Monitoring Peer-to-Peer Botnets:Requirements,Challenges,and Future Works  

作　　者：Arkan Hammoodi Hasan Kabla Mohammed Anbar Selvakumar Manickam Alwan Ahmed Abdulrahman Alwan Shankar Karuppayah 

机构地区：[1]National Advanced IPv6 Centre(NAv6),Universiti Sains Malaysia,Pulau Pinang,11800,Malaysia

出　　处：《Computers, Materials & Continua》2023年第5期3375-3398,共24页计算机、材料和连续体（英文）

基　　金：This work was supported by the Ministry of Higher Education Malaysia’s Fundamental Research Grant Scheme under Grant FRGS/1/2021/ICT07/USM/03/1.

摘　　要：The cyber-criminal compromises end-hosts(bots)to configure a network of bots(botnet).The cyber-criminals are also looking for an evolved architecture that makes their techniques more resilient and stealthier such as Peer-to-Peer(P2P)networks.The P2P botnets leverage the privileges of the decentralized nature of P2P networks.Consequently,the P2P botnets exploit the resilience of this architecture to be arduous against take-down procedures.Some P2P botnets are smarter to be stealthy in their Commandand-Control mechanisms(C2)and elude the standard discovery mechanisms.Therefore,the other side of this cyberwar is the monitor.The P2P botnet monitoring is an exacting mission because the monitoring must care about many aspects simultaneously.Some aspects pertain to the existing monitoring approaches,some pertain to the nature of P2P networks,and some to counter the botnets,i.e.,the anti-monitoring mechanisms.All these challenges should be considered in P2P botnet monitoring.To begin with,this paper provides an anatomy of P2P botnets.Thereafter,this paper exhaustively reviews the existing monitoring approaches of P2P botnets and thoroughly discusses each to reveal its advantages and disadvantages.In addition,this paper groups the monitoring approaches into three groups:passive,active,and hybrid monitoring approaches.Furthermore,this paper also discusses the functional and non-functional requirements of advanced monitoring.In conclusion,this paper ends by epitomizing the challenges of various aspects and gives future avenues for better monitoring of P2P botnets.

关 键 词：P2P networks BOTNET P2P botnet botnet monitoring HONEYPOT crawlers 

分 类 号：TP277[自动化与计算机技术—检测技术与自动化装置]