Call for papers 2017

Please read the following CFP carefully before submitting.

Important dates

  • 15 July 2017 – Deadline for conference paper and workshop submissions
  • 15 September 2017 – Notification to authors
  • 30 October 2017 – Final versions due
  • 05 December 2017 – Workshops in Montpellier, France
  • 06 December – 08 December 2017 – Conference in Montpellier, France


Botconf is an international scientific conference aiming at bringing together academic, industrial, law enforcement and independent researchers working on issues related to the fight against botnets. You will find the content of last year’s edition here. The topics of interest include:

  • The functioning of botnets and of methods used to distribute malware related to botnets,
  • In particular, the functioning of malware and command & control mechanisms related to botnets,
  • The understanding of the organisation of groups involved in the development or the management of botnets,
  • Methods to monitor, localize and identify botnets and distribution of malware related to botnets,
  • In particular, methods to detect, mitigate and disrupt botnet activities inside ISP networks or organisations’ networks
  • Technical, legal and other methods used to mitigate, investigate, dismantle or disrupt botnets.
  • The economics of cybercrime activities behind botnets
  • We are very much interested in having more non-technical presentations at Botconf 2017, on law, criminology, analyses of behaviour of suspects, etc.

We would specifically like to have more submissions on legal and economic aspects.

Botnets: “The term botnets is used to define networks of infected end-hosts, called bots, that are under the control of a human operator commonly known as the botmaster. While botnets recruit vulnerable machines using methods also utilized by other classes of malware (e.g., remotely exploiting software vulnerabilities, social engineering, etc.), their defining characteristic is the use of command and control (C&C) channels to connect bots to their botmasters.” (A multifaceted approach to understanding the botnet phenomenon, Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis, in Proceedings of the 6th ACM SIGCOMM conference on Internet measurement (IMC ’06))

The focus of the conference is mostly technical, but papers on legal issues, economic aspects, criminology and malware actor behavior as well as prevention initiatives are more than welcome and actually encouraged. Whenever dealing with personal data, submissions are invited to include provisions in relation to privacy issues.

Submission guidelines

Papers, presentations and workshops are to be given in English language, thus submissions are expected in English.

Authors are invited to submit in one of the following groups:

  • Workshops: the aim is to organise hands-on workshops on December 05th 2017 to smaller groups of attendees on technical topics such as malware analysis, network trace analysis or command and control server discovery, etc.

OR, for the conference:

  • Full paper: the intention of the author is to produce a full scientific paper, present his/her work at the conference (timeslots of 40 to 60 minutes will be allocated);
  • Presentation: the intention of the author is to present at the conference (timeslots of 30 to 50 minutes will be allocated);
  • Short talk: short talks are aimed at offering a platform for young scientists or young projects to present their work. The expected outcome is a 20 minutes presentation at the conference, but a short paper can also be prepared.

Submissions are expected in any format and any size (maximum : 20 pages for papers) to allow for the PC to evaluate the proposal. Original work will be favored (not presented at other conferences before). For the initial submission, the minimum expectations are the following:

  • If you want to propose a workshop, submit a detailed plan of the workshop (4 pages or more), its duration (3 or 6 hours), equipment needed (attendees will be asked to come with their own laptop)
  • If you want to present a full paper, please submit at least an abstract and detailed plan of your paper (4 pages or more) or a first version of your paper (6 to 20 pages);
  • If you want to do a presentation or short talk, please propose at least an abstract and outline of your presentation (3 to 5 pages)

If you choose to propose a short or full paper, you will be asked to use one of templates presented in the journal website (LaTeX or Word).

Submissions can be made at:

Accepted papers

All accepted papers and presentations will be included in the programme of the conference, with time slots ranging from 20 to 60 minutes.

Accepted submissions are expected to produce:

  • Final versions of papers for 30 October 2017 (for submissions accepted as full papers or willing to add a paper to their short talk)
  • Final versions of presentations for one week before the conference
  • Non mandatory audio and video recording of the presentations is planned. Presentors will be asked for autorisation to record their talk prior to the conference.

Presentation documents will be made available to the public, after the conference. 2016 presentations are available on the conference website. Videos of the talks whose speakers accepted to be recorded will also be made public after the conference.

Full papers and short papers will be published in online conference proceedings with the “Journal on Cybercrime & Digital Investigations (CybIN)” published by the French Cybercrime Centre of Excellence (CECyF). The 2016 proceedings are being published on the journal website (2015 proceedings here).

The programme and organising committees will consider requests from students whose papers are accepted for financial assistance in attending the conference (participation in the costs for travel).

Each accepted paper and workshop is entitled to the following:

  • speakers’ dinner (main speaker and if attending one co-speaker),
  • free ticket for one person for full access to the conference (including coffee breaks, lunches and reception), co-speakers will be allowed to purchase a ticket for a reduced fee
  • four hotel nights for one person.

Programme committee

  • Erwan Abgrall, PhD, Security engineer, DGA-MI, France
  • José Araujo, Head of the Applied and Fundamental Research Division, French Network and Information Security Agency (ANSSI), France
  • Patrice Auffret, Cybersecurity Consultant, Onyphe, France
  • Thomas Barabosch, IT security researcher, Fraunhofer FKIE, Germany
  • Christiaan Beek, Advanced Threat Research – Office of the CTO, Intel Security, United States of America
  • Guillaume Bonfante, PhD, Assistant-Professor, Lorraine University, France
  • Jean-Ian Boutin, Researcher, ESET, Canada
  • Christian Dietrich, PhD, Senior security researcher, CrowdStrike Inc., United States of America
  • Alexandre Dulaunoy, Security Researcher, CIRCL, Computer Incident Response Center Luxembourg, National CERT, Luxembourg
  • Sebastian Garcia, PhD, Director of Cybersecurity and the Stratosphere project in the CTU University, Prague, Czech Republic
  • Laura Guevara, Cyber analysis & defense, Fraunhofer FKIE, Germany
  • Mark Hammell, Threat analyst, Facebook, United States of America
  • Denis Laskov, Senior Security Researcher at Trusteer, an IBM company, Israel
  • Corrado Leita, PhD, Senior Malware Researcher, Lastline, United Kingdom
  • Dhia Mahjoub, PhD, Principal Engineer, Cisco Umbrella (OpenDNS), United States of America
  • Jean-Yves Marion, Professor, Director LORIA / CNRS, INRIA, Université de Lorraine, France
  • Paul Rascagnères, Cisco Talos, France
  • Valter Santos, Anubis Networks, Portugal
  • Guilhèm SAVEL, Inria, France
  • Łukasz SIEWIERSKI, Reverse engineer, Google, United Kingdom
  • Roberto Sponchioni, Senior Anti-Malware Engineer, Symantec, Ireland
  • Tom Ueltschi, Security analyst, Swiss Post, Switzerland
  • Éric Freyssinet, PhD, Associate Researcher at LORIA (CNRS, INRIA, Lorraine University), law enforcement officer in the Gendarmerie Nationale, programme committee chair, France

(if you want to join the Programme committee, please contact us contact[at], detailing your expertise in botnets and prior work).

Conflict managements

Programme committee members are committed to avoid any conflicts when evaluating papers. Should outside reviewers be associated to the evaluation process, the same strict rules will apply.

Programme and organising committee members are allowed to submit papers for the conference, or take part in papers submitted to the conference. In such a case, those papers will be evaluated by non conflicting members of the programme committee and with equal chances.

The conference programme could include between 1 and 3 keynote speakers. They will not be submitted to the paper evaluation process, but will be selected to ensure the overall quality of the conference.

Print Friendly, PDF & Email