Forensics and Security Research Group Forensics and Security UCD and SETU research group

Incollection

Peer-to-Peer Botnet Investigation: A Review

Mark Scanlon; M-Tahar Kechadi

September 2012 Proceedings of the 6th International Symposium on Digital Forensics and Information Security (DFIS-2012), Future Information Technology, Application, and Service,"
PDF BibTeX DOI

Contribution Summary

This paper provides a comprehensive review of the current state of Peer-to-Peer (P2P) botnet investigation, highlighting the challenges and obstacles faced by investigators. The authors discuss the evolution of botnet design from traditional client/server to decentralized P2P networks, which has made it more difficult to investigate and take down these networks. The paper outlines three main approaches to P2P botnet investigation: deliberately infecting a host and participating in the botnet, deliberately infecting a virtual host, and creating a crawler to mimic the botnet protocol. The authors also present case studies of the Nugache, Storm, and Waledec botnets, highlighting their design and operation. The paper concludes by emphasizing the need for a combination of research, network monitoring, deep packet inspection, and network crawling to successfully investigate P2P botnets.

Keywords: Peer-to-Peer botnets; Botnet investigation; Decentralized networks; Cybersecurity; Digital forensics; Botnet design; P2P protocols; Botnet takedown

BibTeX

@incollection{scanlon2012p2pbotnetreview,
	title="{Peer-to-Peer Botnet Investigation: A Review}",
	author={Scanlon, Mark and Kechadi, M-Tahar},
	booktitle="{Proceedings of the 6th International Symposium on Digital Forensics and Information Security (DFIS-2012), Future Information Technology, Application, and Service},""
	pages="231-238",
	month=09,
	year=2012,
	address={Vancouver, Canada},
	publisher={Springer},
  doi={10.1007/978-94-007-5064-7_33},
}