Methods and systems for improving beaconing detection algorithms

What is claimed is: 1. A method of deploying computer resources, said method comprising provisioning a memory device in a server accessible via a network with a set of computer-readable instructions for a computer to execute a method of detecting beaconing behavior, wherein the method of detecting beaconing behavior comprises: receiving network records for a site being evaluated for beaconing behavior; preprocessing the network records to identify candidate source and destination pairs for detecting beaconing behavior, each candidate source and destination pair being associated with a specific time interval in a plurality of time intervals forming a time range, the plurality of time intervals and time range having been predefined; executing a three-stage evaluation processing to reduce false positives by reducing noise and checking adequacy of a sampling rate, and to detect potential multiple interleaved periods, the three-stage evaluation processing comprising: evaluating a listing of time series derived from the preprocessing of the network records for statistical characteristics and eliminating times that fall outside a pre-set statistical measurement as failing a noise evaluation in which candidate intervals are presumed as resultant from an underlying normal distribution; evaluating a listing of candidate periods and eliminating the listing as comprising a bad sampling at a specific sampling granularity under a Nyquist sampling requirement if more than a pre-set number of points of the candidate periods listing are non-zero during an activity bucket counting at the specific sampling granularity; and evaluating time series data for potential multiple interleaved periods, using a Gaussian Mixture Model (GMM) analysis and as selected by minimizing a Bayesian Information Criterion (BIC); and determining candidate frequencies from the candidate source and destination pairs as likely candidate frequencies and/or periodicities of beaconing activities based on the evaluating. 2. The method of deploying computer resources of claim 1 , wherein the server one of: executes the method of detecting beaconing behavior based on network data received from a local area network of computers for which the server serves as a network portal; receives a request from a computer via the network to execute the method of detecting beaconing behavior, receives data from the requesting computer to be processed by the method of detecting beaconing behavior, and returns to the requesting computer a result of executing the method of detecting beaconing behavior on the received data; and receives a request from a computer via the network to execute the method of detecting beaconing behavior and transmits the set of computer-readable instructions to the requesting computer to itself execute the method of detecting beaconing behavior by the requesting computer. 3. The method of deploying computer resources of claim 1 , wherein the server provides a service of executing the method of detecting beaconing behavior as a cloud service.