Botnet fingerprinting method based on anomaly detection in SMTP conversations
share
The paper presents the results obtained during research on detection of unsolicited e-mails which are sent by botnets. The distinction from most of the existing solutions is the fact that the presented approach is based on the analysis of network traffic - the sequence and syntax of SMTP commands observed during email delivery process. The paper presents several improvements for detection of unsolicited email sources from different botnets (fingerprinting), which can be used during network forensic investigation.
READ FULL TEXT
