Assessing Trade-Offs between Stealthiness and Node Recruitment Rates in Peer-to-Peer Botnets

Botnets denote collections of compromised computers under adversary control and, although early botnets using centralized command and control (C&C) structures were fairly easily defeated, botnets remain a serious global security threat. in part, this is due to the evolution within the adversarial communities using highly diffuse decentralized peer-to-peer (P2P) based C&C within modern botnets, which has proven far more difficult to address. the resulting increased botnet resilience though comes at the cost of placing the bots further from the botmasterâs direct control, thereby, increasing the time required to recruit subsets of bots to specific malicious tasks, (i.e., to send spam, engage in a DDOS attack, etc.). This work explores the specific tradeoffs that occur between achievable bot recruitment rates and overall botnet stealthiness within P2P structured botnets. It is shown that rapid recruitment of nodes (or bots) leads directly to an order of magnitude increase in the botnetâs generated network traffic, which makes the botnet significantly more visible (and susceptible) to defensive counter-measures. Kademlia is used through out this work as the exemplar P2P protocol as, within the real-world, Kademlia has proven to provide an effective C&C mechanism for a number of the longer-lived botnets.