Detecttechnique

D3-PHDURAPer Host Download-Upload Ratio Analysis

Per Host Download-Upload Ratio Analysis

Definition

Detecting anomalies that indicate malicious activity by comparing the amount of data downloaded versus data uploaded by a host.

Defends against72

TypeTargetConfidenceTier
TechniqueBrowser Session Hijackingt1185100%live
SubTechniqueDomain Frontingt1090.004100%live
TechniqueExfiltration Over C2 Channelt1041100%live
SubTechniqueSymmetric Cryptographyt1573.001100%live
TechniqueAutomated Exfiltrationt1020100%live
TechniqueLateral Tool Transfert1570100%live
SubTechniqueApplication Access Tokent1550.001100%live
TechniqueBITS Jobst1197100%live
TechniqueData Encodingt1132100%live
TechniqueWeb Servicet1102100%live
SubTechniqueWindows Management Instrumentation Event Subscriptiont1546.003100%live
TechniqueExfiltration Over Web Servicet1567100%live
SubTechniqueRemote Desktop Protocolt1021.001100%live
SubTechniqueSpearphishing Linkt1566.002100%live
TechniqueRemote Servicest1021100%live
TechniqueApplication Layer Protocolt1071100%live
SubTechniqueCMSTPt1218.003100%live
SubTechniqueTransmitted Data Manipulationt1565.002100%live
SubTechniqueFile Transfer Protocolst1071.002100%live
SubTechniqueWeb Protocolst1071.001100%live
SubTechniqueDCSynct1003.006100%live
TechniqueExploitation of Remote Servicest1210100%live
TechniqueProtocol Tunnelingt1572100%live
TechniqueIngress Tool Transfert1105100%live
TechniqueRemote System Discoveryt1018100%live
TechniqueData Obfuscationt1001100%live
SubTechniqueMalicious Linkt1204.001100%live
SubTechniqueSpearphishing Attachmentt1566.001100%live
SubTechniqueCredential Stuffingt1110.004100%live
TechniqueMulti-Stage Channelst1104100%live

Showing top 30 of 72 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Defence
User Data Transfer Analysis
Defence
Network Traffic Analysis
Defence
Inbound Session Volume Analysis
Defence
IP Reputation Analysis
Defence
Protocol Metadata Anomaly Detection
Defence
IPC Traffic Analysis
Sourced from MITRE D3FEND ontology. Curated by Adam Lundqvist, SQUR.