aida-Mastersthesis.blg

@@ -13,44 +13,44 @@ Database file #1: ../Thesis_Docs/sources/references.bib
 -- See the "IEEEtran_bst_HOWTO.pdf" manual for usage information.
 
 Done.
-You've used 31 entries,
+You've used 27 entries,
             4087 wiz_defined-function locations,
-            997 strings with 14573 characters,
-and the built_in function-call counts, 27027 in all, are:
-= -- 2080
-> -- 729
-< -- 231
-+ -- 399
-- -- 135
-* -- 1291
-:= -- 3775
-add.period$ -- 76
-call.type$ -- 31
-change.case$ -- 32
-chr.to.int$ -- 561
-cite$ -- 31
-duplicate$ -- 1891
-empty$ -- 2264
-format.name$ -- 156
-if$ -- 6400
+            975 strings with 14010 characters,
+and the built_in function-call counts, 24093 in all, are:
+= -- 1844
+> -- 673
+< -- 204
++ -- 368
+- -- 127
+* -- 1158
+:= -- 3343
+add.period$ -- 67
+call.type$ -- 27
+change.case$ -- 29
+chr.to.int$ -- 498
+cite$ -- 27
+duplicate$ -- 1683
+empty$ -- 2002
+format.name$ -- 145
+if$ -- 5704
 int.to.chr$ -- 0
-int.to.str$ -- 31
-missing$ -- 339
-newline$ -- 118
-num.names$ -- 31
-pop$ -- 844
+int.to.str$ -- 27
+missing$ -- 306
+newline$ -- 106
+num.names$ -- 27
+pop$ -- 765
 preamble$ -- 1
 purify$ -- 0
 quote$ -- 2
-skip$ -- 2069
+skip$ -- 1833
 stack$ -- 0
-substring$ -- 1384
-swap$ -- 1565
-text.length$ -- 44
+substring$ -- 1235
+swap$ -- 1398
+text.length$ -- 38
 text.prefix$ -- 0
 top$ -- 5
-type$ -- 31
+type$ -- 27
 warning$ -- 0
-while$ -- 133
-width$ -- 33
-write$ -- 315
+while$ -- 117
+width$ -- 29
+write$ -- 278

Thesis_Docs/main.tex

@@ -41,7 +41,7 @@ APT actors employ various covert tactics to remain undetected and achieve their
 
 \begin{itemize}
     \item \textbf{Spear Phishing:} Crafting highly personalized email messages that appear legitimate to the recipient. These emails are designed to trick recipients into clicking on malicious links or attachments, leading to the compromise of their credentials or systems \cite{caputo2013going}.
-    \item \textbf{Zero-Day Exploits:} Exploiting previously unknown vulnerabilities in software or hardware, which have not yet been patched by the vendor. This allows attackers to gain unauthorized access to systems without triggering existing security defenses \cite{bilge2012before}.
+    \item \textbf{Zero-Day Exploits:} Exploiting previously unknown vulnerabilities in software or hardware, which have not yet been patched by the vendor. This allows attackers to gain unauthorized access to systems without triggering existing security defenses \cite{guo2023review}.
     \item \textbf{Lateral Movement:} After gaining initial access, attackers move within the compromised network, exploring and compromising additional systems to find and exfiltrate valuable data. This tactic often involves the use of legitimate administrative tools to avoid detection.
     \item \textbf{Command and Control (C2):} Establishing a secure communication channel with the compromised systems to remotely control them, issue commands, and exfiltrate data \cite{eisenberg2018network}.
 \end{itemize}
@@ -63,7 +63,7 @@ Enterprise networks typically consist of multiple interconnected subsystems, inc
 
 \begin{itemize}
     \item \textbf{Network Architecture:} The physical and logical design of the network, including the layout and interconnection of routers, switches, firewalls, and other network devices. A well-designed architecture enhances security by segmenting the network and controlling traffic flow \cite{o1992dynamic}.
-    \item \textbf{Security Protocols:} Protocols such as TLS (Transport Layer Security) and IPSec (Internet Protocol Security) protect data in transit. Additionally, firewalls, intrusion detection/prevention systems (IDS/IPS), and encryption mechanisms are employed to safeguard data and systems \cite{krawczyk2013security}, \cite{davis2001ipsec}, \cite{abbas2023subject}.
+    \item \textbf{Security Protocols:} Protocols such as TLS (Transport Layer Security) and IPSec (Internet Protocol Security) protect data in transit. Additionally, firewalls, intrusion detection/prevention systems (IDS/IPS), and encryption mechanisms are employed to safeguard data and systems \cite{krawczyk2013security}.
     \item \textbf{Access Controls:} Policies and technologies that regulate who can access specific data and resources within the network. This includes user authentication, role-based access control (RBAC), and multi-factor authentication (MFA) to ensure that only authorized personnel can access sensitive information \cite{thomas1997team}.
     \item \textbf{Network Monitoring and Management:} Tools and practices for monitoring network traffic, identifying anomalies, and managing network resources to maintain performance and security.
 \end{itemize}
@@ -81,7 +81,7 @@ Despite the implementation of robust security measures, enterprise networks rema
 \section{Time Series Databases and InfluxDB}
 Time-series databases (TSDBs) are optimized for storing and querying temporal data. In cybersecurity, they enable efficient analysis of network traffic patterns over time. 
 
-InfluxDB is a popular TSDB known for its high throughput and SQL-like query language (Flux) \cite{ahmad2017hands}. 
+InfluxDB is a popular TSDB known for its high throughput and SQL-like query language (Flux) \cite{influxdb2023}. 
 
 Key features include:
 \begin{itemize}
@@ -262,8 +262,6 @@ Shalaginov et al. (2016) focused on malware beaconing detection by mining large-
 
 Yeh et al. (2018) investigated a malware beacon of botnet by analyzing local periodic communication behavior \cite{yeh2018malware}. The paper focuses on identifying malware beaconing behavior in botnets by studying the periodic communication patterns between infected hosts and their command and control servers. The authors propose a method to detect these periodic behaviors, which are typically used by botnets to maintain control over compromised systems. Their approach highlights the importance of analyzing local traffic patterns for detecting botnet infections and contributes to improving malware detection techniques through the identification of communication anomalies.
 
-Borchani (2020) proposed an advanced approach to malicious beaconing detection using Artificial Intelligence (AI) \cite{borchani2020advanced}. The paper explores the application of AI techniques, particularly machine learning algorithms, to enhance the detection of beaconing behavior associated with malicious activity. By leveraging AI, the author aims to improve the accuracy and efficiency of detecting beaconing patterns that indicate compromised hosts within a network. The study demonstrates the potential of AI to significantly improve the detection and mitigation of threats posed by beaconing malware, contributing to more effective network security solutions.
-
 Enright et al. (2022) introduced a learning-based zero-trust architecture for 6G and future networks \cite{enright2022learning}. The paper explores the integration of machine learning with zero-trust security models to address the evolving security challenges in next-generation networks, particularly 6G. The authors propose a framework that combines learning-based techniques with zero-trust principles to enhance the detection of malicious activity and improve overall network security. The study contributes to the development of more adaptive and robust security architectures for future networks, offering a promising solution to the emerging threats in 6G environments.
 
 Van Ede et al. (2022) introduced Deepcase, a semi-supervised contextual analysis method for security events \cite{van2022deepcase}. The paper presents a novel approach that combines semi-supervised learning techniques with contextual analysis to enhance the detection of security events. By leveraging contextual information, Deepcase can identify complex patterns and relationships in security data, improving the accuracy of event anomaly detection. The authors demonstrate the effectiveness of their approach in real-world security environments, showing its potential to enhance the detection and response capabilities of security systems in large-scale networks.

Thesis_Docs/sources/references.bib

@@ -27,23 +27,6 @@
   organization={Springer}
 }
 
-@book{davis2001ipsec,
-  title={IPSec: Securing VPNs},
-  author={Davis, Carlton R},
-  year={2001},
-  publisher={McGraw-Hill Professional}
-}
-
-@article{abbas2023subject,
-  title={Subject review: Intrusion detection system (IDS) and intrusion prevention system (IPS)},
-  author={Abbas, Safana and Naser, Wedad and Kadhim, Amal},
-  journal={Global Journal of Engineering and Technology Advances},
-  volume={2},
-  number={14},
-  pages={155--158},
-  year={2023}
-}
-
 @inproceedings{thomas1997team,
   title={Team-based access control (TMAC) a primitive for applying role-based access controls in collaborative environments},
   author={Thomas, Roshan K},
@@ -52,15 +35,6 @@
   year={1997}
 }
 
-@incollection{ahmad2017hands,
-  title={Hands-on influxdb},
-  author={Ahmad, Khaleel and Ansari, Masroor},
-  booktitle={NoSQL},
-  pages={341--354},
-  year={2017},
-  publisher={Chapman and Hall/CRC}
-}
-
 @inproceedings{zhang2023global,
   author = {Zhang, Yizhe and Dong, Hongying and Nottingham, Alastair and Buchanan, Molly and Brown, Donald E. and Sun, Yixin},
   title = {Global Analysis with Aggregation-based Beaconing Detection across Large Campus Networks},
@@ -125,12 +99,14 @@
     note         = {Accessed: 2024-08-13}
 }
 
-@inproceedings{bilge2012before,
-  title={Before we knew it: an empirical study of zero-day attacks in the real world},
-  author={Bilge, Leyla and Dumitra{\c{s}}, Tudor},
-  booktitle={Proceedings of the 2012 ACM conference on Computer and communications security},
-  pages={833--844},
-  year={2012}
+@article{guo2023review,
+  title={A review of Machine Learning-based zero-day attack detection: Challenges and future directions},
+  author={Guo, Yang},
+  journal={Computer communications},
+  volume={198},
+  pages={175--185},
+  year={2023},
+  publisher={Elsevier}
 }
 
 @article{caputo2013going,
@@ -191,17 +167,6 @@
   organization={IEEE}
 }
 
-@article{borchani2020advanced,
-  title={Advanced malicious beaconing detection through AI},
-  author={Borchani, Yessine},
-  journal={Network Security},
-  volume={2020},
-  number={3},
-  pages={8--14},
-  year={2020},
-  publisher={Elsevier}
-}
-
 @inproceedings{enright2022learning,
   title={A learning-based zero-trust architecture for 6g and future networks},
   author={Enright, Michael A and Hammad, Eman and Dutta, Ashutosh},