# Botnet fingerprinting method based on anomaly detection in SMTP   conversations

**Authors:** Piotr Bazyd{\l}o, Krzysztof Lasota, Adam Kozakiewicz

arXiv: 1903.11400 · 2019-03-28

## TL;DR

This paper introduces a novel botnet detection method that analyzes SMTP command sequences to identify unsolicited emails, enhancing network forensic capabilities.

## Contribution

It proposes a new fingerprinting approach based on SMTP traffic analysis, differing from existing methods by focusing on command sequence and syntax.

## Key findings

- Effective detection of botnet-sent emails
- Improved accuracy in identifying botnet sources
- Applicable for network forensic investigations

## Abstract

The paper presents the results obtained during research on detection of unsolicited e-mails which are sent by botnets. The distinction from most of the existing solutions is the fact that the presented approach is based on the analysis of network traffic - the sequence and syntax of SMTP commands observed during email delivery process. The paper presents several improvements for detection of unsolicited email sources from different botnets (fingerprinting), which can be used during network forensic investigation.

---
Source: https://tomesphere.com/paper/1903.11400