Esc
Network Traffic Analysis
Definition
Analyzing intercepted or summarized computer network traffic to detect unauthorized activity.
loading...
Technique Subclasses
There are 18 countermeasure techniques in this category, Network Traffic Analysis.
| Name | ID | Definition | Synonyms |
|---|---|---|---|
| Network Traffic Analysis | D3-NTA | Analyzing intercepted or summarized computer network traffic to detect unauthorized activity. | |
| - Inbound Session Volume Analysis | D3-ISVA | Analyzing inbound network session or connection attempt volume. | |
| - IPC Traffic Analysis | D3-IPCTA | Analyzing standard inter process communication (IPC) protocols to detect deviations from normal protocol activity. | IPC Analysis |
| - Network Traffic Community Deviation | D3-NTCD | Establishing baseline communities of network hosts and identifying statistically divergent inter-community communication. | |
| - Passive Certificate Analysis | D3-PCA | Collecting host certificates from network traffic or other passive sources like a certificate transparency log and analyzing them for unauthorized activity. | |
| - Per Host Download-Upload Ratio Analysis | D3-PHDURA | Detecting anomalies that indicate malicious activity by comparing the amount of data downloaded versus data uploaded by a host. | |
| - Protocol Metadata Anomaly Detection | D3-PMAD | Collecting network communication protocol metadata and identifying statistical outliers. | |
| - Administrative Network Activity Analysis | D3-ANAA | Detection of unauthorized use of administrative network protocols by analyzing network activity against a baseline. | |
| - Byte Sequence Emulation | D3-BSE | Analyzing sequences of bytes and determining if they likely represent malicious shellcode. | Shellcode Transmission Detection |
| - Certificate Analysis | D3-CA | Analyzing Public Key Infrastructure certificates to detect if they have been misconfigured or spoofed using both network traffic, certificate fields and third-party logs. | |
| - Client-server Payload Profiling | D3-CSPP | Comparing client-server request and response payloads to a baseline profile to identify outliers. | |
| - Connection Attempt Analysis | D3-CAA | Analyzing failed connections in a network to detect unauthorized activity. | Network Scan Detection |
| - DNS Traffic Analysis | D3-DNSTA | Analysis of domain name metadata, including name and DNS records, to determine whether the domain is likely to resolve to an undesirable host. | Domain Name Analysis |
| - File Carving | D3-FC | Identifying and extracting files from network application protocols through the use of network stream reassembly software. | |
| - Relay Pattern Analysis | D3-RPA | The detection of an internal host relaying traffic between the internal network and the external network. | Relay Network Detection |
| - Remote Terminal Session Detection | D3-RTSD | Detection of an unauthorized remote live terminal console session by examining network traffic to a network host. | |
| - RPC Traffic Analysis | D3-RTA | Monitoring the activity of remote procedure calls in communication traffic to establish standard protocol operations and potential attacker activities. | RPC Protocol Analysis |
| - Active Certificate Analysis | D3-ACA | Actively collecting PKI certificates by connecting to the server and downloading its server certificates for analysis. |
loading...
D3FEND™
A knowledge graph of cybersecurity countermeasures