Command & Control: Understanding, Denying and Detecting - A review of malware C2 techniques, detection and defences
This survey addresses cybersecurity challenges for practitioners by synthesizing existing knowledge on C2 attacks and defenses, but it is incremental as it reviews rather than proposes new solutions.
The paper reviews malware command and control (C2) techniques, detection methods, and defenses, mapping them to security controls to identify gaps and limitations in current practices.
In this survey, we first briefly review the current state of cyber attacks, highlighting significant recent changes in how and why such attacks are performed. We then investigate the mechanics of malware command and control (C2) establishment: we provide a comprehensive review of the techniques used by attackers to set up such a channel and to hide its presence from the attacked parties and the security tools they use. We then switch to the defensive side of the problem, and review approaches that have been proposed for the detection and disruption of C2 channels. We also map such techniques to widely-adopted security controls, emphasizing gaps or limitations (and success stories) in current best practices.