Requirements and State of the Art

  • Shankar Karuppayah
Part of the SpringerBriefs on Cyber Security Systems and Networks book series (BRIEFSCSSN)


P2P botnet monitoring is not something new. This has been ongoing for quite some number of years already. However, not much guidelines have been set up on conducting efficient botnet monitoring. This chapter addresses this gap by providing a detailed set of requirements of a botnet monitoring mechanism. In addition, this chapter also introduces a formal model for P2P botnets that is used for understanding the remaining chapters in this book. Finally, this chapter also provides a thorough analysis on the state of the art in botnet monitoring. This includes the challenges in botnet monitoring that stems from the dynamic nature of the P2P network as well as the anti-monitoring countermeasures set by botmasters to impede botnet monitoring activities.


  1. 1.
    Andriesse, D., Rossow, C., Stone-Gross, B., Plohmann, D., Bos, H.: Highly resilient peer-to-peer botnets are here: an analysis of Gameover Zeus. In: International Conference on Malicious and Unwanted Software: “The Americas” (2013)Google Scholar
  2. 2.
    Andriesse, D., Rossow, C., Bos, H.: Reliable recon in adversarial peer-to-peer botnets. In: ACM SIGCOMM Internet Measurement Conference (IMC) (2015)Google Scholar
  3. 3.
    Böck, L., Karuppayah, S., Grube, T., Mühlhäuser, M., Fischer, M.: Hide and seek: detecting sensors in P2P botnets. In: IEEE Conference on Communications and Network Security, pp. 731–732 (2015)Google Scholar
  4. 4.
    Polska, C.E.R.T.: Zeus-P2P monitoring and analysis. Technical report, CERT Polska (2013)Google Scholar
  5. 5.
    Dagon, D., Gu, G., Lee, C.P., Lee, W.: A taxonomy of botnet structures. In: Computer Security Applications Conference (ACSAC), pp. 325–339. IEEE (2007)Google Scholar
  6. 6.
    Davis, C.R., Neville, S., Fernandez, J.M., Robert, J.M., McHugh, J.: Structured Peer-to-Peer Overlay Networks: Ideal Botnets Command and Control Infrastructures?. Springer, Berlin (2008)Google Scholar
  7. 7.
    Dittrich, D., Dietrich, S.: Discovery techniques for P2P botnets. Stevens Institute of Technology CS Technical Report 4 (2008)Google Scholar
  8. 8.
    Enright, B., Voelker, G., Savage, S., Kanich, C., Levchenko, K.: Storm: when researchers collide. USENIX; Log. 33, 6–13 (2008)Google Scholar
  9. 9.
    Falliere, N.: Sality: story of a peer-to-peer viral network. Technical report, Symantec (2011)Google Scholar
  10. 10.
    Haas, S., Karuppayah, S., Manickam, S., Mühlhäuser, M., Fischer, M.: On the resilience of P2P-based botnet graphs. In: IEEE Conference on Communications and Network Security (CNS) (2016)Google Scholar
  11. 11.
    Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm. In: LEET (2008)Google Scholar
  12. 12.
    Hund, R., Hamann, M., Holz, T.: Towards next-generation botnets. In: European Conference on Computer Network Defense. IEEE (2008)Google Scholar
  13. 13.
    Kang, B., Chan-Tin, E., Lee, C.: Towards complete node enumeration in a peer-to-peer botnet. In: Proceedings of International Symposium on Information, Computer, and Communications Security (ASIACCS) (2009)Google Scholar
  14. 14.
    Kanich, C., Levchenko, K., Enright, B.: The heisenbot uncertainty problem: challenges in separating bots from chaff. In: Proceedings of the 1st USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2008)Google Scholar
  15. 15.
    Karuppayah, S., Fischer, M., Rossow, C., Mühlhäuser, M.: On advanced monitoring in resilient and unstructured P2P botnets. In: IEEE International Conference on Communications (ICC) (2014)Google Scholar
  16. 16.
    Karuppayah, S., Roos, S., Rossow, C., Mühlhäuser, M., Fischer, M.: ZeusMilker: circumventing the P2P Zeus neighbor list restriction mechanism. In: IEEE International Conference on Distributed Computing Systems (ICDCS) (2015)Google Scholar
  17. 17.
    Kleissner, P.: Sality. In: Botconf (2015)Google Scholar
  18. 18.
    Maymounkov, P., Mazieres, D.: Kademlia: a peer-to-peer information system based on the XOR metric. Peer-to-Peer Systems. Lecture Notes in Computer Science, vol. 2429, pp. 53–65. Springer, Berlin (2002)CrossRefGoogle Scholar
  19. 19.
    McCarty, B.: Botnets: big and bigger. Secur. Priv. IEEE 1(4), 87–90 (2003)CrossRefGoogle Scholar
  20. 20.
    Nazario, J.: Botnet tracking: tools, techniques, and lessons learned. Black Hat (2007)Google Scholar
  21. 21.
    Rossow, C., Andriesse, D., Werner, T., Stone-gross, B., Plohmann, D., Dietrich, C.J., Bos, H., Secureworks, D.: P2PWNED: modeling and evaluating the resilience of peer-to-peer botnets. In: IEEE Symposium on Security and Privacy (2013)Google Scholar
  22. 22.
    Salah, H., Strufe, T.: Capturing connectivity graphs of a large-scale P2P overlay network. In: IEEE International Conference on Distributed Computing Systems Workshops (2013)Google Scholar
  23. 23.
    Spitzner, L.: The honeynet project: trapping the hackers. Secur. Priv. IEEE 1(2), 15–23 (2003)CrossRefGoogle Scholar
  24. 24.
    Starnberger, G., Kruegel, C., Kirda, E.: Overbot: a botnet protocol based on Kademlia. In: 4th International Conference on Security and Privacy in Communication Networks. ACM (2008)Google Scholar
  25. 25.
    Stewart, J.: Storm worm DDoS attack (2007)Google Scholar
  26. 26.
    Stutzbach, D., Rejaie, R., Sen, S.: Characterizing unstructured overlay topologies in modern P2P file-sharing systems. In: ACM SIGCOMM Internet Measurement Conference (IMC) (2005)Google Scholar
  27. 27.
    Wang, B., Li, Z., Tu, H., Hu, Z., Hu, J.: Actively measuring bots in peer-to-peer networks. In: International Conference on Networks Security, Wireless Communications and Trusted Computing, vol. 1 (2009)Google Scholar
  28. 28.
    Wang, P., Sparks, S., Zou, C.C.: An advanced hybrid peer-to-peer botnet. IEEE Trans. Dependable Secur. Comput. 7(2), 113–127 (2010)CrossRefGoogle Scholar
  29. 29.
    Wyke, J.: The zeroaccess botnet mining and fraud for massive financial gain. Sophos Technical Paper (2012)Google Scholar
  30. 30.
    Yan, G., Chen, S., Eidenbenz, S.: RatBot: anti-enumeration peer-to-peer botnets. Information Security. LNCS, vol. 7001. Springer, Berlin (2011)Google Scholar
  31. 31.
    Yan, J., Ying, L., Yang, Y., Su, P., Feng, D.: Long term tracking and characterization of P2P botnet. In: International Conference on Trust, Security and Privacy in Computing and Communications, pp. 244–251. IEEE (2014)Google Scholar
  32. 32.
    Yan, J., Ying, L., Yang, Y., Su, P., Li, Q., Kong, H., Feng, D.: Revisiting Node Injection of P2P Botnet. Lecture Notes in Computer Science, vol. 8792. Springer International Publishing, New York (2014)Google Scholar

Copyright information

© The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd., part of Springer Nature 2018

Authors and Affiliations

  1. 1.National Advanced IPv6 Centre (NAv6)Universiti Sains MalaysiaUSM, PenangMalaysia

Personalised recommendations