FIRST - Improving Security Together 18th Annual FIRST Conference - June 2006 - Baltimore, Maryland

Behavioral Study of Bot Obedience using Causal Relationship Analysis

Platinum Sponsor


Silver Sponsor


Local Host

CERT Coordination Center

Supporting Sponsors






Korea CertCC

Conference Schedule

Technical Track

Wednesday – June 28th, 15:00

Botnet discovery can be difficult, since the existence of a network is often discovered only after it used for widespread activity such as a DDoS or a phishing scam. Sharing intelligence on a potential botnet traffic is also problematic mainly due to data privacy issues.

In this paper, we describe some currently used methods for identifying botnets and issues which arise when applying them in practice. We will identify the types of information that could be shared between different stakeholders and the technical means available to gather such data. Finally, we will present causality graphs and describe initial experiences in applying them to analyzing botnet incidents.

Authors & presenters

  • FILari Huttunem (University of Oulu, FI)

  • FIPekka Pietikäinen  Presenter (University of Oulu, FI)

Conference Schedule