| | Input: executedOriginalData// the set of collected traffic data packets |
| | Output: identifyMaliciousData// the set of identified malware |
| (1) | Construct executedOriginalFeatureSet = nulll// store feature attributes extracted from network traffic packets |
| (2) | Construct identifyMaliciousData = null;// the set of identified malware |
| (3) | Construct executedNormalizationData = null;// store normalized data |
| (4) | executedOriginalData = collectNetworkFlow();// use NetFlow to collect data packets for assignment |
| (5) | for each data package p in executedOriginalDatatraindo |
| (6) | executedNormalizationData = dataNormalization();// to complete data sampling and normalization |
| (7) | end for |
| (8) | for each data package p in executedNormalizationData do |
| (9) | executedOriginalFeatureSet = useReliefFCompleteFeatureExtracted (executedNormalizationDatap); |
| (10) | for each feature kexecutedOriginalFeatureSet do |
| (11) | temp = compare(executedOriginalFeatureSetk, ∂);// compare each extracted feature attribute k with a threshold ∂ and return the value temp |
| (12) | if (temp = = 1) then |
| (13) | deleteFeature(executedOriginalFeatureSetk);// delete this feature attribute |
| (14) | end if |
| (15) | end for |
| (16) | executedFirstFeatureSet = outputFeatureExtraction();// retain the feature attributes extracted from each packet |
| (17) | end for |
| (18) | for each feature j in executedFirstFeatureSet do |
| (19) | use information gain technology to calculate and evaluate each feature; |
| (20) | normalizedFeature = sencondExtraction(executedFirstFeatureSetj); // sort feature attributes and use Wrapper for second feature extraction |
| (21) | end for |
| (22) | realizeUnit();// convert to unitless values and keep the data at the same order of magnitude |
| (23) | classifyModel = useOFSVMAlgorim(normalizedFeature);// generate the classification model |
| (24) | identifyMalware (classifyModel, executedOriginalDatatest); |
| (25) | return identifyMaliciousData; |
