Security and Communication Networks

Research Article

Characterizing Anomalies in Malware-Generated HTTP Traffic

Table 13

Host header values (malicious traffic).
CategoryDomainIPIP + portDomain + portError in domainOtherMulti
% of all% of all% of all% of all% of all% of all% of all
Backdoor72.739.090.000.000.000.0018.18
Banker70.409.608.000.006.400.005.60
Bruteforce87.500.000.000.000.000.0012.50
Clicker69.2323.080.000.000.000.007.69
DDoS100.000.000.000.000.000.000.00
Downloader76.876.722.240.752.240.7510.45
Downloader/JS100.000.000.000.000.000.000.00
IP check100.000.000.000.000.000.000.00
Keylogger66.6716.670.000.000.000.0016.67
Maldoc68.750.000.000.000.000.0031.25
Malicious download80.0010.000.000.000.000.0010.00
Miner72.2222.220.005.560.000.000.00
Other75.000.0025.000.000.000.000.00
PUA/Adware100.000.000.000.000.000.000.00
Ransomware40.0052.941.180.000.000.005.88
RAT77.7811.110.000.0011.110.000.00
Spambot40.0060.000.000.000.000.000.00
Stealer68.8913.334.440.000.000.0013.33
Trojan65.8117.093.420.850.000.0012.82
UA problem80.7711.540.000.000.000.007.69