Research Article
Characterizing Anomalies in Malware-Generated HTTP Traffic
Table 13
Host header values (malicious traffic).
| Category | Domain | IP | IP + port | Domain + port | Error in domain | Other | Multi | % of all | % of all | % of all | % of all | % of all | % of all | % of all |
| Backdoor | 72.73 | 9.09 | 0.00 | 0.00 | 0.00 | 0.00 | 18.18 | Banker | 70.40 | 9.60 | 8.00 | 0.00 | 6.40 | 0.00 | 5.60 | Bruteforce | 87.50 | 0.00 | 0.00 | 0.00 | 0.00 | 0.00 | 12.50 | Clicker | 69.23 | 23.08 | 0.00 | 0.00 | 0.00 | 0.00 | 7.69 | DDoS | 100.00 | 0.00 | 0.00 | 0.00 | 0.00 | 0.00 | 0.00 | Downloader | 76.87 | 6.72 | 2.24 | 0.75 | 2.24 | 0.75 | 10.45 | Downloader/JS | 100.00 | 0.00 | 0.00 | 0.00 | 0.00 | 0.00 | 0.00 | IP check | 100.00 | 0.00 | 0.00 | 0.00 | 0.00 | 0.00 | 0.00 | Keylogger | 66.67 | 16.67 | 0.00 | 0.00 | 0.00 | 0.00 | 16.67 | Maldoc | 68.75 | 0.00 | 0.00 | 0.00 | 0.00 | 0.00 | 31.25 | Malicious download | 80.00 | 10.00 | 0.00 | 0.00 | 0.00 | 0.00 | 10.00 | Miner | 72.22 | 22.22 | 0.00 | 5.56 | 0.00 | 0.00 | 0.00 | Other | 75.00 | 0.00 | 25.00 | 0.00 | 0.00 | 0.00 | 0.00 | PUA/Adware | 100.00 | 0.00 | 0.00 | 0.00 | 0.00 | 0.00 | 0.00 | Ransomware | 40.00 | 52.94 | 1.18 | 0.00 | 0.00 | 0.00 | 5.88 | RAT | 77.78 | 11.11 | 0.00 | 0.00 | 11.11 | 0.00 | 0.00 | Spambot | 40.00 | 60.00 | 0.00 | 0.00 | 0.00 | 0.00 | 0.00 | Stealer | 68.89 | 13.33 | 4.44 | 0.00 | 0.00 | 0.00 | 13.33 | Trojan | 65.81 | 17.09 | 3.42 | 0.85 | 0.00 | 0.00 | 12.82 | UA problem | 80.77 | 11.54 | 0.00 | 0.00 | 0.00 | 0.00 | 7.69 |
|
|