Skip to content
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
Cannot retrieve contributors at this time

#Beacon Detection via Intra-Request Time Deltas

Purpose: Find regular HTTP beaconing behavior which may indicate malware C2

Data Required: HTTP proxy logs

Collection Considerations:

Analysis Techniques: Visualization (Bar graphs)


Malware C2 often utilizes regular request intervals ("beacons") to maintain control with the attacker's infrastructure. By examining the intra-request times between requests to the same resource by the same source IP and visualizing the results, you can look for patterns of regular activity.

Other Notes

More Info