Command and control (C&C) is the essential component of a botnet. In previous
C&C using online social networks (OSNs), the botmasters’ identifiers are
reversible. After a bot is analyzed, the botmaster’s accounts can be predicted
in advance. Additionally, abnormal content from explicit commands may expose
botmasters and raise anomalies on OSNs. To overcome these deficiencies, we
proposed DeepC2, an AI-powered covert C&C method on OSNs. By leveraging neural
networks, bots can find botmasters by avatars, which are converted into feature
vectors and built into bots. Defenders cannot predict the botmaster’s accounts
from the vectors in advance. Commands are embedded into normal contents (e.g.,
tweets and comments) using easy data augmentation and hash collision.
Experiments on Twitter show that command-embedded contents can be generated
efficiently, and bots can find botmasters and obtain commands accurately.
Security analysis on different scenarios show that it is hard to predict the
botmaster’s avatars. By demonstrating how AI may help promote covert
communication on OSNs, this work provides a new perspective on botnet detection
and confrontation.

