I am studying the architecture and topology of modern botnets, because I want to understand how they are organized and controlled, in order to suport visualizing bonnet structure and infection flow.
Primary and Secondary Sources (Summarized)
Botnets are assembled from three primary components: the bots themselves, a botmaster/bot herder, and a command and control channel for the botmaster to manipulate the bots. Botnets are used primarily in situations where the number of individual bots is a strength, such as DDoS attacks, spamming, and click fraud. Botnet architectures are diverse, ranging from centralized, to hybrid, to decentralized. Although bots perform HTTP requests much web browsers, its often possible to detect their presence by incomplete or malformed requests. 
Bot agents are distinguishable from common malware through their connection to command and control servers. Botnet operators choose different network topologies based on a combination of risk, cost, speed, and the financial purpose of the botnet. Centralized botnets are more easily stopped, but faster, while decentralized botnets (whether hierarchical or random) are often slower as commands propagate across the network. Through "fluxing" domain and IP address information, botnets of any topology can more easily hide command and control information from defenders. Botnet operators are moving toward more decentralized architectures as they continue solve the performance problems traditionally associated with them. 
After analyzing a number of recent peer-to-peer botnet, this team developed a new form of hybrid botnet. Their intent was to create a network that was robust, capable of losing bots to attackers, and difficult for defenders to detect. Using a hybrid peer-to-peer architecture consisting of "servent bots" and "client bots" the team was able to create a prototype that was very difficult to shut down. Through both infecting and re-infecting hosts, the botnet structure and metadata is more obfuscated to defenders. 
One possible future structure of botnets is new decentralized mobile botnet that has no single point of control. These bots are capable of communicating via SMS, Bluetooth and HTTP. The botnet's topology is complex, with "cluster head bots" forwarding commands and "receiver bots" acting on those commands. This is possible because each bot contains a list of the other mobile nodes on the botnet. The team successfully created a botnet on Android phones using this topology, which successfully collected and shared GPS data on a local network. No anti-virus software was capable of detecting these bots. Although just a prototype, it offers insight into a future of mobile distributed botnets. 
As part of this project I also performed primary research on botnets of my own.
I trawled a few hacker forums reading about botnet approaches, and read some "copypasta" about botnet organization and software architecture.
I also experimented with building my own botnet from some software I got ahold of on the internet. It didn't work, but I did get some interesting insights into one possible software architecture for botnets.
I took my findings from all this botnet research and distilled it down to a handful of slides.