Research Article
Characterizing Anomalies in Malware-Generated HTTP Traffic
Table 5
List of header field value features.
| Feature name |
| First character of the header field is a whitespace | Whitespace before CRLF tag | Space before colon, semicolon, or comma | New line character other than CRLF | Double space | Nonstandard whitespace characters in the header field | Non-ASCII value in the header | Accept-Language header value | Accept-Encoding header value | Connection header value | Host header value | User-Agent header value |
|
|
Features proposed by the authors of this paper are marked with (an asterisk). |