Université Blida 1

Command and control (C2) attack mitigation using SOAR

Afficher la notice abrégée

dc.contributor.author Abdelhadi, Ilyes
dc.contributor.author Elaichi, Hamza
dc.contributor.author Douga, Yacine (Promoteur)
dc.contributor.author Elbaouni, Nassim (Promoteur)
dc.date.accessioned 2023-10-29T13:57:30Z
dc.date.available 2023-10-29T13:57:30Z
dc.date.issued 2023
dc.identifier.uri https://di.univ-blida.dz/jspui/handle/123456789/26029
dc.description ill., Bibliogr. Cote:ma-004-972 fr_FR
dc.description.abstract The escalating sophistication and ubiquity of command and control (C2) attacks present formidable challenges to organisations in terms of their ability to detect and respond to these threats effectively. Security operations centres (SOCs) grapple with resource limitations, skills shortages, and the need for seamless coordination among disparate systems. In this context, the emergence of security orchestration, automation, and response (SOAR) offers a promising solution. By automating mundane tasks, leveraging advanced intelligence and reporting capabilities, and streamlining workflows through playbooks, SOAR empowers cybersecurity professionals to leverage their expertise in more strategic and impactful ways. In this work, a comprehensive solution is proposed to address the challenges posed by command and control attacks. Harnessing the capabilities of SOAR technologies, the solution strives to boost threat identification and enhance incident response proficiency. By integrating the capabilities of Shuffle with Wazuh, the solution offers an integrated and intelligent approach to detect and mitigate command and control attacks effectively. Through the orchestration of security tools, automation of repetitive tasks, and streamlined response workflows, the solution empowers security teams to combat sophisticated attacks with speed and efficiency. The effectiveness of the solution will be evaluated through rigorous testing and analysis, demonstrating its ability to provide advanced protection against command and control threats while optimising operational efficiency in SOCs. As a result of the experimental study conducted on the detection capabilities of Wazuh and the response automation provided by Shuffle, it was observed that the integration of these two technologies yielded positive outcomes. Wazuh demonstrated its effectiveness in detecting command and control C2 attacks, while Shuffle showcased its ability to automate incident response actions. Keywords: SOAR, SOC, automation, workflows. fr_FR
dc.language.iso en fr_FR
dc.publisher Université Blida 1 fr_FR
dc.subject SOAR fr_FR
dc.subject SOC fr_FR
dc.subject automation fr_FR
dc.subject workflows fr_FR
dc.title Command and control (C2) attack mitigation using SOAR fr_FR
dc.type Thesis fr_FR


Fichier(s) constituant ce document

Ce document figure dans la(les) collection(s) suivante(s)

Afficher la notice abrégée

Chercher dans le dépôt


Recherche avancée

Parcourir

Mon compte