D3-APCA
Application Protocol Command Analysis
Definition
Analyzing application protocol level remote commands to detect unauthorized activity.
How it works
This technique requires the ability to parse application layer protocols to understand the commands being sent to a remote service. Signature-based or statistical analysis may be employed to identify unauthorized commands being sent. These commands can be observed by monitoring network traffic or application logs.
Artifact Relationships
This defensive technique relates to specific digital artifacts.