Research On The Architecture Of The P2P-Botnet

Nowadays Botnets have been identified as one of the most serious threats tonetwork security, especially the peer-to-peer (P2P) Botnets. P2P-botnets arebecoming to be powerful and complicated system with its being armed by theP2P technology. So, researching the architecture systematically and evaluating theperformance precisely of P2P-botnets are of significance.The work and contributions of this paper include the following:1． A new architecture of survivable P2P-botnets is designed. Through the trend ofdevelopment of the wild popular P2P-botnets and the future botnets designed bysecurity researchers, the concept of survivability of P2P-botnet is proposed and defined.The architecture is composed of five mechanisms of P2P-botnets: the ConstructionMechanism, Control Mechanism, Command Mechanism, Attack Mechanism andSurvivability Mechanism. Two new core mechanisms of P2P-botnets in the architecture:the construction mechanism and the survivability mechanism are first proposed. TheC&C Mechanism is divided into two core mechanisms: command mechanism andcontrol mechanism.2． A construction mechanism of P2P-botnet is designed. The definition of theconstruction mehchanism of P2P-botnet is given. The common techniques and methodsof its three main function components are analyzed in detail. According to the potentialthreats in the phase of construction, a construction mechanism of P2P-botnet is designed,which can recognize the nodes of honeynet and refuse them to join the P2P-botnet. Atlast, the growing model of the construction mechanism is proposed, which is used toanalyze the topological properties of P2P-botnets. The results of the analysis show thatthe topology has good properties of the average shortest distances and the clusterscoefficient.3． The definition of the command mehchanism of P2P-botnet is given. Thecommon techniques and methods of its three main function components are analyzed indetail. By introducing the hybrid command distribution means which based on theonline-state of bots, we design a command mechanism of P2P-botnet. We use the digitalsignature and encryption technologies to prevent the security of the commands from being modified, forged and wiretapping. Using the commands' information elments tomanage commands, the attacker can improve the management effectiveness.4． The three-dimensional evaluation index system of the P2P-botnet performanceevaluation is proposed in this paper. By combining the architecture and the evaluationindex system, we design an AHP (Analytic Hierarchy Process) model to evaluate theperformance of P2P-botnet. The model can help the attackers or the defenders toevaluate the performance of P2P-botnet.