In the article “Botnet Fingerprinting: Anomaly Detection in SMTP Conversations,” which appears in the November/December 2017 issue of IEEE Security & Privacy, the authors present the results obtained during research on detection of unsolicited emails sent by botnets.

The distinction from most existing solutions is that the presented approach is based on the analysis of network traffic, specifically the sequence and syntax of SMTP commands observed during email delivery. The authors present several improvements for detecting unsolicited email sources from different botnets (fingerprinting) that can be used during network forensic investigation.