diff --git a/Thesis_Docs/Nikkhah_Nasab-Aida-Mastersthesis.pdf b/Thesis_Docs/Nikkhah_Nasab-Aida-Mastersthesis.pdf
index 0e0db41ac515320a8ef05142eac24c5c807c9c75..a7a985310b151049f708989ff1b5dc29d8e6f45f 100644
Binary files a/Thesis_Docs/Nikkhah_Nasab-Aida-Mastersthesis.pdf and b/Thesis_Docs/Nikkhah_Nasab-Aida-Mastersthesis.pdf differ
diff --git a/Thesis_Docs/Nikkhah_Nasab-Aida-Mastersthesis.tex b/Thesis_Docs/Nikkhah_Nasab-Aida-Mastersthesis.tex
index 14dd5d5d96c577fb1d470b0702b7f0e915569325..6ff60dca11c8e503ff7976ff42b737f1fddbfe2b 100644
--- a/Thesis_Docs/Nikkhah_Nasab-Aida-Mastersthesis.tex
+++ b/Thesis_Docs/Nikkhah_Nasab-Aida-Mastersthesis.tex
@@ -102,8 +102,13 @@
 \chapter*{Abstract}
 \addcontentsline{toc}{chapter}{Abstract}
 
-This thesis offers a comprehensive examination of the BAYWATCH framework, an advanced system designed for monitoring, detecting, and analyzing data patterns, applied to both real-world and synthetic datasets. The research delves into the theoretical underpinnings of BAYWATCH, outlining its algorithmic architecture, essential components, and the innovative methods it utilizes for real-time anomaly detection and data pattern recognition. Through a systematic evaluation, the study assesses the framework’s performance in controlled experimental settings and its effectiveness in complex, real-world scenarios. The findings indicate that BAYWATCH not only exhibits robust performance and adaptability across diverse data environments but also reveals significant sensitivity to parameter configurations and noise factors present in live datasets. Furthermore, a comparative analysis with existing methodologies highlights BAYWATCH’s strengths and identifies areas for optimization. The insights gained from this research contribute to a deeper understanding of data monitoring systems and offer practical recommendations for future improvements, thereby advancing the application of intelligent data analysis techniques in both academic research and industry practice.
+In today’s interconnected digital landscape, Advanced Persistent Threats (APTs) exploit stealthy beaconing behavior to evade detection, posing significant risks to enterprise networks. This thesis investigates the performance of the BAYWATCH framework in identifying APTs by analyzing periodic communication patterns within extensive network log data.
 
+The study employs a signal analysis pipeline that combines Fast Fourier Transform (FFT) for frequency-domain detection with autocorrelation function (ACF) for time-domain verification. This dual approach ensures robust identification of periodicities, even under noisy conditions. To systematically evaluate resilience, synthetic datasets with programmable jitter (2–150 seconds) and beacon intervals (10–300 seconds) are generated, alongside validation using real-world enterprise network traces. Key innovations include permutation-based FFT thresholding, bandpass filtering, and frequency-lag correlation, collectively improving detection accuracy while minimizing false positives.
+
+Experiments demonstrate the framework’s efficacy, achieving rapid processing times (less than 10 seconds post-filtering) and reliable detection across diverse scenarios.
+
+This work contributes a scalable, efficient solution for early APT detection, validated in both controlled and operational environments. Future directions include real-time streaming analysis, machine learning integration for anomaly detection, and extension to IoT and cloud infrastructures. The thesis advances proactive cybersecurity strategies, offering a practical tool to safeguard large-scale networks against evolving threats.
 
 \tableofcontents
 
diff --git a/Thesis_Docs/main.tex b/Thesis_Docs/main.tex
index 6d2b53d4664f6c0ff21345ee96279a4410d4f509..bcb1e5d61f9d6dee359f7af0ad2fef8e62dc0bb1 100644
--- a/Thesis_Docs/main.tex
+++ b/Thesis_Docs/main.tex
@@ -496,7 +496,7 @@ The concentration of network activity on a small set of URLs has important impli
 
 Additionally, the distribution of hosts based on unique URLs contacted can help identify anomalies in network behavior. For example, a host that suddenly starts contacting a large number of unique URLs may indicate suspicious activity, such as a compromised device performing reconnaissance or data exfiltration. By establishing a baseline for normal behavior, organizations can more easily detect deviations that may warrant further investigation.
 
-\subsection{Analysis of URL Connections}
+\textbf{Analysis of URL Connections}
 
 After checking the URLs that were reached by these hosts, several conclusions can be drawn regarding the nature and behavior of the hosts: