Detecttechnique

D3-NTSANetwork Traffic Signature Analysis

Network Traffic Signature Analysis

Definition

Analyzing network traffic and compares it to known signatures

Defends against72

TypeTargetConfidenceTier
TechniqueNon-Standard Portt1571100%live
TechniqueDrive-by Compromiset1189100%live
SubTechniqueWeb Protocolst1071.001100%live
TechniqueFallback Channelst1008100%live
TechniqueDynamic Resolutiont1568100%live
TechniqueTrusted Relationshipt1199100%live
SubTechniqueService Exhaustion Floodt1499.002100%live
SubTechniqueCMSTPt1218.003100%live
SubTechniqueCredential Stuffingt1110.004100%live
TechniqueBITS Jobst1197100%live
TechniqueRemote Servicest1021100%live
SubTechniqueInternal Proxyt1090.001100%live
TechniqueExfiltration Over C2 Channelt1041100%live
SubTechniqueMulti-hop Proxyt1090.003100%live
SubTechniqueApplication Access Tokent1550.001100%live
TechniqueAdversary-in-the-Middlet1557100%live
SubTechniqueDomain Frontingt1090.004100%live
SubTechniqueExternal Proxyt1090.002100%live
SubTechniqueDNSt1071.004100%live
TechniqueEncrypted Channelt1573100%live
TechniqueRemote Service Session Hijackingt1563100%live
TechniqueExfiltration Over Web Servicet1567100%live
TechniqueData Encodingt1132100%live
SubTechniqueExfiltration to Cloud Storaget1567.002100%live
TechniqueExploit Public-Facing Applicationt1190100%live
SubTechniqueSpearphishing Linkt1566.002100%live
SubTechniquePort Knockingt1205.001100%live
SubTechniqueKerberoastingt1558.003100%live
SubTechniqueDHCP Spoofingt1557.003100%live
TechniqueExfiltration Over Alternative Protocolt1048100%live

Showing top 30 of 72 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Defence
Network Traffic Analysis
Defence
DNS Traffic Analysis
Defence
Administrative Network Activity Analysis
Defence
IPC Traffic Analysis
Defence
RPC Traffic Analysis
Defence
Connection Attempt Analysis
Sourced from MITRE D3FEND ontology. Curated by Adam Lundqvist, SQUR.