| 000 | 02788nam a22001817a 4500 | ||
|---|---|---|---|
| 003 | NUST | ||
| 005 | 20260311122700.0 | ||
| 082 | _a005.8,KAR | ||
| 100 |
_aKarim, Syed Sohaib _9133636 |
||
| 245 |
_aAnalyzing and Defending Linux-Based Systems against Tactics, Techniques, and Procedures(TTP) of Advanced Persistent Threats(APT) / _cSyed Sohaib Karim |
||
| 260 |
_aRawalpindi, _bMCS (NUST), _c 2026 |
||
| 300 | _axi, 85 p | ||
| 505 | _aLinux now powers the backbone of modern computing, such as mission critical infrastructure, the cloud, and special purpose environments. As it became more widely used, the OS has gained more attention from APTs. These attacks are different because they can remain hidden, adapt to your defenses, and use various complex tactics, techniques, and procedures (TTPs) that maintain long-term access to the target networks. Since Linux has come to underpin much of global digital activity, its security arguably matters more than anything else. To protect these systems, we need defenses that are flexible and evolve with the complex strategies of opponents. Despite the criticality of Linux systems, traditional security measures often fail to detect advanced threats that use innovative TTPs to evade ordinary defenses. Existing security frameworks frequently exhibit blind spots when defending against such stealthy intrusions, as they often rely on static signatures rather than behavioral analysis. Furthermore, there is a significant gap in understanding the Linux APT menace, specifically regarding the need for adaptive machine learning (ML)-driven defense systems that can identify malicious intent without relying solely on known indicators. To address these challenges, this thesis proposes, develops, and evaluates a comprehensive framework that uses approaches based on machine learning (ML), deep learning (DL) and Large Language Model (LLM) for detection and threat intelligence. A foundational Linux-specific dataset was established by simulating multiple APT campaigns with various payloads, mapped specifically to the MITRE ATT&CK framework. Using this dataset, the research evaluates the efficiency of the models, including Support Vector Machines (SVM), Random Forests (RF) and Convolutional and Feed-Forward Neural Networks (CNN/FNN), with SVM, CNN, and FNN demonstrating particularly high detection accuracies. Additionally, the research integrates LLMs, specifically Meta Llama-2, to enhance threat analysis by generating natural language explanations of security deviations, thus supporting analysts in critical decision-making. | ||
| 650 |
_aPhD Information Security Thesis _9132793 |
||
| 651 |
_aPhD IS Thesis _9132794 |
||
| 700 |
_aSupervised by Dr. Mian Muhammad Waseem Iqbal _9127670 |
||
| 942 |
_2ddc _cTHE |
||
| 999 |
_c616599 _d616599 |
||