Abstract: A method for improving a detection of beaconing activity includes receiving input data into a computer-implemented processing procedure at least one listing of at least one of time series data and candidate periods of potential beaconing activity. The input data is processed, to detect candidates of potential beaconing activity. By further evaluating the time series data using techniques used for evaluating an analog signal, the performance of detecting of potential beaconing activity is improved to eliminate false positive indications of beaconing activity and/or to provide indication of multiple interleaved periodicities of beaconing.

Abstract: A method for improving a detection of beaconing activity includes receiving input data into a computer-implemented processing procedure at least one listing of at least one of time series data and candidate periods of potential beaconing activity. The input data is processed, to detect candidates of potential beaconing activity. By further evaluating the time series data using techniques used for evaluating an analog signal, the performance of detecting of potential beaconing activity is improved to eliminate false positive indications of beaconing activity and/or to provide indication of multiple interleaved periodicities of beaconing.

Abstract: A method (and structure) includes receiving, as input data into a computer-implemented processing procedure, at least one listing of at least one of time series data and potential candidate periods of potential beaconing activity. The input data is processed, using a processor on a computer, to evaluate the input data as if the input data represents data points of an input analog signal subject to principles of communication theory and having determinable statistical characteristics.

Abstract: A method for detecting beaconing behavior includes preprocessing network records to identify candidate source and destination pairs for detecting beaconing behavior, where each source and destination pair is associated with a specific time interval in a plurality of time intervals forming a time range, the time interval and time range having been predefined. The activity time interval information is converted from the time domain into the frequency domain. Candidate frequencies are determined from the source and destination pairs, as likely candidate frequencies/periodicities of beaconing activities.

Abstract: A method (and structure) includes receiving, as input data into a computer-implemented processing procedure, at least one listing of at least one of time series data and potential candidate periods of potential beaconing activity. The input data is processed, using a processor on a computer, to evaluate the input data as if the input data represents data points of an input analog signal subject to principles of communication theory and having determinable statistical characteristics.

Abstract: A method for detecting beaconing behavior includes preprocessing network records to identify candidate source and destination pairs for detecting beaconing behavior, where each source and destination pair is associated with a specific time interval in a plurality of time intervals forming a time range, the time interval and time range having been predefined. The activity time interval information is converted from the time domain into the frequency domain. Candidate frequencies are determined from the source and destination pairs, as likely candidate frequencies/periodicities of beaconing activities.

Abstract: A method for detecting beaconing behavior includes preprocessing network records to identify candidate source and destination pairs for detecting beaconing behavior, where each source and destination pair is associated with a specific time interval in a plurality of time intervals forming a time range, the time interval and time range having been predefined. The activity time interval information is converted from the time domain into the frequency domain. Candidate frequencies are determined from the source and destination pairs, as likely candidate frequencies/periodicities of beaconing activities.

Abstract: A method for detecting beaconing behavior includes preprocessing network records to identify candidate source and destination pairs for detecting beaconing behavior, where each source and destination pair is associated with a specific time interval in a plurality of time intervals forming a time range, the time interval and time range having been predefined. The activity time interval information is converted from the time domain into the frequency domain. Candidate frequencies are determined from the source and destination pairs, as likely candidate frequencies/periodicities of beaconing activities.

Abstract: The present invention provides methods and apparatus for classifying and demultiplexing packets in a network protocol stack. It provides extendibility for packet processing in the network protocol stack by defining a standard method for adding new functionality. It provides a method to obtain external information, from an application scheduled outside of the forwarding or interrupt context of the kernel, in order to augment packet classification and/or augment packet disposition. In some embodiments, external information augments a criteria of a node in a classification tree with additional information. It presents a way of augmenting which suspends the classification process until an application, scheduled outside of the forwarding or interrupt context of the kernel, completes. The resulting external information is used to augment the packet classification.

Abstract: Methods, apparatus and program products which monitor wireless access points (12,16) through which data can be exchanged with a network (10), identify an unauthorized access point (16), and respond to monitored data flow in a variety of manners including determining the location of the identified unauthorized access point, establishing filtering, and controlling accounting for access services.