To gather the attack data set, we used an emulated bot
script according to the C&C communication schema described
in Section 2.2. The emulated DDoS bot queried
the C&C servers every five minutes. Of the 68 suspected
botnet C&C URLs, 35 servers responded at least
once with a valid DirtJumper attack command to the requests
of the emulated bot.