Check out the new USENIX Web site. next up previous
Next: Acknowledgments Up: : Previous: Related Work


Summary

From a high-level perspective, this paper underscores the need for better clarity in studies related to botnet dynamics. Specifically, given the variety of botnet size estimation techniques and the diversity of results they provide, it seems only natural that botnet size should be a qualified term reflecting the context in which the resulting estimate should be interpreted.

That said, the results in this paper (and the questions they raise), should not be construed as an indication of our opinion on the prevalence of the botnet problem. Rather, our goal is simply to emphasize the fact that no single metric is sufficient for describing all aspects of a botnet's size. Moreover, given the variable temporal behavior that botnets exhibit and the inherent inaccuracies of existing estimation techniques, a prudent step towards providing more reliable size estimates is to synthesize the results from multiple concurrent and independent views of a botnet's behavior.

Finally, while we focus primarily on IRC botnets, many suggest that a migration to more sophisticated topologies and protocols (e.g., P2P botnets [19]) is inevitable. If (or when) this transition occurs, the adoption of such technologies will pose substantial challenges to existing botnet tracking efforts, and brings its own set of difficulties.


next up previous
Next: Acknowledgments Up: : Previous: Related Work
Fabian Monrose 2007-04-03