D3FEND

D3FEND Navigator / Detect / Process Analysis

Process Analysis

ID: D3-PA | Type: Technique | Ontology: d3f:ProcessAnalysis
Published

Description

Process Analysis consists of observing a running application process and analyzing it to watch for certain behaviors or conditions which may indicate adversary activity. Analysis can occur inside of the process or through a third-party monitoring application. Examples include monitoring system and privileged calls, monitoring process initiation chains, and memory boundary allocations.

Technical Details

Framework MITRE D3FEND
Ontology URI d3f:ProcessAnalysis
Local Identifier ProcessAnalysis
Publication Status Published on D3FEND website

Relationships

Parent Tactics

Child Concepts

  • D3-SCA System Call Analysis
  • D3-FAPA File Access Pattern Analysis
  • D3-SEA Script Execution Analysis
  • D3-IBCA Indirect Branch Call Analysis
  • D3-PSMD Process Self-Modification Detection
  • D3-PCSV Process Code Segment Verification
  • D3-DQSA Database Query String Analysis
  • D3-SSC Shadow Stack Comparisons
  • D3-PSA Process Spawn Analysis

References

For the official documentation and additional resources, visit the MITRE D3FEND website.

View on MITRE D3FEND