Esc
Network Traffic Analysis
Definition
Analyzing intercepted or summarized computer network traffic to detect unauthorized activity.
loading...
Technique Subclasses
There are 18 countermeasure techniques in this category, Network Traffic Analysis.
Name | ID | Definition | Synonyms |
---|---|---|---|
Network Traffic Analysis | D3-NTA | Analyzing intercepted or summarized computer network traffic to detect unauthorized activity. | |
- Inbound Session Volume Analysis | D3-ISVA | Analyzing inbound network session or connection attempt volume. | |
- IPC Traffic Analysis | D3-IPCTA | Analyzing standard inter process communication (IPC) protocols to detect deviations from normal protocol activity. | IPC Analysis |
- Network Traffic Community Deviation | D3-NTCD | Establishing baseline communities of network hosts and identifying statistically divergent inter-community communication. | |
- Passive Certificate Analysis | D3-PCA | Collecting host certificates from network traffic or other passive sources like a certificate transparency log and analyzing them for unauthorized activity. | |
- Per Host Download-Upload Ratio Analysis | D3-PHDURA | Detecting anomalies that indicate malicious activity by comparing the amount of data downloaded versus data uploaded by a host. | |
- Protocol Metadata Anomaly Detection | D3-PMAD | Collecting network communication protocol metadata and identifying statistical outliers. | |
- Administrative Network Activity Analysis | D3-ANAA | Detection of unauthorized use of administrative network protocols by analyzing network activity against a baseline. | |
- Byte Sequence Emulation | D3-BSE | Analyzing sequences of bytes and determining if they likely represent malicious shellcode. | Shellcode Transmission Detection |
- Certificate Analysis | D3-CA | Analyzing Public Key Infrastructure certificates to detect if they have been misconfigured or spoofed using both network traffic, certificate fields and third-party logs. | |
- Client-server Payload Profiling | D3-CSPP | Comparing client-server request and response payloads to a baseline profile to identify outliers. | |
- Connection Attempt Analysis | D3-CAA | Analyzing failed connections in a network to detect unauthorized activity. | Network Scan Detection |
- DNS Traffic Analysis | D3-DNSTA | Analysis of domain name metadata, including name and DNS records, to determine whether the domain is likely to resolve to an undesirable host. | Domain Name Analysis |
- File Carving | D3-FC | Identifying and extracting files from network application protocols through the use of network stream reassembly software. | |
- Relay Pattern Analysis | D3-RPA | The detection of an internal host relaying traffic between the internal network and the external network. | Relay Network Detection |
- Remote Terminal Session Detection | D3-RTSD | Detection of an unauthorized remote live terminal console session by examining network traffic to a network host. | |
- RPC Traffic Analysis | D3-RTA | Monitoring the activity of remote procedure calls in communication traffic to establish standard protocol operations and potential attacker activities. | RPC Protocol Analysis |
- Active Certificate Analysis | D3-ACA | Actively collecting PKI certificates by connecting to the server and downloading its server certificates for analysis. |
loading...
D3FEND™
A knowledge graph of cybersecurity countermeasures