Call for papers 2023

Call for papers for Botconf 2023, 10th edition of the Botnet and Malware Ecosystems Fighting Conference.

Please read the following CFP carefully before submitting.

Important dates

  • 10th December 2022 – Deadline for conference paper and workshop submissions
  • 15th January 2023 – Notification to authors
  • 1st April 2023 – Final versions due
  • Second week of April 2023, Workshops (11th April) and Botconf 2023 Conference (12, 13 and 14th April)


Botconf is an international scientific conference aiming at bringing together academic, industrial, law enforcement and independent researchers working on issues related to the fight against botnets. The topics of interest include:

  • The functioning of botnets and of methods used to distribute malware related to botnets,
  • In particular, the functioning of malware and command & control mechanisms related to botnets,
  • The understanding of the organisation of groups involved in the development or the management of botnets,
  • Methods to monitor, localize and identify botnets and distribution of malware related to botnets,
  • In particular, methods to detect, mitigate and disrupt botnet activities inside ISP networks or organisations’ networks
  • Technical, legal and other methods used to mitigate, investigate, dismantle or disrupt botnets.
  • The economics of cybercrime activities behind botnets
  • We are very much interested in having more non-technical presentations on law, criminology, analyses of behaviour of suspects, etc.

We would specifically like to have more submissions on legal and economic aspects.

Botnets: “The term botnets is used to define networks of infected end-hosts, called bots, that are under the control of a human operator commonly known as the botmaster. While botnets recruit vulnerable machines using methods also utilized by other classes of malware (e.g., remotely exploiting software vulnerabilities, social engineering, etc.), their defining characteristic is the use of command and control (C&C) channels to connect bots to their botmasters.” (A multifaceted approach to understanding the botnet phenomenon, Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis, in Proceedings of the 6th ACM SIGCOMM conference on Internet measurement (IMC ’06))

The focus of the conference is mostly technical, but papers on legal issues, economic aspects, criminology and malware actor behavior as well as prevention initiatives are more than welcome and actually encouraged. Whenever dealing with personal data, submissions are invited to include provisions in relation to privacy issues.

Submission guidelines

Papers, presentations and workshops are to be given in English language, thus submissions are expected in English.

Authors are invited to submit in one of the following groups:

  • Workshops: the aim is to organise hands-on workshops on April 11th 2023 to smaller groups of attendees on technical topics such as malware analysis, network trace analysis or command and control server discovery, etc.

OR, for the conference:

  • Full paper: the intention of the author is to produce a full scientific paper, present his/her work at the conference (timeslots of 40 to 60 minutes will be allocated);
  • Presentation: the intention of the author is to present at the conference (timeslots of 30 to 50 minutes will be allocated);
  • Short talk: short talks are aimed at offering a platform for young scientists or young projects to present their work. The expected outcome is a 20 minutes presentation at the conference, but a short paper can also be prepared.

Submissions are expected in any format and any size (maximum : 20 pages for papers) to allow for the PC to evaluate the proposal. Original work will be favored (not presented at other conferences before). For the initial submission, the minimum expectations are the following:

    • If you want to propose a workshop, submit a detailed plan of the workshop (4 pages or more), its duration (3 or 6 hours), equipment needed (attendees will be asked to come with their own laptop)
    • If you want to present a full paper, please submit at least an abstract and detailed plan of your paper (4 pages or more) or a first version of your paper (6 to 20 pages);
    • If you want to do a presentation or short talk, please propose at least an abstract and outline of your presentation (3 to 5 pages)

If you choose to propose a short or full paper, you will be asked to use one of templates presented in the journal website (LaTeX or Word).


Submissions can be made at: (CLOSED BUT ALLOWS UPDATES)

Accepted papers & presentations

All accepted papers and presentations will be included in the programme of the conference, with time slots ranging from 20 to 60 minutes.

Accepted submissions are expected to produce:

  • Final versions of papers for 1st April 2023 (for submissions accepted as full papers or willing to add a paper to their short talk)
  • Final versions of presentations for one week before the conference
  • Non mandatory audio and video recording of the presentations is planned. Presentors will be asked for autorisation to record their talk prior to the conference.

Presentation documents will be made available to the public, after the conference. Videos of the talks whose speakers accepted to be recorded will also be made public after the conference.

Full papers and short papers will be published in online conference proceedings with the “Journal on Cybercrime & Digital Investigations (CybIN)” published by the French Cybercrime Centre of Excellence (CECyF).

The programme and organising committees will consider requests from students whose papers are accepted for financial assistance in attending the conference (participation in the costs for travel).

Each accepted paper and workshop is entitled to the following:

  • speakers’ dinner (main speaker and if attending one co-speaker),
  • free ticket for one person for full access to the conference (including coffee breaks, lunches and reception), co-speakers will be allowed to purchase a ticket for a reduced fee (second active speaker will be considered as well for free conference ticket)
  • three or four hotel nights (depending on distances and schedule) for up to two active speakers.

Programme committee (accepted to date, more members invited)

    • Erwan Abgrall, PhD, Security engineer, CentraleSupélec, France
    • José Araujo, Group CTO, Orange Cyberdefense, France
    • Thomas Barabosch, PhD, Security Engineer, Germany
    • Christiaan Beek, Sr. Principal Engineer Advanced Threat Research, McAfee, United States of America
    • Jean-Ian Boutin, Head of Threat Research, ESET, Canada
    • Alexis Dorais-Joncas, Senior Manager, Proofpoint, Canada
    • Jose Miguel Esparza, Principal Intelligence Analyst, CrowdStrike, Spain
    • Sebastián García, PhD, Director of Cybersecurity and the Stratosphere project in the CTU University, Prague, Czech Republic
    • Laura Guevara, Senior Cyber Security Analyst, Cyber Threat Intelligence group at Telekom Security, Germany
    • Saâd Kadhi, Senior CSIRT expert, France & Belgium
    • Max Kersten, Independent researcher, Netherlands
    • Jakub Křoustek, Malware research manager, Avast, Czech Republic
    • Sébastien Larinier, Lecturer-Researcher, ESIEA, France
    • Denis Laskov, Head of Fleet Security Operations at Mercedes-Benz, Israel
    • Dhia Mahjoub, PhD, United States of America
    • Jean-Yves Marion, Professor, Director LORIA / CNRS, INRIA, Université de Lorraine, France
    • Paul Rascagnères, Volexity, France
    • Valter Santos, Manager Threat Research, Bitsight, Portugal
    • Łukasz Siewierski, Reverse engineer, Google, United Kingdom
    • Roberto Sponchioni, Google Engineering, Ireland
    • Tom Ueltschi, Security analyst, Swiss Post, Switzerland
    • Éric Freyssinet, PhD, Associate Researcher at LORIA (CNRS, INRIA, Lorraine University), law enforcement officer in the Gendarmerie Nationale, programme committee chair, France

(if you want to join the Programme committee, please contact us contact[at], detailing your expertise in botnets and prior work).

Conflict managements

Programme committee members are committed to avoid any conflicts when evaluating papers. Should outside reviewers be associated to the evaluation process, the same strict rules will apply.

Programme and organising committee members are allowed to submit papers for the conference, or take part in papers submitted to the conference. In such a case, those papers will be evaluated by non conflicting members of the programme committee and with equal chances.

The conference programme could include between 1 and 3 keynote speakers. They will not be submitted to the paper evaluation process, but will be selected to ensure the overall quality of the conference.

Print Friendly, PDF & Email