Patent · US Active

Detection of beaconing behavior in network traffic

US9591007B2 · kind B2 · utility

3Cited by

5References

19Claims

0Family size

Assignee

International Business Machines Corporation · US

Inventors

Xin Hu · White Plains, US
Jiyong Jang · Ossining, US
Douglas Lee Schales · Campion Road, US
Marc Stoecklin · Basel, CH
Ting Wang · White Plains, US

Key dates

Filing date	Mar 25, 2015
Grant date	Mar 7, 2017
Priority date	—
Expiry date	Mar 25, 2035

Classification

Technology area (CPC H)Electricity
CPC primaryH04L63/101
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A method for detecting beaconing behavior includes preprocessing network records to identify candidate source and destination pairs for detecting beaconing behavior, where each source and destination pair is associated with a specific time interval in a plurality of time intervals forming a time range, the time interval and time range having been predefined. The activity time interval information is converted from the time domain into the frequency domain. Candidate frequencies are determined from the source and destination pairs, as likely candidate frequencies/periodicities of beaconing activities.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.