Paper accepted at ARES'25

7 May 2025, by Mathias Fischer

Photo: https://2025.ares-conference.eu/

We are thrilled to announce that our paper, "C2 Beaconing Detection via AI-based Time-Series Analysis", has been accepted for publication at the 20th International Conference on Availability, Reliability and Security (ARES'25), to be held in Ghent, Belgium, from August 11-14, 2025.

In this paper, we present a comprehensive study on detecting Command and Control (C2) beaconing, a critical early warning mechanism for identifying malicious communication channels in cybersecurity. Undetected C2 beaconing can enable persistent access to infected devices, compromising critical infrastructure and posing significant risks. To tackle this challenge, we explore AI-based solutions, including:

• A time series-based approach for detecting periodic communication patterns.
• A novel Long Short-Term Memory (LSTM) model to identify anomalous C2 beaconing traffic while minimizing noise.
• Transformer-based GPT models to capture temporal dependencies and enhance detection accuracy.

We are excited to present our findings at ARES'25 in Ghent and engage with the global research community to advance cybersecurity solutions.

Paper Abstract
Command and Control (C2) beaconing is critical for early detection of malicious communication channels in cybersecurity, enabling rapid threat mitigation. Undetected beaconing allows persistent access to compromised devices, risking critical infrastructure. Traditional detection methods struggle with hidden communications. We propose AI-based solutions for C2 beaconing detection, including a time series-based approach, a Long Short-Term Memory (LSTM) model, and transformer-based GPT models to identify periodic and anomalous patterns with high accuracy. Using public intrusion detection datasets and real-world anonymized data from a cybersecurity company, our methods outperform traditional solutions in detecting malicious beaconing in network traffic.