In the continuously evolving cybersecurity landscape, simultaneously emerging threats create significant risks to the stability of the global economy due to systems breaches. This disruptive environment of technological advances poses many challenges ahead. The North Atlantic Defence Innovation Acceleration Initiative (DIANA) has been launched by NATO as a strategic countermeasure. The creation of such a defence mechanism requires a thorough examination of the Command and Control (C2) systems used by corporations such as Google, Microsoft, Amazon, etc. C2 is a key component in cybersecurity that controls malware operations and cyberattack campaigns for training and testing cyber defence teams and tools. These corporations have specialised penetration testing departments, known as Red Team (RT), responsible for identifying and addressing security vulnerabilities in advance to prevent hackers from exploiting them. While offensive (RT) cybersecurity aims to identify vulnerabilities, defensive cybersecurity, known as Blue Team (BT), specialists focus on building and maintaining resilient systems designed to prevent, detect, and respond to vulnerabilities.

In the context of growing threats, the development of cyber defensive mechanisms based on Machine Learning (ML), a branch of Artificial Intelligence (AI), is encouraged. Company Palo Alto Networks used ML to create world’s first ML-Powered Next Generation Firewall, empowering companies to stay ahead of unknown threats. For the evaluation of new technologies, it is necessary to develop a C2 framework capable of generating and exploiting obfuscated ethical malware based on ML to identify new technology vulnerabilities. Malware obfuscation is understood as operations that make the code difficult to detect or understand, but do not change the way the code works.

C2 frameworks are essential for simulating proper Advanced Persistence Threats (APT’s) in a controlled environment and can create dynamic and evolving threat scenarios. C2 frameworks enable penetration testers and RT operators to test the readiness and effectiveness of detection tools such as intrusion detection/prevention systems and antivirus.

There are no C2 frameworks that use ML techniques for evasion. However, there are a few examples where ML was used for automating penetration testing as a vulnerability analysis tool. Lore or CALDERA is known for using ML to automate vulnerability analysis and exploitation tasks. Adversarial ML (AML) techniques, such as generative adversarial networks and genetic algorithms, have been used to obfuscate malware, with promising results. However, there are no known examples of this being implemented in a functioning C2 framework.

The ambition of the project is to contribute to the development of the world’s first C2 system for significantly improving the field of cybersecurity by incorporating adversarial ML methods into the C2 frameworks.

The novelty of the project will be manifested in several respects:

• Advancing cybersecurity systems: Developing and integrating a sophisticated C2 framework enhanced by ML-based obfuscation and evasion.
• Enhancing skill proficiency in cybersecurity experts: Improved C2 framework could create ML-assisted obfuscation and evasion techniques in ethical malware to provide a more effective training environment.
• Advancement in the ML field: The practical approach of this project might provide valuable insights for future researchers in the field of ML implementations for enhancing cybersecurity.

The project aims to develop an adversarial machine learning-enhanced command and control framework which generates ethical malware to conduct offensive cybersecurity engagements, providing essential and realistic training for cybersecurity experts.

This project has received funding from the Research Council of Lithuania (LMTLT), agreement No S-MIP-24-116.