DeepC2: AI-powered Covert Botnet Command and Control on OSNs

Botnets are one of the major threats to computer security. In previous botnet command and control (C&C) scenarios using online social networks (OSNs), methods for addressing (e.g., IDs, links, or DGAs) are hardcoded into bots. Once a bot is reverse engineered, the botmaster and C&C infrastructure will be exposed. Additionally, abnormal content from explicit commands may expose botmasters and raise anomalies on OSNs. To overcome these deficiencies, we proposed DeepC2, an AI-powered covert C&C method on OSNs. By leveraging neural networks, bots can find botmasters by avatars, which are converted into feature vectors and embedded into bots. Adversaries cannot infer botmasters' accounts from the vectors. Commands are embedded into normal contents (e.g., tweets and comments) using text data augmentation and hash collision. Experiments on Twitter show that command-embedded contents can be generated efficiently, and bots can find botmasters and obtain commands accurately. Security analysis on different scenarios show that DeepC2 is robust and hard to be shut down. By demonstrating how AI may help promote covert communication on OSNs, this work provides a new perspective on botnet detection and confrontation.