Skip to main content

Table 3 Node-based features

From: LSTM RNN: detecting exploit kits using redirection chain sequences

Feature Description
Number Index of node within chain
Depth Depth of node within chain
Time Time between redirections
Referrer No. of ‘Referrer’ redirects
Location No. of ‘Location’ redirects
HTML No. of ‘HTML’ redirects
JS No. of ‘JS’ redirects
iFrame No. of ‘iFrame’ redirects
Subdomain No. of ‘Subdomain’ redirects
Concatenation No. of ‘Concat’ redirects
Base64 No. of ‘Base64’ redirects
Unknown No. of ‘Unknown’ redirects
Standard Port Use of default HTTP(S) port
Is IP Domain is an IP address
Domain Length Length of the domain name
Domain Entropy Entropy of the domain name
URI Length Avg URI length
URI Entropy Avg URI entropy
URI Slash Avg/Total slashes (‘/’)
URI Amp Avg/Total ampersands (‘&’)
URI Dash Avg/Total dashes (‘-’)
URI Plus Avg/Total pluses (‘+’)
TLD Top-level domain
Requests No. of HTTP requests
Response Avg/Total size of responses
Shockwave Avg/Total Shockwave bytes
Executable Avg/Total EXE bytes
Java Avg/Total Java bytes
Silverlight Avg/Total Silverlight bytes
JavaScript Avg/Total JavaScript bytes
XML Avg/Total XML bytes
ZIP Avg/Total ZIP bytes
Image Avg/Total Image bytes
HTML Avg/Total HTML bytes