Peer-to-Peer Botnet Investigation: A Review

  • Mark ScanlonEmail author
  • Tahar Kechadi
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 179)


Botnets have become the tool of choice to conduct a number of online attacks, e.g., distributed denial of service (DDoS), malware distribution, email spamming, phishing, advertisement click fraud, brute-force password attacks, etc. Criminals involved in conducting their craft online all share one common goal; not to get caught. Botnet design, as a result, has moved away from the traditional, more traceable and easily blocked client/server paradigm towards a decentralized Peer-to-Peer (P2P) based communication system. P2P Internet communication technologies lend themselves well to be used in the world of botnet propagation and control due to the level of anonymity they award to the botmaster. For the cybercrime investigator, identifying the perpetrator of these P2P controlled crimes has become significantly more difficult. This paper outlines the state-of-the-art in P2P botnet investigation.


Active Node Distribute Hash Table Proxy Server Infected Node Client Machine 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Zhu, Z., Lu, B., Liao, P., Liu, C., Cui, X.: A hierarchical hybrid structure for botnet control and command. In: Proceedings of 32nd Annual IEEE International Conference on Computer Software and Applications, pp. 967–972 (2008)Google Scholar
  2. 2.
    Rajab, M., Zarfoss, J., Monrose, F., Terzis, A.: My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging. In: Proceedings of the First USENIX Workshop on Hot Topics in Understanding Botnets (HotBots 2007), p. 5 (2007)Google Scholar
  3. 3.
  4. 4.
  5. 5.
    Jimenez, R., Osmani, F., Knutsson, B.: Towards automated detection of peer-to-peer botnets: on the limits of local approaches. In: Proceedings of the 2nd USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, p. 3 (2009)Google Scholar
  6. 6.
    Dittrich, D., Dietrich, S.: Discovery techniques for P2P botnets. CS Technical Report 2008–4, Stevens Institute of Technology (2008)Google Scholar
  7. 7.
    Schoof, R., Koning, R.: Detecting peer-to-peer botnets. University of Amsterdam (2007) (unpublished paper),
  8. 8.
    Byung, B., Kang, H., Chan-Tin, E., Lee, C., Tyra, J., Kang, J., Nunnery, C., Walder, Z., Sinclair, G., Hopper, N., Dagon, D., Kim, Y.: Towards complete node enumeration in a peer-to-peer botnet. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security (ASIACCS 2009), pp. 23–34 (2009)Google Scholar
  9. 9.
    Scanlon, M., Hannaway, A., Kechadi, M.-T.: A Week in the Life of the Most Popular BitTorrent Swarms. In: Proceedings of the 5th Annual Symposium on Information Assurance (ASIA 2010), pp. 32–36 (2010)Google Scholar
  10. 10.
    Grizzard, J., Sharma, V., Nunnery, C., Byung, B., Dagon, D.: Peer-to-Peer Botnets: Overview and Case Study. In: Proceedigns of First USENIX Workshop on Hot Topics in Understanding Botnets (HotBots 2007) (2007)Google Scholar
  11. 11.
    Mukamurenzi, N.M.: Storm Worm: A P2P Botnet. Master of Science Thesis in Communication Technology, Department of Telematics, Norwegian University of Science and Technology (2008)Google Scholar
  12. 12.
    Sinclair, G., Nunnery, C., Kang, B.B.-H.: The waledac protocol: The how and why. In: Proceedings of 4th International Conference on Malicious and Unwanted Software (MALWARE), pp. 69–77 (2009)Google Scholar
  13. 13.
    Jang, D., Kim, M., Jung, H., Noh, B.: Analysis of HTTP2P botnet: case study waledac. In: Proceedings of IEEE 9th Malaysia International Conference on Communications, pp. 409–412 (2009)Google Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2012

Authors and Affiliations

  1. 1.School of Computer Science and InformaticsUniversity College DublinDublin 4Ireland

Personalised recommendations