Exposé v0.3

Exposé/bib.bib

@@ -0,0 +1,59 @@
+@inproceedings{antonakakis2011detecting,
+  title={Detecting Malware Domains at the Upper DNS Hierarchy.},
+  author={Antonakakis, Manos and Perdisci, Roberto and Lee, Wenke and Vasiloglou II, Nikolaos and Dagon, David}
+}
+
+@inproceedings{bilge2011exposure,
+  title={EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis.},
+  author={Bilge, Leyla and Kirda, Engin and Kruegel, Christopher and Balduzzi, Marco},
+  booktitle={Ndss},
+  year={2011}
+}
+
+@inproceedings{antonakakis2010building,
+  title={Building a Dynamic Reputation System for DNS.},
+  author={Antonakakis, Manos and Perdisci, Roberto and Dagon, David and Lee, Wenke and Feamster, Nick},
+  booktitle={USENIX security symposium},
+  pages={273--290},
+  year={2010}
+}
+
+@misc{SpamhausBlockingListOnline,
+    author={Spamhaus},
+    title={{SBL. The Spamhaus Project Block List}},
+    month=feb,
+    year={2017},
+    howpublished={\url{https://www.spamhaus.org/sbl/}}
+}
+
+@misc{DNSWLOnline,
+    author={DNSWL},
+    title={{DNS Whitelist Protect against false positives. DNSWL.}},
+    month=feb,
+    year={2017},
+    howpublished={\url{https://www.dnswl.org/}}
+}
+
+@misc{AlexaWebInformationOnline,
+    author={Amazon},
+    title={{Alexa. The web information company}},
+    month=feb,
+    year={2017},
+    howpublished={\url{http://www.alexa.com/}}
+}
+
+@misc{MendeleyDNSReputSystemOnline,
+    author={Mendeley},
+    title={{Mendeley}},
+    month=feb,
+    year={2017},
+    howpublished={\url{https://www.mendeley.com/research-papers/search/?query=dns+reputation+score}}
+}
+
+@misc{GoogleScholarDNSReputSystemOnline,
+    author={Google},
+    title={{Google Scholar}},
+    month=feb,
+    year={2017},
+    howpublished={\url{https://scholar.google.de/scholar?q=dns+reputation+score&btnG=&hl=de&as_sdt=0%2C5}}
+}

Exposé/main.tex

@@ -4,7 +4,7 @@
 
 %Wir verwenden eine DIN-A4-Seite und die Schriftgröße 12.
 \documentclass[a4paper,12pt]{scrartcl}
-\title{Expose Master's thesis Felix Steghofer}
+\title{Exposé Master's thesis Felix Steghofer}
 
 
 %Diese drei Pakete benötigen wir für die Umlaute, Deutsche Silbentrennung etc.
@@ -17,6 +17,7 @@
 \usepackage{sidecap}
 \usepackage{float}
 \usepackage{todonotes}
+\usepackage{mathtools}
 
 %Das Paket erzeugt ein anklickbares Verzeichnis in der PDF-Datei.
 \usepackage[hyphens]{url}
@@ -89,7 +90,7 @@
 %Beginn der Titelseite
 \begin{titlepage}
 \begin{small}
-\vfill {Universität Passau || Siemens CERT || Master's thesis - Expose}
+\vfill {Universität Passau || Siemens CERT || Master's thesis - Exposé}
 \end{small}
 
 
@@ -111,7 +112,7 @@ Evaluation of domain reputation scoring algorithms in the field of IT-Security a
 
 
 %Inhaltsverzeichnis (aktualisiert sich erst nach dem zweiten Setzen)
-\tableofcontents
+%\tableofcontents
 \thispagestyle{empty}
 
 %Beginn einer neuen Seite
@@ -122,8 +123,7 @@ Evaluation of domain reputation scoring algorithms in the field of IT-Security a
 
 \pagestyle{plain}
 
-
-\section{Abstract}
+\section{Introduction}
 The domain name system (DNS) has been one of the corner stones of the internet
 for a long time. It acts as a hierarchical, bidirectional translation device
 between mnemonic domain names and network addresses. It also provides service
@@ -140,19 +140,34 @@ The task of this work is to evaluate existing scoring mechanisms of domains in
 the special context of IT security, and also research the potential for combining
 different measurement approaches. It ultimately shall come up with an improved
 and evaluated algorithm for determining the probability of a domain being
-related to hostile activities.
+related to hostile activities. \\
+
+\section{Exposé}
+For the improved algorithm we want to investigate a couple of approaches. There has already been done some work in related topics so far, with an active research group residing at the Georgia Institute of Technology. Antonakakis et al. have developed two dynamic domain reputation systems based on machine learning. These are shortly introduced first as they can be referred to as the state of the art in the field of \textit{DNS reputation score} as well as the most popular according to Google scholar citations \cite{GoogleScholarDNSReputSystemOnline} and Mendeley read counts \cite{MendeleyDNSReputSystemOnline}.
+
+Notos uses passive monitoring of DNS query data and its idea is described with: 
+\begin{quote}The premise of this system is that malicious, agile use of DNS has unique characteristics and can be distinguished from legitimate, professionally provisioned DNS services \cite{antonakakis2010building}. \end{quote}
+
+Kopis on the other hand is operating in the upper DNS hierarchy and makes use of global DNS query resolution patterns to detect malware related domains with features like the requester diversity, the requester profile or the reputation of involved IPs \cite{antonakakis2011detecting}. For a more detailed overview how Notos and Kopis accomplish this task, see the \nameref{sec:related_work}~section.
+
+A third algorithm has been developed by Bilge et al. \cite{bilge2011exposure} and operates in the same DNS layer as Notos does (passive DNS monitoring) but uses a different feature set to evaluate domains.
+
+Furthermore we have thought of additional parameters that could be taken into account, like the character distribution within the domain name, the device class of the machine the DNS request is originating from (i.e. a PC or an embedded device as determined by passive OS fingerprinting) and many more particularities in the request/response patterns. 
+
+In the first step of this work ($\sim$two months), all previous efforts for labeling domains with a reputation score have to be investigated and evaluated for a succeeding algorithm. The next month or two will be used for the implementation of this algorithm as well as evaluating it on a suitable dataset. In the last step ($\sim$two months), the thesis will be finalized.
 
 
 \section{Related work}
-Malware related dynamic domain reputation systems (Machine Learning approaches):
+\label{sec:related_work}
+Malware related dynamic domain reputation systems (passive DNS request/response monitoring Machine Learning approaches):
 \begin{itemize}
-    \item Notos (passive monitoring of recursive DNS traffic, may not be complete..TODO) \cite{antonakakis2010building}
-    \item Exposure (like Notos, but TODO) \cite{bilge2011exposure}
+    \item Notos (passive monitoring of recursive DNS traffic) \cite{antonakakis2010building}
+    \item Exposure (like Notos, but different feature set) \cite{bilge2011exposure}
     \item Kopis (working in the upper DNS hierarchy) \cite{antonakakis2011detecting}
 \end{itemize}
 
 
-See Figure~\ref{exposure_features} for an example of possible features. (Extracted by Exposure to do the sentiment analysis)
+See Figure~\ref{exposure_features} for an example of possible features. (Extracted by Exposure to do a sentiment analysis) \\
 \begin{figure}[htbp]
 \centering
 \includegraphics[width=.7\textwidth]{exposure_features.png}
@@ -160,27 +175,36 @@ See Figure~\ref{exposure_features} for an example of possible features. (Extract
 \label{exposure_features}
 \end{figure}
 
-In comparison the Features of Kopis:
+\textbf{In comparison, the features of Kopis:}
 
-Statistical Features:
-Qj (d) = (Tj , Rj , d, IPsj ) where
-Tj is the epoch (time of the request/response)
-Rj is the IP of the requests initiator
-d the queried domain and
-IPsj is the set of resolved IPs for this domain as responded
+At first, the following data is extracted out of each DNS request/response pair. \\
+\begin{math}
+Qj (d) = (Tj , Rj , d, IPsj )
+\end{math}
+where \\
+\begin{itemize}
+    \item \textit{Tj} is the epoch (time of the request/response [e.g. on a daily basis])
+    \item \textit{Rj} is the IP of the requests initiator
+    \item \textit{d} the queried domain and
+    \item \textit{IPsj} is the set of resolved IPs for this domain as responded
+\end{itemize}
+
+Using this information, the following features are used to build the reputation score:
 
 \begin{itemize}
     \item Requester Diversity: Where do request originate (overall)
-    \item Requester Profile: Is the requester a single computer or does it itself handle/serve many client (RDNS server of a large ISP). Different profiles can therefor be weighted accordingly
-    \item Resolved-IPs Reputation (IPR): 
+    \item Requester Profile: Is the requester a single computer or does it itself handle/serve many client (RDNS server of a large ISP)? Different profiles can therefor be weighted accordingly.
+    \item Resolved-IPs Reputation (IPR): This basically checks a database for the reputation of all resolved IPs. In detail the following aspects are audited: 
+    \begin{itemize}
+        \item \textit{Malware Evidence}: Average number of know malware related domains that have pointed to that IP in the last month (with respect to the epoch)
+        \item \textit{SBL Evidence} very much like the Malware Evidence but with a external IP spam list (Spamhaus Block List \cite{SpamhausBlockingListOnline})
+        \item \textit{Whitelist Evidence}: Number of IP addresses pointed by known good domains (DNSWL \cite{DNSWLOnline} and top 30 domains according to Alexa \cite{AlexaWebInformationOnline})
+    \end{itemize}
 \end{itemize}
 
 
-Comparing those three systems, Kopis successes for a dynamic, independent and global domain reputation scoring algorithm so far. It uses a supervised machine learning approach where within the training mode it uses a set of sentimentally annotated \textit{malware-related} and \textit{known legitimate} domain names to build a model based on query/response
-patterns that can be used to statistically classify in operational mode.
-
-high detection rates (e.g., 98.4%)
-low false positive rates (e.g., 0.3% or 0.5%)
+Comparing those three systems, Kopis succeeds for a dynamic, independent and global domain reputation scoring algorithm so far. It uses a supervised machine learning approach where within the training mode, a set of sentimentally annotated \textit{malware-related} and \textit{known legitimate} domain names is used to build a model based on query/response
+patterns that can later be used to statistically classify in operational mode. In total numbers it features a high detection rate ($\sim$98.4\%) as well as a low false positive rate ($\sim$0.4\%)
 
 
 %

Thesis/agreement.tex

@@ -0,0 +1,9 @@
+\addchap{Agreement}
+Me \thesisauthor\ \matriculationid\ \art\ blabla TODO at \institute
+
+\location, \today
+
+
+\rule[-0.2cm]{5cm}{0.5pt}
+
+\textsc{\thesisauthor} 

Thesis/appendix.tex

@@ -0,0 +1,15 @@
+\chapter{Appendix}
+\label{sec:Appendix}
+Intro
+
+\section{FooBar}
+\label{sec:FooBar}
+
+
+\section{CD}
+\label{sec:cd}
+
+\dirtree{%
+.1 / \DTcomment{root dir}.
+.2 subdir \DTcomment{sub dir}.
+}

Thesis/bibliography.bib

@@ -0,0 +1,17 @@
+@article{fritz2013highly,
+  title={Highly precise taint analysis for android applications},
+  author={Fritz, Christian and Arzt, Steven and Rasthofer, Siegfried and Bodden, Eric and Bartel, Alexandre and Klein, Jacques and le Traon, Yves and Octeau, Damien and McDaniel, Patrick},
+  journal={EC SPRIDE, TU Darmstadt, Tech. Rep},
+  year={2013}
+}
+
+\begin{comment}
+@booklet{,
+    author={},
+    key={},
+    title={},
+    month={},
+    year={},
+    url={}
+}
+\end{comment}

Thesis/commands.tex

@@ -0,0 +1,39 @@
+% My commands
+
+% simply change font
+\newcommand{\changefont}[3]{\fontfamily{#1} \fontseries{#2} \fontshape{#3} \selectfont}
+
+% shortcuts with correct spacing
+\newcommand{\ua}{\mbox{u.\,a.\ }}
+\newcommand{\zB}{\mbox{z.\,B.\ }}
+\newcommand{\dahe}{\mbox{d.\,h.\ }}
+\newcommand{\Vgl}{Vgl.\ }
+\newcommand{\bzw}{bzw.\ }
+\newcommand{\evtl}{evtl.\ }
+
+\newcommand{\bs}{$\backslash$}
+
+% list element with bold headline
+\newcommand{\itemd}[2]{\item{\textbf{#1}}\\{#2}}
+
+% my cites
+\newcommand{\fsCite}[2][\empty]{\ifthenelse{\equal{#1}{\empty}}{\citep{#2}}{\citep[#1]{#2}}}
+\newcommand{\fsCiteYear}[1]{\citeyear{#1}}
+
+% print authors
+\newcommand{\fsAuthorName}[1]{\textsc{#1}}
+\newcommand{\fsAuthor}[1]{\fsAuthorName{\citeauthor{#1}}}
+
+% misc
+
+\newcommand{\fsInput}[1]{\texttt{#1}}
+\newcommand{\fsCode}[1]{\texttt{#1}}
+\newcommand{\fsFile}[1]{\texttt{#1}}
+\newcommand{\fsDatatype}[1]{\textsf{#1}}
+\newcommand{\fsXML}[1]{\textsf{#1}}
+
+\newcommand{\glossar}{Glossary}
+
+% if you want to change language, redefine \lstlistlistingname here
+%\renewcommand{\lstlistlistingname}{Verzeichnis der Listings}
+

Thesis/content/DNS.tex

@@ -0,0 +1,10 @@
+\chapter{\gls{DNS}}
+\label{cha:Feature_Extraction}
+
+
+\section{something interesting}
+\label{subsec:not_really}
+
+foo
+bar
+

Thesis/content/Introduction.tex

@@ -0,0 +1,27 @@
+\chapter{Introduction}
+\label{cha:Introduction}
+
+
+Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. \gls{API}
+
+Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat.   
+
+\lstinputlisting[language={java}, label=lst:sendImpliciteIntent,caption=Intent - Bild anzeigen]{res/src/sendImpliciteIntent.java}
+
+Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. \fsCite{fritz2013highly}
+
+Nam liber tempor cum soluta nobis eleifend option congue nihil imperdiet doming id quod mazim placerat facer possim assum. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat.   
+
+Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis.   
+
+At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, At accusam aliquyam diam diam dolore dolores duo eirmod eos erat, et nonumy sed tempor et et invidunt justo labore Stet clita ea et gubergren, kasd magna no rebum. sanctus sea sed takimata ut vero voluptua. est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat.   
+
+Consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus.   
+
+Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.   
+
+Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat.   
+
+Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo consequat. Duis autem vel eum iriure dolor in hendrerit in vulputate velit esse molestie consequat, vel illum dolore eu feugiat nulla facilisis at vero eros et accumsan et iusto odio dignissim qui blandit praesent luptatum zzril delenit augue duis dolore te feugait nulla facilisi.   
+
+Nam liber tempor cum soluta nobis eleifend option congue nihil imperdiet doming id quod mazim placerat facer possim assum. Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh euismod tincidunt ut laoreet dolore magna aliquam erat volutpat. Ut wisi enim ad minim veniam, quis nostrud exerci tation ullamcorper suscipit lobortis nisl ut aliquip ex ea commodo

Thesis/content/abstract.tex

@@ -0,0 +1,3 @@
+\section*{Abstract}
+\label{sec:Abstract}
+Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet. Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.

Thesis/cover.tex

@@ -0,0 +1,34 @@
+\thispagestyle{plain}
+\begin{titlepage}
+
+\begin{center}
+
+\huge{\textbf{\fsTitle}}\\[1.5ex]
+\Large{\textbf{\fsSubTitle}}\\[6ex]
+\Large{\textbf{\art}}\\[1.5ex]
+\Large{on the subject of \field}\\[18ex]
+
+\includegraphics[height=100pt]{res/img/Logo_UniPassau_big.jpg}\\[6ex]
+
+\normalsize
+\begin{tabular}{w{5.4cm}p{6cm}}\\
+Submitted by:  & \quad \thesisauthor\\[1.2ex]
+Study field: & \quad \course\\[1.2ex]
+Matriculation number: & \quad \matriculationid\\[1.2ex]
+Primary Reviewer:  & \quad \firstreview\\[1.2ex]
+%Secondary Reviewer: & \quad \secondreview\\[1.2ex]
+Mentor:       & \quad \mentor\\[1.2ex]
+\end{tabular}
+
+\thesisyear\\[9ex]
+
+\end{center}
+
+% Uncomment if copyright should be displayed
+%\newpage
+%\singlespacing
+%\small
+%\noindent \copyright\:\fsCopyright
+
+
+\end{titlepage}

Thesis/glossar.tex

@@ -0,0 +1,11 @@
+\newglossaryentry{API}
+{
+    name={API},
+    description={Application Programming Interface: FooBar}
+}
+
+\newglossaryentry{DNS}
+{
+    name={DNS},
+    description={Domain Name System}
+}

Thesis/hyphenation.tex

@@ -0,0 +1 @@
+% Suggested Hyphenations

Thesis/main.tex

@@ -0,0 +1,121 @@
+% ------------------------------------------------------------------------------
+% Template for thesis
+% ------------------------------------------------------------------------------
+
+% Document Header --------------------------------------------------------------
+%   Template extending koma-script.
+% ------------------------------------------------------------------------------
+\documentclass[
+    11pt, % font size
+    DIV10,
+    ngerman, % for german language
+    a4paper, % paper format
+    oneside, % onepage document
+    titlepage, % use a cover page
+    parskip=half, % padding between paragraphs
+    headings=normal, % decrease size of headlines
+    listof=totoc, % list directories in table of contents
+    bibliography=totoc, % list bibliography in table of contents
+    index=totoc, % list index in table of contents
+    captions=tableheading, % location of table captions below table
+    final % status of document (draft / final)
+]{scrreprt}
+
+
+% Meta informations ------------------------------------------------------------
+%   Static informations like author, institute etc are defined in meta.tex
+% ------------------------------------------------------------------------------
+\input{meta}
+
+% Package dependencies ---------------------------------------------------------
+%   LaTeX-dependencies are defined in packages.tex
+% ------------------------------------------------------------------------------
+\input{packages}
+
+% Create index and glossary ----------------------------------------------------
+\makeindex
+\makeglossaries
+
+% Headlines, margins. ----------------------------------------------------------
+\input{pagestyle}
+
+% My custom hyphenations
+\include{hyphenation}
+
+% My custom LaTeX-commands
+\include{commands}
+
+% Main document ----------------------------------------------------------------
+%   The actual document. The different parts are included and themself defined in tex documents in the content directory.
+% ------------------------------------------------------------------------------
+\begin{document}
+
+
+% Cover and abstract without page numbers
+\ofoot{}
+\include{cover}
+\include{content/abstract}
+\ofoot{\pagemark}
+
+% Paging -----------------------------------------------------------------------
+%   Main sections with capital roman numbering
+% ------------------------------------------------------------------------------
+\pagenumbering{Roman}
+
+% Table of content depth
+\setcounter{secnumdepth}{1}
+\setcounter{tocdepth}{1}
+
+\tableofcontents
+
+% Glossary ---------------------------------------------------------------------
+\input{glossar}
+% Correct headline in header
+\clearpage\markboth{\glossar}{\glossar} 
+\printglossaries
+\label{sec:glossar}
+
+
+\listoffigures
+\listoftables
+
+\lstlistoflistings
+
+% arabic paging in main content ------------------------------------------------
+\clearpage
+\pagenumbering{arabic}
+
+% Main content
+% include each chapter here
+%
+\input{content/Introduction}
+\input{content/DNS}
+
+
+\clearpage
+
+% Appendix ---------------------------------------------------------------------
+%   Appendix is included like main content in appendix.tex
+% ------------------------------------------------------------------------------
+\begin{appendix}
+    \pagenumbering{roman}
+    % Adjust margin in table listings
+    \setdefaultleftmargin{1em}{}{}{}{}{}
+    \input{appendix}
+\end{appendix}
+
+% Bibliography -----------------------------------------------------------------
+%   Bibliography is created using bibliography.bib
+% ------------------------------------------------------------------------------
+\bibliography{bibliography} % Call: bibtex main
+\bibliographystyle{natdin} % DIN style of bibliography
+
+\include{agreement}
+
+
+% Index ------------------------------------------------------------------------
+%   Uncomment if index should be printed
+% ------------------------------------------------------------------------------
+%\printindex
+
+\end{document}

Thesis/meta.tex

@@ -0,0 +1,20 @@
+% Meta information -----------------------------------------------------------
+%   Global definitions that can be used in document
+% ------------------------------------------------------------------------------
+\usepackage[utf8]{inputenc}
+\newcommand{\fsTitle}{Title}
+\newcommand{\fsSubTitle}{Subtitle}
+\newcommand{\art}{Master's thesis}
+\newcommand{\field}{IT-Security}
+\newcommand{\thesisauthor}{Felix Steghofer}
+\newcommand{\course}{Informatik}
+\newcommand{\matriculationid}{61443}
+\newcommand{\firstreview}{Prof. Dr. rer. nat. Joachim Posegga}
+\newcommand{\secondreview}{Prof. Dr. }
+\newcommand{\mentor}{Thomas Penteker}
+\newcommand{\location}{Passau}
+\newcommand{\thesisyear}{2017}
+%change to res/img/Logo_UniPassau_small_bw.png for a black and white version
+\newcommand{\logo}{res/img/Logo_UniPassau_small.png}
+\newcommand{\institute}{Universität Passau}
+\newcommand{\fsCopyright}{Copyright?}

Thesis/natbib.cfg

@@ -0,0 +1,14 @@
+% in dieser Datei wird das Aussehen der Zitate und des Literaturverzeichnisses definiert
+
+\newcommand{\bibstyle@natdin}%
+     {\bibpunct{[}{]}{;}{a}{}{,~} % Quellenangaben in eckige Klammern fassen
+     % nach dieser Definition wird das label (dinatlabel) fett geschrieben, dann Zeilenumbruch;
+     % darunter der bibliographische Beleg
+     \gdef\NAT@biblabelnum##1{\textbf{##1}\\}}
+
+\bibstyle@natdin
+
+% Einzug der Belege nach der Einordnungsmarke
+\setlength{\bibhang}{7mm}
+
+

Thesis/packages.tex

@@ -0,0 +1,137 @@
+
+\usepackage[
+    automark, % Kapitelangaben in Kopfzeile automatisch erstellen
+    headsepline, % Trennlinie unter Kopfzeile
+    ilines % Trennlinie linksbündig ausrichten
+]{scrpage2}
+
+% My language ------------------------------------------------------------------
+\usepackage[ngerman, english]{babel}
+%\usepackage[ngerman]{babel}
+
+% Umlauts ----------------------------------------------------------------------
+%   Allow direct usage of umlauts
+% ------------------------------------------------------------------------------
+\usepackage[utf8]{inputenc}
+\usepackage[T1]{fontenc}
+\usepackage{textcomp} % Euro sign etc.
+
+% Font -------------------------------------------------------------------------
+\usepackage{lmodern} % enhance fonts
+\usepackage{relsize} % relative font size
+\usepackage{ulem} % underline strikethrough
+
+% Graphics ---------------------------------------------------------------------
+% Allow JPG
+\usepackage[dvips,final]{graphicx}
+% Location of resources
+\graphicspath{{res/img}}
+
+% Commands from AMSTeX for mathematical signs e.g. \boldsymbol \mathbb ---------
+\usepackage{amsmath,amsfonts}
+
+% print index \printindex ------------------------------------------------------
+\usepackage{makeidx}
+
+% Simple definition of row and page margins etc --------------------------------
+\usepackage{setspace}
+\usepackage{geometry}
+
+% Float pictures ---------------------------------------------------------------
+\usepackage{floatflt}
+
+% Filesystem representation
+\usepackage{dirtree}
+
+% include source code etc. -----------------------------------------------------
+\usepackage{listings}
+\usepackage{xcolor}
+
+% define e.g. \todo und \listoftodos -------------------------------------------
+\usepackage{todonotes}
+
+% Optimize your compilation for color based monitors (e.g. web) or print b/w ---
+
+% WEB
+\definecolor{colKeys}{rgb}{0,0,1}
+\definecolor{colIdentifier}{rgb}{0,0,0}
+\definecolor{colComments}{rgb}{1,0,0}
+\definecolor{colString}{rgb}{0,0.5,0}
+\definecolor{light-gray}{cmyk}{0,0,0,0.6}
+
+% PRINT dont forget to change icon in meta, and pdf config
+%\definecolor{colKeys}{cmyk}{0,0,0,1}
+%\definecolor{colIdentifier}{cmyk}{0,0,0,1}
+%\definecolor{colComments}{cmyk}{0,0,0,1}
+%\definecolor{colString}{cmyk}{0,0,0,1}
+%\definecolor{light-gray}{cmyk}{0,0,0,0.6}
+
+% Link url, break urls etc. ----------------------------------------------------
+\usepackage{url}
+
+% Correctly cite ---------------------------------------------------------------
+\usepackage[square]{natbib}
+
+\usepackage{caption}
+
+% Pdf options ------------------------------------------------------------------
+\usepackage[
+    bookmarks,
+    bookmarksopen=true,
+    colorlinks=true,
+% Color defintions for urls in pdf
+    %linkcolor=red, % Internal link
+    %anchorcolor=black,% Anchortext
+    %citecolor=blue, % Reference bibliography entries
+    %filecolor=magenta, % References to local files
+    %menucolor=red, % Acrobat menu entries
+    %urlcolor=cyan, 
+% Color definitions for print (everything black)
+    linkcolor=black, % Internal link
+    anchorcolor=black, % Anchortext
+    citecolor=black, % Reference bibliography entries
+    filecolor=black, % References to local files
+    menucolor=black, % Acrobat menu entries
+    urlcolor=black, 
+% ende Farbdef
+    backref,
+    plainpages=false, % Correct bookmarks
+    pdfpagelabels, % Correct bookmarks
+    hypertexnames=false, % Correct bookmarks
+    linktocpage % Link page numbers instead of text in table of contents
+]{hyperref}
+
+\hypersetup{
+    pdftitle={\fsTitle \fsSubTitle},
+    pdfauthor={\thesisauthor},
+    pdfcreator={\thesisauthor},
+    pdfsubject={\fsTitle \fsSubTitle},
+    pdfkeywords={\fsTitle \fsSubTitle},
+}
+
+% Glossary  --------------------------------------------------------------------
+%  
+%   Glossary is defined in glossar.tex
+% ------------------------------------------------------------------------------
+\usepackage[xindy,toc]{glossaries}
+
+% progressive numbering of footnotes -------------------------------------------
+\usepackage{chngcntr}
+
+% Long tables ------------------------------------------------------------------
+\usepackage{booktabs}
+\usepackage{longtable}
+\usepackage{array}
+\usepackage{ragged2e}
+\usepackage{lscape}
+
+% Columndefinitions with defined width and aligned right -----------------------
+\newcolumntype{w}[1]{>{\raggedleft\hspace{0pt}}p{#1}}
+
+% format if lists --------------------------------------------------------------
+\usepackage{paralist}
+
+% defined your own commands
+\usepackage{ifthen}
+
+\usepackage{xspace}

Thesis/pagestyle.tex

@@ -0,0 +1,65 @@
+% Row margin 1.5 rows ----------------------------------------------------------
+\onehalfspacing
+
+% Page margins -----------------------------------------------------------------
+\setlength{\topskip}{\ht\strutbox} % Avoid warnings of geography
+\geometry{paper=a4paper,left=35mm,right=35mm,top=30mm}
+
+% Header and footer ------------------------------------------------------------
+\pagestyle{scrheadings}
+% Header and footer also on first chapter page ---------------------------------
+\renewcommand*{\chapterpagestyle}{scrheadings} 
+% Schriftform der Kopfzeile
+\renewcommand{\headfont}{\normalfont}
+
+% Header -----------------------------------------------------------------------
+\ihead{\normalsize{\textsc{\fsTitle}}\\ \textit{\headmark}}
+\chead{}
+\ohead{\includegraphics[scale=0.08]{\logo}}
+\setlength{\headheight}{21mm} % Header height
+
+\setheadwidth[0pt]{textwithmarginpar} 
+\setheadsepline[text]{0.4pt} % Separator line above header ---------------------
+
+% Footer
+\ifoot{}%\title}
+\cfoot{}
+\ofoot{\pagemark}
+
+% More space after dot
+\frenchspacing 
+
+% Avoid orphans and widoww
+\clubpenalty = 10000
+\widowpenalty = 10000 
+\displaywidowpenalty = 10000
+
+% Source code formatting
+\lstset{
+    float=htbp,
+    basicstyle=\ttfamily\color{black}\small\smaller,
+    identifierstyle=\color{colIdentifier},
+    keywordstyle=\color{colKeys},
+    stringstyle=\color{colString},
+    commentstyle=\color{colComments},
+    columns=flexible,
+    tabsize=2,
+    xleftmargin=3.5pt,
+    frame=single,
+    rulecolor=\color{black},
+    extendedchars=true,
+    showspaces=false,
+    showstringspaces=false,
+    numbers=left,
+    numberstyle=\tiny,
+    numbersep=5pt,
+    breaklines=true,
+    breakautoindent=true
+}
+
+\DeclareCaptionFont{white}{\color{white}}
+\DeclareCaptionFormat{listing}{\colorbox{light-gray}{\parbox{\linewidth-2.5pt}{#1#2#3}}}
+\captionsetup[lstlisting]{format=listing,labelfont=white,textfont=white, belowskip=5pt, position=t, aboveskip=10pt}
+
+% Progressice numbering of foot notes
+\counterwithout{footnote}{chapter}

Thesis/res/src/sendImpliciteIntent.java

@@ -0,0 +1,6 @@
+File myFile = new File("path/to/image.jpg");
+URI imageUri = Uri.fromFile(myFile);
+Intent intent = new Intent();
+intent.setAction(Intent.ACTION_VIEW);
+intent.setDataAndType(imageUri, "image/jpeg");
+startActivity(intent);

bib.bib

@@ -1,19 +0,0 @@
-@inproceedings{antonakakis2011detecting,
-  title={Detecting Malware Domains at the Upper DNS Hierarchy.},
-  author={Antonakakis, Manos and Perdisci, Roberto and Lee, Wenke and Vasiloglou II, Nikolaos and Dagon, David}
-}
-
-@inproceedings{bilge2011exposure,
-  title={EXPOSURE: Finding Malicious Domains Using Passive DNS Analysis.},
-  author={Bilge, Leyla and Kirda, Engin and Kruegel, Christopher and Balduzzi, Marco},
-  booktitle={Ndss},
-  year={2011}
-}
-
-@inproceedings{antonakakis2010building,
-  title={Building a Dynamic Reputation System for DNS.},
-  author={Antonakakis, Manos and Perdisci, Roberto and Dagon, David and Lee, Wenke and Feamster, Nick},
-  booktitle={USENIX security symposium},
-  pages={273--290},
-  year={2010}
-}