Botnet fingerprinting method based on anomaly detection in SMTP conversations
Piotr Bazyd{\l}o, Krzysztof Lasota, Adam Kozakiewicz

TL;DR
This paper introduces a novel botnet detection method that analyzes SMTP command sequences to identify unsolicited emails, enhancing network forensic capabilities.
Contribution
It proposes a new fingerprinting approach based on SMTP traffic analysis, differing from existing methods by focusing on command sequence and syntax.
Findings
Effective detection of botnet-sent emails
Improved accuracy in identifying botnet sources
Applicable for network forensic investigations
Abstract
The paper presents the results obtained during research on detection of unsolicited e-mails which are sent by botnets. The distinction from most of the existing solutions is the fact that the presented approach is based on the analysis of network traffic - the sequence and syntax of SMTP commands observed during email delivery process. The paper presents several improvements for detection of unsolicited email sources from different botnets (fingerprinting), which can be used during network forensic investigation.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
