Characterizing Anomalies in Malware-Generated HTTP Traffic
Joint Authors
Mazurczyk, Wojciech
Białczak, Piotr
Source
Security and Communication Networks
Issue
Vol. 2020, Issue 2020 (31 Dec. 2020), pp.1-26, 26 p.
Publisher
Hindawi Publishing Corporation
Publication Date
2020-09-01
Country of Publication
Egypt
No. of Pages
26
Main Subjects
Information Technology and Computer Science
Abstract EN
Currently, we are witnessing a significant rise in various types of malware, which has an impact not only on companies, institutions, and individuals, but also on entire countries and societies.
Malicious software developers try to devise increasingly sophisticated ways to perform nefarious actions.
In consequence, the security community is under pressure to develop more effective defensive solutions and to continuously improve them.
To accomplish this, the defenders must understand and be able to recognize the threat when it appears.
That is why, in this paper, a large dataset of recent real-life malware samples was used to identify anomalies in the HTTP traffic produced by the malicious software.
The authors analyzed malware-generated HTTP requests, as well as benign traffic of the popular web browsers, using 3 groups of features related to the structure of requests, header field values, and payload characteristics.
It was observed that certain attributes of the HTTP traffic can serve as an indicator of malicious actions, including lack of some popular HTTP headers and their values or usage of the protocol features in an uncommon way.
The findings of this paper can be conveniently incorporated into the existing detection systems and network traffic forensic tools, making it easier to spot and eliminate potential threats.
American Psychological Association (APA)
Białczak, Piotr& Mazurczyk, Wojciech. 2020. Characterizing Anomalies in Malware-Generated HTTP Traffic. Security and Communication Networks،Vol. 2020, no. 2020, pp.1-26.
https://search.emarefa.net/detail/BIM-1208737
Modern Language Association (MLA)
Białczak, Piotr& Mazurczyk, Wojciech. Characterizing Anomalies in Malware-Generated HTTP Traffic. Security and Communication Networks No. 2020 (2020), pp.1-26.
https://search.emarefa.net/detail/BIM-1208737
American Medical Association (AMA)
Białczak, Piotr& Mazurczyk, Wojciech. Characterizing Anomalies in Malware-Generated HTTP Traffic. Security and Communication Networks. 2020. Vol. 2020, no. 2020, pp.1-26.
https://search.emarefa.net/detail/BIM-1208737
Data Type
Journal Articles
Language
English
Notes
Includes bibliographical references
Record ID
BIM-1208737