| 发明名称 |
DETECTION OF BEACONING BEHAVIOR IN NETWORK TRAFFIC |
| 摘要 |
A method for detecting beaconing behavior includes preprocessing network records to identify candidate source and destination pairs for detecting beaconing behavior, where each source and destination pair is associated with a specific time interval in a plurality of time intervals forming a time range, the time interval and time range having been predefined. The activity time interval information is converted from the time domain into the frequency domain. Candidate frequencies are determined from the source and destination pairs, as likely candidate frequencies/periodicities of beaconing activities. |
| 申请公布号 |
US2016134651(A1) |
申请公布日期 |
2016.05.12 |
| 申请号 |
US201514750737 |
申请日期 |
2015.06.25 |
| 申请人 |
International Business Machines Corporation |
发明人 |
HU Xin;JANG Jiyong;SCHALES Douglas;STOECKLIN Marc;WANG Ting |
| 分类号 |
H04L29/06 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method, comprising:
preprocessing network records to identify candidate source and destination pairs for detecting beaconing behavior, each source and destination pair being associated with specific time intervals in a plurality of time intervals forming a time range, the time interval and time range having been predefined; converting the activity time interval information from a time domain into a frequency domain; and determining candidate frequencies from the source and destination pairs, as likely candidate frequencies/periodicities of beaconing activities. |
| 地址 |
Armonk NY US |
