Botconf Author Listing

DDoS botnet attackers have consistently been in the spotlight of cyber threats, generating significant headlines over the past year. Telegram’s lenient content regulation has facilitated the growth of numerous related criminal groups. Meanwhile, the development of ChatGPT has demonstrated major advancements in natural language processing, with the potential to greatly enhance human productivity. So, what kind of sparks might fly when these three elements converge?

The theme of this presentation is to introduce how our team leverages the capabilities of ChatGPT to monitor botnet ecosystem activities, especially DDoS botnets and other illegal activities on Telegram. We will also outline our approach to building an automated monitoring system. We will showcase some high-value data we have collected and share observations on botnet ecosystem activities based on over 900 chats among 800+ botnets. During this process, you will learn how we promptly identified and linked two major botnets behind significant events.

For a long time, public understanding of the botnet-related ecosystem has been rather vague. Despite our extensive work and numerous blog publications, our analyses primarily focused on samples and vulnerability propagation. However, Telegram has provided an excellent platform that allows us to gain a deeper understanding of the DDoS-botnet ecosystem. Through this presentation, the audience will learn how to incorporate Telegram monitoring into their routine botnet tracking processes and build an automated system to monitor the illegal activities of numerous criminal groups on Telegram in real-time. By combining AI to analyze behavior and extract desired data, it is even possible to further analyze global trends and activities of attackers.