In the article “Botnet Fingerprinting: Anomaly Detection in SMTP Conversations,” which appears in the November/December 2017 issue of IEEE Security & Privacy, the authors present the results obtained during research on detection of unsolicited emails sent by botnets. (Login may be required for full text.)
The distinction from most existing solutions is that the presented approach is based on the analysis of network traffic, specifically the sequence and syntax of SMTP commands observed during email delivery. The authors present several improvements for detecting unsolicited email sources from different botnets (fingerprinting) that can be used during network forensic investigation.
About Lori Cameron
Lori Cameron is a Senior Writer for the IEEE Computer Society and currently writes regular features for Computer magazine, Computing Edge, and the Computing Now and Magazine Roundup websites. Contact her at l.cameron@computer.org. Follow her on LinkedIn.