Publication

Abstract : Command and Control (C2) agents are a criti-cal component of many cyberattacks, enabling adversaries to maintain covert control over compromised systems. In recent years, attackers have increasingly leveraged real-world applications, such as social media and collaborative platforms, as C2 channels to evade detection. This paper proposes a behavioural-based network-level filtering approach to enhance cybersecurity defences against these threats. The suggested method includes creating a way to look at network traffic and find patterns and oddities that point to C2 agent activity, as well as setting up network-level filtering to spot malicious traffic and attempts to communicate from C2 agents. This network-level filtering approach aims to provide a proactive and effective defence against C2 attacks, particularly those utilising non-traditional communication channels. Initial results, obtained through testing a Random Forest model on real-world traffic, demonstrate promising outcomes, with the model successfully distinguishing between benign and malicious activities.