Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Abuse of cloud-based and public legitimate services as command-and-control (C&C) infrastructure: a systematic literature review

Al lelah, Turki, Theodorakopoulos, George ORCID: https://orcid.org/0000-0003-2701-7809, Reinecke, Philipp ORCID: https://orcid.org/0000-0002-2411-0891, Javed, Amir ORCID: https://orcid.org/0000-0001-9761-0945 and Anthi, Eirini 2023. Abuse of cloud-based and public legitimate services as command-and-control (C&C) infrastructure: a systematic literature review. Journal of Cybersecurity and Privacy 3 (3) , pp. 558-590. 10.3390/jcp3030027

[thumbnail of Abuse of Cloud-Based and Public Legitimate Services as Command-and-Control (C&C) Infrastructure.pdf]
Preview
 PDF - Published Version
Available under License Creative Commons Attribution.
Download (5MB) | Preview

Abstract

The widespread adoption of cloud-based and public legitimate services (CPLS) has inadvertently opened up new avenues for cyber attackers to establish covert and resilient command-and-control (C&C) communication channels. This abuse poses a significant cybersecurity threat, as it allows malicious traffic to blend seamlessly with legitimate network activities. Traditional detection systems are proving inadequate in accurately identifying such abuses, emphasizing the urgent need for more advanced detection techniques. In our study, we conducted an extensive systematic literature review (SLR) encompassing the academic and industrial literature from 2008 to July 2023. Our review provides a comprehensive categorization of the attack techniques employed in CPLS abuses and offers a detailed overview of the currently developed detection strategies. Our findings indicate a substantial increase in cloud-based abuses, facilitated by various attack techniques. Despite this alarming trend, the focus on developing detection strategies remains limited, with only 7 out of 91 studies addressing this concern. Our research serves as a comprehensive review of CPLS abuse for the C&C infrastructure. By examining the emerging techniques used in these attacks, we aim to make a significant contribution to the development of effective botnet defense strategies.

Item Type: Article
Date Type: Publication
Status: Published
Schools: Computer Science & Informatics
Publisher: MDPI
ISSN: 2624-800X
Date of First Compliant Deposit: 22 September 2023
Date of Acceptance: 25 August 2023
Last Modified: 28 Sep 2023 00:48
URI: https://orca.cardiff.ac.uk/id/eprint/162677

Actions (repository staff only)

Edit Item Edit Item
Altmetric
Dimensions
Download Statistics

Downloads

Downloads per month over past year

View more statistics

CORE (COnnecting REpositories)


Maintained by Cardiff University Information Services