Detect and Notify Abnormal SMTP Traffic and Email Spam over Aggregate Network

As all the traffic between the public Internet and the customer’s desktop must be interconnected through ISP’s access network, this work thus makes use of the transportation traffic log gathered from backbone router to develop SMTP flooding detection system (SFDS), so that the most spam could be detected and stopped at the original fan-out network. The system has been deployed over a TANet (Taiwan Academic Network) backbone node for assisting network users grasping the abnormal SMTP sources with suddenly increase email requests. The result indicates that there is a high proportion of the notified spam could be detected in advance.