Research Article
Identifying APT Malware Domain Based on Mobile DNS Logging
| Input: : The number of Global Abnormal Tree, : The number of normal sub-samples | | used in each Global Abnormal Tree, : The normal samples, | | : The gery samples | | Output: : The list of suspicious domains | | (1) For Global Abnormal Tree | | (2) Select sub-samples from without replacement: | | (3) Calculate information entropy of each feature | | (4) For each feature | | (4.1) Calculate information entropy difference of each feature | | (4.2) Set feature weight | | (4.3) Compute standard feature weight | | (5) Calculate the center of using normalization sub-samples | | (6) Calculate the distance from sample in from the center of | | (7) End for | | (8) Calculate the mean distance | | (9) Identify abnormal according to |
|
