|
Al Lelah, Turki
2024.
Detecting abuse of cloud and public legitimate services as command and control infrastructure using machine learning.
PhD Thesis,
Cardiff University.
Item availability restricted. |
![[thumbnail of 2024allelahtphd.pdf]](https://orca.cardiff.ac.uk/style/images/fileicons/application_pdf.png) |
PDF
- Accepted Post-Print Version
Restricted to Repository staff only until 3 December 2025 due to copyright restrictions. Available under License Creative Commons Attribution Non-commercial No Derivatives. Download (12MB) | Request a copy |
|
PDF (Cardiff University Electronic Publication Form)
- Supplemental Material
Restricted to Repository staff only Download (213kB) | Request a copy |
Abstract
The widespread adoption of Cloud and Public Legitimate Services (CPLS) has inadvertently created new opportunities for cybercriminals to establish hidden and robust command-and-control (C&C) communication infrastructure. This abuse represents a major cybersecurity risk, as it allows malicious traffic to seamlessly disguise itself within normal network activities. Traditional detection systems are proving inadequate in accurately identifying such abuses. Therefore, this thesis is motivated by emphasizing the urgent need for more advanced detection techniques that are capable of identifying the C&C activity hidden within legitimate CPLS traffic. To assess the extent of the cyber threat of abusing CPLS, this thesis presents an extensive Systematic Literature Review (SLR) encompassing academic and industry literature. The review provides a comprehensive categorization of the attack techniques utilized to abuse CPLS as C&C infrastructure. The open problems uncovered through the SLR motivate this thesis to propose a novel Detection System (DS) capable of identifying malware that abuse CPLS as C&C communication channels. Furthermore, to evaluate our system robustness against attempts to evade detection, this thesis introduces the Replace Misclassified Parameter (RMCP) adversarial attack. The proposed detection system leverages Artificial Intelligence (AI) techniques, combining static and dynamic malware analysis methods to accurately identify CPLS abuse. The effectiveness of the proposed system is validated through extensive experiments, demonstrating its ability to detect novel and sophisticated attacks that evade traditional security measures. The outcomes of this thesis have significant implications for enhancing the security of cloud environments, contributing valuable knowledge and practical solutions to the field of cloud security.
| Item Type: | Thesis (PhD) |
|---|---|
| Date Type: | Completion |
| Status: | Unpublished |
| Schools: | Computer Science & Informatics |
| Subjects: | Q Science > QA Mathematics > QA75 Electronic computers. Computer science Q Science > QA Mathematics > QA76 Computer software |
| Date of First Compliant Deposit: | 3 December 2024 |
| Date of Acceptance: | 27 November 2024 |
| Last Modified: | 05 Dec 2024 16:30 |
| URI: | https://orca.cardiff.ac.uk/id/eprint/174473 |
Actions (repository staff only)
 |
Edit Item |
Download Statistics
Download Statistics
Cardiff University Information Services