Al lelah, Turki, Theodorakopoulos, George ORCID: https://orcid.org/0000-0003-2701-7809, Reinecke, Philipp ORCID: https://orcid.org/0000-0002-2411-0891, Javed, Amir ORCID: https://orcid.org/0000-0001-9761-0945 and Anthi, Eirini 2023. Abuse of cloud-based and public legitimate services as command-and-control (C&C) infrastructure: a systematic literature review. Journal of Cybersecurity and Privacy 3 (3) , pp. 558-590. 10.3390/jcp3030027 |
Preview |
PDF
- Published Version
Available under License Creative Commons Attribution. Download (5MB) | Preview |
Abstract
The widespread adoption of cloud-based and public legitimate services (CPLS) has inadvertently opened up new avenues for cyber attackers to establish covert and resilient command-and-control (C&C) communication channels. This abuse poses a significant cybersecurity threat, as it allows malicious traffic to blend seamlessly with legitimate network activities. Traditional detection systems are proving inadequate in accurately identifying such abuses, emphasizing the urgent need for more advanced detection techniques. In our study, we conducted an extensive systematic literature review (SLR) encompassing the academic and industrial literature from 2008 to July 2023. Our review provides a comprehensive categorization of the attack techniques employed in CPLS abuses and offers a detailed overview of the currently developed detection strategies. Our findings indicate a substantial increase in cloud-based abuses, facilitated by various attack techniques. Despite this alarming trend, the focus on developing detection strategies remains limited, with only 7 out of 91 studies addressing this concern. Our research serves as a comprehensive review of CPLS abuse for the C&C infrastructure. By examining the emerging techniques used in these attacks, we aim to make a significant contribution to the development of effective botnet defense strategies.
Item Type: | Article |
---|---|
Date Type: | Publication |
Status: | Published |
Schools: | Computer Science & Informatics |
Publisher: | MDPI |
ISSN: | 2624-800X |
Date of First Compliant Deposit: | 22 September 2023 |
Date of Acceptance: | 25 August 2023 |
Last Modified: | 28 Sep 2023 00:48 |
URI: | https://orca.cardiff.ac.uk/id/eprint/162677 |
Actions (repository staff only)
Edit Item |