In recent years the spread of ransomware and new malware variants has made the cyber security threat landscape more dangerous. Malware beaconing is a common tactic used by hackers to maintain a connection with a compromised system, send new commands and exfiltrate data. This thesis proposes a method for detecting malware beaconing in security-relevant log information using Jupyter Notebook in a corporate network.
The approach involves analyzing network traffic data for patterns that are indicative of beaconing activity. To do this, signature and periodic-based detections are utilized, as well as visualizing and enriching the detected connections to give an analyst all the information needed to make a quick and informed decision. A working prototype is implemented in Jupyter Notebook with requirements and restrictions based on the needs and infrastructure of a real-life Security Operation Center. The most significant limitation is the restricted network connectivity of the analyst's toolset.
The effectiveness of the approach is evaluated using real-world and simulated data to demonstrate the potential for detecting malware beaconing in a realistic scenario.
Overall, this work provides a practical and effective method for detecting malware beaconing and gives a glimpse into the potential of analyzing, hunting and detecting cyber threats with Jupyter Notebook.