Authors : Aman Dekate; Dev Mulchandani; Dr. Sampada Wazalwar; Chinmay Rahangdale; Gaurav Choudhari; Swati Tiwari

Volume/Issue : Volume 10 - 2025, Issue 4 - April

---

Google Scholar : https://tinyurl.com/5j84dw7h

Scribd : https://tinyurl.com/468znx3w

DOI : https://doi.org/10.38124/ijisrt/25apr1891

Google Scholar

Note : A published paper may take 4-5 working days from the publication date to appear in PlumX Metrics, Semantic Scholar, and ResearchGate.

Note : Google Scholar may take 15 to 20 days to display the article.

---

Abstract : This research paper delves into the problematic architecture of HTTP/HTTPS-based Command and Control (C2) servers, a pivotal aspect in present day cyberattacks. We look at the strategies hired with the aid of C2 serversto set up covert communication channels, evade detection, and keep control over compromised systems. The paper explores the function of cloud-primarily based infrastructure in improving the scalability and resilience of C2 servers, while also discussing the challenges it poses for cybersecurity specialists. By understanding the mechanisms and strategies hired by way of C2 servers, we aim to make contributions to the development of extra effective defense mechanisms and mitigate the impact of cyber threats.

References :

1. X. Guo, G. Cheng, Y. Hu and M. Dai, "Progress in Command and Control Server Finding Schemes of Botnet," 2016 IEEE Trustcom/BigDataSE/ISPA, Tianjin,                China, 2016, pp. 1723-1727, doi: 10.1109/TrustCom.2016.0264.
2. D. Jakovljevic, J. Balen and K. Vidović, "Integration of traffic and travel data exchange in command and control platform," 2016 International Conference on Smart Systems and Technologies (SST), Osijek, Croatia, 2016,     pp. 281-286, doi: 10.1109/SST.2016.7765674.
3. R. Pitsko and D. Verma, "System of System case study - why the network centric command and control system needed to change: Lessons from army command and control in Operation Iraqi Freedom," 2011 6th International Conference on System of Systems Engineering, Albuquerque, NM, USA,2011,pp.335-340, doi:10.1109/SYSOSE.2011.5966620.
4. E. Răduca, L. Nistor, C. Hatiegan, M. Răduca, I. Pădureanu and S. Drăghici, "Web server for command, control and monitoring of industrial equipment," 2015 9th International Symposium on Advanced Topics in Electrical Engineering (ATEE), Bucharest, Romania, 2015, pp. 61-66, doi: 10.1109/ATEE.2015.7133673.
5. F. F. Etemad and P. Vahdani, "Real-time Botnet command and control characterization at the host level," 6th International Symposium on Telecommunications (IST), Tehran, Iran, 2012, pp. 1005-1009, doi: 10.1109/ISTEL.2012.6483133.
6. Y. Chen, J. Wang, Y. Zhang, W. Cai and Y. Li, "Multitasking Command and Control System of Equipment Test Based on Virtual Machine Platform," 2020 5th International Conference on Computer and Communication Systems (ICCCS), Shanghai, China, 2020, pp. 972-976, doi:10.1109/ICCCS49078.2020.9118496.
7. R. Eltomy and W. Lalouani, "Explainable Intrusion Detection in Industrial Control Systems," 2024 IEEE 7th International Conference on Industrial Cyber-Physical Systems (ICPS), St. Louis, MO, USA, 2024, pp. 1-8, doi: 10.1109/ICPS59941.2024.10640024.
8. F. Mira, "An investigation of malware and the systems used to detect and identify malware," 2024 IEEE 7th International Conference on Advanced Technologies, Signal and Image Processing (ATSIP), Sousse, Tunisia, 2024, pp. 1-8, doi:10.1109/ATSIP62566.2024.10638878.
9. G. Grieco, D. Striccoli, G. Piro, R. Bolla, G. Boggia and L. A. Grieco, "Authentication and Authorization in Cyber-Security Frameworks: a Novel Approach for Securing Digital Service Chains," 2022 IEEE 8th International Conference on Network Softwarization (NetSoft), Milan, Italy, 2022, pp. 468-473, doi: 10.1109/NetSoft54395.2022.9844030.
10. Sunoj and B. V. Sherif, "Varying Encryption Scheme: An Innovative Approach to Legacy Data Security," 2023 Annual International Conference on Emerging Research Areas: International Conference on Intelligent Systems (AICERA/ICIS), Kanjirapally, India, 2023, pp. 1-5, doi: 10.1109/AICERA/ICIS59538.2023.10420200
11. Haider, R.Z., Aslam, B., Abbas, H. et al.C2-Eye:framework for detecting command and control (C2) connection of supply chain attacks. Int. J. Inf. Secur. 23, 2531–2545 (2024).
12. F. Sadique and S. Sengupta, “Analysis of Attacker Behavior in Compromised Hosts During Command and Control, “ICC 2021 - IEEE International Conference on Communications, Montreal, QC, Canada, 2021, pp. 1-7, doi: 10.1109/ ICC42927.2021.9500859.
13. F. Dang, L. Yan and Y. Yang, “Research on Intelligent Centralized System Based on Security Architecture of Computer Cloud Security Protection,” 2023 IEEE 3rd International Conference on Electronic Technology, Communication and Information (ICETCI), Changchun, China, 2023, pp. 1281-1285, doi: 10.1109/ICETCI57876.2023.10176977.
14. N.Kaur and M. Singh, “Botnet and botnet detection techniques in cyber realm, “ 2016 International Conference on Inventive Computation Technologies (ICTCT), Coimbatore, India, 2016, pp. 1-7, doi:10.1109/INVENTIVE.2016.7830080.
15. S. Ramezany, R. Setthawong and T. Tanprasert, “A Machine Learning-based Malicious Payload Detection and Classification Framework for New Web Attacks,” 2022 19th International Conference on Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology(ECTI-CON), Prachuap Khiri, Thailand, 2022, pp. 1-4, doi: 10.1109/ECTI-CON54298.2022.9795455.