TY  - BOOK
AU  - Karim, Syed Sohaib 
AU  - Supervised by Dr. Mian Muhammad Waseem Iqbal
TI  - Analyzing and Defending Linux-Based Systems against Tactics, Techniques, and Procedures(TTP) of Advanced Persistent Threats(APT)
U1  - 005.8,KAR 
PY  - 2026///
CY  - Rawalpindi
PB  - MCS (NUST)
KW  - PhD Information Security Thesis
KW  - PhD IS Thesis
N1  - Linux now powers the backbone of modern computing, such as mission critical infrastructure,
the cloud, and special purpose environments. As it became more widely used,
the OS has gained more attention from APTs. These attacks are different because they
can remain hidden, adapt to your defenses, and use various complex tactics, techniques,
and procedures (TTPs) that maintain long-term access to the target networks. Since
Linux has come to underpin much of global digital activity, its security arguably matters
more than anything else. To protect these systems, we need defenses that are
flexible and evolve with the complex strategies of opponents.
Despite the criticality of Linux systems, traditional security measures often fail to
detect advanced threats that use innovative TTPs to evade ordinary defenses. Existing
security frameworks frequently exhibit blind spots when defending against such
stealthy intrusions, as they often rely on static signatures rather than behavioral analysis.
Furthermore, there is a significant gap in understanding the Linux APT menace,
specifically regarding the need for adaptive machine learning (ML)-driven defense systems
that can identify malicious intent without relying solely on known indicators.
To address these challenges, this thesis proposes, develops, and evaluates a comprehensive
framework that uses approaches based on machine learning (ML), deep learning
(DL) and Large Language Model (LLM) for detection and threat intelligence. A foundational
Linux-specific dataset was established by simulating multiple APT campaigns
with various payloads, mapped specifically to the MITRE ATT&CK framework. Using
this dataset, the research evaluates the efficiency of the models, including Support
Vector Machines (SVM), Random Forests (RF) and Convolutional and Feed-Forward
Neural Networks (CNN/FNN), with SVM, CNN, and FNN demonstrating particularly
high detection accuracies. Additionally, the research integrates LLMs, specifically Meta
Llama-2, to enhance threat analysis by generating natural language explanations of security
deviations, thus supporting analysts in critical decision-making
ER  -