Research Article
Characterizing Anomalies in Malware-Generated HTTP Traffic
Table 2
Malware categories used to organize the obtained experimental results.
| | Category | Description | Number of request groups |
| | Downloader | Downloading other malware | 134 | | Banker | Banking Trojan | 125 | | Trojan | Trojan malware | 117 | | Ransomware | Crypting files and demanding ransom | 85 | | Stealer | Stealing users’ information | 45 | | PUA/Adware | Potentially unwanted applications or adware | 30 | | IP check | Checking IP address or connectivity | 28 | | UA problem | Problem with User-Agent header value | 26 | | DDoS | DDoS attack malware | 24 | | Spambot | Sending spam e-mails | 20 | | Malicious download | Downloading other malware | 20 | | Miner | Cryptocurrency mining | 18 | | Maldoc | Downloading other malware | 16 | | Clicker | Ad and link clicking | 13 | | Downloader/JS | Downloading other malware | 12 | | Backdoor | Backdoor Trojan | 11 | | RAT | Remote access Trojan | 9 | | Bruteforce | Bruteforcing, e.g., login panels | 9 | | Other | Other malware | 8 | | Keylogger | User key stroke logging | 6 |
|
|
