Research Article
Characterizing Anomalies in Malware-Generated HTTP Traffic
Figure 12
An example of the Zeek network security monitoring analysis module based on presented observations. The rule detects requests with the number of headers less than 4 and without the User-Agent header.