Malware and other malicious remote access tools may be installed on computing devices in order to allow a remote command-and-control (C&C) site to surreptitiously access the device across a network, even through a firewall. One technique that malware uses is called beaconing. Beaconing involves the malware sending a signal to the C&C site every so often so that the C&C site is able to establish a connection with the malware even if network address translation (NAT) is used. Malware typically performs beaconing in a periodic fashion (e.g., sending a keep-alive signal to the C&C site every 5 minutes).
Some conventional malware detection and prevention tools use a technique called beaconing detection to detect this periodic beaconing. Since human users typically access remote sites in a non-periodic fashion, malware detection and prevention tools are able to flag sites that are accessed at fixed periodicities as potential malware.