Call for papers 2016

The call for papers is now closed, only updates to papers are possible.

Please read the following CFP carefully before submitting.

Important dates

  • 15 July 2016 – Deadline for conference paper submissions
  • 15 September 2016 – Notification to authors
  • 30 October 2016 – Final versions due
  • 29 November 2016 Workshops in Lyon, France
  • 30 November – 02 December 2016 – Conference in Lyon, France


Botconf is an international scientific conference aiming at bringing together academic, industrial, law enforcement and independent researchers working on issues related to the fight against botnets. You will find the content of last year’s edition here. The topics of interest include:

  • The functioning of botnets and of methods used to distribute malware related to botnets,
  • In particular, the functioning of malware and command & control mechanisms related to botnets,
  • The understanding of the organisation of groups involved in the development or the management of botnets,
  • Methods to monitor, localize and identify botnets and distribution of malware related to botnets,
  • In particular, methods to detect, mitigate and disrupt botnet activities inside ISP networks or organisations’ networks
  • Technical, legal and other methods used to mitigate, investigate, dismantle or disrupt botnets.
  • The economics of cybercrime activities behind botnets
  • We are very much interested in having more non-technical presentations at Botconf 2016, on law, criminology, analyses of behaviour of suspects, etc.

In 2016, we would specifically like to have more submissions on legal and economic aspects.

Botnets: “The term botnets is used to define networks of infected end-hosts, called bots, that are under the control of a human operator commonly known as the botmaster. While botnets recruit vulnerable machines using methods also utilized by other classes of malware (e.g., remotely exploiting software vulnerabilities, social engineering, etc.), their defining characteristic is the use of command and control (C&C) channels to connect bots to their botmasters.” (A multifaceted approach to understanding the botnet phenomenon, Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis, in Proceedings of the 6th ACM SIGCOMM conference on Internet measurement (IMC ’06))

The focus of the conference is mostly technical, but papers on legal issues, economic aspects, criminology and malware actor behavior as well as prevention initiatives are more than welcome and actually encouraged. Whenever dealing with personal data, submissions are invited to include provisions in relation to privacy issues.

Submission guidelines

Papers, presentations and workshops are to be given in English language, thus submissions are expected in English.

Authors are invited to submit in one of the following groups:

  • Workshops: the aim is to organise hands-on workshops on November 29th 2016 to smaller groups of conference attendees on technical topics such as malware analysis, network trace analysis or command and control server discovery, etc.

OR, for the conference:

  • Full paper: the intention of the author is to produce a full scientific paper, present his/her work at the conference (timeslots of 40 to 60 minutes will be allocated);
  • Presentation: the intention of the author is to present at the conference (timeslots of 30 to 50 minutes will be allocated);
  • Short talk: short talks are aimed at offering a platform for young scientists or young projects to present their work. The expected outcome is a 20 minutes presentation at the conference, but a short paper can also be prepared.

Submissions are expected in any format and any size (maximum : 20 pages for papers) to allow for the PC to evaluate the proposal. Original work will be favored (not presented at other conferences before). For the initial submission, the minimum expectations are the following:

  • If you want to propose a workshop, submit a detailed plan of the workshop (4 pages or more), its duration (3 or 6 hours), equipment needed (attendees will be asked to come with their own laptop)
  • If you want to present a full paper, please submit at least an abstract and detailed plan of your paper (4 pages or more) or a first version of your paper (6 to 20 pages);
  • If you want to do a presentation or short talk, please propose at least an abstract and outline of your presentation (3 to 5 pages)

Submissions can be made at:

Accepted papers

All accepted papers and presentations will be included in the programme of the conference, with time slots ranging from 20 to 60 minutes.

Accepted submissions are expected to produce:

  • Final versions of papers for 30 October 2016 (for submissions accepted as full papers or willing to add a paper to their short talk)
  • Final versions of presentations for one week before the conference
  • Non mandatory audio and video recording of the presentations is planned. Presentors will be asked for autorisation to record their talk prior to the conference.

Presentation documents will be made available to the public, after the conference. 2015 presentations are available on the conference website. Videos of the talks whose speakers accepted to be recorded will also be made public after the conference.

Full papers and short papers will be published in online conference proceedings with the “Journal on Cybercrime & Digital Investigations (CybIN)” published by the French Cybercrime Centre of Excellence (CECyF). The 2015 proceedings are available on the journal’s website.

The programme and organising committees will consider requests from students whose papers are accepted for financial assistance in attending the conference (participation in the costs for travel). All accepted papers are entitled for the speakers’ dinner, full access to the conference (including coffee breaks, lunches and reception), three hotel nights.

Programme committee

  • Erwan Abgrall, PhD, Security engineer, DGA-MI, France
  • Hendrik Adrian, CEO, KK KLJTECH, Tokyo, Japan
  • José Araujo, Head of the Applied and Fundamental Research Division, French Network and Information Security Agency (ANSSI), France
  • Christiaan Beek, Advanced Threat Research – Office of the CTO, Intel Security, United States of America
  • Guillaume Bonfante, PhD, Assistant-Professor, Lorraine University, France
  • Christian Dietrich, PhD, Senior security researcher, CrowdStrike Inc., United States of America
  • Alexandre Dulaunoy, Security Researcher, CIRCL, Computer Incident Response Center Luxembourg, National CERT, Luxembourg
  • Laura Guevara, Cyber analysis & defense, Fraunhofer FKIE, Germany
  • Mark Hammell, Threat analyst, Facebook, United States of America
  • Barry Irwin, PhD, Associate Professor, Rhodes University, Computer Science, South Africa
  • Denis Laskov, Malware researcher at Trusteer, an IBM company, Israel
  • Corrado Leita, PhD, Senior Malware Researcher, Lastline, United Kingdom
  • Dhia Mahjoub, PhD, Technical Leader, OpenDNS part of Cisco, United States of America
  • Jean-Yves Marion, Professor, Director LORIA / CNRS, INRIA, Université de Lorraine, France
  • Paul Rascagnères, Sekoia, France
  • Roberto Sponchioni, Senior Anti-Malware Engineer, Symantec, Ireland
  • Tom Ueltschi, Security analyst, Swiss Post, Switzerland
  • Gary Warner, University of Alabama, United States of America
  • Eric Freyssinet, PhD, programme committee chair

(if you want to join the Programme committee, please contact us contact[at], detailing your expertise in botnets and prior work).

Conflict managements

Programme committee members are committed to avoid any conflicts when evaluating papers. Should outside reviewers be associated to the evaluation process, the same strict rules will apply.

Programme and organising committee members are allowed to submit papers for the conference, or take part in papers submitted to the conference. In such a case, those papers will be evaluated by non conflicting members of the programme committee and with equal chances.

The conference programme could include between 1 and 3 keynote speakers. They will not be submitted to the paper evaluation process, but will be selected to ensure the overall quality of the conference.

Print Friendly, PDF & Email