A Novel User Behavior Emulation System for Cloud Applications and its Applicability to Adversary Emulation.

In recent years, cyberattacks targeting cloud applications have significantly increased in both frequency and financial damage. To help secure cloud deployments, different vendors, including Cisco, have started proposing Cloud Native Application Protection Platforms. One of the most advanced features of these platforms is the automatic detection of threats based on behavior analysis and telemetry collection from different sources. In this context, the ability of automatically generating realistic workload on cloud applications becomes paramount for the development, enhancement, and testing of these data-driven functionalities. For this purpose, a system able to emulate a significant number of legitimate users and a malicious actor is required. However, current solutions either scale well or accurately reproduce user behavior but fail to do both. Furthermore, they only slightly address the intended purpose. The goal of this thesis work is to develop a general-purpose solution to model the behavior of legitimate users interacting with a cloud application. Subsequently, it proposes an accurate and scalable system to perform emulation. Finally, the project assesses the emulator’s ability to also mimic the actions of a malicious actor.