Add C2 beaconing detection

## Summary
Detect command-and-control beaconing patterns by analyzing periodic connection intervals.

## Requirements
- Track connection timestamps per (src_ip, dst_ip, dst_port) tuple
- Compute inter-arrival time statistics (mean, stddev, jitter)
- Flag low-jitter periodic connections as potential beaconing (configurable thresholds)
- Score confidence based on: regularity, duration, packet count, known bad ports
- Map to MITRE ATT&CK T1071 (Application Layer Protocol) and T1573 (Encrypted Channel)

## Acceptance Criteria
- [ ] Beaconing detector as a `ProtocolAnalyzer` or standalone analysis pass
- [ ] Tests with synthetic periodic connection patterns
- [ ] Generate findings with Verdict/Confidence scores
- [ ] Report: top beaconing candidates with interval stats

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add C2 beaconing detection #3

Summary

Requirements

Acceptance Criteria

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Add C2 beaconing detection #3

Description

Summary

Requirements

Acceptance Criteria

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions