Real-Time Detection of Command-and-Control Communications Using Deep Learning Models

Abstract

Increasingly advanced cyber threats pose a challenge for cybersecurity professionals, and C2 communications detection and prevention remain an extremely critical issue. Polymorphic malware and encrypted channels support modern adversaries in stealthy control of compromised systems. Redundant signature-based detection cannot be effective in those cases. Therefore, in this paper, we present a novel framework based on deep learning and real-time classification for malicious C2 traffic detection. More specifically, an MLP model is trained with a custom-designed dataset of network traffic to efficiently discriminate between legitimate traffic and allegedly malicious C2 packets. In addition to the MLP, there is also a real-time classification system based on behavioral analysis of SSL certificates and Nmap script outputs in order to reveal Metasploit and Cobalt Strike threat types. Extensive testing of self-collected data validates the excellent performance of the detection innovation with 99% detection rate of C2 threats and 99.9% correct classification in specific frameworks. Behavioral assessments and deep learning come together to form a powerful and scalable defense against a new breed of cyber threat.