The following discussion sets forth the inventors' own knowledge of certain technologies and/or problems associated therewith. Accordingly, this discussion is not an admission of prior art, and it is not an admission of the knowledge available to a person of ordinary skill in the art.
Hypertext Transfer Protocol (HTTP) is a popular communication protocol used by several modern information systems. Particularly, HTTP is a request-response protocol that follows a client-server model. In some cases, a client computer may execute a web browser to access content and/or applications stored on a server computer. Hence, the client may submit an HTTP request message to the server, which may then execute one or more actions and return an HTTP response message to the client.
As one of its many features, the HTTP protocol allows a server to identify a client's specific web browser through the browser's use of a “user agent” header in the HTTP request. The user-agent header often identifies the particular web browser by name, software vendor, software revision, etc. One of the user agents' main purpose has been to allow a web server to adjust a web page's design, so that the page is adequately rendered by the requesting browser.
The inventor hereof has determined, however, that an increasingly large number of malicious software (“malware” such as, for example, computer viruses, worms, Trojan horses, rootkits, keyloggers, dialers, spyware, adware, etc.) now perform HTTP protocol connections that use fake user agents. A fake user agent may cause the malware's requests appear as if they have been issued by a typical web browser, thus evading detection by security systems. Also, even non-malicious applications can use a fake user agent in an attempt to circumvent network policies. This type of behavior makes it difficult for a network security system to prevent rogue connections that use HTTP.