Malware (i.e., malicious software) is a common computer security risk. Malware is software used to disrupt computer operations, gather personal and/or sensitive information, and/or gain access to a computing device. Certain malware, upon making their way into a user computing device, such as an enterprise computer, start communicating with a remote host or destination server that commands and controls the malware for the next actions. For example, malware on a given computing device often obtains further instructions to execute on the computing device from a destination server or provides obtained data from the computing device to the destination server.
The communications between the malware and the destination server often arise from within an enterprise environment and are usually periodic in nature, potentially with some randomness to confuse malware detection devices or software from detecting periodicity in the communication pattern.
A need exists for improved techniques for identifying communication sessions that exhibit periodic behavior, such as suspicious communications.