Contents
Academic literature on the topic 'Command-and-Control (C2) Servers'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the lists of relevant articles, books, theses, conference reports, and other scholarly sources on the topic 'Command-and-Control (C2) Servers.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Journal articles on the topic "Command-and-Control (C2) Servers"
1
Radunovic, Vladimir, and Mladen Veinovic. "Malware command and control over social media: Towards the server-less infrastructure." Serbian Journal of Electrical Engineering 17, no. 3 (2020): 357–75. http://dx.doi.org/10.2298/sjee2003357r.
Full textAbstract:
Intrusions into the computer systems are becoming increasingly sophisticated. Command and Control (C2) infrastructure, which enables attackers to remotely control infected devices, is a critical component. Malware is set to connect to C2 servers to receive commands and payloads, or upload logs or stolen files. Since techniques for detecting traditional C2 servers are also advancing, attackers look for ways to make C2 communication stealth and resilient. Increasingly, they hide C2 communications in plain sight, in particular on social media and other cloud-based public services. In this paper, we identify several emerging trends in the use of social media for C2 communications by providing a review of the existing research, discuss how attackers could combine these trends in the future to create a stealth and resilient server-less C2 model, look at possible defence aspects, and suggest further research.
2
Umar, Rusydi, Imam Riadi, and Ridho Surya Kusuma. "Analysis of Conti Ransomware Attack on Computer Network with Live Forensic Method." IJID (International Journal on Informatics for Development) 10, no. 1 (2021): 53–61. http://dx.doi.org/10.14421/ijid.2021.2423.
Full textAbstract:
Ransomware viruses have become a dangerous threat increasing rapidly in recent years. One of the variants is Conti ransomware that can spread infection and encrypt data simultaneously. Attacks become a severe threat and damage the system, namely by encrypting data on the victim's computer, spreading it to other computers on the same computer network, and demanding a ransom. The working principle of this Ransomware acts by utilizing Registry Query, which covers all forms of behavior in accessing, deleting, creating, manipulating data, and communicating with C2 (Command and Control) servers. This study analyzes the Conti virus attack through a network forensic process based on network behavior logs. The research process consists of three stages, the first stage is simulating attacks on the host computer, the second stage is carrying network forensics by using live forensics methods, and the third stage is analysing malware by using statistical and dynamic analysis. The results of this study provide forensic data and virus behavior when running on RAM and computer networks so that the data obtained makes it possible to identify ransomware traffic on the network and deal with zero-day, especially ransomware threats. It is possible to do so because the analysis is an initial step in generating virus signatures based on network indicators.
3
Syeda, Durre Zehra, and Mamoona Naveed Asghar. "Dynamic Malware Classification and API Categorisation of Windows Portable Executable Files Using Machine Learning." Applied Sciences 14, no. 3 (2024): 1015. http://dx.doi.org/10.3390/app14031015.
Full textAbstract:
The rise of malware attacks presents a significant cyber-security challenge, with advanced techniques and offline command-and-control (C2) servers causing disruptions and financial losses. This paper proposes a methodology for dynamic malware analysis and classification using a malware Portable Executable (PE) file from the MalwareBazaar repository. It suggests effective strategies to mitigate the impact of evolving malware threats. For this purpose, a five-level approach for data management and experiments was utilised: (1) generation of a customised dataset by analysing a total of 582 malware and 438 goodware samples from Windows PE files; (2) feature extraction and feature scoring based on Chi2 and Gini importance; (3) empirical evaluation of six state-of-the-art baseline machine learning (ML) models, including Logistic Regression (LR), Support Vector Machine (SVM), Naive Bayes (NB), Random Forest (RF), XGBoost (XGB), and K-Nearest Neighbour (KNN), with the curated dataset; (4) malware family classification using VirusTotal APIs; and, finally, (5) categorisation of 23 distinct APIs from 266 malware APIs. According to the results, Gini’s method takes a holistic view of feature scoring, considering a wider range of API activities. The RF achieved the highest precision of 0.99, accuracy of 0.96, area under the curve (AUC) of 0.98, and F1-score of 0.96, with a 0.93 true-positive rate (TPR) and 0.0098 false-positive rate (FPR), among all applied ML models. The results show that Trojans (27%) and ransomware (22%) are the most risky among 11 malware families. Windows-based APIs (22%), the file system (12%), and registry manipulation (8.2%) showcased their importance in detecting malicious activity in API categorisation. This paper considers a dual approach for feature reduction and scoring, resulting in an improved F1-score (2%), and the inclusion of AUC and specificity metrics distinguishes it from existing research (Section Comparative Analysis with Existing Approaches). The newly generated dataset is publicly available in the GitHub repository (Data Availability Statement) to facilitate aspirant researchers’ dynamic malware analysis.
4
Chatzoglou, Efstratios, and Georgios Kambourakis. "C3: Leveraging the Native Messaging Application Programming Interface for Covert Command and Control." Future Internet 17, no. 4 (2025): 172. https://doi.org/10.3390/fi17040172.
Full textAbstract:
Traditional command and control (C2) frameworks struggle with evasion, automation, and resilience against modern detection techniques. This paper introduces covert C2 (C3), a novel C2 framework designed to enhance operational security and minimize detection. C3 employs a decentralized architecture, enabling independent victim communication with the C2 server for covert persistence. Its adaptable design supports diverse post-exploitation and lateral movement techniques for optimized results across various environments. Through optimized performance and the use of the native messaging API, C3 agents achieve a demonstrably low detection rate against prevalent Endpoint Detection and Response (EDR) solutions. A publicly available proof-of-concept implementation demonstrates C3’s effectiveness in real-world adversarial simulations, specifically in direct code execution for privilege escalation and lateral movement. Our findings indicate that integrating novel techniques, such as the native messaging API, and a decentralized architecture significantly improves the stealth, efficiency, and reliability of offensive operations. The paper further analyzes C3’s post-exploitation behavior, explores relevant defense strategies, and compares it with existing C2 solutions, offering practical insights for enhancing network security.
5
Harini, Mrs K. "Command and Control Traffic Detection and Mitigation in Botnet Driven Networks." International Journal for Research in Applied Science and Engineering Technology 13, no. 3 (2025): 1038–43. https://doi.org/10.22214/ijraset.2025.67486.
Full textAbstract:
In the evolving landscape of cybersecurity, the threat of hackers exploiting system vulnerabilities remains a persistent challenge. The cyber kill chain outlines the series of steps attackers follow to infiltrate and compromise systems. A critical phase in this chain involves the establishment of a Command and Control (C2) server, through which malicious actors maintain control over the compromised systems and transfer beacons to exfiltrate information. This project introduces a novel technique aimed at disrupting the cyber kill chain by detecting and mitigating the establishment of C2 paths by using scanning tools. By integrating a proactive detection mechanism, the system identifies attempts to establish C2 communication channels in real-time. Upon detection, a dialogue box is immediately triggered, alerting the user to the suspicious activity. The user is then prompted to provide authentication via biometric verification or password entry, adding an additional layer of security. This approach not only enhances the detection capabilities of the system but also empowers users to take timely action, thereby preventing unauthorized data transfer to attackers. The project’s implementation focuses on developing a code module that seamlessly integrates with existing security frameworks, providing a robust defense against advanced persistent threats (APTs) and significantly reducing the risk of successful cyber intrusions.
6
Berman, Daniel S. "DGA CapsNet: 1D Application of Capsule Networks to DGA Detection." Information 10, no. 5 (2019): 157. http://dx.doi.org/10.3390/info10050157.
Full textAbstract:
Domain generation algorithms (DGAs) represent a class of malware used to generate large numbers of new domain names to achieve command-and-control (C2) communication between the malware program and its C2 server to avoid detection by cybersecurity measures. Deep learning has proven successful in serving as a mechanism to implement real-time DGA detection, specifically through the use of recurrent neural networks (RNNs) and convolutional neural networks (CNNs). This paper compares several state-of-the-art deep-learning implementations of DGA detection found in the literature with two novel models: a deeper CNN model and a one-dimensional (1D) Capsule Networks (CapsNet) model. The comparison shows that the 1D CapsNet model performs as well as the best-performing model from the literature.
7
Topçu, Okan, and Levent Yilmaz. "Rapid prototyping of cognitive agent simulations using C-BML transformations." Journal of Defense Modeling and Simulation: Applications, Methodology, Technology 17, no. 2 (2019): 155–73. http://dx.doi.org/10.1177/1548512919860222.
Full textAbstract:
Simulating battle management is an essential technique used in planning and mission rehearsal as well as training. Simulation development costs tend to be high due to the complexity of cognitive system architectures in such applications. Due to this complexity, it takes significant effort for a simulation developer to comprehend the problem domain enough to capture accurately in a simulation code. Domain-specific languages (DSL) play an important role in narrowing the communication gap between the domain user and the developer and hence facilitate rapid development. In command and control (C2) applications, the coalition battle management language (C-BML) serves as a DSL for exchanging battle information among C2 systems, simulations, and autonomous elements. In this article, we use a rapid prototyping framework for cognitive agents and demonstrate deployment of agent systems by adopting the model driven engineering approach. To this end, we extend the use of C-BML and automatically transform it in a cognitive agent model, which is then used for adaptive decision making at runtime. As a result, during a simulation run, it is possible to initialize and modify an agent’s goal reasoning model. The cognitive agent models are based on the deliberative coherence theory, which provides a goal reasoning system in terms of coherence-driven agents.
8
Obriadin, V., S. Horielyshev, and О. Bondarenko. "PROBLEM QUESTIONS OF CREATION AND USE OF AUTOMATED EDUCATIONAL COMMAND POST IN THE EDUCATIONAL PROCESS OF HIGHER EDUCATIONAL INSTITUTIONS." Scientific journal of the National Academy of National Guard "Honor and Law" 2, no. 85 (2023): 36–44. http://dx.doi.org/10.33405/2078-7480/2023/2/85/282531.
Full textAbstract:
The most important reserve for increasing the effectiveness of the military management activities of the commander and headquarters of the unit in the preparation of combined arms combat is to provide the command and control body with more complete, reliable and operational information about the situation and conditions of hostilities and, on this basis, conduct high-quality and quick analysis to form a plan of action, get ahead of the enemy and achieving surprise. A promising way to improve the process of military decision-making by command and control units is the introduction of a decision support system. The decision support system is the central component of the automated command and control system that adequately reflects the real conditions, means of armed struggle and takes into account the laws of their functioning and mutual relations between them. The article deals with the issues of creating and introducing into the educational process an automated training command post for command and control of troops and subunits. On the basis of the simulation class of the academy, a project of an automated TCP control unit (subdivision) was developed, which makes it possible to automatically reproduce the process of making a military decision by G/S-structural units of the headquarters of a military formation according to NATO standards in an automated mode using a PC-based workstation. It is proposed to build a local network using a mixed type topology: "ring" and "passive star". Such a network structure simplifies the procedure for increasing the number of workstations and facilitates the maintenance and operation of the TCP. The composition of the tactical control unit includes a server, workstations of officers of the structural divisions of the headquarters, multi-channel communication consoles and an interactive whiteboard. The minimum requirements for the proposed network architecture are substantiated. It is shown that a geographic information system is a necessary component of the automated workplace, which implements a full set of functions for working with geodata necessary for a military command and control body. This was done on the basis of the Arc View GIS software package version 3.3. The list of capabilities of the proposed hardware-software complex of the TCP allows us to assert that this complex meets the requirements of at least a class C2 automated control system. The benefits of the implementation of the TCP are in the growth of the volume of information that the staff officers analyze, the high quality and reliability of the data, the comprehensive validity of the conclusions and proposals made, the reduction in the time spent on assessing the situation and making informed rational decisions throughout all seven stages of the standardized MDMP process.
9
Dekate, Aman, Dev Mulchandani, Sampada Wazalwar, Chinmay Rahangdale, Gaurav Choudhari, and Swati Tiwari. "Development of Command and Control Server (C2 Server)." International Journal of Innovative Science and Research Technology, May 14, 2025, 3456–62. https://doi.org/10.38124/ijisrt/25apr1891.
Full textAbstract:
This research paper delves into the problematic architecture of HTTP/HTTPS-based Command and Control (C2) servers, a pivotal aspect in present day cyberattacks. We look at the strategies hired with the aid of C2 serversto set up covert communication channels, evade detection, and keep control over compromised systems. The paper explores the function of cloud-primarily based infrastructure in improving the scalability and resilience of C2 servers, while also discussing the challenges it poses for cybersecurity specialists. By understanding the mechanisms and strategies hired by way of C2 servers, we aim to make contributions to the development of extra effective defense mechanisms and mitigate the impact of cyber threats.
10
OSTAP, Hubert, and Ryszard ANTKIEWICZ. "BotTROP: Detection of a Botnet-based Threat using Novel Data Mining Algorithm." Communications of the IBIMA, February 8, 2022, 1–21. http://dx.doi.org/10.5171/2022.156851.
Full textAbstract:
Nowadays botnet-based threat, such as ransomwares, trojans and botnets per se, is still very dangerous for our privacy and data. Depending on their management architecture (centralized, decentralized, hybrid), they could be controlled from single or multi point servers called Command&Control (C2), what makes them very difficult to detect and mitigate before malicious action takes place.
Dissertations / Theses on the topic "Command-and-Control (C2) Servers"
1
Nakamura, Yuki, and Björn Åström. "Scanning and Host Fingerprinting Methods for Command and Control Server Detection." Thesis, Blekinge Tekniska Högskola, Institutionen för datavetenskap, 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-21768.
Full textAbstract:
Background. Detecting malware command and control infrastructure has impor-tant applications for protecting against attacks. Much research has focused on thisproblem, but a majority of this research has used traffic monitoring methods fordetection. Objectives. In this thesis we explore methods based on network scanning and active probing, where detection is possible before an attack has begun, in theory resulting in the ability to bring the command and control server down preemptively. Methods. We use network scanning to discover open ports which are then fed into our probing tool for protocol identification and data gathering. Fingerprinting is performed on the open ports and running services of each host.We develop two methods for fingerprinting and classification of hosts. The first method uses a machine learning algorithm over the open ports and probe data, while the other computes distance scores between hosts. We compare these methods to the new but established JARM method for host fingerprinting, as well as to two other simple methods. Results. Our findings suggest that our general active probing method is feasible for use in detecting command and control infrastructure, but that the results vary strongly depending on the malware family, with certain malware families providing much better results than others. Conclusions. We end with discussions on the limitations of our methods and how they can be improved, as well as bring up our opinions on the potential for future work in this area.<br>Bakgrund. Att kunna upptäcka command-and-control-infrastruktur kopplad till malware har viktiga tillämpningar för syftet att skydda mot attacker. Mycket forskning existerar som fokuserar på detta problem, men en majoritet använder metoder baserade på trafikmonitorering. Syfte. I denna uppsats utforskar vi istället metoder baserade på scanning och probing av nätverk, genom vilka detektering är möjlig innan en attack har ägt rum, med fördelen att en command-and-control-server i teorin kan tas ner förebyggande. Metod. Vi använder nätverks-scanning för att upptäcka öppna portar vilka matas in i vårt probing-verktyg som sedan utför protokoll-identifiering och datainsamling. Vi skapar ett fingeravtryck av varje server från de öppna portarna och de hostade tjänsterna. Två metoder för klassifiering av servrar togs fram. Den första metoden använder en maskininlärningsalgoritm över de öppna portarna och probe-datan, medan den andra beräknar en distans mellan två servrar. Vi jämför dessa metoder med den nya men etablerade JARM-metoden, som tar fram fingeravtryck av servrar från TLS-data, samt med två andra, simplare metoder. Resultat. Våra upptäckter visar att vår metod, som bygger på generell, aktiv probing är möjlig att använda för detektering av command-and-control-infrastruktur, men att resultaten varierar kraftigt beroende på malware-familj, där vissa familjer erbjuder mycket bättre resultat än andra. Slutsatser. Vi avslutar med att diskutera begränsningar i våra metoder och hur dessa kan förbättras, samt tar upp våra åsikter om potentialen för framtida forskning inom detta område.