Characterizing Anomalies in Malware-Generated HTTP Traffic

<table class="table-group" id="tab14"><tr><td><table class="table"><tr><td class="thead-hr" colspan="2"><hr/></td></tr><tr class="thead"><td class="align_left">Browser</td><td class="align_center">User-Agent value</td></tr><tr><td class="thead-hr" colspan="2"><hr/></td></tr><tr><td class="align_left">Edge Win10</td><td class="align_center">Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116, Safari/537.36 Edge/15.15063</td></tr><tr><td class="align_left">Chrome Win7</td><td class="align_center">Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36</td></tr><tr><td class="align_left">Firefox-FP Win7</td><td class="align_center">Mozilla/5.0 (Windows NT 6.1; rv:51.0) Gecko/20100101 Firefox/51.0</td></tr><tr><td class="align_left">Firefox Win7</td><td class="align_center">Mozilla/5.0 (Windows NT 6.1; rv:51.0) Gecko/20100101 Firefox/51.0</td></tr><tr><td class="align_left">IE11 Win7</td><td class="align_center">Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko</td></tr><tr><td class="align_left">Chrome Win8.1</td><td class="align_center">Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36</td></tr><tr><td class="align_left">Firefox Win8.1</td><td class="align_center">Mozilla/5.0 (Windows NT 6.3; rv:56.0) Gecko/20100101 Firefox/56.0</td></tr><tr><td class="align_left">IE11 Win8.1</td><td class="align_center">Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko</td></tr><tr class="table-tr"><td colspan="2"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>The standard values of the <i>User-Agent</i> header (benign traffic).</div>

Security and Communication Networks

Characterizing Anomalies in Malware-Generated HTTP Traffic

Table 14