Malware Beaconing Detection with Jupyter Notebook

 February 13, 2023    Papers

GitHub with Jupyter Notebooks and Testdata.

In recent years the spread of ransomware and new malware variants has made the cyber security threat landscape more dangerous. Malware beaconing is a common tactic used by hackers to maintain a connection with a compromised system, send new commands and exfiltrate data. This thesis proposes a method for detecting malware beaconing in security-relevant log information using Jupyter Notebook in a corporate network.

The approach involves analyzing network traffic data for patterns that are indicative of beaconing activity. To do this, signature and periodic-based detections are utilized, as well as visualizing and enriching the detected connections to give an analyst all the information needed to make a quick and informed decision. A working prototype is implemented in Jupyter Notebook with requirements and restrictions based on the needs and infrastructure of a real-life Security Operation Center. The most significant limitation is the restricted network connectivity of the analyst's toolset.

The effectiveness of the approach is evaluated using real-world and simulated data to demonstrate the potential for detecting malware beaconing in a realistic scenario.

Overall, this work provides a practical and effective method for detecting malware beaconing and gives a glimpse into the potential of analyzing, hunting and detecting cyber threats with Jupyter Notebook.