Enhancing Cybersecurity with Machine Learning: Beaconing Detection in PCAP Data

Enhancing Cybersecurity with Machine Learning: Beaconing Detection in PCAP Data

Abstract

This study explores the enhancement of cybersecurity through the application of machine learning techniques, specifically focusing on the detection of beaconing activity in network traffic (PCAP) data. PCAP, or packet capture, refers to the process of intercepting and logging traffic that passes over a computer network.
Beaconing, a communication technique and a common indicator of malicious activity requires complex multilevel detection methods due to its discreet and repetitive nature. My approach involves the development of a dual-model framework with a combination of a Histogram Gradient Booster Classifier (HGBC) and a Long Short-Term Memory (LSTM) neural network. The HGBC classifies the initial features extracted from the PCAP data, while the LSTM model further refines the detection by capturing temporal dependencies between consecutive packet flows.
The combined model achieves an accuracy rate of 99.37%, demonstrating its effectiveness in identifying beaconing patterns. This high level of accuracy illustrates the potential of a combination of machine learning and deep learning algorithms in advancing cybersecurity measures for unmasking threats in network traffic analysis.