Research Article

Identifying APT Malware Domain Based on Mobile DNS Logging

Table 1

Features of domain name.

FeatureSetFeatureName

DNS request and answer-based featuresNumber of distinct source IP addresses
Number of distinct IP addresses with the same domain
IP in the same country
using the predefined IP addresses

Domain-based featuresAlexa ranking
The length of domain
The level of domain
containing IP address

Time-based featuresRequest frequency
Reaction time
repeating pattern

whois-based featuresRegistration duration
Active duration
Update duration
Number of DNS