Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time
22 lines (11 sloc) 807 Bytes

#Beacon Detection via Intra-Request Time Deltas

Purpose: Find regular HTTP beaconing behavior which may indicate malware C2

Data Required: HTTP proxy logs

Collection Considerations:

Analysis Techniques: Visualization (Bar graphs)


Malware C2 often utilizes regular request intervals ("beacons") to maintain control with the attacker's infrastructure. By examining the intra-request times between requests to the same resource by the same source IP and visualizing the results, you can look for patterns of regular activity.

Other Notes

More Info