DeepC2: AI-powered Covert Botnet Command and Control on OSNs. (arXiv:2009.07707v4 [cs.CR] UPDATED)

Botnets are one of the major threats to computer security. In previous botnet
command and control (C&C) scenarios using online social networks (OSNs),
methods for addressing (e.g., IDs, links, or DGAs) are hardcoded into bots.
Once a bot is reverse engineered, the botmaster and C&C infrastructure will be
exposed. Additionally, abnormal content from explicit commands may expose
botmasters and raise anomalies on OSNs. To overcome these deficiencies, we
proposed DeepC2, an AI-powered covert C&C method on OSNs. By leveraging neural
networks, bots can find botmasters by avatars, which are converted into feature
vectors and embedded into bots. Adversaries cannot infer botmasters’ accounts
from the vectors. Commands are embedded into normal contents (e.g., tweets and
comments) using text data augmentation and hash collision. Experiments on
Twitter show that command-embedded contents can be generated efficiently, and
bots can find botmasters and obtain commands accurately. Security analysis on
different scenarios show that DeepC2 is robust and hard to be shut down. By
demonstrating how AI may help promote covert communication on OSNs, this work
provides a new perspective on botnet detection and confrontation.