Added partial motivation section

docs/bibliography/bibliography.bib

@@ -0,0 +1,21 @@
+%%INTRODUCTION
+
+@report{ransomware_paloalto,
+	institution = {Palo Alto Networks},
+	title = {Ransomware Threat Report 2022},
+	url = {https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/2022-unit42-ransomware-threat-report-final.pdf}
+},
+
+@report{ransomware_pwc,
+	institution = {PricewaterhouseCoopers},
+	title = {Cyber Threats 2021: A year in Retrospect},
+	url = {https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf}
+},
+
+@report{rootkit_ptsecurity,
+	institution = {Positive Technologies},
+	title = {Rootkits: evolution and detection methods},
+	date = {2021-11-03},
+	url = {https://www.ptsecurity.com/ww-en/analytics/rootkits-evolution-and-detection-methods/}
+}
+

docs/bibliography/texput.log

@@ -1,4 +1,4 @@
-This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27)  27 APR 2022 20:08
+This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27)  20 MAY 2022 20:22
 entering extended mode
  restricted \write18 enabled.
  %&-line parsing enabled.

docs/document.aux

@@ -23,27 +23,34 @@
 \@writefile{lot}{\boolfalse {citerequest}\boolfalse {citetracker}\boolfalse {pagetracker}\boolfalse {backtracker}\relax }
 \abx@aux@refcontext{none/global//global/global}
 \babel@aux{english}{}
+\abx@aux@cite{ransomware_pwc}
+\abx@aux@segm{0}{0}{ransomware_pwc}
 \@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {1}Introduction}{1}{chapter.1}\protected@file@percent }
 \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
 \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
 \@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {1.1}Motivation}{1}{section.1.1}\protected@file@percent }
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {1.2}Objectives}{1}{section.1.2}\protected@file@percent }
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {1.3}Regulatory framework}{1}{section.1.3}\protected@file@percent }
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {1.3.1}Social and economic environment}{1}{subsection.1.3.1}\protected@file@percent }
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {1.3.2}Budget}{1}{subsection.1.3.2}\protected@file@percent }
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {2}State of the Art}{2}{chapter.2}\protected@file@percent }
+\abx@aux@cite{rootkit_ptsecurity}
+\abx@aux@segm{0}{0}{rootkit_ptsecurity}
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {1.2}Objectives}{2}{section.1.2}\protected@file@percent }
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {section}{\numberline {1.3}Regulatory framework}{2}{section.1.3}\protected@file@percent }
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {1.3.1}Social and economic environment}{2}{subsection.1.3.1}\protected@file@percent }
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {subsection}{\numberline {1.3.2}Budget}{2}{subsection.1.3.2}\protected@file@percent }
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {2}State of the Art}{3}{chapter.2}\protected@file@percent }
 \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
 \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {3}Methods??}{3}{chapter.3}\protected@file@percent }
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {3}Methods??}{4}{chapter.3}\protected@file@percent }
 \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
 \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {4}Results}{4}{chapter.4}\protected@file@percent }
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {4}Results}{5}{chapter.4}\protected@file@percent }
 \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
 \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {5}Conclusion and future work}{5}{chapter.5}\protected@file@percent }
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{\numberline {5}Conclusion and future work}{6}{chapter.5}\protected@file@percent }
 \@writefile{lof}{\defcounter {refsection}{0}\relax }\@writefile{lof}{\addvspace {10\p@ }}
 \@writefile{lot}{\defcounter {refsection}{0}\relax }\@writefile{lot}{\addvspace {10\p@ }}
-\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{Bibliography}{}{chapter.5}\protected@file@percent }
-\abx@aux@read@bbl@mdfivesum{F7F239C736CF01AC6CE7BD829F9B3C7B}
+\@writefile{toc}{\defcounter {refsection}{0}\relax }\@writefile{toc}{\contentsline {chapter}{Bibliography}{7}{chapter.5}\protected@file@percent }
+\abx@aux@read@bbl@mdfivesum{06B912EE459FE111D955FBA417607BD1}
+\abx@aux@refcontextdefaultsdone
+\abx@aux@defaultrefcontext{0}{ransomware_pwc}{none/global//global/global}
+\abx@aux@defaultrefcontext{0}{rootkit_ptsecurity}{none/global//global/global}
 \ttl@finishall
-\gdef \@abspage@last{19}
+\gdef \@abspage@last{23}

docs/document.bbl

@@ -16,5 +16,44 @@
   {}
 \endgroup
 
+
+\refsection{0}
+  \datalist[entry]{none/global//global/global}
+    \entry{ransomware_pwc}{report}{}
+      \list{institution}{1}{%
+        {PricewaterhouseCoopers}%
+      }
+      \field{sortinit}{1}
+      \field{sortinithash}{50c6687d7fc80f50136d75228e3c59ba}
+      \field{labeltitlesource}{title}
+      \field{title}{Cyber Threats 2021: A year in Retrospect}
+      \verb{urlraw}
+      \verb https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
+      \endverb
+      \verb{url}
+      \verb https://www.pwc.com/gx/en/issues/cybersecurity/cyber-threat-intelligence/cyber-year-in-retrospect/yir-cyber-threats-report-download.pdf
+      \endverb
+    \endentry
+    \entry{rootkit_ptsecurity}{report}{}
+      \list{institution}{1}{%
+        {Positive Technologies}%
+      }
+      \field{sortinit}{2}
+      \field{sortinithash}{ed39bb39cf854d5250e95b1c1f94f4ed}
+      \field{labeltitlesource}{title}
+      \field{day}{3}
+      \field{month}{11}
+      \field{title}{Rootkits: evolution and detection methods}
+      \field{year}{2021}
+      \field{dateera}{ce}
+      \verb{urlraw}
+      \verb https://www.ptsecurity.com/ww-en/analytics/rootkits-evolution-and-detection-methods/
+      \endverb
+      \verb{url}
+      \verb https://www.ptsecurity.com/ww-en/analytics/rootkits-evolution-and-detection-methods/
+      \endverb
+    \endentry
+  \enddatalist
+\endrefsection
 \endinput
 

docs/document.bcf

@@ -2348,6 +2348,8 @@
     <bcf:datasource type="file" datatype="bibtex" glob="false">bibliography/bibliography.bib</bcf:datasource>
   </bcf:bibdata>
   <bcf:section number="0">
+    <bcf:citekey order="1">ransomware_pwc</bcf:citekey>
+    <bcf:citekey order="2">rootkit_ptsecurity</bcf:citekey>
   </bcf:section>
   <!-- SORTING TEMPLATES -->
   <bcf:sortingtemplate name="none">

docs/document.blg

@@ -1,9 +1,18 @@
 [0] Config.pm:311> INFO - This is Biber 2.16
 [0] Config.pm:314> INFO - Logfile is 'document.blg'
-[58] biber:340> INFO - === Wed Apr 27, 2022, 21:49:29
+[58] biber:340> INFO - === Fri May 20, 2022, 21:19:02
 [70] Biber.pm:415> INFO - Reading 'document.bcf'
-[138] Biber.pm:952> INFO - Found 0 citekeys in bib section 0
-[144] Utils.pm:384> WARN - The file 'document.bcf' does not contain any citations!
-[152] bbl.pm:654> INFO - Writing 'document.bbl' with encoding 'UTF-8'
-[152] bbl.pm:757> INFO - Output to document.bbl
-[153] Biber.pm:128> INFO - WARNINGS: 1
+[138] Biber.pm:952> INFO - Found 2 citekeys in bib section 0
+[152] Biber.pm:4340> INFO - Processing section 0
+[160] Biber.pm:4531> INFO - Looking for bibtex format file 'bibliography/bibliography.bib' for section 0
+[161] bibtex.pm:1689> INFO - LaTeX decoding ...
+[163] bibtex.pm:1494> INFO - Found BibTeX data source 'bibliography/bibliography.bib'
+[190] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ziL5/f4d088b3f9f145b5c3058da33afd57d4_89896.utf8, line 9, warning: 1 characters of junk seen at toplevel
+[191] Utils.pm:384> WARN - BibTeX subsystem: /tmp/biber_tmp_ziL5/f4d088b3f9f145b5c3058da33afd57d4_89896.utf8, line 15, warning: 1 characters of junk seen at toplevel
+[199] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'normalization = NFD' with 'normalization = prenormalized'
+[199] UCollate.pm:68> INFO - Overriding locale 'en-US' defaults 'variable = shifted' with 'variable = non-ignorable'
+[199] Biber.pm:4168> INFO - Sorting list 'none/global//global/global' of type 'entry' with template 'none' and locale 'en-US'
+[199] Biber.pm:4174> INFO - No sort tailoring available for locale 'en-US'
+[204] bbl.pm:654> INFO - Writing 'document.bbl' with encoding 'UTF-8'
+[205] bbl.pm:757> INFO - Output to document.bbl
+[205] Biber.pm:128> INFO - WARNINGS: 2

docs/document.fdb_latexmk

@@ -1,14 +1,16 @@
 # Fdb version 3
-["biber document"] 1651110568 "document.bcf" "document.bbl" "document" 1652661884
-  "document.bcf" 1652661884 106224 da8582ad46a2e9ef51d4a6aef61fa821 "pdflatex"
+["biber document"] 1653095942 "document.bcf" "document.bbl" "document" 1653095945
+  "bibliography/bibliography.bib" 1653092614 766 09ec68d5fc14d72b3af96f6127cd94b1 ""
+  "document.bcf" 1653095944 106340 83305561fc186c7c1b66144e110833f4 "pdflatex"
   (generated)
-  "document.blg"
   "document.bbl"
-["pdflatex"] 1652661883 "document.tex" "document.pdf" "document" 1652661884
+  "document.blg"
+["pdflatex"] 1653095944 "document.tex" "document.pdf" "document" 1653095945
   "/etc/texmf/web2c/texmf.cnf" 1651100307 475 c0e671620eb5563b2130f56340a5fde8 ""
   "/usr/share/texlive/texmf-dist/fonts/enc/dvips/base/8r.enc" 1165713224 4850 80dc9bab7f31fb78a000ccfed0e27cab ""
   "/usr/share/texlive/texmf-dist/fonts/map/fontname/texfonts.map" 1577235249 3524 cb3e574dea2d1052e39280babc910dc8 ""
   "/usr/share/texlive/texmf-dist/fonts/tfm/public/cm/cmr12.tfm" 1136768653 1288 655e228510b4c2a1abe905c368440826 ""
+  "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/rtcxr.tfm" 1136768653 1368 7af309acf53bb727783600185f629f47 ""
   "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/rtxb.tfm" 1136768653 1020 c53143d3e3747b5c1149bd9a5ecd7b55 ""
   "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/rtxbss.tfm" 1136768653 952 8af6d4411025237a8a19c5fe76c48519 ""
   "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/rtxphvb.tfm" 1136768653 4548 1ffa7e4f8cec4f54428bd6e887feff07 ""
@@ -24,6 +26,21 @@
   "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/t1xr.tfm" 1136768653 6716 6d25a377562601272906e3bfe6b2817a ""
   "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/t1xss.tfm" 1136768653 7096 d4068737d849c31bd955cec162cc9c1f ""
   "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/t1xsssl.tfm" 1136768653 7320 442528840b39263f05b2bb9418cb055c ""
+  "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/t1xtt.tfm" 1136768653 1384 8943063000d26272532f74ca134dfecd ""
+  "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/tcxr.tfm" 1136768653 1468 26982ed5d4aefc6c98ed466c7d6869d8 ""
+  "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txex.tfm" 1136768653 1080 b674b4ba143004461509a754a0984b67 ""
+  "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txexa.tfm" 1136768653 688 f56006d6e56f46e63d9f63252958b828 ""
+  "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txi.tfm" 1136768653 2584 cf4a6a7c2a518d47468fe29ef0913ba0 ""
+  "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txmi.tfm" 1232065820 1944 f854e259cb2839e49d4aa2949544a6e1 ""
+  "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txmia.tfm" 1136768653 1180 72784d0ee5a983fba99a0986b31b0493 ""
+  "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txr.tfm" 1136768653 2408 aec793a3c45e495f7ad15b227c91f508 ""
+  "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txsy.tfm" 1136768653 1268 1d124f224979493f8fd017a7597ea1cd ""
+  "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txsya.tfm" 1136768653 972 2c9ffac4bbd20f91c01aaef9bf3f8710 ""
+  "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txsyb.tfm" 1136768653 988 098ca7e8cc5647b9ac21b82dbdce1f01 ""
+  "/usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txsyc.tfm" 1136768653 1084 75e807e9e71f7a312e4e1187dce5e93b ""
+  "/usr/share/texlive/texmf-dist/fonts/type1/public/txfonts/rtcxr.pfb" 1136849748 14606 238072bd1ce11e3dff8451a5a2608194 ""
+  "/usr/share/texlive/texmf-dist/fonts/type1/public/txfonts/rtxr.pfb" 1136849748 6339 e2b78706efdc360ee6aec9b6e20211a7 ""
+  "/usr/share/texlive/texmf-dist/fonts/type1/public/txfonts/t1xtt.pfb" 1136849748 26301 f08b3c26ea42c3177a262c2ac37d6a91 ""
   "/usr/share/texlive/texmf-dist/fonts/type1/urw/helvetic/uhvb8a.pfb" 1136849748 35941 f27169cc74234d5bd5e4cca5abafaabb ""
   "/usr/share/texlive/texmf-dist/fonts/type1/urw/helvetic/uhvr8a.pfb" 1136849748 44648 23115b2a545ebfe2c526c3ca99db8b95 ""
   "/usr/share/texlive/texmf-dist/fonts/type1/urw/times/utmb8a.pfb" 1136849748 44729 811d6c62865936705a31c797a1d5dada ""
@@ -33,6 +50,7 @@
   "/usr/share/texlive/texmf-dist/fonts/vf/public/txfonts/t1xr.vf" 1136768653 2140 99e5b3a34695df6221a167ffa8b498d6 ""
   "/usr/share/texlive/texmf-dist/fonts/vf/public/txfonts/t1xss.vf" 1136768653 2140 1f9dbe1be7b322ce3d2dc5796a8e88ed ""
   "/usr/share/texlive/texmf-dist/fonts/vf/public/txfonts/t1xsssl.vf" 1136768653 2148 3b03d03d82cf6e8c21b92d2903f15dc8 ""
+  "/usr/share/texlive/texmf-dist/fonts/vf/public/txfonts/tcxr.vf" 1136768653 988 4f41b8c123e4537adb7f2dbb638d2981 ""
   "/usr/share/texlive/texmf-dist/tex/context/base/mkii/supp-pdf.mkii" 1461363279 71627 94eb9990bed73c364d7f53f960cc8c5b ""
   "/usr/share/texlive/texmf-dist/tex/generic/atbegshi/atbegshi.sty" 1575674566 24708 5584a51a7101caf7e6bbf1fc27d8f7b1 ""
   "/usr/share/texlive/texmf-dist/tex/generic/babel-english/english.ldf" 1496785618 7008 9ff5fdcc865b01beca2b0fe4a46231d4 ""
@@ -153,10 +171,17 @@
   "/usr/share/texlive/texmf-dist/tex/latex/txfonts/omltxmi.fd" 1137111002 492 e7f8afe4428797548d4301de03a1b15f ""
   "/usr/share/texlive/texmf-dist/tex/latex/txfonts/omstxsy.fd" 1137111002 329 6ac7e19535b9f1d64e4d8e3f77dc30a3 ""
   "/usr/share/texlive/texmf-dist/tex/latex/txfonts/omxtxex.fd" 1137111002 312 11fe1916b0a13a81a05234a6fc7f8738 ""
+  "/usr/share/texlive/texmf-dist/tex/latex/txfonts/ot1txr.fd" 1137111002 1271 4e3afbd8e832f2f9c7f064894e6e68e4 ""
   "/usr/share/texlive/texmf-dist/tex/latex/txfonts/t1txr.fd" 1137111002 1242 cbf8a0d4f750f9833a0bfb05fb39f1cb ""
   "/usr/share/texlive/texmf-dist/tex/latex/txfonts/t1txss.fd" 1137111002 1362 13e59690199f58f0836298f1c5f460eb ""
+  "/usr/share/texlive/texmf-dist/tex/latex/txfonts/t1txtt.fd" 1137111002 1324 7b6c95370a64cd8c7620cbefefb53dba ""
+  "/usr/share/texlive/texmf-dist/tex/latex/txfonts/ts1txr.fd" 1137111002 1278 7b91d84c3d8b7d0dd9e34d557ca00ff0 ""
   "/usr/share/texlive/texmf-dist/tex/latex/txfonts/txfonts.sty" 1206746551 50381 d367461010070c7a491b1f6979ab2062 ""
   "/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxexa.fd" 1137111002 310 1b00b0b05685b816e4c6caccce437e0d ""
+  "/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxmia.fd" 1137111002 334 87436a82076ca2e35cd305f852507afc ""
+  "/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsya.fd" 1137111002 310 cee07e4964749ccbc77d84fc49726a79 ""
+  "/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyb.fd" 1137111002 310 8c5467c8932c259af51b0f116c9734bd ""
+  "/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyc.fd" 1137111002 310 4b5d6fe830337242ef847b3bff48ba21 ""
   "/usr/share/texlive/texmf-dist/tex/latex/url/url.sty" 1388531844 12796 8edb7d69a20b857904dd0ea757c14ec9 ""
   "/usr/share/texlive/texmf-dist/tex/latex/xcolor/xcolor.sty" 1463002160 55589 34128738f682d033422ca125f82e5d62 ""
   "/usr/share/texlive/texmf-dist/tex/latex/xmpincl/xmpincl.sty" 1210504720 2846 ba6fcee8a9557055874a16b76a0c5f4b ""
@@ -164,25 +189,25 @@
   "/usr/share/texmf/web2c/texmf.cnf" 1613593815 38841 799d1dd9682a55ce442e10c99777ecc1 ""
   "/var/lib/texmf/fonts/map/pdftex/updmap/pdftex.map" 1651100317 128028 f533b797fba58d231669ea19e894e23e ""
   "/var/lib/texmf/web2c/pdftex/pdflatex.fmt" 1651100326 1334284 230f0b70f00981bccbdb458564f1009e ""
-  "document.aux" 1652661884 3980 ac8560383567190d4c9935da62bc328a "pdflatex"
-  "document.bbl" 1651111207 466 f7f239c736cf01ac6ce7bd829f9b3c7b "biber document"
-  "document.lof" 1652661884 419 65e977773db8f33e78f36376c2ad29c2 "pdflatex"
-  "document.lot" 1652661884 419 65e977773db8f33e78f36376c2ad29c2 "pdflatex"
-  "document.out" 1652661884 645 22937790bee0f30769157dc04627a687 "pdflatex"
-  "document.run.xml" 1652661884 2445 b409c18254f7f5782630d13a05948f21 "pdflatex"
-  "document.tex" 1651111039 7290 7ef711fa5c6c0324b653cdfc2027fb58 ""
-  "document.toc" 1652661884 1328 870a9e1b750dca8c61fbc67ab6e4c40a "pdflatex"
+  "document.aux" 1653095944 4305 28f1ef1486041d38fe3222215f27bd15 "pdflatex"
+  "document.bbl" 1653095942 1903 06b912ee459fe111d955fba417607bd1 "biber document"
+  "document.lof" 1653095944 419 65e977773db8f33e78f36376c2ad29c2 "pdflatex"
+  "document.lot" 1653095944 419 65e977773db8f33e78f36376c2ad29c2 "pdflatex"
+  "document.out" 1653095944 645 22937790bee0f30769157dc04627a687 "pdflatex"
+  "document.run.xml" 1653095944 2445 b409c18254f7f5782630d13a05948f21 "pdflatex"
+  "document.tex" 1653095911 12133 218b36bd219171d09644622cdc0d0b49 ""
+  "document.toc" 1653095944 1329 daebe7d2e5303951de100f07e19de20e "pdflatex"
   "images//Portada_Logo.png" 1651111039 22996 c527860321fd85a49ffef78eb664cfb0 ""
   "images/creativecommons.png" 1651111039 20748 2d1005dcab1cdcb889ee17a8f3b8cbcb ""
-  "pdfa.xmpi" 1652661883 5042 d5270473cb48dba0b64f7f9ed4b3e65c "pdflatex"
+  "pdfa.xmpi" 1653095944 5042 bc88ba8ea8d65c0809b1b834aadbdbb1 "pdflatex"
   (generated)
-  "document.bcf"
-  "document.lof"
   "pdfa.xmpi"
-  "document.aux"
-  "document.toc"
+  "document.bcf"
   "document.out"
-  "document.pdf"
   "document.log"
+  "document.pdf"
+  "document.aux"
+  "document.lof"
   "document.run.xml"
   "document.lot"
+  "document.toc"

docs/document.fls

@@ -1186,12 +1186,77 @@ INPUT ./document.lot
 INPUT document.lot
 INPUT document.lot
 OUTPUT document.lot
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/ts1txr.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/ts1txr.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/ts1txr.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/ts1txr.fd
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/tcxr.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/vf/public/txfonts/tcxr.vf
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/rtcxr.tfm
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/t1txtt.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/t1txtt.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/t1txtt.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/t1txtt.fd
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/t1xtt.tfm
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/ot1txr.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/ot1txr.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/ot1txr.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/ot1txr.fd
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txr.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txr.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txr.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txmi.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txmi.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txmi.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txsy.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txsy.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txsy.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txex.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txex.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txex.tfm
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsya.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsya.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsya.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsya.fd
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txsya.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txsya.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txsya.tfm
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyb.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyb.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyb.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyb.fd
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txsyb.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txsyb.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txsyb.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txi.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txi.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txi.tfm
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/utxmia.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/utxmia.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/utxmia.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/utxmia.fd
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txmia.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txmia.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txmia.tfm
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyc.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyc.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyc.fd
+INPUT /usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyc.fd
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txsyc.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txsyc.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txsyc.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txexa.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txexa.tfm
+INPUT /usr/share/texlive/texmf-dist/fonts/tfm/public/txfonts/txexa.tfm
 INPUT document.aux
 INPUT ./document.out
 INPUT ./document.out
 INPUT document.run.xml
 OUTPUT document.run.xml
 INPUT /usr/share/texlive/texmf-dist/fonts/enc/dvips/base/8r.enc
+INPUT /usr/share/texlive/texmf-dist/fonts/type1/public/txfonts/rtcxr.pfb
+INPUT /usr/share/texlive/texmf-dist/fonts/type1/public/txfonts/rtxr.pfb
+INPUT /usr/share/texlive/texmf-dist/fonts/type1/public/txfonts/t1xtt.pfb
 INPUT /usr/share/texlive/texmf-dist/fonts/type1/urw/helvetic/uhvb8a.pfb
 INPUT /usr/share/texlive/texmf-dist/fonts/type1/urw/helvetic/uhvr8a.pfb
 INPUT /usr/share/texlive/texmf-dist/fonts/type1/urw/helvetic/uhvr8a.pfb

docs/document.log

@@ -1,4 +1,4 @@
-This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27)  15 MAY 2022 20:45
+This is pdfTeX, Version 3.14159265-2.6-1.40.21 (TeX Live 2020/Debian) (preloaded format=pdflatex 2022.4.27)  20 MAY 2022 21:19
 entering extended mode
  restricted \write18 enabled.
  %&-line parsing enabled.
@@ -1132,20 +1132,32 @@ has been already used, duplicate ignored
 l.245 \chapter
               *{Dedication} [1] [5
 
-] [6] (./document.toc)
+] [6]pdfTeX warning (ext4): destination with the same identifier (name{page.v})
+ has been already used, duplicate ignored
+<to be read again> 
+                   \relax 
+l.265 	\newpage
+                [5
+
+]pdfTeX warning (ext4): destination with the same identifier (name{page.vi}) ha
+s been already used, duplicate ignored
+<to be read again> 
+                   \relax 
+l.277 \tableofcontents
+                       [6] (./document.toc)
 \tf@toc=\write6
 \openout6 = `document.toc'.
 
  [7
 
-] [8]
-(./document.lof)
+] [8] (./document.lof)
 \tf@lof=\write7
 \openout7 = `document.lof'.
 
  [9
 
-] [10] (./document.lot)
+]
+[10] (./document.lot)
 \tf@lot=\write8
 \openout8 = `document.lot'.
 
@@ -1153,31 +1165,74 @@ l.245 \chapter
 
 ] [12]
 Chapter 1.
-[1
+LaTeX Font Info:    Trying to load font information for TS1+txr on input line 3
+28.
+(/usr/share/texlive/texmf-dist/tex/latex/txfonts/ts1txr.fd
+File: ts1txr.fd 2000/12/15 v3.1
+) [1
 
 
-]
+] [2]
 Chapter 2.
-[2
-
-]
-Chapter 3.
 [3
 
 ]
-Chapter 4.
+Chapter 3.
 [4
 
 ]
-Chapter 5.
+Chapter 4.
 [5
 
 ]
+Chapter 5.
+[6
 
-LaTeX Warning: Empty bibliography on input line 338.
+]
+LaTeX Font Info:    Trying to load font information for T1+txtt on input line 3
+81.
+ (/usr/share/texlive/texmf-dist/tex/latex/txfonts/t1txtt.fd
+File: t1txtt.fd 2000/12/15 v3.1
+)
+LaTeX Font Info:    Trying to load font information for OT1+txr on input line 3
+81.
 
-[1
+(/usr/share/texlive/texmf-dist/tex/latex/txfonts/ot1txr.fd
+File: ot1txr.fd 2000/12/15 v3.1
+)
+LaTeX Font Info:    Trying to load font information for U+txsya on input line 3
+81.
 
+(/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsya.fd
+File: utxsya.fd 2000/12/15 v3.1
+)
+LaTeX Font Info:    Trying to load font information for U+txsyb on input line 3
+81.
+
+(/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyb.fd
+File: utxsyb.fd 2000/12/15 v3.1
+)
+LaTeX Font Info:    Trying to load font information for U+txmia on input line 3
+81.
+
+(/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxmia.fd
+File: utxmia.fd 2000/12/15 v3.1
+)
+LaTeX Font Info:    Trying to load font information for U+txsyc on input line 3
+81.
+
+(/usr/share/texlive/texmf-dist/tex/latex/txfonts/utxsyc.fd
+File: utxsyc.fd 2000/12/15 v3.1
+)
+Overfull \hbox (2.7712pt too wide) in paragraph at lines 382--382
+[]\T1/txr/m/n/12 ^^P  Cy-ber threats 2021: A year in ret-ro-spect,^^Q Price-wa-
+ter-house-C-oop-ers. [On-line]. Avail-
+ []
+
+[7
+
+
+] [1
 
 ]
 
@@ -1192,7 +1247,7 @@ pdfTeX warning (ext4): destination with the same identifier (name{page.}) has b
 een already used, duplicate ignored
 <to be read again> 
                    \relax 
-l.355 \end{document}
+l.398 \end{document}
                      [2
 
 ] (./document.aux)
@@ -1203,21 +1258,24 @@ Package logreq Info: Writing requests to 'document.run.xml'.
 
  ) 
 Here is how much of TeX's memory you used:
- 26754 strings out of 481209
- 422965 string characters out of 5914747
- 1157585 words of memory out of 5000000
- 43288 multiletter control sequences out of 15000+600000
- 433190 words of font info for 56 fonts, out of 8000000 for 9000
+ 27136 strings out of 481209
+ 429695 string characters out of 5914747
+ 1160713 words of memory out of 5000000
+ 43630 multiletter control sequences out of 15000+600000
+ 444100 words of font info for 89 fonts, out of 8000000 for 9000
  36 hyphenation exceptions out of 8191
  88i,11n,90p,1029b,2369s stack positions out of 5000i,500n,10000p,200000b,80000s
 {/usr/share/texlive/texmf-dist/fonts/enc/dvips/base/8r.enc}</usr/share/texliv
-e/texmf-dist/fonts/type1/urw/helvetic/uhvb8a.pfb></usr/share/texlive/texmf-dist
-/fonts/type1/urw/helvetic/uhvr8a.pfb></usr/share/texlive/texmf-dist/fonts/type1
-/urw/helvetic/uhvr8a.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/times/u
-tmb8a.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/times/utmr8a.pfb>
-Output written on document.pdf (19 pages, 121527 bytes).
+e/texmf-dist/fonts/type1/public/txfonts/rtcxr.pfb></usr/share/texlive/texmf-dis
+t/fonts/type1/public/txfonts/rtxr.pfb></usr/share/texlive/texmf-dist/fonts/type
+1/public/txfonts/t1xtt.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/helve
+tic/uhvb8a.pfb></usr/share/texlive/texmf-dist/fonts/type1/urw/helvetic/uhvr8a.p
+fb></usr/share/texlive/texmf-dist/fonts/type1/urw/helvetic/uhvr8a.pfb></usr/sha
+re/texlive/texmf-dist/fonts/type1/urw/times/utmb8a.pfb></usr/share/texlive/texm
+f-dist/fonts/type1/urw/times/utmr8a.pfb>
+Output written on document.pdf (23 pages, 144617 bytes).
 PDF statistics:
- 197 PDF objects out of 1000 (max. 8388607)
- 34 named destinations out of 1000 (max. 500000)
+ 240 PDF objects out of 1000 (max. 8388607)
+ 40 named destinations out of 1000 (max. 500000)
  111 words of extra memory for PDF output out of 10000 (max. 10000000)
 

docs/document.tex

@@ -254,6 +254,18 @@ hmargin=3cm
 	\thispagestyle{empty}
 	\mbox{}
 	
+\chapter*{Abstract}
+
+\setcounter{page}{5}
+	
+	% TODO ABSTRACT	
+		
+	\vfill
+	
+	\newpage
+	\thispagestyle{empty}
+	\mbox{}
+	
 
 %----------
 %	INDEXES
@@ -297,8 +309,39 @@ hmargin=3cm
 \pagenumbering{arabic}
 
 \chapter{Introduction}
-
 \section{Motivation}
+%M-> Slightly long, but it summarizes and presents the ideas in order:
+% Main idea: Malware keeps evolving -> 
+% -> Relevance of innovating and researching on the new techniques ->
+% -> Relevance of stealth software in targeted attacks-> 
+% -> Introduce eBPF as the logical step of innovation in the field ->
+% -> There is a need to research on this topic now.
+
+As the efforts of the computer security community grow to protect increasingly critical devices and networks from malware infections, so do the techniques used by malicious actors become more sophisticated. Following the incorporation of ever more capable firewalls and Intrusion Detection Systems (IDS), cybercriminals have in turn sought novel attack vectors and exploits in common software, taking advantage of an inevitably larger attack surface that keeps growing due to the continued incorporation of new programs and functionalities into modern computer systems.
+
+In contrast with ransomware incidents, which remained the most significant and common cyber threat faced by organizations on 2021\cite{ransomware_pwc}, another powerful class of malware called rootkits is found considerably more infrequently, yet it is usually associated to high-profile targeted attacks that lead to greatly impactful consequences. 
+
+A rootkit is a piece of computer software characterized for its advanced stealth capabilities. Once it is installed on a system it remains invisible to the host, usually hiding its related processes and files from the user, while at the same time performing the malicious operations for which it was designed. Most common operations include storing keystrokes, sniffing network traffic, exfiltrating sensible data from the user or the system, or actively modifying the data at the infected device. The other characteristic functionality is that rootkits seek to achieve persistence on the infected hosts, with the purpose of being launched again after a system reboot, without further user interaction.
+The techniques used for achieving both of these functionalities depend on the type of rootkit developed, a classification usually made depending on the level of privileges on which the rootkit operates in the system.
+
+\begin{itemize}
+\item \textbf{User-mode} rootkits run at the same level of privilege as common user applications. They usually work by hijacking legitimate processes on which they may inject code by preloading shared libraries, thus modifying the calls issued to user APIs, on which malicious code is placed by the rootkit. Although easier to build, these rootkits are exposed to detection by common anti-malware programs.
+\item \textbf{Kernel-mode} rootkits run at the same level of privilege as the operating system, thus enjoying unrestricted access to the whole computer. These rootkits usually come as kernel modules or device drivers and, once loaded, they reside in the kernel. This implies that special attention must be taken to avoid programming errors since they could potentially corrupt user or kernel memory, resulting in a fatal kernel panic and a subsequent system reboot, which goes against the original purpose of maintaining stealth.
+
+Common techniques used for the development of their malicious activities include hooking system calls made to the kernel by user applications (on which malicious code is then injected), or modifying data structures in the kernel to change the data of user programs at runtime. Therefore, trusted programs on an infected machine can no longer be trusted to operate securely.
+
+These rootkits are usually the most attractive (and difficult to build) option for a malicious actor, but the installation of a kernel rootkit requires of a complete previous compromise of the system, meaning that administrator or root privileges must have been already achieved by the attacker, commonly by the execution of an exploit or a local installation of a privileged user.
+\end{itemize}
+
+Historically, kernel-mode rootkits have been tightly associated with espionage activities on governments and research institutes by Advanced Persistent Threat (APT) groups\cite{rootkit_ptsecurity}, state-sponsored or criminal organizations specialized on long-term operations to gather intelligence and gain unauthorized persistent access to computer systems. Although rootkits' functionality is tailored for each specific attack, a common set of techniques and procedures can be identified being used by these organizations. However, during the last years, a new technology called eBPF has been found to be the target of the latest innovation on the development of rootkits. 
+
+%eBPF is
+
+
+%On February 2022, the Chinese security team Pangu Lab reported about a NSA backdoor that uses eBPF
+
+
+ 
 
 \section{Objectives}
 

docs/document.toc

@@ -5,21 +5,21 @@
 \defcounter {refsection}{0}\relax 
 \contentsline {section}{\numberline {1.1}Motivation}{1}{section.1.1}%
 \defcounter {refsection}{0}\relax 
-\contentsline {section}{\numberline {1.2}Objectives}{1}{section.1.2}%
+\contentsline {section}{\numberline {1.2}Objectives}{2}{section.1.2}%
 \defcounter {refsection}{0}\relax 
-\contentsline {section}{\numberline {1.3}Regulatory framework}{1}{section.1.3}%
+\contentsline {section}{\numberline {1.3}Regulatory framework}{2}{section.1.3}%
 \defcounter {refsection}{0}\relax 
-\contentsline {subsection}{\numberline {1.3.1}Social and economic environment}{1}{subsection.1.3.1}%
+\contentsline {subsection}{\numberline {1.3.1}Social and economic environment}{2}{subsection.1.3.1}%
 \defcounter {refsection}{0}\relax 
-\contentsline {subsection}{\numberline {1.3.2}Budget}{1}{subsection.1.3.2}%
+\contentsline {subsection}{\numberline {1.3.2}Budget}{2}{subsection.1.3.2}%
 \defcounter {refsection}{0}\relax 
-\contentsline {chapter}{\numberline {2}State of the Art}{2}{chapter.2}%
+\contentsline {chapter}{\numberline {2}State of the Art}{3}{chapter.2}%
 \defcounter {refsection}{0}\relax 
-\contentsline {chapter}{\numberline {3}Methods??}{3}{chapter.3}%
+\contentsline {chapter}{\numberline {3}Methods??}{4}{chapter.3}%
 \defcounter {refsection}{0}\relax 
-\contentsline {chapter}{\numberline {4}Results}{4}{chapter.4}%
+\contentsline {chapter}{\numberline {4}Results}{5}{chapter.4}%
 \defcounter {refsection}{0}\relax 
-\contentsline {chapter}{\numberline {5}Conclusion and future work}{5}{chapter.5}%
+\contentsline {chapter}{\numberline {5}Conclusion and future work}{6}{chapter.5}%
 \defcounter {refsection}{0}\relax 
-\contentsline {chapter}{Bibliography}{}{chapter.5}%
+\contentsline {chapter}{Bibliography}{7}{chapter.5}%
 \contentsfinish 

docs/pdfa.xmpi

@@ -73,15 +73,15 @@
   </rdf:Description> 
   <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/"> 
    <xmp:CreatorTool>LaTeX with hyperref</xmp:CreatorTool> 
-   <xmp:ModifyDate>2022-05-15T20:45:29-04:00</xmp:ModifyDate> 
-   <xmp:CreateDate>2022-05-15T20:45:29-04:00</xmp:CreateDate> 
-   <xmp:MetadataDate>2022-05-15T20:45:29-04:00</xmp:MetadataDate> 
+   <xmp:ModifyDate>2022-05-20T21:19:14-04:00</xmp:ModifyDate> 
+   <xmp:CreateDate>2022-05-20T21:19:14-04:00</xmp:CreateDate> 
+   <xmp:MetadataDate>2022-05-20T21:19:14-04:00</xmp:MetadataDate> 
   </rdf:Description> 
   <rdf:Description rdf:about="" xmlns:xmpRights = "http://ns.adobe.com/xap/1.0/rights/"> 
   </rdf:Description> 
   <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/"> 
    <xmpMM:DocumentID>uuid:467B87E0-A1EA-A037-7CB7-0477245DEBC3</xmpMM:DocumentID> 
-   <xmpMM:InstanceID>uuid:FF2B603E-8E11-5D95-966B-D90FEA3E99B9</xmpMM:InstanceID> 
+   <xmpMM:InstanceID>uuid:0F413EA9-E228-5EFB-10AE-E66876925AB8</xmpMM:InstanceID> 
   </rdf:Description> 
  </rdf:RDF> 
 </x:xmpmeta>