Network Traffic Analysis
There are 18 techniques in this category, Network Traffic Analysis.
|Network Traffic Analysis
|Analyzing intercepted or summarized computer network traffic to detect unauthorized activity.
|- Administrative Network Activity Analysis
|Detection of unauthorized use of administrative network protocols by analyzing network activity against a baseline.
|- Byte Sequence Emulation
|Analyzing sequences of bytes and determining if they likely represent malicious shellcode.
|Shellcode Transmission Detection
|- Certificate Analysis
|Analyzing Public Key Infrastructure certificates to detect if they have been misconfigured or spoofed using both network traffic, certificate fields and third-party logs.
|- Client-server Payload Profiling
|Comparing client-server request and response payloads to a baseline profile to identify outliers.
|- Connection Attempt Analysis
|Analyzing failed connections in a network to detect unauthorized activity.
|Network Scan Detection
|- DNS Traffic Analysis
|Analysis of domain name metadata, including name and DNS records, to determine whether the domain is likely to resolve to an undesirable host.
|Domain Name Analysis
|- Active Certificate Analysis
|Actively collecting PKI certificates by connecting to the server and downloading its server certificates for analysis.
|- File Carving
|Identifying and extracting files from network application protocols through the use of network stream reassembly software.
|- Inbound Session Volume Analysis
|Analyzing inbound network session or connection attempt volume.
|- IPC Traffic Analysis
|Analyzing standard inter process communication (IPC) protocols to detect deviations from normal protocol activity.
|- Protocol Metadata Anomaly Detection
|Collecting network communication protocol metadata and identifying statistical outliers.
|- Relay Pattern Analysis
|The detection of an internal host relaying traffic between the internal network and the external network.
|Relay Network Detection
|- Remote Terminal Session Detection
|Detection of an unauthorized remote live terminal console session by examining network traffic to a network host.
|- RPC Traffic Analysis
|Monitoring the activity of remote procedure calls in communication traffic to establish standard protocol operations and potential attacker activities.
|RPC Protocol Analysis
|- Network Traffic Community Deviation
|Establishing baseline communities of network hosts and identifying statistically divergent inter-community communication.
|- Passive Certificate Analysis
|Collecting host certificates from network traffic or other passive sources like a certificate transparency log and analyzing them for unauthorized activity.,Passively collecting certificates and analyzing them.
|- Per Host Download-Upload Ratio Analysis
|Detecting anomalies that indicate malicious activity by comparing the amount of data downloaded versus data uploaded by a host.
A knowledge graph of cybersecurity countermeasures