Protocol-based intrusion detection system

Template:Wikify is deprecated. Please use a more specific cleanup template as listed in the documentation.

A protocol-based intrusion detection system (PIDS) is an intrusion detection system that focuses its monitoring and analysis on the protocol or protocols in use by the computing system.

A PIDS will monitor the dynamic behavior and state of the protocol and will typically consist of a system or agent that would typically sit at the front end of a server, monitoring and analysing the communication protocol between a connected device (a user/PC or system) and the system it is protecting.

A typical place for a PIDS would at the front end of a web server monitoring the HTTP (or HTTPS) protocol stream and would understand the HTTP protocol relative to the web server/system it is trying to protect.

Where HTTPS is in use then this system would need to reside in the "shim" or interface between where HTTPS is un-encrypted and immediately prior to it entering the Web presentation layer.

As a basic level PIDS would look for, and enforce the correct (legal) use of the protocol.

At a more advanced level the PIDS can learn or be taught acceptable constricts of the protocol, and thus better detect anomalous behaviour.

• Intrusion detection system (IDS)
• Network intrusion detection system (NIDS)
• Host-based intrusion detection system (HIDS)
• Application protocol-based intrusion detection system (APIDS)
• Tripwire (software) - a pioneering HIDS
• Trusted Computing Group
• Trusted platform module