From 95ebb045b7bb9020c34a914e70d4d1c6ba04c040 Mon Sep 17 00:00:00 2001
From: Aida Nikkhah Nasab <aida.nikkhah-nasab@stud.th-deg.de>
Date: Wed, 5 Mar 2025 13:54:17 +0100
Subject: [PATCH] update Mastersthesis.pdf and main.tex to improve content
 clarity and remove unnecessary whitespace

---
 .../Nikkhah_Nasab-Aida-Mastersthesis.pdf      | Bin 1597048 -> 1597048 bytes
 Thesis_Docs/main.tex                          |   1 -
 2 files changed, 1 deletion(-)

diff --git a/Thesis_Docs/Nikkhah_Nasab-Aida-Mastersthesis.pdf b/Thesis_Docs/Nikkhah_Nasab-Aida-Mastersthesis.pdf
index 32e01117077c3ce060b585ead9e6a56c1564cf5a..92fdec3f5c8b89ad02c8cec133e21fa617eabd2a 100644
GIT binary patch
delta 150
zcmeydC-KLg#D*5e7N!>F7M2#)7Pc1l7LFFq7OocV7M>Q~7QPn#7J(MQ7NHj57LgXw
z7O@ubEfStV%%;Ys(|v*@6hMsa`9Tr|OwLXw2Bv1lj;^K_W@e_&#>NJgCKg7fZZ3vS
WZsukt299<LHiVRHR|=H~;{*UXCMZ_`

delta 150
zcmeydC-KLg#D*5e7N!>F7M2#)7Pc1l7LFFq7OocV7M>Q~7QPn#7J(MQ7NHj57LgXw
z7O@ubEfStV%tpor(|v*@6hMsa`9Tr|OwJb0j;>}-h8CuVCeBWdu0~F#=1%6O7Usr=
W=4Qrj#^!bkHiVRHR|=H~;{*Uj+9;C%

diff --git a/Thesis_Docs/main.tex b/Thesis_Docs/main.tex
index bf973fb..59511c5 100644
--- a/Thesis_Docs/main.tex
+++ b/Thesis_Docs/main.tex
@@ -278,7 +278,6 @@ Haffey et al. (2018) focused on modeling, analyzing, and characterizing periodic
 
 Recent research has focused on various aspects of enterprise security and malicious activity detection. Oprea et al. (2018) introduced MADE, a security analytics framework designed to enhance threat detection in enterprise environments \cite{oprea2018made} . The framework leverages advanced analytics to detect potential threats by analyzing large volumes of security data, enabling organizations to respond more effectively to cyber incidents. Ukrop et al. (2019) investigated the perception of IT professionals regarding the trustworthiness of TLS certificates, highlighting challenges in assessing certificate legitimacy and its implications for secure communications \cite{ukrop2019will} . In a related study, Vissers et al. (2017) explored the ecosystem of malicious domain registrations within the .eu top-level domain (TLD), providing insights into the strategies used by attackers to exploit domain registration systems for malicious purposes \cite{vissers2017exploring} . Together, these works contribute to the broader understanding of security challenges in modern networks and propose solutions to improve detection and mitigation strategies.
 
-
 \chapter{Methodology}
 The BAYWATCH framework is a comprehensive methodology designed to identify stealthy beaconing behavior in large-scale enterprise networks. Beaconing, a common behavior in malware-infected hosts, involves periodic communication with a command and control (C\&C) infrastructure. Detecting such behavior is challenging due to the presence of legitimate periodic traffic (e.g., software updates, email polling) and the various strategies employed by malware authors to evade detection. The BAYWATCH framework addresses these challenges through an 8-step filtering approach, which iteratively refines and eliminates legitimate traffic to pinpoint malicious beaconing cases. This chapter provides a detailed explanation of each step in the BAYWATCH methodology.
 
-- 
GitLab