Abstract: A method for detecting malware beaconing in a network, the method includes capturing network traffic over a network connection at a network connected device, representing the network traffic over the network connection as a set of tuples wherein each of the tuples includes at least a source Internet Protocol address, a destination Internet Protocol address, and a destination port, associating timestamps with each of the set of tuples, and analyzing the tuples using the timestamps based on frequency of connections to determine malware beaconing on the network, wherein the analyzing is performed by a computing device.

Abstract: A method for detecting malware beaconing in a network, the method includes capturing network traffic over a network connection at a network connected device, representing the network traffic over the network connection as a set of tuples wherein each of the tuples defines an OSI layer 4 communications session and includes at least a source Internet Protocol address, a destination Internet Protocol address, and a destination port, associating timestamps with each of the set of tuples, and analyzing the tuples using the timestamps based on frequency of connections to determine malware beaconing on the network, wherein the analyzing is performed by a computing device.