Research Of New P2P Botnet

In recent years, Botnet becomes smaller, more local-oriented and professional. In particular, a new type of P2P Botnet is under botmaster's favor. The continuous development of new P2P Botnet poses a great threat to network security, and it becomes the world's research focus. Therefore, the research of new P2P Botnet's network architecture, formation and control mechanisms, provides an important theoretical foundation and simulation environment for detecting, controlling and preventing new P2P Botnet, and has important significance.Currently, the most popular new P2P Botnet is partially decentralized P2P Botnet. In this paper, the network structure, formation process and working principle of partially decentralized P2P Botnet is presented in detail. Design and implement the partially decentralized P2P bot, build and run the whole formed network from the following three aspects:1. The control server is the most important core part of partially decentralized P2P bot. The paper designs and implements the partially decentralized P2P Botnet control server based on the Select model of Socket. The primary functions and the relation of them are introduced in detail. The work flow and important data structure are presented.2. The client is a fundamental part of partially decentralized P2P bot. Based on the above control server, design the communications between a client and a number of control servers by multithreading.3. Command and Control mechanism is the core part of partially decentralized P2P Botnet. Efficient and secure info feedback mechanism contributes to the attacker's control. Command and control mechanism contains a command release, dissemination, implementation, and info feedback. The two existing feedback mechanisms, which are based on the source path and the DHT overlay network of feedback mechanisms, are still insufficient. This paper presents a new info feedback mechanism based on sensor nodes, which chooses some servent bots as the sensor nodes in partially decentralized P2P Botnet. Implement the info feedback through the use of the logical network composed of the sensor nodes.According to the result of experiment, both function and capability of this control server settle for the needs of decentralized P2P Botnet. The new info feedback mechanism based on the sensor nodes is safer and more efficient. The partially decentralized P2P Botnet command and control mechanism has high efficiency and good resiliency. It settles for the attacker to real-time control partially decentralized P2P Botnet, in line with the actual needs of the study.