English

Botnet fingerprinting method based on anomaly detection in SMTP conversations

Cryptography and Security 2019-03-28 v1

Abstract

The paper presents the results obtained during research on detection of unsolicited e-mails which are sent by botnets. The distinction from most of the existing solutions is the fact that the presented approach is based on the analysis of network traffic - the sequence and syntax of SMTP commands observed during email delivery process. The paper presents several improvements for detection of unsolicited email sources from different botnets (fingerprinting), which can be used during network forensic investigation.

Keywords

Cite

@article{arxiv.1903.11400,
  title  = {Botnet fingerprinting method based on anomaly detection in SMTP conversations},
  author = {Piotr Bazydło and Krzysztof Lasota and Adam Kozakiewicz},
  journal= {arXiv preprint arXiv:1903.11400},
  year   = {2019}
}

Comments

6 pages, 4 tables, 3 figures

R2 v1 2026-06-23T08:20:47.536Z