Discovery techniques for P2P botnets

  • Dittrich D
  • Dietrich S
  • 25


    Mendeley users who have this article in their library.
  • N/A


    Citations of this article.


Over the last few years, researchers and network operators have examined networks of DDoS agents, more recently called botnets due to their connection to Internet Relay Chat (IRC). In the continued quest to take down these networks of bots, two important questions arise: how many bots are there, and how to nd every last bot? When one reads about a ten thousand, hundred thousand, one million node botnet, how much credibility does it have? Is botnet A really bigger than botnet B? The diculty in accurately and stealthily assessing the size of the botnet often lies in the structure of the botnet itself, such as IRC, HTTP, P2P-based, or a hybrid thereof. We present a general overview of discovery techniques for networks of malware, and provide a glimpse at a two-year study of a P2P botnet.

Get free article suggestions today

Mendeley saves you time finding and organizing research

Sign up here
Already have an account ?Sign in

Find this document

There are no full text links


  • David Dittrich

  • Sven Dietrich

Cite this document

Choose a citation style from the tabs below

Save time finding and organizing research with Mendeley

Sign up for free