diff --git a/Thesis_Docs/Nikkhah_Nasab-Aida-Mastersthesis.pdf b/Thesis_Docs/Nikkhah_Nasab-Aida-Mastersthesis.pdf
index 32e01117077c3ce060b585ead9e6a56c1564cf5a..92fdec3f5c8b89ad02c8cec133e21fa617eabd2a 100644
Binary files a/Thesis_Docs/Nikkhah_Nasab-Aida-Mastersthesis.pdf and b/Thesis_Docs/Nikkhah_Nasab-Aida-Mastersthesis.pdf differ
diff --git a/Thesis_Docs/main.tex b/Thesis_Docs/main.tex
index bf973fb47cc04a549588282694257b33f3f9fbd5..59511c5b453fbe5733dc4da88c46ad9c84d874ee 100644
--- a/Thesis_Docs/main.tex
+++ b/Thesis_Docs/main.tex
@@ -278,7 +278,6 @@ Haffey et al. (2018) focused on modeling, analyzing, and characterizing periodic
 
 Recent research has focused on various aspects of enterprise security and malicious activity detection. Oprea et al. (2018) introduced MADE, a security analytics framework designed to enhance threat detection in enterprise environments \cite{oprea2018made} . The framework leverages advanced analytics to detect potential threats by analyzing large volumes of security data, enabling organizations to respond more effectively to cyber incidents. Ukrop et al. (2019) investigated the perception of IT professionals regarding the trustworthiness of TLS certificates, highlighting challenges in assessing certificate legitimacy and its implications for secure communications \cite{ukrop2019will} . In a related study, Vissers et al. (2017) explored the ecosystem of malicious domain registrations within the .eu top-level domain (TLD), providing insights into the strategies used by attackers to exploit domain registration systems for malicious purposes \cite{vissers2017exploring} . Together, these works contribute to the broader understanding of security challenges in modern networks and propose solutions to improve detection and mitigation strategies.
 
-
 \chapter{Methodology}
 The BAYWATCH framework is a comprehensive methodology designed to identify stealthy beaconing behavior in large-scale enterprise networks. Beaconing, a common behavior in malware-infected hosts, involves periodic communication with a command and control (C\&C) infrastructure. Detecting such behavior is challenging due to the presence of legitimate periodic traffic (e.g., software updates, email polling) and the various strategies employed by malware authors to evade detection. The BAYWATCH framework addresses these challenges through an 8-step filtering approach, which iteratively refines and eliminates legitimate traffic to pinpoint malicious beaconing cases. This chapter provides a detailed explanation of each step in the BAYWATCH methodology.