Tutorial on Bots, Botnets, and the DDoS Attacks

We present a new graph-based approach for the detection and isolation of botnets in a computer network. Our approach depends primarily on the temporal co-occurrences of malicious activities across the computers in a network and is independent of botnet architectures and the means used for their command and control. As practically all aspects of how a botnet manifests itself in a network, such as the online bot population, bot lifetimes, and the duration and the choice of malicious activities ordered by the bot master, can be expected to vary significantly with time, our approach includes mechanisms that allow the graph representing the infected computers to evolve with time.