Peer-to-peer (P2P) botnets have emerged as a resilient cybercrime tool, utilizing decentralized architectures to evade detection and complicate takedown efforts. Existing botnet emulation testbeds often fall short in replicating the dynamic and large-scale environments that these botnets operate in, limiting their effectiveness in research and defense strategy development. This paper addresses these gaps by proposing a scalable, flexible emulation testbed for P2P botnets that integrates advanced virtualization and automation technologies. Our framework enables the accurate emulation of real-world botnet behaviors without relying on reverse engineering, offering researchers a secure and adaptable environment to test and validate botnet detection and mitigation strategies. The testbed’s dynamic scalability and robust configuration management streamline experimentation across diverse network topologies and botnet types. Our results show that this approach significantly enhances the ability to study P2P botnets in a controlled, reproducible setting, providing valuable insights for advancing cybersecurity defenses.

Botnet; Cybersecurity; Malware; Peer-to-peer; Testbed