Botnet Fingerprinting: Anomaly Detection in SMTP Conversations

This article presents the results obtained during research on detection of unsolicited emails sent by botnets. The distinction from most existing solutions is that the presented approach is based on the analysis of network traffic, specifically the sequence and syntax of SMTP commands observed during email delivery. The authors present several improvements for detecting unsolicited email sources from different botnets (fingerprinting) that can be used during network forensic investigation.

[1]  Gianluca Stringhini,et al.  The harvester, the botmaster, and the spammer: on the relations between the different actors in the spam landscape , 2014, AsiaCCS.

[2]  Gianluca Stringhini,et al.  B@bel: Leveraging Email Delivery for Spam Mitigation , 2012, USENIX Security Symposium.

[3]  Jiawei Han,et al.  Survey on web spam detection: principles and algorithms , 2012, SKDD.

[4]  Tony A. Meyer,et al.  SpamBayes: Effective open-source, Bayesian based, email classification system , 2004, CEAS.

[5]  Nor Badrul Anuar,et al.  Botnet detection techniques: review, future trends, and issues , 2014, Journal of Zhejiang University SCIENCE C.

[6]  Fahad Bin Muhaya,et al.  A Comprehensive Study of Email Spam Botnet Detection , 2015, IEEE Communications Surveys & Tutorials.

[7]  Emmanuel S. Pilli,et al.  Fundamentals of Network Forensics: A Research Perspective , 2016 .

[8]  Peter Haider,et al.  Finding Botnets Using Minimal Graph Clusterings , 2012, ICML.

[9]  Hein S. Venter,et al.  Using Network Forensics and Artificial Intelligence Techniques to Detect Bot-nets on an Organizational Network , 2010, 2010 Seventh International Conference on Information Technology: New Generations.

[10]  M. Tariq Banday,et al.  Techniques and Tools for Forensic Investigation of E-mail , 2011 .

[11]  Mark Allman,et al.  A large-scale empirical analysis of email spam detection through network characteristics in a stand-alone enterprise , 2014, Comput. Networks.

[12]  Arvind Krishnamurthy,et al.  Studying Spamming Botnets Using Botlab , 2009, NSDI.

[13]  Emmanuel S. Pilli,et al.  Computer Communications And Networks , 2016 .