A study of strategies to restrain the C&C activities of structured P2P botnets

Botnets are threatening the Internet heavily, and more and more botnets are utilizing the P2P technology to build their C&C (Command and Control) mechanisms. Some research have been made to compare the resilience of structured P2P botnets and unstructured ones, against elimination of nodes, but the problem that which eliminating strategy is the best is rarely studied. In this paper, we proposed a new metric called the half point, to measure the effectiveness of different strategies. We also selected seven different eliminating strategies and compared them. Through extensive simulations, we find that RBC is the best eliminating strategy. Further analysis shows that for the strategy RBC, the average degree of nodes in the botnet have the most significant influence. The bigger the average degree is, the bigger the half point of RBC is, which implies that node eliminating may not be a reasonable choice for mitigating botnets with big average degree. Results of this paper can provide guidance for restraining structured P2P botnets.