The Case for a Collaborative Universal Peer-to-Peer Botnet Investigation Framework,

Scanlon, Mark; Kechadi, M-Tahar

Publication Date:  March 2014

Publication Name:  Proceedings of the 9th International Conference on Cyber Warfare and Security (ICCWS 2014),

Abstract:   Peer-to-Peer (P2P) botnets are becoming widely used as a low-overhead, efficient, self-maintaining, distributed alternative to the traditional client/server model across a broad range of cyberattacks. These cyberattacks can take the form of distributed denial of service attacks, authentication cracking, spamming, cyberwarfare or malware distribution targeting on financial systems. These attacks can also cross over into the physical world attacking critical infrastructure causing its disruption or destruction (power, communications, water, etc.). P2P technology lends itself well to being exploited for such malicious purposes due to the minimal setup, running and maintenance costs involved in executing a globally orchestrated attack, alongside the perceived additional layer of anonymity. In the ever-evolving space of botnet technology, reducing the time lag between discovering a newly developed or updated botnet system and gaining the ability to mitigate against it is paramount. Often, numerous investigative bodies duplicate their efforts in creating bespoke tools to combat particular threats. This paper outlines a framework capable of fast tracking the investigative process through collaboration between key stakeholders.

Download Paper:

Download Paper as PDF

BibTeX Entry:


      @inproceedings{scanlon2014botnetframework,
title={The Case for a Collaborative Universal Peer-to-Peer Botnet Investigation Framework},
author={Scanlon, Mark and Kechadi, M-Tahar},
booktitle={Proceedings of the 9th International Conference on Cyber Warfare and Security (ICCWS 2014)},
pages="287-293",
month=03,
year=2014,
address={Purdue University, West Lafayette, Indiana, USA},
publisher={Academic Conferences Limited},
abstract="Peer-to-Peer (P2P) botnets are becoming widely used as a low-overhead, efficient, self-maintaining, distributed alternative to the traditional client/server model across a broad range of cyberattacks. These cyberattacks can take the form of distributed denial of service attacks, authentication cracking, spamming, cyberwarfare or malware distribution targeting on financial systems. These attacks can also cross over into the physical world attacking critical infrastructure causing its disruption or destruction (power, communications, water, etc.). P2P technology lends itself well to being exploited for such malicious purposes due to the minimal setup, running and maintenance costs involved in executing a globally orchestrated attack, alongside the perceived additional layer of anonymity. In the ever-evolving space of botnet technology, reducing the time lag between discovering a newly developed or updated botnet system and gaining the ability to mitigate against it is paramount. Often, numerous investigative bodies duplicate their efforts in creating bespoke tools to combat particular threats. This paper outlines a framework capable of fast tracking the investigative process through collaboration between key stakeholders."
}