Establishing a Baseline for Detecting LOTL Attacks in Windows Operating Systems
Guardado en:
| Publicado en: | ProQuest Dissertations and Theses (2025) |
|---|---|
| Autor principal: | |
| Publicado: |
ProQuest Dissertations & Theses
|
| Materias: | |
| Acceso en línea: | Citation/Abstract Full Text - PDF |
| Etiquetas: |
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
MARC
| LEADER | 00000nab a2200000uu 4500 | ||
|---|---|---|---|
| 001 | 3218003446 | ||
| 003 | UK-CbPIL | ||
| 020 | |a 9798280756526 | ||
| 035 | |a 3218003446 | ||
| 045 | 2 | |b d20250101 |b d20251231 | |
| 084 | |a 66569 |2 nlm | ||
| 100 | 1 | |a Phillips, Ashlyn Martin | |
| 245 | 1 | |a Establishing a Baseline for Detecting LOTL Attacks in Windows Operating Systems | |
| 260 | |b ProQuest Dissertations & Theses |c 2025 | ||
| 513 | |a Dissertation/Thesis | ||
| 520 | 3 | |a There has been an increasing realization of the rise in living off the land (LOTL) attacks where adversaries misuse legitimate system tools, particularly with state-sponsored actors targeting critical infrastructure in the United States. These attacks are difficult to detect because they allow attackers to remain present in a system without the user’s knowledge for an extended period. This thesis establishes an initial baseline specifically for Windows operating systems to measure normal system activity, focusing on CPU usage, memory utilization, and process activity. It particularly examines the use of PowerShell alongside other applications. The findings from this baseline are used to develop detection rules that security tools can integrate to identify anomalies deviating from normal system metrics. Finally, recommendations are made to expand this research by analyzing additional system tools and incorporating network activity into baselines to enhance the detection of these increasingly sophisticated and damaging attacks. | |
| 653 | |a Computer science | ||
| 653 | |a Engineering | ||
| 653 | |a Artificial intelligence | ||
| 653 | |a Information technology | ||
| 773 | 0 | |t ProQuest Dissertations and Theses |g (2025) | |
| 786 | 0 | |d ProQuest |t ProQuest Dissertations & Theses Global | |
| 856 | 4 | 1 | |3 Citation/Abstract |u https://www.proquest.com/docview/3218003446/abstract/embedded/7BTGNMKEMPT1V9Z2?source=fedsrch |
| 856 | 4 | 0 | |3 Full Text - PDF |u https://www.proquest.com/docview/3218003446/fulltextPDF/embedded/7BTGNMKEMPT1V9Z2?source=fedsrch |