Authors : Adeolu Opeyemi Ojo; Mohammed Benmubarak

Volume/Issue : Volume 10 - 2025, Issue 7 - July

Google Scholar : https://tinyurl.com/336jjfdj

Scribd : https://tinyurl.com/2nj9evez

DOI : https://doi.org/10.38124/ijisrt/25jul1786

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Note : Google Scholar may take 30 to 40 days to display the article.

Abstract : The focus of this study is to identify and reduce Advanced Persistent Threats (APTs) in the cloud environment of Amazon Web Services (AWS). Popular security frameworks like MITRE ATT&CK, Cyber-Kill Chain and Pyramid of Pain were employed to improve effectiveness of forensic investigation in cloud environments. Tactics, techniques and procedures (TTPs) using Cloud Trail log data were analyzed in order to discover the efficiency of these frameworks in attack patterns identification. Findings from the study reveals that logs are crucial for identifying attack trends such as lateral movement, exfiltration of data, escalation of privileges in order to help improve understanding and analysis of APT activities in AWS environment, and the integration of frameworks such as MITRE ATT & CK, Cyber-Kill Pains and Pyramid of Pain provides strategies that are proactive to quelling advanced cyber adversaries

Keywords : Forensic Analysis, CloudTrail, Advance Persistent Threats (APTs), Amazon AWS, Cloud, MITRE ATT&CK, Cyber Kill Chain, Pyramid of Pain.

References :

1. M. Irfan et al., "A framework for Cloud Forensics Evidence Collection and analysis using security information and event management," Security and Communication Networks, vol. 9, no. 16, pp. 3790–3807, 2016. DOI: 10.1002/sec.1538.
2. M. Herman et al., "NIST Cloud Computing Forensic Science Challenges," [Online]. Available: https://doi.org/10.6028/nist.ir.8006, 2020.
3. C. Liu, A. Singhal, and D. Wijesekera, 2020 "Forensic Analysis of Advanced Persistent Threat Attacks in Cloud Environments," in Proc. 16th IFIP International Conference on Digital Forensics (DigitalForensics), New Delhi, India, 2020, pp. 161-180. DOI: 10.1007/978-3-030-56223-6_9.
4. K. Alattas and M. Bayoumi, "Reviewing the Existing Methodologies and Tools of Cloud Forensics: Challenges and Solutions," International Journal of Cyber-Security and Digital Forensics, vol. 9, pp. 147-154, 2020. [Online]. Available: https://doi.org/10.17781/P002677.
5. A. W. Malik, D. S. Bhatti, T. J. Park, H. U. Ishtiaq, J. C. Ryou, and K. I. Kim, "Cloud Digital Forensics: Beyond Tools, Techniques, and Challenges," Sensors, vol. 24, no. 2, p. 433, 2024. [Online]. Available: https://doi.org/10.3390/s24020433.
6. S. Myneni et al., "Unraveled — a semi-synthetic dataset for Advanced persistent threats," Computer Networks, vol. 227, p. 109688, 2023. DOI: 10.1016/j.comnet.2023.109688.
7. R. Abhinav, K. N. Raghav, S. S. Reddy, P. S. Koushik, S. K. Thangavel, and K. Srinivasan, "A Cloud-Based Intrusion Detection System for Advanced Threat Detection and Prevention using Machine Learning Techniques," in 2023 14th International Conference on Computing Communication and Networking Technologies (ICCCNT), 2023, pp. 1-8.
8. P. Shanmurthy, P. Thangamuthu, B. Balusamy, and S. Kadry, "ThreatNet: advanced threat detection, region-based convolutional neural network framework," Indonesian Journal of Electrical Engineering and Computer Science, 2022.
9. M. Panahnejad and M. Mirabi, "APT-Dt-KC: advanced persistent threat detection based on kill-chain model," The Journal of Supercomputing, vol. 78, pp. 8644-8677, 2022.
10. M. Waqas, S. Tu, J. Wan, T. M. Mir, H. Alasmary, and G. Abbas, "Defense scheme against advanced persistent threats in mobile fog computing security," Comput. Networks, vol. 221, p. 109519, 2022.
11. H. Neuschmied et al., "APT-attack detection based on multi-stage autoencoders," Applied Sciences, vol. 12, no. 13, p. 6816, 2022. DOI: 10.3390/app12136816.
12. National Institute of Standards and Technology. (2014) NISTIR 7628 Revision 1: Guidelines for Smart Grid Cybersecurity. Available at: https://nvlpubs.nist.gov/nistpubs/ir/2014/NIST.IR.7628r1.pdf
13. Ghafir, I., & Prenosil, V. (2015). Advanced Persistent Threat and Spear Phishing Emails.
14. Mohammed, S., & Rangu, S. (2023). The cloud forensics frameworks and tools: A brief review. International Journal of Science and Research Archive, 08(01), 173–181.
15. Yassin, W., Abdollah, M. F., Ahmad, R., Yunos, Z., & Ariffin, A. (2020). Cloud Forensic Challenges and Recommendations: A Review. OIC-CERT Journal of Cyber Security, 2(1), 19–29.
16. Mandal, P., & Rajput, I. (2023). Cloud Forensics: Exploring the Challenges and Mapping Out Solutions for the Future. International Journal for Research Trends and Innovation, 8(4).
17. MITRE ATT&CK, "Available at: https://attack.mitre.org/matrices/enterprise (Accessed March 18, 2024)," 2022.
18. M. Tatam, B. Shanmugam, S. Azam, and K. Kannoorpatti, "A review of threat modelling approaches for APT-style attacks," Heliyon, vol. 7, no. 1, p. e05969, 2021. DOI: 10.1016/j.heliyon.2021.e05969.
19. D.T. Salim, M.M. Singh, and P. Keikhosrokiani, "A systematic literature review for APT detection and Effective Cyber Situational Awareness (ECSA) conceptual model," Heliyon, vol. 9, no. 7, p. e17156, 2023. DOI: 10.1016/j.heliyon.2023.e17156.
20. Blue Report, "What Is Pyramid of Pain?" Available: https://www.picussecurity.com/resource/glossary/what-is-pyramid-of-pain#:~:text=The%20Pyramid%20of%20Pain%20defines,to%20enhance%20cybersecurity%20defense%20strategies (Accessed March 5, 2024), 2023.
21. L. Daubner, R. Matulevičius, and B. Buhnova, "A Model of Qualitative Factors in Forensic-Ready Software Systems," in S. Nurcan, A. L. Opdahl, H. Mouratidis, & A. Tsohou (Eds.), Research Challenges in Information Science: Information Science and the Connected World, Springer, 2023, pp. 251-266.
22. DataDog, "Home - Stratus Red Team," [Online]. Available: https://stratus-red-team.cloud/. Accessed: 13 March 2024, 2021.