Characterizing Anomalies in Malware-Generated HTTP Traffic

<table class="table-group" id="tab3"><tr><td><table class="table"><tr><td class="thead-hr" colspan="2"><hr/></td></tr><tr class="thead"><td class="align_left">Feature group</td><td class="align_center">Research sources</td></tr><tr><td class="thead-hr" colspan="2"><hr/></td></tr><tr><td class="align_left">HTTP request structure</td><td class="align_center">Montero [<a href="/journals/scn/2020/8848863/#B14" target="_blank">14</a>], Cuckoo, Calzarossa et al. [<a href="/journals/scn/2020/8848863/#B13" target="_blank">13</a>], Rossow et al. [<a href="/journals/scn/2020/8848863/#B11" target="_blank">11</a>], Nelson [<a href="/journals/scn/2020/8848863/#B12" target="_blank">12</a>], Li et al. [<a href="/journals/scn/2020/8848863/#B21" target="_blank">21</a>]</td></tr><tr><td class="align_left">Header field values</td><td class="align_center">Montero [<a href="/journals/scn/2020/8848863/#B14" target="_blank">14</a>], Lewis [<a href="/journals/scn/2020/8848863/#B17" target="_blank">17</a>], Mizuno et al. [<a href="/journals/scn/2020/8848863/#B18" target="_blank">18</a>], Calzarossa et al. [<a href="/journals/scn/2020/8848863/#B13" target="_blank">13</a>], Li et al. [<a href="/journals/scn/2020/8848863/#B19" target="_blank">19</a>], Kheir [<a href="/journals/scn/2020/8848863/#B20" target="_blank">20</a>], Rossow et al. [<a href="/journals/scn/2020/8848863/#B11" target="_blank">11</a>], Nelson [<a href="/journals/scn/2020/8848863/#B12" target="_blank">12</a>], Li et al. [<a href="/journals/scn/2020/8848863/#B21" target="_blank">21</a>], Perdisci et al. [<a href="/journals/scn/2020/8848863/#B22" target="_blank">22</a>]</td></tr><tr><td class="align_left">HTTP request payload</td><td class="align_center">Perdisci et al. [<a href="/journals/scn/2020/8848863/#B22" target="_blank">22</a>]</td></tr><tr class="table-tr"><td colspan="2"><hr class="tbody-hr"/></td></tr></table></td></tr></table>

<div>The relation between the research source and the analyzed HTTP request feature groups.</div>

Security and Communication Networks

Characterizing Anomalies in Malware-Generated HTTP Traffic

Table 3