Objectives of the conference
Botconf is an international technical and scientific conference aiming at bringing together academic, industrial, law enforcement and independent researchers working on issues related to the fight against botnets and malware ecosystems.
The first day (Tuesday) is dedicated to delivering workshops in front of a smaller audience. The next three days are the main conference with 25 presentation slots ranging from 20 to 50 minutes, and a lightning talk session (3 minute talks proposed on site by the participants).
Some presentations are accompanied by the publication of a scientific paper with our partner open journal, "The journal on cybercrime & digital investigations", edited by the CECyF, the French cybercrime centre of excellence.
Diversity
Botconf is an international conference and welcomes specialists from all around the World, but is also supporting diversity in all forms : origin, gender, sexuality, handicap.
So please all feel welcome to submit if you believe you can bring a contribution to the community !
If you attend Botconf don't hesitate to tell us about any special needs you might have, we will do our best to accomodate.
Topics of interest
Originally, Botconf was focused on botnets. We have decided in 2022 to expand it to all malware ecosystems.
Botnets: “The term botnets is used to define networks of infected end-hosts, called bots, that are under the control of a human operator commonly known as the botmaster. While botnets recruit vulnerable machines using methods also utilized by other classes of malware (e.g., remotely exploiting software vulnerabilities, social engineering, etc.), their defining characteristic is the use of command and control (C&C) channels to connect bots to their botmasters.”
(A multifaceted approach to understanding the botnet phenomenon, Moheeb Abu Rajab, Jay Zarfoss, Fabian Monrose, Andreas Terzis, in Proceedings of the 6th ACM SIGCOMM conference on Internet measurement (IMC ’06))
The proposed concept of malware ecosystems is the following:
A malware ecosystem describes all the components that allow a cybercriminal activity using malware to succeed, including the various technical tools (malware code and binaries, obfuscation techniques, distribution platforms, exploits, etc.), the communication platforms and of course the actors involved (developers, brokers, money-launderers, etc.).
In this context, the following topics are expected:
- The functioning of botnets, and malware ecosystems.
- In particular, the functioning of malware, of distribution mechanisms and command & control infrastructure related to botnets.
- The understanding of the organisation of human groups involved in the development or the management of botnets or other types of malware ecosystems.
- Methods to monitor, localize and identify botnets and other organised distribution of malware.
- In particular, methods to detect, mitigate and disrupt botnet or malware ecosystem activities inside ISP networks or organisations’ networks.
- Technical, legal and other methods used to mitigate, investigate, dismantle or disrupt botnets and other malware ecosystems.
- The economics of cybercrime activities behind botnets and malware ecosystems.
- And we are also very much interested in having more non-technical presentations on law, criminology, analyses of behaviour of suspects related to those activities.
Types of submissions
Authors are invited to submit in one of the following groups:
- Workshops: the aim is to organise hands-on workshops on the day before the main conference to smaller groups of attendees on technical topics such as malware analysis, network trace analysis or command and control server discovery, etc.
OR, for the conference:
- Full paper: the intention of the author is to produce a full scientific paper, present his/her work at the conference (timeslots of 40 to 60 minutes will be allocated);
- Presentation: the intention of the author is to present at the conference (timeslots of 30 to 50 minutes will be allocated);
- Short talk: short talks are aimed at offering a platform for young scientists or young projects to present their work. The expected outcome is a 20 minutes presentation at the conference, but a short paper can also be prepared.
Steps for submitting
Programme committee
The Botconf programme committee is composed of the following members:
- Erwan Abgrall, PhD, Security engineer, CentraleSupélec, France
- José Araujo, Group CTO, Orange Cyberdefense, France
- Thomas Barabosch, PhD, Security Engineer, Germany
- Jean-Ian Boutin, Head of Threat Research, ESET, Canada
- Alexis Dorais-Joncas, Senior Manager, Proofpoint, Canada
- Jose Miguel Esparza, Principal Intelligence Analyst, CrowdStrike, Spain
- Sebastián García, PhD, Director of Cybersecurity and the Stratosphere project in the CTU University, Prague, Czech Republic
- Laura Guevara, Senior Cyber Security Analyst, Cyber Threat Intelligence group at Telekom Security, Germany
- Saâd Kadhi, Senior CSIRT expert, France & Belgium
- Max Kersten, Independent researcher, Netherlands
- Konstantin Klinger, Senior Security Research Engineer, Proofpoint, Switzerland
- Maciej Kotowicz, Malware researcher, Zscaler, Poland
- Jakub Křoustek, PhD, Malware research director, Gen, Czech Republic
- Sébastien Larinier, Lecturer-Researcher, ESIEA, France
- Denis Laskov, Head of Fleet Security Operations at Mercedes-Benz, Israel
- Dhia Mahjoub, PhD, United States of America
- Jean-Yves Marion, Professor, Director LORIA / CNRS, INRIA, Université de Lorraine, France
- Paul Rascagnères, Volexity, France
- Valter Santos, Manager Threat Research, Bitsight, Portugal
- Łukasz Siewierski, Reverse engineer, Google, United Kingdom
- Roberto Sponchioni, Google Engineering, Ireland
- Tom Ueltschi, Security analyst, Swiss Post, Switzerland
- Éric Freyssinet, PhD, Associate Researcher at LORIA (CNRS, INRIA, Lorraine University), law enforcement officer in the Gendarmerie Nationale, programme committee chair, France
Conflict management
Programme committee members are committed to avoid any conflicts when evaluating papers. Should outside reviewers be associated to the evaluation process, the same strict rules will apply.
Programme and organising committee members are allowed to submit papers for the conference, or take part in papers submitted to the conference. In such a case, those papers will be evaluated by non conflicting members of the programme committee and with equal chances.
Selection process
The objective of the programme committee (PC) is to select a total of 3 workshops and 25 short talks or presentations.
Each submission is evaluated according to the following criteria:
- Relevance to the conference subject. Is the proposal in line with the conference subject matters?
- Clarity of the proposal. Is the proposal presented clearly, properly structured, will it bring information to the participants ?
- Technical evaluation. Is the content technically sound, does it bring added value to the community (novelty), is it of interest in general?
PC members are also asked to propose a suitable format for presentations: full paper, short or long presentation. Workshop proposals might be asked to present as a regular presentation.
The PC also has at heart to make a selection that represents the diversity of the community in all forms.
The authors will be notified shortly after the PC has reached consensus, no later than January 15th 2024.
After notification and acceptance by the authors, all accepted workshops and presentations will be included in the programme of the conference, with time slots ranging from 20 to 50 minutes.
Additionally, the conference programme may include between 1 and 3 keynote speakers. They will not be submitted to the paper evaluation process, but will be selected to ensure the overall quality of the conference.