[1] M. Ajelli, R. L. Cigno, and A. Montresor, “Modeling botnets and epidemic malware,” in Proc. IEEE Int'l Communications Conference (ICC), 2010, pp. 1–5.

[2] S. Mansfield-Devine, “Battle of the botnets,” Network Security, vol. 2010, no. 5, pp.4 - 6, 2010.

[3] D. Bleaken, “Botwars: the fight against criminal cyber networks,” Computer Fraud & Security, vol. 2010, no. 5, pp. 17 – 19, 2010.

[4] C. J. Mielke and H. Chen, “Botnets, and the cybercriminal underground,” in Proc. IEEE Int. Conf. Intelligence and Security Informatics (ISI), 2008, pp. 206–211.

[5] N. Daswani and M. Stoppelman, “The anatomy of clickbot.a,” in Proc. FirstWorkshop on Hot Topics in Understanding Botnets. Berkeley, CA, USA: USENIX Association, 2007.

[6] D. Emm, “The kido botnet: Back to the future,” in Global Security, Safety, and Sustainability, ser. Communications in Computer and Information Science, H. Jahankhani, A. G. Hessami, and F. Hsu, Eds. Springer Berlin Heidelberg, 2009, vol. 45, pp. 191–194.

[7] P. Porras, “Inside risks: Reflections on conficker,” Commun. ACM, vol. 52, pp. 23–24, Oct. 2009.

[8] H. Binsalleeh, T. Ormerod, A. Boukhtouta, P. Sinha, A. Youssef, M. Debbabi, and L. Wang, “On the analysis of the zeus botnet crimeware toolkit,” in Proc. Eighth Annual Int Privacy Security and Trust (PST) Conf, 2010, pp. 31–38.

[9] D. Bradbury, “Digging up the hacking underground,” Infosecurity, vol. 7, no. 5, pp.14 – 17, 2010.

[10] W. H. Murray, “The application of epidemiology to computer viruses,” Computers & Security, vol. 7, no. 2, pp. 139 – 145, 1988.

[11] J. O. Kephart and S. R. White, “Directed-graph epidemiological models of computer viruses,” in Proc. IEEE Computer Society Symp Research in Security and Privacy, 1991, pp. 343–359.

[12] G. Serazzi and S. Zanero, “Computer virus propagation models,” in Performance Tools and Applications to Networked Systems, ser. Lecture Notes in Computer Science, M. C. Calzarossa and E. Gelenbe, Eds. Springer Berlin Heidelberg, 2004, vol.2965, pp. 26–50.

[13] S. Fei, L. Zhaowen, and M. Yan, “A survey of internet worm propagation models,” in Proc. 2nd IEEE Int. Conf. Broadband Network&Multimedia Technology (IC-BNMT), 2009, pp. 453–457.

[14] “Voice and video calling over lte,” Ericsson, White paper 284 23-3163 Uen, Feb. 2012. [Online]. Available: http://www.ericsson.com/res/docs/whitepapers/WP-Voice-Video-Calling-LTE.pdf

[15] A. Berger, I. Gojmerac, and O. Jung, “Internet security meets the ip multimedia subsystem: an overview,” Security Comm. Networks, vol. 3, no. 2-3, pp. 185–206, 2010.

[16] C. Elliott, “Botnets: To what extent are they a threat to information security?” Information Security Technical Report, vol. 15, no. 3, pp. 79 – 103, 2010 (computer crime - a 2011 update).

[17] M. Bailey, E. Cooke, F. Jahanian, Y. Xu, and M. Karir, “A survey of botnet technology and defenses,” in Proc. Cybersecurity Applications & Technology Conference for Homeland Security (CATCH). Washington, DC, USA: IEEE Computer Society, 2009, pp. 299–304.

[18] P. Wang, L. Wu, B. Aslam, and C. Zou, “A systematic study on peer-to-peer botnets,” in Proc. 18th Internatonal Conference on Computer Communications and Networks (ICCCN), Aug. 2009, pp. 1 –8.

[19] D. Dittrich and S. Dietrich, “P2p as botnet command and control: A deeper insight,” in Proc. 3rd Int. Conf. Malicious and Unwanted Software (MALWARE), 2008, pp.41–48.

[20] J. Leonard, S. Xu, and R. Sandhu, “A framework for understanding botnets,” in Proc. Int. Conf. Availability, Reliability and Security (ARES ’09), 2009, pp. 917–922.

[21] H. R. Zeidanloo and A. A. Manaf, “Botnet command and control mechanisms,” in Proc. Second Int. Conf. Computer and Electrical Engineering (ICCEE), vol. 1, 2009, pp. 564–568.

[22] G. Gu, J. Zhang, and W. Lee, “Botsniffer: Detecting botnet command and control channels in network traffic,” in Proc. 15th Annual Network and Distributed System Security Symposium (NDSS’08), San Diego, CA, USA, Feb. 10-13 2008.

[23] T. Holz, M. Steiner, F. Dahl, E. Biersack, and F. Freiling, “Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm,” in Proc. 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. Berkeley, CA, USA: USENIX Association, 2008, pp. 9:1–9:9.

[24] G. Sinclair, C. Nunnery, and B. B.-H. Kang, “The waledac protocol: The how and why,” in Proc. 4th Int Malicious and Unwanted Software (MALWARE) Conf, 2009, pp. 69–77.

[25] P. Wang, S. Sparks, and C. C. Zou, “An advanced hybrid peer-to-peer botnet,” in Proc. First Workshop on Hot Topics in Understanding Botnets. Berkeley, CA, USA: USENIX Association, 2007.

[26] R. Vogt, J. Aycock, and M. Jacobson, “Army of botnets,” in Proc. 14th Network and Distributed System Security Symp. (NDSS), Feb. 2007.

[27] P. Wang, B. Aslam, and C. C. Zou, “Peer-to-peer botnets,” in Handbook of Information and Communication Security, P. Stavroulakis and M. Stamp, Eds. Springer Berlin Heidelberg, 2010, pp. 335–350.

[28] J. R. Binkley and S. Singh, “An algorithm for anomaly-based botnet detection,” in Proc. 2nd conference on Steps to Reducing Unwanted Traffic on the Internet, vol. 2. Berkeley, CA, USA: USENIX Association, 2006.

[29] G. Gu, P. Porras, V. Yegneswaran, M. Fong, and W. Lee, “Bothunter: detecting malware infection through ids-driven dialog correlation,” in Proc. 16th USENIX Security Symposium on USENIX Security Symposium. Berkeley, CA, USA: USENIX Association, 2007, pp. 12:1–12:16.

[30] G. Gu, R. Perdisci, J. Zhang, and W. Lee, “Botminer: clustering analysis of network traffic for protocol- and structure-independent botnet detection,” in Proc. 17th conference on Security symposium. Berkeley, CA, USA: USENIX Association, 2008, pp.139–154.

[31] S. Gianvecchio, M. Xie, Z. Wu, and H. Wang, “Measurement and classification of humans and bots in internet chat,” in Proc. 17th conference on Security symposium. Berkeley, CA, USA: USENIX Association, 2008, pp. 155–169.

[32] A. Brodsky and D. Brodsky, “A distributed content independent method for spam detection,” in Proc. First Workshop on Hot Topics in Understanding Botnets. Berkeley, CA, USA: USENIX Association, 2007.

[33] D. Dittrich, F. Leder, and T. Werner, “A case study in ethical decision making regarding remote mitigation of botnets,” in Financial Cryptography and Data Security, ser. Lecture Notes in Computer Science, R. Sion, R. Curtmola, S. Dietrich, A. Kiayias, J. Miret, K. Sako, and F. Sebe, Eds. Springer Berlin / Heidelberg, 2010, vol. 6054, pp. 216–230.

[34] P. Maymounkov and D. Mazières, “Kademlia: A peer-to-peer information system based on the xor metric,” in Revised Papers from the First International Workshop on Peer-to-Peer Systems, ser. IPTPS ’01. London, UK: Springer-Verlag, 2002, pp.53–65.

[35] J. Liang, N. Naoumov, and K.W. Ross, “The index poisoning attack in p2p file sharing systems,” in Proc. 25th IEEE Int. Conf. Computer Communications (INFOCOM), 2006, pp. 1–12.

[36] J. R. Douceur, “The sybil attack,” in Revised Papers from the First InternationalWorkshop on Peer-to-Peer Systems, ser. IPTPS ’01. London, UK: Springer-Verlag, 2002, pp. 251–260.

[37] M. Castro, P. Druschel, A. Ganesh, A. Rowstron, and D. S. Wallach, “Secure routing for structured peer-to-peer overlay networks,” SIGOPS Oper. Syst. Rev., vol. 36, pp.299–314, Dec. 2002.

[38] C. Davis, J. Fernandez, S. Neville, and J. McHugh, “Sybil attacks as a mitigation strategy against the storm botnet,” in Proc. 3rd International Conference on Malicious and Unwanted Software (MALWARE), Oct. 2008, pp. 32 –40.

[39] C. Davis, J. Fernandez, and S. Neville, “Optimising sybil attacks against p2p-based botnets,” in Proc. 4th International Conference on Malicious and Unwanted Software (MALWARE), Oct. 2009, pp. 78 –87.

[40] D. Ha, G. Yan, S. Eidenbenz, and H. Ngo, “On the effectiveness of structural detection and defense against p2p-based botnets,” in Proc. IEEE/IFIP International Conference on Dependable Systems Networks (DSN ’09), Jul. 2009, pp. 297 –306.

[41] Z. Zhu, G. Lu, Y. Chen, Z. J. Fu, P. Roberts, and K. Han, “Botnet research survey,” in Proc. 32nd Annual IEEE Int. Computer Software and Applications (COMPSAC), 2008, pp. 967–972.

[42] The honeynet project. [Online]. Available: http://www.honeynet.org/

[43] B. B. Kang, E. Chan-Tin, C. P. Lee, J. Tyra, H. J. Kang, C. Nunnery, Z. Wadler, G. Sinclair, N. Hopper, D. Dagon, and Y. Kim, “Towards complete node enumeration in a peer-to-peer botnet,” in Proc. 4th International Symposium on Information, Computer, and Communications Security, ser. ASIACCS ’09. New York, NY, USA: ACM, 2009, pp. 23–34.

[44] M. A. Rajab, J. Zarfoss, F. Monrose, and A. Terzis, “My botnet is bigger than yours (maybe, better than yours): why size estimates remain challenging,” in Proc. First Workshop on Hot Topics in Understanding Botnets. Berkeley, CA, USA: USENIX Association, 2007.

[45] C. Kanich, K. Levchenko, B. Enright, G. M. Voelker, and S. Savage, “The heisenbot uncertainty problem: challenges in separating bots from chaff,” in Proc. 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. Berkeley, CA, USA: USENIX Association, 2008, pp. 10:1–10:9.

[46] Q. Wang, Z. Chen, C. Chen, and N. Pissinou, “On the robustness of the botnet topology formed by worm infection,” in Proc. IEEE Global Telecommunications Conf. (GLOBECOM), 2010, pp. 1–6.

[47] P. Porras, H. Saidi, and V. Yegneswaran, “A multi-perspective analysis of the storm (peacomm) worm,” Computer Science Laboratory, SRI International, CSL Technical Note, Oct. 2007. [Online]. Available: http://www.cyber-ta.org/pubs/StormWorm/

[48] E. V. Ruitenbeek and W. H. Sanders, “Modeling peer-to-peer botnets,” in Proc. Fifth International Conference on Quantitative Evaluation of Systems (QEST). Washington, DC, USA: IEEE Computer Society, 2008, pp. 307–316.

[49] A. Kolesnichenko, A. Remke, P.-T. de Boer, and B. Haverkort, “Comparison of the mean-field approach and simulation in a peer-to-peer botnet case study,” in Computer Performance Engineering, ser. Lecture Notes in Computer Science, N. Thomas, Ed. Springer Berlin / Heidelberg, 2011, vol. 6977, pp. 133–147.

[50] A. White, A. Tickle, and A. Clark, “Overcoming reputation and proof-of-work systems in botnets,” in Proc. 4th Int Network and System Security (NSS) Conf, 2010, pp.120–127.

[51] J. Calvet, C. R. Davis, J. M. Fernandez, J.-Y. Marion, P.-L. St-Onge, W. Guizani, P.-M. Bureau, and A. Somayaji, “The case for in-the-lab botnet experimentation: creating and taking down a 3000-node botnet,” in Proc. 26th Annual Computer Security Applications Conference, ser. ACSAC. New York, NY, USA: ACM, 2010, pp. 141–150.

[52] F. Brauer, P. van den Driessche, and J. Wu, Eds., Mathematical Epidemiology. Springer-Verlag Berlin Heidelberg, 2008. 

[53] R. Weaver, “A probabilistic population study of the conficker-c botnet,” in Passive and Active Measurement, ser. Lecture Notes in Computer Science. Springer Berlin / Heidelberg, 2010, vol. 6032, pp. 181–190.

[54] X. Li, H. Duan, W. Liu, and J. Wu, “The growing model of botnets,” in Proc. Int Green Circuits and Systems (ICGCS) Conf, 2010, pp. 414–419. 

[55] S. Li, X. Yun, Z. Hao, X. Cui, and Y.Wang, “A propagation model for social engineering botnets in social networks,” in Proc. 12th Int Parallel and Distributed Computing, Applications and Technologies (PDCAT) Conf, 2011, pp. 423–426.

[56] Y. Wang, S. Wen, W. Zhou, W. Zhou, and Y. Xiang, “The probability model of peer-to-peer botnet propagation,” in Algorithms and Architectures for Parallel Processing, ser. Lecture Notes in Computer Science, Y. Xiang, A. Cuzzocrea, M. Hobbs, and W. Zhou, Eds. Springer Berlin / Heidelberg, 2011, vol. 7016, pp. 470–480.

[57] C. C. Zou and R. Cunningham, “Honeypot-aware advanced botnet construction and maintenance,” in Proc. Int. Conf. Dependable Systems and Networks (DSN), 2006, pp. 199–208.

[58] D. Dagon, C. Zou, and W. Lee, “Modeling botnet propagation using time zones,” in Proc. 13th Network and Distributed System Security Symposium (NDSS), 2006.

[59] R. Li, L. Gan, and Y. Jia, “Propagation model for botnet based on conficker monitoring,” in Proc. Second Int Information Science and Engineering (ISISE) Symp, 2009, pp. 185–190.

[60] W. Xin-liang, C. Lu-Ying, L. Fang, and L. Zhen-ming, “Analysis and modeling of the botnet propagation characteristics,” in Proc. 6th Int Wireless Comm. Netw. & Mobile Comp. (WiCOM) Conf, 2010, pp. 1–4.

[61] H. Okamura, H. Kobayashi, and T. Dohi, “Markovian modeling and analysis of internet worm propagation,” in Proc. 16th IEEE Int. Symp. Software Reliability Engineering (ISSRE), 2005.

[62] D. Zwillinger, Handbook of Differential Equations, 3rd Ed. Academic Press, 1997.

[63] L. Kleinrock, Queueing Systems - Volume I: Theory. Wiley-Interscience, 1975.

[64] G. E. Riley, M. L. Sharif, and W. Lee, “Simulating internet worms,” in Proc. IEEE Computer Society’s 12th Annual Int. Symp. Modeling, Analysis, and Simulation of Computer and Telecommunications Systems (MASCOTS), 2004, pp. 268–274.

[65] J. Rrushi, E. Mokhtari, and A. A. Ghorbani, “A statistical approach to botnet virulence estimation,” in Proc. 6th ACM Symp. on Info., Comp. & Comm. Sec., ser. ASIACCS, 2011, pp. 508–512.

[66] J. B. Grizzard, V. Sharma, C. Nunnery, B. B. Kang, and D. Dagon, “Peer-to-peer botnets: overview and case study,” in Proc. First Workshop on Hot Topics in Understanding Botnets (HotBots’07). Berkeley, CA, USA: USENIX Association, 2007.

[67] Q. Wang, Z. Chen, and C. Chen, “Characterizing internet worm infection structure,” in Proc. 4th USENIX conference on Large-scale exploits and emergent threats, ser. LEET. Berkeley, CA, USA: USENIX Association, 2011.

[68] Z. Li, A. Goyal, Y. Chen, and V. Paxson, “Automating analysis of large-scale botnet probing events,” in Proc. 4th International Symposium on Information, Computer, and Communications Security, ser. ASIACCS ’09. New York, NY, USA: ACM, 2009, pp. 11–22.

[69] C. C. Zou, D. Towsley, andW. Gong, “On the performance of internet worm scanning strategies,” Perform. Eval., vol. 63, no. 7, pp. 700–723, Jul. 2006.

[70] A. Papoulis and S. U. Pillai, Probability, Random Variables and Stochastic Processes, 4th ed. McGraw-Hill, 2002.

[71] “Top 10 botnet threat report - 2010,” Damballa Inc., Tech. Rep., 2011. [Online]. Available: http://www.damballa.com/downloads/r_pubs/Damballa_2010_Top_10_Botnets_Report.pdf

[72] M. Khosroshahy, M. K. Mehmet-Ali, and D. Qiu. (2012, Mar.) Sic-p2p: A lifecycle model for the evaluation of mitigation strategies against p2p botnets (accompanying tech report: Mathematica derivations). [Online]. Available: http://www.masoodkh.com/files/papers/SIC/SIC-P2P-TechReport.pdf

[73] P. A. Porras, H. Saidi, and V. Yegneswaran, “An analysis of the ikee.b iphone botnet,” MobiSec, Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, Springer, vol. 47, pp. 141–152, 2010.

[74] A. Berger and M. Hefeeda, “Exploiting sip for botnet communication,” in Proc. 5th IEEE Workshop Secure Network Protocols, 2009, pp. 31–36.

[75] C. Mulliner and J.-P. Seifert, “Rise of the ibots: Owning a telco network,” in Proc. 5th International Conference on Malicious and Unwanted Software (MALWARE), Oct. 2010, pp. 71 –80.

[76] P. Traynor, M. Lin, M. Ongtang, V. Rao, T. Jaeger, P. McDaniel, and T. La Porta, “On cellular botnets: measuring the impact of malicious devices on a cellular network core,” in Proc. 16th ACM conference on Computer and communications security, ser. CCS. NY, USA: ACM, 2009, pp. 223–234.

[77] G. Piro, L. A. Grieco, G. Boggia, F. Capozzi, and P. Camarda, “Simulating lte cellular systems: An open-source framework,” IEEE Transactions on Vehicular Technology, vol. 60, no. 2, pp. 498–513, 2011.

[78] T. Camp, J. Boleng, and V. Davies, “A survey of mobility models for ad hoc network research,” Wireless Communications and Mobile Computing, vol. 2, no. 5, pp. 483–502, 2002.

Refs. [79]-[85] in the document (not included here for space restriction).