Research Article
Characterizing Anomalies in Malware-Generated HTTP Traffic
Table 16
The payload entropy statistics for HTTP requests (malicious traffic) in bits.
| | Category | Median | Mean | 1st quartile | 3rd quartile | Min value | Max value |
| | Backdoor | 5.86 | 5.85 | 5.86 | 5.86 | 4.08 | 5.96 | | Banker | 5.42 | 6.11 | 5.42 | 7.35 | 1.00 | 7.86 | | Bruteforce | 4.27 | 4.32 | 4.27 | 4.35 | 4.24 | 7.63 | | Clicker | 5.91 | 5.88 | 5.89 | 5.92 | 4.29 | 5.96 | | DDoS | 4.31 | 4.31 | 4.31 | 4.31 | 4.31 | 4.31 | | Downloader | 6.15 | 6.41 | 5.06 | 7.76 | 3.88 | 8.00 | | Keylogger | 4.96 | 5.05 | 4.96 | 5.14 | 1.82 | 7.63 | | Miner | 5.52 | 5.47 | 5.51 | 5.53 | 3.60 | 5.99 | | PUA/Adware | 4.21 | 4.45 | 4.21 | 4.21 | 4.21 | 7.95 | | Ransomware | 4.44 | 4.48 | 4.39 | 4.48 | 3.51 | 7.53 | | RAT | 4.99 | 4.97 | 4.78 | 5.00 | 4.45 | 5.89 | | Spambot | 7.10 | 6.84 | 6.77 | 7.16 | 3.85 | 8.00 | | Stealer | 6.00 | 5.24 | 4.29 | 6.03 | 4.11 | 6.68 | | Trojan | 5.81 | 5.39 | 4.36 | 5.82 | 1.00 | 7.99 | | UA problem | 4.98 | 5.04 | 4.87 | 5.13 | 4.65 | 5.63 |
|
|
Note. The statistics were counted using all requests in the particular malware category, without being organized into request groups.
|
