The actions of Malware are often controlled through uniform communications mechanisms, which are regularly changing to evade detection techniques and remain prolific. Though geographically dispersed, malware-infected nodes being controlled for a common purpose can be viewed as a logically joint network, now loosely referred to as a botnet. The evolution of the mechanisms or processes for controlling the networks of malware-infected nodes may be indicative of their sophistication relative to a point of inception or discovery (if inception time is unknown). A sampling of botnet related malware at different points of inception or discovery can provide accurate representations of the sophistication variance of command and control processes. To accurately measure a sampling, a matrix of sophistication, deemed the Complexity Matrix (CM), was created to categorize the signifying characteristics of Command and Control (C&C) processes amongst a historically-diverse selection of bot binaries. In this paper, a survey of botnets is conducted to identify C&C characteristics that accurately represent the level of sophistication being implemented within a specified time frame. The results of the survey are collected in a CM and used to generate a subsequent roadmap of C&C milestones.

Library of Congress Subject Headings

Computer networks--Security measures; Malware (Computer software)--Prevention; Computer crimes--Prevention

Publication Date


Document Type


Student Type


Degree Name

Networking and System Administration (MS)

Department, Program, or Center

Information Sciences and Technologies (GCCIS)


Lutz, Peter


Note: imported from RIT’s Digital Media Library running on DSpace to RIT Scholar Works in December 2013.


RIT – Main Campus