NUST Institutions Library Catalogue

Analyzing and Defending Linux-Based Systems against Tactics, Techniques, and Procedures(TTP) of Advanced Persistent Threats(APT) / Syed Sohaib Karim

By: Karim, Syed SohaibContributor(s): Supervised by Dr. Mian Muhammad Waseem IqbalMaterial type: TextTextPublisher: Rawalpindi, MCS (NUST), 2026Description: xi, 85 pSubject(s): PhD Information Security Thesis | PhD IS ThesisDDC classification: 005.8,KAR
Contents:
Linux now powers the backbone of modern computing, such as mission critical infrastructure, the cloud, and special purpose environments. As it became more widely used, the OS has gained more attention from APTs. These attacks are different because they can remain hidden, adapt to your defenses, and use various complex tactics, techniques, and procedures (TTPs) that maintain long-term access to the target networks. Since Linux has come to underpin much of global digital activity, its security arguably matters more than anything else. To protect these systems, we need defenses that are flexible and evolve with the complex strategies of opponents. Despite the criticality of Linux systems, traditional security measures often fail to detect advanced threats that use innovative TTPs to evade ordinary defenses. Existing security frameworks frequently exhibit blind spots when defending against such stealthy intrusions, as they often rely on static signatures rather than behavioral analysis. Furthermore, there is a significant gap in understanding the Linux APT menace, specifically regarding the need for adaptive machine learning (ML)-driven defense systems that can identify malicious intent without relying solely on known indicators. To address these challenges, this thesis proposes, develops, and evaluates a comprehensive framework that uses approaches based on machine learning (ML), deep learning (DL) and Large Language Model (LLM) for detection and threat intelligence. A foundational Linux-specific dataset was established by simulating multiple APT campaigns with various payloads, mapped specifically to the MITRE ATT&CK framework. Using this dataset, the research evaluates the efficiency of the models, including Support Vector Machines (SVM), Random Forests (RF) and Convolutional and Feed-Forward Neural Networks (CNN/FNN), with SVM, CNN, and FNN demonstrating particularly high detection accuracies. Additionally, the research integrates LLMs, specifically Meta Llama-2, to enhance threat analysis by generating natural language explanations of security deviations, thus supporting analysts in critical decision-making.
Tags from this library: No tags from this library for this title. Log in to add tags.
Item type Current location Home library Shelving location Call number Status Date due Barcode Item holds
Thesis Thesis Military College of Signals (MCS)
Military College of Signals (MCS)
Thesis 005.8,KAR (Browse shelf) Available MCSPhD IS-17
Total holds: 0

Linux now powers the backbone of modern computing, such as mission critical infrastructure,
the cloud, and special purpose environments. As it became more widely used,
the OS has gained more attention from APTs. These attacks are different because they
can remain hidden, adapt to your defenses, and use various complex tactics, techniques,
and procedures (TTPs) that maintain long-term access to the target networks. Since
Linux has come to underpin much of global digital activity, its security arguably matters
more than anything else. To protect these systems, we need defenses that are
flexible and evolve with the complex strategies of opponents.
Despite the criticality of Linux systems, traditional security measures often fail to
detect advanced threats that use innovative TTPs to evade ordinary defenses. Existing
security frameworks frequently exhibit blind spots when defending against such
stealthy intrusions, as they often rely on static signatures rather than behavioral analysis.
Furthermore, there is a significant gap in understanding the Linux APT menace,
specifically regarding the need for adaptive machine learning (ML)-driven defense systems
that can identify malicious intent without relying solely on known indicators.
To address these challenges, this thesis proposes, develops, and evaluates a comprehensive
framework that uses approaches based on machine learning (ML), deep learning
(DL) and Large Language Model (LLM) for detection and threat intelligence. A foundational
Linux-specific dataset was established by simulating multiple APT campaigns
with various payloads, mapped specifically to the MITRE ATT&CK framework. Using
this dataset, the research evaluates the efficiency of the models, including Support
Vector Machines (SVM), Random Forests (RF) and Convolutional and Feed-Forward
Neural Networks (CNN/FNN), with SVM, CNN, and FNN demonstrating particularly
high detection accuracies. Additionally, the research integrates LLMs, specifically Meta
Llama-2, to enhance threat analysis by generating natural language explanations of security
deviations, thus supporting analysts in critical decision-making.

There are no comments on this title.

to post a comment.
© 2023 Central Library, National University of Sciences and Technology. All Rights Reserved.