Email Shape Analysis for Spam Botnet Detection
Botnets have become the major sources of spamming, which generates massive unwanted traffic on networks. An effective detection mechanism can greatly mitigate the problem. This paper presents a novel botnet detection mechanism based on the email "Shape" analysis that relies on neither content nor reputation analysis. Shape is the new way of characterizing an email by mimicking human visual inspection. A set of email shapes are derived and then used to generate a botnet signature. The preliminary results show greater than 80% classification accuracy (without considering email content or reputation analysis). This work investigates the discriminatory power of email shape, for which one believes will be a significant complement to other existing techniques such as a network behavior analysis.