1. Introduction

Most cyber attacks are carried out using botnets, a collection of vulnerable machines infected with malware that are controlled by a botmaster via a Command and Control (C2) server. Traditional botnets utilize a centralized architecture for the communication between the botmaster and its bots. Hence, if such a C2 is taken down, the botmaster cannot communicate with its bots anymore. Recent P2P-based botnets, e.g., GameOver Zeus, Sality, and ZeroAccess, adopt a distributed architecture and establish a communication overlay between participating bots. All existing (counter)-attacks against P2P botnets require details such as the botnet population size and the connectivity graph among the bots. As a consequence, monitoring such botnets is an important task for analysts. However, botmasters often attempt to impede the performance of monitoring mechanisms. This is also the case with the introduction of an automated blacklisting mechanism in GameOver Zeus and a local reputation mechanism in Sality. However, some of the existing proposed and deployed anti-monitoring mechanisms are still in their infancy but it is just a matter of time before advanced countermeasures are introduced. This chapter provides an overview on the topic and the overall contribution as well as an outlook for this entire book.