A. Das et Al
Recently, botnets utilizing peer-to-peer style communication infrastructures have been discovered, requiring new approaches to detection and monitoring techniques. Current detection methods analyze network communication patterns, identifying systems that may have been recruited into the botnet. This paper presents a localized botnet communication model that enables a portion of compromised systems to hide from such detection techniques without a potentially significant increase in network monitoring points. By organizing bot systems at the the subnet level the amount of communication with the outside network is greatly reduced, requiring switch-level monitoring to identify infected systems.
Shirley, Brandon and Mano, Chad D., "A Model for Covert Botnet Communication in a Private Subnet" (2008). Space Dynamics Lab Publications. Paper 115.