Mining Function Homology of Bot Loaders from Honeypot Logs. (arXiv:2206.00385v1 [cs.CR])

Self-contained loaders are widely adopted in botnets for injecting loading
commands and spawning new bots. While researchers can dissect bot clients to
get various information of botnets, the cloud-based and self-contained design
of loaders effectively hinders researchers from understanding the loaders'
evolution and variation using classic methods. The decoupled nature of bot
loaders also dramatically reduces the feasibility of investigating
relationships among clients and infrastructures. In this paper, we propose a
text-based method to investigate and analyze details of bot …

bot honeypot logs mining