Peer-to-Peer Botnet Investigation: A Review

Scanlon, Mark; Kechadi, Tahar

doi:10.1007/978-94-007-5064-7_33

Peer-to-Peer Botnet Investigation: A Review

Mark Scanlon⁵ &
Tahar Kechadi⁵

Conference paper

1170 Accesses
1 Citations

Part of the book series: Lecture Notes in Electrical Engineering ((LNEE,volume 179))

Abstract

Botnets have become the tool of choice to conduct a number of online attacks, e.g., distributed denial of service (DDoS), malware distribution, email spamming, phishing, advertisement click fraud, brute-force password attacks, etc. Criminals involved in conducting their craft online all share one common goal; not to get caught. Botnet design, as a result, has moved away from the traditional, more traceable and easily blocked client/server paradigm towards a decentralized Peer-to-Peer (P2P) based communication system. P2P Internet communication technologies lend themselves well to be used in the world of botnet propagation and control due to the level of anonymity they award to the botmaster. For the cybercrime investigator, identifying the perpetrator of these P2P controlled crimes has become significantly more difficult. This paper outlines the state-of-the-art in P2P botnet investigation.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 129.00; Price excludes VAT (USA)

Softcover Book: USD 169.99; Price excludes VAT (USA)

Hardcover Book: USD 169.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Zhu, Z., Lu, B., Liao, P., Liu, C., Cui, X.: A hierarchical hybrid structure for botnet control and command. In: Proceedings of 32nd Annual IEEE International Conference on Computer Software and Applications, pp. 967–972 (2008)
Google Scholar
Rajab, M., Zarfoss, J., Monrose, F., Terzis, A.: My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging. In: Proceedings of the First USENIX Workshop on Hot Topics in Understanding Botnets (HotBots 2007), p. 5 (2007)
Google Scholar
DynDNS, http://dyn.com/dns
No IP, http://www.no-ip.com
Jimenez, R., Osmani, F., Knutsson, B.: Towards automated detection of peer-to-peer botnets: on the limits of local approaches. In: Proceedings of the 2nd USENIX Conference on Large-Scale Exploits and Emergent Threats: Botnets, Spyware, Worms, and More, p. 3 (2009)
Google Scholar
Dittrich, D., Dietrich, S.: Discovery techniques for P2P botnets. CS Technical Report 2008–4, Stevens Institute of Technology (2008)
Google Scholar
Schoof, R., Koning, R.: Detecting peer-to-peer botnets. University of Amsterdam (2007) (unpublished paper), http://staff.science.uva.nl/~delaat/sne-2006-2007/p17/report.pdf
Byung, B., Kang, H., Chan-Tin, E., Lee, C., Tyra, J., Kang, J., Nunnery, C., Walder, Z., Sinclair, G., Hopper, N., Dagon, D., Kim, Y.: Towards complete node enumeration in a peer-to-peer botnet. In: Proceedings of the 4th International Symposium on Information, Computer, and Communications Security (ASIACCS 2009), pp. 23–34 (2009)
Google Scholar
Scanlon, M., Hannaway, A., Kechadi, M.-T.: A Week in the Life of the Most Popular BitTorrent Swarms. In: Proceedings of the 5th Annual Symposium on Information Assurance (ASIA 2010), pp. 32–36 (2010)
Google Scholar
Grizzard, J., Sharma, V., Nunnery, C., Byung, B., Dagon, D.: Peer-to-Peer Botnets: Overview and Case Study. In: Proceedigns of First USENIX Workshop on Hot Topics in Understanding Botnets (HotBots 2007) (2007)
Google Scholar
Mukamurenzi, N.M.: Storm Worm: A P2P Botnet. Master of Science Thesis in Communication Technology, Department of Telematics, Norwegian University of Science and Technology (2008)
Google Scholar
Sinclair, G., Nunnery, C., Kang, B.B.-H.: The waledac protocol: The how and why. In: Proceedings of 4th International Conference on Malicious and Unwanted Software (MALWARE), pp. 69–77 (2009)
Google Scholar
Jang, D., Kim, M., Jung, H., Noh, B.: Analysis of HTTP2P botnet: case study waledac. In: Proceedings of IEEE 9th Malaysia International Conference on Communications, pp. 409–412 (2009)
Google Scholar

Download references

Author information

Authors and Affiliations

School of Computer Science and Informatics, University College Dublin, Belfield, Dublin 4, Ireland
Mark Scanlon & Tahar Kechadi

Authors

Mark Scanlon
View author publications
You can also search for this author in PubMed Google Scholar
Tahar Kechadi
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Mark Scanlon .

Editor information

Editors and Affiliations

Technology (SeoulTech), Computer Science and Engineering, Seoul National University of Science and, Gongreung 2-dong 172, Seoul, 139-743, Korea, Republic of (South Korea)
James J. (Jong Hyuk) Park
, Electrical and Computer Engineering, The University of British Columbia, Room 4013, Kaiser Building, Main Mall 2332, Vancouver, V6T 1Z4, British Columbia, Canada
Victor C.M. Leung
The University of Hong Kong, Hong Kong, 1, China, People's Republic
Cho-Li Wang
Division of Information and Computer Eng, College of Information Technology, Ajou University, San, Woncheon-Dong 5, Suwon, 443-749, Korea, Republic of (South Korea)
Taeshik Shon

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Scanlon, M., Kechadi, T. (2012). Peer-to-Peer Botnet Investigation: A Review. In: Park, J., Leung, V., Wang, CL., Shon, T. (eds) Future Information Technology, Application, and Service. Lecture Notes in Electrical Engineering, vol 179. Springer, Dordrecht. https://doi.org/10.1007/978-94-007-5064-7_33

Download citation

DOI: https://doi.org/10.1007/978-94-007-5064-7_33
Publisher Name: Springer, Dordrecht
Print ISBN: 978-94-007-5063-0
Online ISBN: 978-94-007-5064-7
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics