Research Article
Characterizing Anomalies in Malware-Generated HTTP Traffic
Table 2
Malware categories used to organize the obtained experimental results.
| Category | Description | Number of request groups |
| Downloader | Downloading other malware | 134 | Banker | Banking Trojan | 125 | Trojan | Trojan malware | 117 | Ransomware | Crypting files and demanding ransom | 85 | Stealer | Stealing users’ information | 45 | PUA/Adware | Potentially unwanted applications or adware | 30 | IP check | Checking IP address or connectivity | 28 | UA problem | Problem with User-Agent header value | 26 | DDoS | DDoS attack malware | 24 | Spambot | Sending spam e-mails | 20 | Malicious download | Downloading other malware | 20 | Miner | Cryptocurrency mining | 18 | Maldoc | Downloading other malware | 16 | Clicker | Ad and link clicking | 13 | Downloader/JS | Downloading other malware | 12 | Backdoor | Backdoor Trojan | 11 | RAT | Remote access Trojan | 9 | Bruteforce | Bruteforcing, e.g., login panels | 9 | Other | Other malware | 8 | Keylogger | User key stroke logging | 6 |
|
|