Today, centralized botnets are still widely used. In a centralized botnet, bots are connected to several servers (called C&C servers) to obtain commands. This architecture is easy to construct and efficient in distributing botmaster's commands; however, it has a weak link - the C&C servers. Shutting down those servers would cause all the bots lose contact with their botmaster. In addition, defenders can easily monitor the botnet by creating a decoy to join a specified C&C channel. Today several P2P botnets have emerged Just like P2P networks, which are resilient to dynamic churn (i.e., peers join and leave the system at high rates), P2P botnet communication won't be disrupted when losing a number of bots.