The actions of Malware are often controlled through uniform communications mechanisms, which are regularly changing to evade detection techniques and remain prolific. Though geographically dispersed, malware-infected nodes being controlled for a common purpose can be viewed as a logically joint network, now loosely referred to as a botnet. The evolution of the mechanisms or processes for controlling the networks of malware-infected nodes may be indicative of their sophistication relative to a point of inception or discovery (if inception time is unknown). A sampling of botnet related malware at different points of inception or discovery can provide accurate representations of the sophistication variance of command and control processes. To accurately measure a sampling, a matrix of sophistication, deemed the Complexity Matrix (CM), was created to categorize the signifying characteristics of Command and Control (C&C) processes amongst a historically-diverse selection of bot binaries. In this paper, a survey of botnets is conducted to identify C&C characteristics that accurately represent the level of sophistication being implemented within a specified time frame. The results of the survey are collected in a CM and used to generate a subsequent roadmap of C&C milestones.
Library of Congress Subject Headings
Computer networks--Security measures; Malware (Computer software)--Prevention; Computer crimes--Prevention
Networking and System Administration (MS)
Department, Program, or Center
Information Sciences and Technologies (GCCIS)
Finocchiaro, Conzetti, "A Historical evaluation of C&C complexity" (2012). Thesis. Rochester Institute of Technology. Accessed from
RIT – Main Campus