A Study on Social Network based P2P Botnet

In order to control and detect Botnets more effectively, combined the characteristics of social network with P2P network, we proposes a new Botnet that combines the characteristics of social network with P2P network and uses microblog to replace the role of traditional Botnet command server. Firstly, we conduct a thorough research on the command and control mechanisms. The nodes in Botnet are categorized as conmmon nodes and super nodes. They have different functionalities respectively; Secondly, the topology of Botnet and the encryption mechanism of command propagation are studied. We also proposee a dynamic generation algorithm for micro-blog, and usee hard coded method to integrate it in the zombie nodes. The public key and symmetric key encryption algorithms are both used in the communication. When the attackers distribute commands, they use public key encryption. When super nodes and conmmon nodes forward commands, they use symmetric key, which will improve invisibility of botnet communication; Finally, we evaluate this botnet from efficiency, robustness and covert communication. We conclude that the efficiency and diameter of the botnet are proportional, and the robustness mainly rely on the size of the list of neighbor nodes of the super nodes. The communication concealment is based on the amount of communication in the process of sending a command.