Botnet Intelligence Through Infiltration

Status: Ongoing

We are developing techniques and refining our capability to perform experiments that infiltrate botnets under our control. To this we are developing passive (e.g., decoding the command and control messages and understanding their effects), active (e.g., responding to status requests), and adversarial (e.g., sending messages to incur some action) techniques for botnets.

Our experiments are designed to exercise a range of effective antibotnet stratagems including intelligence gathering on botnet operations, botmaster attribution, and the countermanding of the entire command-and-control infrastructure.


  • Insights from the Inside: A View of Botnet Management from Infiltration. Chia Yuan Cho, Juan Caballero, Chris Grier, Vern Paxson, Dawn Song. Proceedings of the Workshop on Large-Scale Exploits and Emergent Threats, April, 2010. [pdf]
  • Inference and Analysis of Formal Models of Botnet Command and Control Protocols. Chia Yuan Cho, Domagoj Babic, Richard Shin and Dawn Song. Proceedings of the ACM Conference on Computer and Communication Security, October, 2010. [pdf]
  • What's Clicking What? Techniques and Innovations of Today's Clickbots. Brad Miller, Paul Pearce, Chris Grier, Christian Kreibich, and Vern Paxson. Proceedings of the Conference on Detection of Intrusions and Malware and Vulnerability Assessment, July, 2011.
  • Measuring Pay-per-Install: The Commoditization of Malware Distribution. Juan Caballero, Chris Grier, Christian Kreibich, and Vern Paxson. Proceedings of the USENIX Security Symposium, August, 2011.
  • Manufacturing Compromise: The Emergence of Exploit-as-a-Service. Chris Grier, Lucas Ballard, Juan Caballero, Neha Chachra, Christian J. Dietrich, Kirill Levchenko, Panayiotis Mavrommatis, Damon McCoy, Antonio Nappa, Andreas Pitsillidis, Niels Provos, M. Zubair Rafique, Moheeb Abu Rajab, Christian Rossow, Kurt Thomas, Vern Paxson, Stefan Savage, Geoffrey M. Voelker. Proceedings of the ACM Conference on Computer and Communications Security (CCS), October 2012.

Project members

Collaboration with

Security Lab
[an error occurred while processing this directive] Security Research - Computer Science - UC Berkeley EECS

About UC Berkeley Security

UC Berkeley computer security research is at the forefront of areas ranging from secure voting, botnets, web security, cryptography, privacy, network security, and software security. Our supportive faculty and diverse students create a highly collaborative environment.


Research Centers and Collaborations


A few of our current projects are listed below. More projects are listed here.

Berkeley Security Seminar

The Berkeley Security Seminar brings in external researchers and engineers for technical talks on a large-scale security or privacy project they work on. See the current schedule. Contact Grant Ho (grantho@cs) if you work on large-scale security or privacy problems and would like to give a talk.

Reading Group

The Security Reading Group meets weekly to discuss interesting papers. See the current schedule. Contact Frank Li (frankli@cs) if you are interested in presenting.

Past Courses

Undergraduate courses

Graduate courses

  • CS 261. Security in Computer Systems. [ f12, s12, s11, f09, f08, f07, f04]
  • CS 261n (formerly 294-28). Internet/Network Security. [s12, f10, f09, s09, s08]
  • CS 276. Cryptography. [s09, s06, s04, s02]
  • CS 294-24. Privacy and Security Enhancing Technologies. [f07]
  • CS 294-50. Advanced Topics in Computer Security. [s10]
  • CS 294-65. Privacy Technologies: From Theory to Practice. [s11]
Additional information can be found in the EECS course directory.
Postdocs and Research Scientists