Botconf 2024

Call for proposals

More than 500 authors have proposed presentations and papers for Botconf over the past ten years... will you be the next ones ?

This page guides you on proposing for Botconf 2024.

Closing of the submission platform
on December 1st 2023


Objectives of the conference

Botconf is an international technical and scientific conference aiming at bringing together academic, industrial, law enforcement and independent researchers working on issues related to the fight against botnets and malware ecosystems.

The first day (Tuesday) is dedicated to delivering workshops in front of a smaller audience. The next three days are the main conference with 25 presentation slots ranging from 20 to 50 minutes, and a lightning talk session (3 minute talks proposed on site by the participants).

Some presentations are accompanied by the publication of a scientific paper with our partner open journal, "The journal on cybercrime & digital investigations", edited by the CECyF, the French cybercrime centre of excellence.


Botconf is an international conference and welcomes specialists from all around the World, but is also supporting diversity in all forms : origin, gender, sexuality, handicap.

So please all feel welcome to submit if you believe you can bring a contribution to the community !

If you attend Botconf don't hesitate to tell us about any special needs you might have, we will do our best to accomodate.


Stay focused on the topics of the conference

Register on the submission platform

Provide a precise abstract AND a 4-page detailed outline of your proposal

Respect the deadlines

Important dates:

  • 10th July 2023 opening of the submission platform
  • 1st December 2023 CFP closure
  • 15th January 2024 notification to authors
  • 23rd April 2024 Workshops in Nice
  • 24th to 26th April 2024 Main Conference in Nice

Topics of interest

Originally, Botconf was focused on botnets. We have decided in 2022 to expand it to all malware ecosystems.

Botnets: “The term botnets is used to define networks of infected end-hosts, called bots, that are under the control of a human operator commonly known as the botmaster. While botnets recruit vulnerable machines using methods also utilized by other classes of malware (e.g., remotely exploiting software vulnerabilities, social engineering, etc.), their defining characteristic is the use of command and control (C&C) channels to connect bots to their botmasters.”
(A multifaceted approach to understanding the botnet phenomenon, Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis, in Proceedings of the 6th ACM SIGCOMM conference on Internet measurement (IMC ’06))

The proposed concept of malware ecosystems is the following:

A malware ecosystem describes all the components that allow a cybercriminal activity using malware to succeed, including the various technical tools (malware code and binaries, obfuscation techniques, distribution platforms, exploits, etc.), the communication platforms and of course the actors involved (developers, brokers, money-launderers, etc.).

In this context, the following topics are expected:

  • The functioning of botnets, and malware ecosystems.
  • In particular, the functioning of malware, of distribution mechanisms and command & control infrastructure related to botnets.
  • The understanding of the organisation of human groups involved in the development or the management of botnets or other types of malware ecosystems.
  • Methods to monitor, localize and identify botnets and other organised distribution of malware.
  • In particular, methods to detect, mitigate and disrupt botnet or malware ecosystem activities inside ISP networks or organisations’ networks.
  • Technical, legal and other methods used to mitigate, investigate, dismantle or disrupt botnets and other malware ecosystems.
  • The economics of cybercrime activities behind botnets and malware ecosystems.
  • And we are also very much interested in having more non-technical presentations on law, criminology, analyses of behaviour of suspects related to those activities.

Types of submissions

Authors are invited to submit in one of the following groups:

  • Workshops: the aim is to organise hands-on workshops on the day before the main conference to smaller groups of attendees on technical topics such as malware analysis, network trace analysis or command and control server discovery, etc.

OR, for the conference:

  • Full paper: the intention of the author is to produce a full scientific paper, present his/her work at the conference (timeslots of 40 to 60 minutes will be allocated);
  • Presentation: the intention of the author is to present at the conference (timeslots of 30 to 50 minutes will be allocated);
  • Short talk: short talks are aimed at offering a platform for young scientists or young projects to present their work. The expected outcome is a 20 minutes presentation at the conference, but a short paper can also be prepared.

Steps for submitting

Prepare your proposal in the expected format presented in our guidelines
Register on the submission platform (opens on July 1th 2023). You may submit a draft proposal to be updated before the submission deadline.
Upload the final version of your proposal before the submission deadline (December 1st 2023).
Be ready to answer questions from the programme committee in the two weeks after the submission deadline.

Formatting guidelines

Papers, presentations and workshops are to be given in English language, thus submissions are expected in English.

Titles should allow the reader to understand immediately what the proposed presentation is about.

The abstract should be composed of 3 or 4 paragraphs allowing the programme committee to understand quickly the objectives of the presentation, its expected content and main chapters. Ideally, if the proposal is accepted, this abstract could be published on the conference programme.

The mandatory submission document is a 4 page document presenting a detailed outline of the presentation.

Names of all authors should be mentioned as well as a short biography.

In addition, authors willing to propose a conference paper do not need to prepare it before the submission deadline. If their talk is accepted, they can follow the article guidelines.

Programme committee

The Botconf programme committee is composed of the following members:

  • Erwan Abgrall, PhD, Security engineer, CentraleSupélec, France
  • José Araujo, Group CTO, Orange Cyberdefense, France
  • Thomas Barabosch, PhD, Security Engineer, Germany
  • Jean-Ian Boutin, Head of Threat Research, ESET, Canada
  • Alexis Dorais-Joncas, Senior Manager, Proofpoint, Canada
  • Jose Miguel Esparza, Principal Intelligence Analyst, CrowdStrike, Spain
  • Sebastián García, PhD, Director of Cybersecurity and the Stratosphere project in the CTU University, Prague, Czech Republic
  • Laura Guevara, Senior Cyber Security Analyst, Cyber Threat Intelligence group at Telekom Security, Germany
  • Saâd Kadhi, Senior CSIRT expert, France & Belgium
  • Max Kersten, Independent researcher, Netherlands
  • Konstantin Klinger, Senior Security Research Engineer, Proofpoint, Switzerland
  • Maciej Kotowicz, Malware researcher, Zscaler, Poland
  • Jakub Křoustek, PhD, Malware research director, Gen, Czech Republic
  • Sébastien Larinier, Lecturer-Researcher, ESIEA, France
  • Denis Laskov, Head of Fleet Security Operations at Mercedes-Benz, Israel
  • Dhia Mahjoub, PhD, United States of America
  • Jean-Yves Marion, Professor, Director LORIA / CNRS, INRIA, Université de Lorraine, France
  • Paul Rascagnères, Volexity, France
  • Valter Santos, Manager Threat Research, Bitsight, Portugal
  • Łukasz Siewierski, Reverse engineer, Google, United Kingdom
  • Roberto Sponchioni, Google Engineering, Ireland
  • Tom Ueltschi, Security analyst, Swiss Post, Switzerland
  • Éric Freyssinet, PhD, Associate Researcher at LORIA (CNRS, INRIA, Lorraine University), law enforcement officer in the Gendarmerie Nationale, programme committee chair, France

Conflict management

Programme committee members are committed to avoid any conflicts when evaluating papers. Should outside reviewers be associated to the evaluation process, the same strict rules will apply.

Programme and organising committee members are allowed to submit papers for the conference, or take part in papers submitted to the conference. In such a case, those papers will be evaluated by non conflicting members of the programme committee and with equal chances.

Selection process

The objective of the programme committee (PC)  is to select a total of 3 workshops and 25 short talks or presentations.

Each submission is evaluated according to the following criteria:

  • Relevance to the conference subject. Is the proposal in line with the conference subject matters?
  • Clarity of the proposal. Is the proposal presented clearly, properly structured, will it bring information to the participants ?
  • Technical evaluation. Is the content technically sound, does it bring added value to the community (novelty), is it of interest in general?

PC members are also asked to propose a suitable format for presentations: full paper, short or long presentation. Workshop proposals might be asked to present as a regular presentation.

The PC also has at heart to make a selection that represents the diversity of the community in all forms.

The authors will be notified shortly after the PC has reached consensus, no later than January 15th 2024.

After notification and acceptance by the authors, all accepted workshops and presentations will be included in the programme of the conference, with time slots ranging from 20 to 50 minutes.

Additionally, the conference programme may include between 1 and 3 keynote speakers. They will not be submitted to the paper evaluation process, but will be selected to ensure the overall quality of the conference.

After the selection

Each accepted paper and workshop is entitled to the following for up to two speakers:

  • speakers’ dinner,
  • free ticket for full access to the main conference (including coffee breaks, lunches and reception)
  • three or four hotel nights (depending on distances and schedule).

Accepted submissions are expected to produce:

  • Final versions of papers for 1st April 2024 (for submissions accepted as full papers or willing to add a paper to their short talk)
  • Final versions of presentations for one week before the conference
  • Non mandatory audio and video recording of the presentations is planned. Presenters will be asked for autorisation to record their talk prior to the conference.

Presentation documents will be made available to the public, after the conference. Videos of the talks whose speakers accepted to be recorded will also be made public after the conference.

Full papers and short papers will be published in online conference proceedings with the “Journal on Cybercrime & Digital Investigations (CybIN)” published by the French Cybercrime Centre of Excellence (CECyF).

The programme and organising committees will consider requests from students whose papers are accepted for financial assistance in attending the conference (participation in the costs for travel).

Scroll to Top