• Stars
    star
    116
  • Rank 303,894 (Top 6 %)
  • Language
    Jupyter Notebook
  • License
    GNU General Publi...
  • Created over 1 year ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Active C&C Detector

AC&CD: Active C&C Detector

ACCD

AC&CD is a tool for detecting malicious beaconing activity. Current detection strategies rely on beacons using a fixed sleep and jitter configuration. However, in real attacks, the sleep and jitter configuration is often dynamic, meaning that attackers change the sleep and jitter configuration on the fly according to their needs, such as SOCKS tunneling, off-business hours, etc. AC&CD uses a different approach and finds potential beaconing activity where there is a certain period of time that the attackers are active on the keyboard and executing commands on the victim machine.