Beaconing Traffic Detector
Detects periodic outbound callback (C2 beacon) behavior from timestamped network logs by scoring inter-arrival timing consistency per source/destination pair.
Parses CSV network logs, groups repeated outbound traffic by source/destination/port, scores 'periodicity' of each pattern. High-confidence periodic callbacks — the signature of command-and-control beaconing — are flagged with a risk level and timing-window context. Markdown reports, source-risk JSON, interval profiles, analyst triage handoff.
Catalog entry only — a full write-up lands closer to release.
Related across catalogs
- Network BaselineSecurity project· Demo ready
Builds a normal traffic baseline from a sample of network logs, then flags unusual source IPs, destination ports, and connection volume spikes in observed traffic.
- Port Scan LabSecurity project· Demo ready
Detection lab for identifying Nmap-style port scan and reconnaissance activity from firewall logs.
- Web Attack DetectionSecurity project· Demo ready
Web log detection lab — flags SQL injection, XSS, suspicious user agents, scanner activity, and risk-scored request summaries from nginx access logs.
- Exploitation VisibilitySecurity project· Demo ready
Detection engineering lab — compares expected attack signals against collected logs to surface visibility gaps and prioritize new detection rules.
- Reverse Shell StudySecurity project· Demo ready
Safe lab metadata analyzer for suspicious outbound reverse-shell-like network behavior — pcap metadata only, no payloads.
Want a heads-up when Beaconing Traffic Detector releases?