Establishing a Baseline for Detecting LOTL Attacks in Windows Operating Systems
Guardat en:
| Publicat a: | ProQuest Dissertations and Theses (2025) |
|---|---|
| Autor principal: | |
| Publicat: |
ProQuest Dissertations & Theses
|
| Matèries: | |
| Accés en línia: | Citation/Abstract Full Text - PDF |
| Etiquetes: |
Sense etiquetes, Sigues el primer a etiquetar aquest registre!
|
| Resum: | There has been an increasing realization of the rise in living off the land (LOTL) attacks where adversaries misuse legitimate system tools, particularly with state-sponsored actors targeting critical infrastructure in the United States. These attacks are difficult to detect because they allow attackers to remain present in a system without the user’s knowledge for an extended period. This thesis establishes an initial baseline specifically for Windows operating systems to measure normal system activity, focusing on CPU usage, memory utilization, and process activity. It particularly examines the use of PowerShell alongside other applications. The findings from this baseline are used to develop detection rules that security tools can integrate to identify anomalies deviating from normal system metrics. Finally, recommendations are made to expand this research by analyzing additional system tools and incorporating network activity into baselines to enhance the detection of these increasingly sophisticated and damaging attacks. |
|---|---|
| ISBN: | 9798280756526 |
| Font: | ProQuest Dissertations & Theses Global |