Cloud platform comparison for malware development

Cloud platform comparison for malware development

The cloud platforms such as AWS, Google Cloud or Azure are designed to cover most popular cases in terms of web development. They provide services that make it easy to create a new user based on his email address, provide tools for inter-service communication, tools to manage the access rights of di...

Täydet tiedot

Bibliografiset tiedot
Päätekijä: Janowski, Kamil
Muut tekijät: Informaatioteknologian tiedekunta, Faculty of Information Technology, Informaatioteknologia, Information Technology, Jyväskylän yliopisto, University of Jyväskylä
Aineistotyyppi: Pro gradu
Kieli:eng
Julkaistu: 2019
Aiheet:
botnet
CnC
backend
serverless
Google Cloud
Azure
Tietojenkäsittelytiede
Computer Science
601
kehittäminen
pilvipalvelut
haittaohjelmat
verkkopalvelut
development (active)
cloud services
malware
online services
Linkit: https://jyx.jyu.fi/handle/123456789/63823
_version_ 1826225752803115008
author Janowski, Kamil
author2 Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_facet Janowski, Kamil Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä Janowski, Kamil Informaatioteknologian tiedekunta Faculty of Information Technology Informaatioteknologia Information Technology Jyväskylän yliopisto University of Jyväskylä
author_sort Janowski, Kamil
datasource_str_mv jyx
description The cloud platforms such as AWS, Google Cloud or Azure are designed to cover most popular cases in terms of web development. They provide services that make it easy to create a new user based on his email address, provide tools for inter-service communication, tools to manage the access rights of different users. Malware and botnet development however is more of a corner case, where the client application running on the victim’s machine does not have an email address or a google account to authenticate itself and it does not run directly in the cloud, what can make it more difficult to manage the appropriate access rights. Also, the potential attacker may not want to write his own selfcontained service, since, especially when managing a large number of clients, it might be much cheaper to run the backend serverlessly. The big security companies always aim to lower the cost of development and maintenance of bots in order to provide their customers with their penetration expertise faster and cheaper. The paper collects he data through the compilation of scientific publications regarding the botnet architecture and communication, as well as technical documentations regarding each of the cloud platforms discussed in the paper. Additionally proofs of concept are implemented for each of the proposed architecture in order to verify the validity of the approach, as well as measure the performance of the proposed solution and uncover hidden costs related to running the application in the cloud. The following paper explores possible malware backend architectures for different cloud platforms, aiming to optimise the performance, minimize the development time while keeping the code easy to maintain and to minimize the execution cost. After implementing proofs of concept for the standalone server-based CnC application as well as serverless running on GCP, AWS and Azure, it has been concluded that Azure is in fact the best platform for this sort of implementation due to simplicity of the architecture as well as ease of the implementation, while halving the execution costs compared to the standalone approach.
first_indexed 2019-09-20T09:13:23Z
format Pro gradu
free_online_boolean 1
fullrecord [{"key": "dc.contributor.author", "value": "Janowski, Kamil", "language": "", "element": "contributor", "qualifier": "author", "schema": "dc"}, {"key": "dc.date.accessioned", "value": "2019-05-08T08:51:54Z", "language": null, "element": "date", "qualifier": "accessioned", "schema": "dc"}, {"key": "dc.date.available", "value": "2019-05-08T08:51:54Z", "language": null, "element": "date", "qualifier": "available", "schema": "dc"}, {"key": "dc.date.issued", "value": "2019", "language": "", "element": "date", "qualifier": "issued", "schema": "dc"}, {"key": "dc.identifier.uri", "value": "https://jyx.jyu.fi/handle/123456789/63823", "language": null, "element": "identifier", "qualifier": "uri", "schema": "dc"}, {"key": "dc.description.abstract", "value": "The cloud platforms such as AWS, Google Cloud or Azure are designed to cover most popular cases in terms of web development. They provide services that make it easy to create a new user based on his email address, provide tools for inter-service communication, tools to manage the access rights of different users. Malware and botnet development however is more of a corner case, where the client application running on the victim\u2019s machine does not have an email address or a google account to authenticate itself and it does not run directly in the cloud, what can make it more difficult to manage the appropriate access rights. Also, the potential attacker may not want to write his own selfcontained service, since, especially when managing a large number of clients, it might be much cheaper to run the backend serverlessly. The big security companies always aim to lower the cost of development and maintenance of bots in order to provide their customers with their penetration expertise faster and cheaper. The paper collects he data through the compilation of scientific publications regarding the botnet architecture and communication, as well as technical documentations regarding each of the cloud platforms discussed in the paper. Additionally proofs of concept are implemented for each of the proposed architecture in order to verify the validity of the approach, as well as measure the performance of the proposed solution and uncover hidden costs related to running the application in the cloud. \n \n\nThe following paper explores possible malware backend architectures for different cloud platforms, aiming to optimise the performance, minimize the development time while keeping the code easy to maintain and to minimize the execution cost. After implementing proofs of concept for the standalone server-based CnC application as well as serverless running on GCP, AWS and Azure, it has been concluded that Azure is in fact the best platform for this sort of implementation due to simplicity of the architecture as well as ease of the implementation, while halving the execution costs compared to the standalone approach.", "language": "en", "element": "description", "qualifier": "abstract", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Submitted by Paivi Vuorio (paelvuor@jyu.fi) on 2019-05-08T08:51:54Z\nNo. of bitstreams: 0", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.description.provenance", "value": "Made available in DSpace on 2019-05-08T08:51:54Z (GMT). No. of bitstreams: 0\n Previous issue date: 2019", "language": "en", "element": "description", "qualifier": "provenance", "schema": "dc"}, {"key": "dc.format.extent", "value": "64", "language": "", "element": "format", "qualifier": "extent", "schema": "dc"}, {"key": "dc.format.mimetype", "value": "application/pdf", "language": null, "element": "format", "qualifier": "mimetype", "schema": "dc"}, {"key": "dc.language.iso", "value": "eng", "language": null, "element": "language", "qualifier": "iso", "schema": "dc"}, {"key": "dc.rights", "value": "In Copyright", "language": "en", "element": "rights", "qualifier": null, "schema": "dc"}, {"key": "dc.subject.other", "value": "botnet", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "CnC", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "backend", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "serverless", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "Google Cloud", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.subject.other", "value": "Azure", "language": "", "element": "subject", "qualifier": "other", "schema": "dc"}, {"key": "dc.title", "value": "Cloud platform comparison for malware development", "language": "", "element": "title", "qualifier": null, "schema": "dc"}, {"key": "dc.type", "value": "master thesis", "language": null, "element": "type", "qualifier": null, "schema": "dc"}, {"key": "dc.identifier.urn", "value": "URN:NBN:fi:jyu-201905082488", "language": "", "element": "identifier", "qualifier": "urn", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Pro gradu -tutkielma", "language": "fi", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.type.ontasot", "value": "Master\u2019s thesis", "language": "en", "element": "type", "qualifier": "ontasot", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Informaatioteknologian tiedekunta", "language": "fi", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.faculty", "value": "Faculty of Information Technology", "language": "en", "element": "contributor", "qualifier": "faculty", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Informaatioteknologia", "language": "fi", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.department", "value": "Information Technology", "language": "en", "element": "contributor", "qualifier": "department", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "Jyv\u00e4skyl\u00e4n yliopisto", "language": "fi", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.contributor.organization", "value": "University of Jyv\u00e4skyl\u00e4", "language": "en", "element": "contributor", "qualifier": "organization", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Tietojenk\u00e4sittelytiede", "language": "fi", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "dc.subject.discipline", "value": "Computer Science", "language": "en", "element": "subject", "qualifier": "discipline", "schema": "dc"}, {"key": "yvv.contractresearch.funding", "value": "0", "language": "", "element": "contractresearch", "qualifier": "funding", "schema": "yvv"}, {"key": "dc.type.coar", "value": "http://purl.org/coar/resource_type/c_bdcc", "language": null, "element": "type", "qualifier": "coar", "schema": "dc"}, {"key": "dc.rights.accesslevel", "value": "openAccess", "language": null, "element": "rights", "qualifier": "accesslevel", "schema": "dc"}, {"key": "dc.type.publication", "value": "masterThesis", "language": null, "element": "type", "qualifier": "publication", "schema": "dc"}, {"key": "dc.subject.oppiainekoodi", "value": "601", "language": "", "element": "subject", "qualifier": "oppiainekoodi", "schema": "dc"}, {"key": "dc.subject.yso", "value": "kehitt\u00e4minen", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "pilvipalvelut", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "haittaohjelmat", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "verkkopalvelut", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "development (active)", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "cloud services", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "malware", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.subject.yso", "value": "online services", "language": null, "element": "subject", "qualifier": "yso", "schema": "dc"}, {"key": "dc.format.content", "value": "fulltext", "language": null, "element": "format", "qualifier": "content", "schema": "dc"}, {"key": "dc.rights.url", "value": "https://rightsstatements.org/page/InC/1.0/", "language": null, "element": "rights", "qualifier": "url", "schema": "dc"}, {"key": "dc.type.okm", "value": "G2", "language": null, "element": "type", "qualifier": "okm", "schema": "dc"}]
id jyx.123456789_63823
language eng
last_indexed 2025-02-18T10:54:47Z
main_date 2019-01-01T00:00:00Z
main_date_str 2019
online_boolean 1
online_urls_str_mv {"url":"https:\/\/jyx.jyu.fi\/bitstreams\/e8b8a4f7-d48b-4843-b5ce-08d993086784\/download","text":"URN:NBN:fi:jyu-201905082488.pdf","source":"jyx","mediaType":"application\/pdf"}
publishDate 2019
record_format qdc
source_str_mv jyx
spellingShingle Janowski, Kamil Cloud platform comparison for malware development botnet CnC backend serverless Google Cloud Azure Tietojenkäsittelytiede Computer Science 601 kehittäminen pilvipalvelut haittaohjelmat verkkopalvelut development (active) cloud services malware online services
title Cloud platform comparison for malware development
title_full Cloud platform comparison for malware development
title_fullStr Cloud platform comparison for malware development Cloud platform comparison for malware development
title_full_unstemmed Cloud platform comparison for malware development Cloud platform comparison for malware development
title_short Cloud platform comparison for malware development
title_sort cloud platform comparison for malware development
title_txtP Cloud platform comparison for malware development
topic botnet CnC backend serverless Google Cloud Azure Tietojenkäsittelytiede Computer Science 601 kehittäminen pilvipalvelut haittaohjelmat verkkopalvelut development (active) cloud services malware online services
topic_facet 601 Azure CnC Computer Science Google Cloud Tietojenkäsittelytiede backend botnet cloud services development (active) haittaohjelmat kehittäminen malware online services pilvipalvelut serverless verkkopalvelut
url https://jyx.jyu.fi/handle/123456789/63823 http://www.urn.fi/URN:NBN:fi:jyu-201905082488
work_keys_str_mv AT janowskikamil cloudplatformcomparisonformalwaredevelopment

Samankaltaisia teoksia