A strong cyber defense system should be able to detect, monitor, and promptly leverage defence mechanisms to the cyber threats including evolving and intelligent attacks Hou et al. [2020], Brundage et al. [2018], Jang-Jaccard and Nepal [2014], Camp et al. [2019]. However, traditional defensive techniques cannot avoid the novel and evolving attacks which can leverage AI technology to plan and launch various attacks. AI-powered attacks can be categorized based on AI-aided and AI-embedded attacks. AI-aided attacks are those that leverage AI to launch the attacks effectively. In this type, the intelligent attackers use AI techniques. However, in AI-embedded attacks, the threats are weaponized by AI themselves such as Deep locker Stoecklin [2018] while in the AI-aided attacks, the attackers could launch various AI-based techniques to detect and recognize the target network, vulnerabilities, and valuable targets Kaloudi and Li [2020]. In fact, they utilize various AI techniques as a tool for various purposes. In Kaloudi and Li [2020], the authors investigated the AI-powered cyber attacks and mapped them onto a proposed framework with new threats including the classification of several aspects of threats that use AI during the cyber-attack life cycle.

Botnet is one of the major threats to computer security. In previous botnet command and control (C&C) scenarios using online social networks (OSNs), methods for finding botmasters (e.g. ids, links, DGAs, etc.) are hardcoded into bots. Once a bot is reverse engineered, botmaster is exposed. Meanwhile, abnormal contents from explicit commands may expose botmaster and raise anomalies on OSNs. To overcome these deficiencies, we propose an AI-powered covert C&C channel. On leverage of neural networks, bots can find botmasters by avatars, which are converted into feature vectors. Commands are embedded into normal contents (e.g. tweets, comments, etc.) using text data augmentation and hash collision. Experiment on Twitter shows that the command-embedded contents can be generated efficiently, and bots can find botmaster and obtain commands accurately. By demonstrating how AI may help promote a covert communication on OSNs, this work provides a new perspective on botnet detection and confrontation.

A bot is a piece of software that is usually installed on an infected machine without the user's knowledge. A bot is controlled remotely by the attacker under a Command and Control structure. Recent statistics show that bots represent one of the fastest growing threats to our network by performing malicious activities such as email spamming or keylogging. However, few bot detection techniques have been developed to date. In this paper, we investigate a behavioural algorithm to detect a single bot that uses keylogging activity. Our approach involves the use of function calls analysis for the detection of the bot with a keylogging component. Correlation of the frequency of a specified time-window is performed to enhance he detection scheme. We perform a range of experiments with the spybot. Our results show that there is a high correlation between some function calls executed by this bot which indicates abnormal activity in our system.