A Framework for P2P Botnets

Botnets are the most serious danger facing the Internet and enterprise networks. To effectively protect against botnets, researchers should not only focus on known botnets, but also the inherent relationships among them and those botnets to appear in the future. In this paper, we first propose a framework capable of characterizing the inherent relationships between all different kinds of current (existing and suggested in the literature) botnets as well as worms. Based on the proposed framework, we predict a new botnet that we call the Loosely Coupled Peer-to-Peer (P2P) botnet (lcbot), which is stealthy and can be considered as a combination of existing P2P botnet structures. We conduct experiments to compare the performances between lcbot and other P2P botnets in the literature, and gain insight understanding of P2P botnets. We also discuss potential mechanisms to detect the existence of P2P botnets. To the best of our knowledge, we are the first to propose the framework for botnets, the lcbot concept in P2P botnet research.