Unsupervised Detection of APT C&C Channels using Web Request Graphs.

HTTP is the main protocol used by attackers to establish a command and control (CC APT malware are often custom-built and used against selected targets only, making it difficult to collect malware artifacts for supervised machine learning and thus rendering supervised approaches ineffective at detecting APT traffic.