Peer-to-Peer botnet investigation: A review

Abstract

Botnets have become the tool of choice to conduct a number of online attacks, e.g., distributed denial of service (DDoS), malware distribution, email spamming, phishing, advertisement click fraud, brute-force password attacks, etc. Criminals involved in conducting their craft online all share one common goal; not to get caught. Botnet design, as a result, has moved away from the traditional, more traceable and easily blocked client/server paradigm towards a decentralized Peer-to-Peer (P2P) based communication system. P2P Internet communication technologies lend themselves well to be used in the world of botnet propagation and control due to the level of anonymity they award to the botmaster. For the cybercrime investigator, identifying the perpetrator of these P2P controlled crimes has become significantly more difficult. This paper outlines the state-of-the-art in P2P botnet investigation. © 2012 Springer Science+Business Media Dordrecht.