Papers
Topics
Authors
Recent
Detailed Answer
Quick Answer
Concise responses based on abstracts only
Detailed Answer
Well-researched responses based on abstracts and relevant paper content.
Custom Instructions Pro
Preferences or requirements that you'd like Emergent Mind to consider when generating responses
Gemini 2.5 Flash
Gemini 2.5 Flash 63 tok/s
Gemini 2.5 Pro 49 tok/s Pro
GPT-5 Medium 14 tok/s Pro
GPT-5 High 19 tok/s Pro
GPT-4o 100 tok/s Pro
Kimi K2 174 tok/s Pro
GPT OSS 120B 472 tok/s Pro
Claude Sonnet 4 37 tok/s Pro
2000 character limit reached

Discovering Command and Control Channels Using Reinforcement Learning (2401.07154v1)

Published 13 Jan 2024 in cs.CR and cs.LG

Abstract: Command and control (C2) paths for issuing commands to malware are sometimes the only indicators of its existence within networks. Identifying potential C2 channels is often a manually driven process that involves a deep understanding of cyber tradecraft. Efforts to improve discovery of these channels through using a reinforcement learning (RL) based approach that learns to automatically carry out C2 attack campaigns on large networks, where multiple defense layers are in place serves to drive efficiency for network operators. In this paper, we model C2 traffic flow as a three-stage process and formulate it as a Markov decision process (MDP) with the objective to maximize the number of valuable hosts whose data is exfiltrated. The approach also specifically models payload and defense mechanisms such as firewalls which is a novel contribution. The attack paths learned by the RL agent can in turn help the blue team identify high-priority vulnerabilities and develop improved defense strategies. The method is evaluated on a large network with more than a thousand hosts and the results demonstrate that the agent can effectively learn attack paths while avoiding firewalls.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (32)
  1. (2021) Mitre att&ck framework®. [Online]. Available: https://attack.mitre.org
  2. T. Cody, A. Rahman, C. Redino, L. Huang, R. Clark, A. Kakkar, D. Kushwaha, P. Park, P. Beling, and E. Bowen, “Discovering exfiltration paths using reinforcement learning with attack graphs,” arXiv preprint arXiv:2201.12416, 2022.
  3. R. Gangupantulu, T. Cody, A. Rahman, C. Redino, R. Clark, and P. Park, “Crown jewels analysis using reinforcement learning with attack graphs,” arXiv preprint arXiv:2108.09358, 2021.
  4. R. Schoemaker, R. Sandbrink, and G. van Voorthuijsen, “Intelligent route surveillance,” in Unattended Ground, Sea, and Air Sensor Technologies and Applications XI, E. M. Carapezza, Ed., vol. 7333, International Society for Optics and Photonics.   SPIE, 2009, pp. 83–90.
  5. R. Gangupantulu, T. Cody, P. Park, A. Rahman, L. Eisenbeiser, D. Radke, and R. Clark, “Using cyber terrain in reinforcement learning for penetration testing,” Submitted ACM ASIACCS 2022, 2021.
  6. T. T. Nguyen and V. J. Reddi, “Deep reinforcement learning for cyber security,” arXiv preprint arXiv:1906.05799, 2019.
  7. K. Sethi, E. Sai Rupesh, R. Kumar, P. Bera, and Y. Venu Madhav, “A context-aware robust intrusion detection system: a reinforcement learning-based approach,” International Journal of Information Security, vol. 19, no. 6, pp. 657–678, 2020.
  8. M. Lopez-Martin, B. Carro, and A. Sanchez-Esguevillas, “Application of deep reinforcement learning to intrusion detection for supervised problems,” Expert Systems with Applications, vol. 141, p. 112963, 2020.
  9. H. Alavizadeh, H. Alavizadeh, and J. Jang-Jaccard, “Deep q-learning based reinforcement learning approach for network intrusion detection,” Computers, vol. 11, no. 3, p. 41, 2022.
  10. M. Tavallaee, E. Bagheri, W. Lu, and A. A. Ghorbani, “A detailed analysis of the kdd cup 99 data set,” in 2009 IEEE symposium on computational intelligence for security and defense applications.   Ieee, 2009, pp. 1–6.
  11. C. Kolias, G. Kambourakis, A. Stavrou, and S. Gritzalis, “Intrusion detection in 802.11 networks: empirical evaluation of threats and a public dataset,” IEEE Communications Surveys & Tutorials, vol. 18, no. 1, pp. 184–208, 2015.
  12. J. P. McDermott, “Attack net penetration testing,” in Proceedings of the 2000 workshop on New security paradigms, 2001, pp. 15–21.
  13. M. Yousefi, N. Mtetwa, Y. Zhang, and H. Tianfield, “A reinforcement learning approach for attack graph analysis,” in 2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE).   IEEE, 2018, pp. 212–217.
  14. A. Chowdhary, D. Huang, J. S. Mahendran, D. Romo, Y. Deng, and A. Sabur, “Autonomous security analysis and penetration testing,” in 2020 16th International Conference on Mobility, Sensing and Networking (MSN).   IEEE, 2020, pp. 508–515.
  15. Z. Hu, R. Beuran, and Y. Tan, “Automated penetration testing using deep reinforcement learning,” in 2020 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW).   IEEE, 2020, pp. 2–10.
  16. D. Vikelich, D. Levin, and J. Lowry, “Architecture for cyber command and control: experiences and future directions,” in Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX’01, vol. 1.   IEEE, 2001, pp. 155–164.
  17. R. F. Erbacher, “Extending command and control infrastructures to cyber warfare assets,” in 2005 IEEE International Conference on Systems, Man and Cybernetics, vol. 4.   IEEE, 2005, pp. 3331–3337.
  18. M. Bernier, S. Leblanc, B. Morton, E. Filiol, and R. Erra, “Metrics framework of cyber operations on command and control,” in Proceedings of the 11th European Conference on Information Warfare and Security.   Laval, France. Academic Publishing International Ltd, 2012, pp. 53–62.
  19. M. Carvalho, T. C. Eskridge, L. Bunch, A. Dalton, R. Hoffman, J. M. Bradshaw, P. J. Feltovich, D. Kidwell, and T. Shanklin, “Mtc2: A command and control framework for moving target defense and cyber resilience,” in 2013 6th International Symposium on Resilient Control Systems (ISRCS).   IEEE, 2013, pp. 175–180.
  20. M. Carvalho, T. C. Eskridge, K. Ferguson-Walter, and N. Paltzer, “Mira: a support infrastructure for cyber command and control operations,” in 2015 Resilience Week (RWS).   IEEE, 2015, pp. 1–6.
  21. K. D. Willett, “Integrated adaptive cyberspace defense: Secure orchestration,” in Proc. Int. Command Control Res. Technol. Symp.(ICCRTS), 2015, pp. 1–13.
  22. A. Amro and V. Gkioulos, “From click to sink: Utilizing ais for command and control in maritime cyber attacks,” in European Symposium on Research in Computer Security.   Springer, 2022, pp. 535–553.
  23. V. Mavroeidis and J. Brule, “A nonproprietary language for the command and control of cyber defenses–openc2,” Computers & Security, vol. 97, p. 101999, 2020.
  24. S. F. Shetu, M. Saifuzzaman, N. N. Moon, and F. N. Nur, “A survey of botnet in cyber security,” in 2019 2nd International Conference on Intelligent Communication and Computational Techniques (ICCT).   IEEE, 2019, pp. 174–177.
  25. H. R. Zeidanloo and A. A. Manaf, “Botnet command and control mechanisms,” in 2009 Second International Conference on Computer and Electrical Engineering, vol. 1.   IEEE, 2009, pp. 564–568.
  26. C. J. C. H. Watkins, “Learning from delayed rewards,” 1989.
  27. V. Mnih, K. Kavukcuoglu, D. Silver, A. A. Rusu, J. Veness, M. G. Bellemare, A. Graves, M. Riedmiller, A. K. Fidjeland, G. Ostrovski et al., “Human-level control through deep reinforcement learning,” Nature, vol. 518, no. 7540, pp. 529–533, 2015.
  28. J. Schulman, F. Wolski, P. Dhariwal, A. Radford, and O. Klimov, “Proximal policy optimization algorithms,” arXiv preprint arXiv:1707.06347, 2017.
  29. J. Schulman, P. Moritz, S. Levine, M. Jordan, and P. Abbeel, “High-dimensional continuous control using generalized advantage estimation,” arXiv preprint arXiv:1506.02438, 2015.
  30. D. Dittrich and S. Dietrich, “Command and control structures in malware,” Usenix magazine, vol. 32, no. 6, 2007.
  31. “Nmap services,” https://svn.nmap.org/nmap/nmap-services.
  32. “cve-search,” https://github.com/cve-search/cve-search.
Citations (5)
View on Semantic Scholar
List To Do Tasks Checklist Streamline Icon: https://streamlinehq.com

Collections

Sign up for free to add this paper to one or more collections.

User Circle Single Streamline Icon: https://streamlinehq.com Sign Up

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now
Dice Question Streamline Icon: https://streamlinehq.com

Follow-Up Questions

We haven't generated follow-up questions for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Generate Now