Detecttechnique

D3-PMADProtocol Metadata Anomaly Detection

Protocol Metadata Anomaly Detection

Definition

Collecting network communication protocol metadata and identifying statistical outliers.

Defends against72

TypeTargetConfidenceTier
TechniqueWindows Management Instrumentationt1047100%live
SubTechniqueExfiltration Over Symmetric Encrypted Non-C2 Protocolt1048.001100%live
TechniqueExfiltration Over C2 Channelt1041100%live
SubTechniqueApplication Access Tokent1550.001100%live
TechniqueTrusted Relationshipt1199100%live
TechniqueAutomated Exfiltrationt1020100%live
SubTechniqueSpearphishing Linkt1566.002100%live
SubTechniquePort Knockingt1205.001100%live
SubTechniqueWeb Session Cookiet1550.004100%live
SubTechniqueReflection Amplificationt1498.002100%live
SubTechniqueService Exhaustion Floodt1499.002100%live
TechniqueData Obfuscationt1001100%live
SubTechniqueDirect Network Floodt1498.001100%live
SubTechniqueFile Transfer Protocolst1071.002100%live
SubTechniqueAccessibility Featurest1546.008100%live
TechniqueData Transfer Size Limitst1030100%live
TechniqueNon-Standard Portt1571100%live
SubTechniqueKerberoastingt1558.003100%live
SubTechniqueAdditional Cloud Credentialst1098.001100%live
TechniqueIngress Tool Transfert1105100%live
TechniqueDynamic Resolutiont1568100%live
SubTechniqueCMSTPt1218.003100%live
SubTechniqueMalicious Linkt1204.001100%live
TechniqueAdversary-in-the-Middlet1557100%live
TechniqueExfiltration Over Other Network Mediumt1011100%live
TechniqueScheduled Transfert1029100%live
SubTechniqueInternal Proxyt1090.001100%live
TechniqueRogue Domain Controllert1207100%live
SubTechniquePassword Sprayingt1110.003100%live
TechniqueExploitation of Remote Servicest1210100%live

Showing top 30 of 72 by confidence. Click any target to see the full neighbourhood.

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Defence
IPC Traffic Analysis
Defence
Application Protocol Command Analysis
Defence
Client-server Payload Profiling
Defence
Administrative Network Activity Analysis
Defence
Network Traffic Community Deviation
Defence
RPC Traffic Analysis
Sourced from MITRE D3FEND ontology. Curated by Adam Lundqvist, SQUR.