Cybercriminals increasingly abuse cloud and legitimate services (CLS) as covert command and control (C&C) infrastructure to orchestrate malicious operations and evade detection. This paper addresses the critical c...
详细信息
Cybercriminals increasingly abuse cloud and legitimate services (CLS) as covert command and control (C&C) infrastructure to orchestrate malicious operations and evade detection. This paper addresses the critical c...
详细信息
ISBN:
(数字)9798350364910
ISBN:
(纸本)9798350364927
Cybercriminals increasingly abuse cloud and legitimate services (CLS) as covert command and control (C&C) infrastructure to orchestrate malicious operations and evade detection. This paper addresses the critical challenge of detecting such abuse of cloud platforms. We introduce a detection system that integrates dynamic analysis with Machine Learning (ML) to accurately distinguish between benign and malicious interactions with cloud services. By utilising a comprehensive data set from VirusTotal, the system uses advanced feature extraction techniques from both host behaviour and network traffic, using Cuckoo and Triage sandboxes to extract behaviors, to develop a detection model. The results demonstrate that the model achieves nearly 98% accuracy in identifying cloud service abuse, substantially outperforming previous efforts. Furthermore, we evaluate the model's robustness against adversarial attacks that aim to decrease accuracy by manipulating the feature values. Comparative evaluations show that our method maintains a higher detection accuracy under attack compared to related systems.
暂无评论