Command and control (C&C) is the essential component of a botnet. In previous C&C using online social networks (OSNs), the botmasters identifiers are reversible. After a bot is analyzed, the botmasters accounts can be predicted in advance. Additionally, abnormal content from explicit commands may expose botmasters and raise anomalies on OSNs. To overcome these deficiencies, we proposed DeepC2, an AI-powered covert C&C method on OSNs. By leveraging neural networks, bots can find botmasters by avatars, which are converted into feature vectors and built into bots. Defenders cannot predict the botmasters accounts from the vectors in advance. Commands are embedded into normal contents (e.g., tweets and comments) using easy data augmentation and hash collision. Experiments on Twitter show that command-embedded contents can be generated efficiently, and bots can find botmasters and obtain commands accurately. Security analysis on different scenarios show that it is hard to predict the botmasters avatars. By demonstrating how AI may help promote covert communication on OSNs, this work provides a new perspective on botnet detection and confrontation.
Download