Research Article
Identifying APT Malware Domain Based on Mobile DNS Logging
Input: : The number of Global Abnormal Tree, : The number of normal sub-samples | used in each Global Abnormal Tree, : The normal samples, | : The gery samples | Output: : The list of suspicious domains | (1) For Global Abnormal Tree | (2) Select sub-samples from without replacement: | (3) Calculate information entropy of each feature | (4) For each feature | (4.1) Calculate information entropy difference of each feature | (4.2) Set feature weight | (4.3) Compute standard feature weight | (5) Calculate the center of using normalization sub-samples | (6) Calculate the distance from sample in from the center of | (7) End for | (8) Calculate the mean distance | (9) Identify abnormal according to |
|