D3-APCA

Detect
Application Protocol Command Analysis

Definition

Analyzing application protocol level remote commands to detect unauthorized activity.

How it works

This technique requires the ability to parse application layer protocols to understand the commands being sent to a remote service. Signature-based or statistical analysis may be employed to identify unauthorized commands being sent. These commands can be observed by monitoring network traffic or application logs.

Artifact Relationships

This defensive technique relates to specific digital artifacts.

monitors
detects
Application Protocol Command Analysis
Network Traffic
OT Device Firmware Command

References

Reference - Method and apparatus for detecting anomalies of an infrastructure in a network Reference - Protocol based detection of suspicious network traffic