logo SBA

ETD

Archivio digitale delle tesi discusse presso l’Università di Pisa

Tesi etd-04052023-150259


Tipo di tesi
Tesi di laurea magistrale
Autore
LEO, CARLO
URN
etd-04052023-150259
Titolo
post-exploitation tool detection in cloud environments
Dipartimento
INGEGNERIA DELL'INFORMAZIONE
Corso di studi
CYBERSECURITY
Relatori
relatore Prof. Chessa, Stefano
correlatore Prof. Perazzo, Pericle
Parole chiave
  • cloud
  • malware-detection
  • observability
Data inizio appello
28/04/2023
Consultabilità
Non consultabile
Data di rilascio
28/04/2093
Riassunto
Organizations have been adopting cloud-based IT solutions to provide their services regardless of their operating sectors. Moreover, the adoption of cloud-based services supporting the business processes of organizations has been accelerated by the COVID-19 pandemic, so cloud infrastructures have increasingly become one of the main attackers' targets. Nowadays, malware has become one of the main threats. Therefore, the thesis proposes one approach to discovering that after breaching into the system, the attacker deployed a type of malware, namely the post-exploitation tool, on a cloud server. Precisely, a post-exploitation tool can be seen as a type of malware that allows attackers to execute any kind of unwanted and malicious activity on the compromised machine, including Advanced Persistent Threats APT(s), data leakage, or crypto mining. The idea consists of detecting such activities by looking into process-level observability metrics e.g., CPU usage, Disk usage, Network usage, and so on, to devise a heuristic malware detection algorithm. The algorithm has been deployed with the Dynatrace observability platform to build up a detection system representing the Proof of Concept (PoC). The PoC shows how malicious software can be detected by investigating simple process-level observability metrics such as Disk Usage and Network Usage. Our research defined a threat model and one attacker's objective during the post-exploitation phase which defines the scope of the thesis.
File