Cardiff University | Prifysgol Caerdydd ORCA
Online Research @ Cardiff 
WelshClear Cookie - decide language by browser settings

Detecting the abuse of cloud services for C&C infrastructure through dynamic analysis and machine learning

Al Lelah, Turki, Theodorakopoulos, George ORCID: https://orcid.org/0000-0003-2701-7809, Javed, Amir ORCID: https://orcid.org/0000-0001-9761-0945 and Anthi, Eirini 2024. Detecting the abuse of cloud services for C&C infrastructure through dynamic analysis and machine learning. Presented at: 2024 International Symposium on Networks, Computers and Communications (ISNCC), Washington DC, USA, 22-25 October 2024. 2024 International Symposium on Networks, Computers and Communications (ISNCC). IEEE, pp. 1-7. 10.1109/isncc62547.2024.10758940

[thumbnail of IEEE___Detection_of_Cloud_Services_Abuse_as_C_C_Infrastructure_through_Dynamic_Analysis_and_Machine_Learning_29_02_2024 (1).pdf]
Preview
 PDF - Accepted Post-Print Version
Download (233kB) | Preview

Abstract

Cybercriminals increasingly abuse cloud and legitimate services (CLS) as covert command and control (C&C) infrastructure to orchestrate malicious operations and evade detection. This paper addresses the critical challenge of detecting such abuse of cloud platforms. We introduce a detection system that integrates dynamic analysis with Machine Learning (ML) to accurately distinguish between benign and malicious interactions with cloud services. By utilising a comprehensive data set from VirusTotal, the system uses advanced feature extraction techniques from both host behaviour and network traffic, using Cuckoo and Triage sandboxes to extract behaviors, to develop a detection model. The results demonstrate that the model achieves nearly 98% accuracy in identifying cloud service abuse, substantially outperforming previous efforts. Furthermore, we evaluate the model's robustness against adversarial attacks that aim to decrease accuracy by manipulating the feature values. Comparative evaluations show that our method maintains a higher detection accuracy under attack compared to related systems.

Item Type: Conference or Workshop Item (Paper)
Date Type: Published Online
Status: Published
Schools: Computer Science & Informatics
Publisher: IEEE
ISBN: 979-8-3503-6492-7
ISSN: 2472-4386
Date of First Compliant Deposit: 11 December 2024
Date of Acceptance: 17 August 2024
Last Modified: 12 Dec 2024 12:15
URI: https://orca.cardiff.ac.uk/id/eprint/174655

Actions (repository staff only)

Edit Item Edit Item
Dimensions
Altmetric
Download Statistics

Downloads

Downloads per month over past year

View more statistics

CORE (COnnecting REpositories)


Maintained by Cardiff University Information Services