Research Article
Characterizing Anomalies in Malware-Generated HTTP Traffic
Table 11
Top 10 headers in a request (benign traffic).
| | Browser | Header name-percentage of requests | | “Host” | “User-Agent” | “Connection” | “Accept” | “Accept-Encoding” | “Accept-Language” | “Referer” | “Cookie” | “DNT” | “Upgrade-Insecure-Requests” |
| | Edge Win10 | 100.00 | 99.89 | 100.00 | 99.86 | 96.80 | 95.46 | 91.05 | 48.64 | 1.07 | 0.00 | | Chrome Win7 | 100.00 | 100.00 | 100.00 | 99.79 | 99.62 | 99.16 | 95.62 | 55.19 | 0.00 | 6.12 | | Firefox-FP Win7 | 100.00 | 100.00 | 100.00 | 100.00 | 99.96 | 99.84 | 93.97 | 48.30 | 0.00 | 7.35 | | Firefox Win7 | 100.00 | 100.00 | 100.00 | 99.99 | 99.92 | 98.12 | 93.86 | 48.05 | 0.00 | 5.64 | | IE11 Win7 | 99.99 | 99.99 | 99.99 | 99.98 | 92.90 | 91.98 | 88.33 | 43.88 | 78.48 | 0.00 | | Chrome Win8.1 | 100.00 | 100.00 | 99.78 | 99.46 | 99.39 | 97.78 | 93.64 | 52.02 | 0.00 | 6.81 | | Firefox Win8.1 | 100.00 | 100.00 | 99.82 | 99.83 | 99.78 | 99.77 | 94.01 | 49.62 | 0.00 | 7.31 | | IE11 Win8.1 | 99.99 | 99.99 | 99.74 | 99.70 | 93.91 | 92.98 | 88.65 | 44.02 | 80.26 | 0.00 | | Average | 100.00 | 99.99 | 99.93 | 99.83 | 97.71 | 96.77 | 92.41 | 48.83 | 21.54 | 4.13 |
|
|
