Jump to content

Application protocol-based intrusion detection system

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Intgr (talk | contribs) at 03:23, 17 December 2006 (cleanup; {{wikify}}). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.


An application protocol-based intrusion detection system (APIDS) is an intrusion-detection system that focuses its monitoring and analysis on speific application protocol or protocols in use by the computing system.

Overview

An APIDS will monitor the dynamic behavior and state of the protocol and will typically consists of a system or agent that would typically sit between a process, or group of servers, monitoring and analysing the application protocol between two connected devices.

A typical place for an APIDS would be between a web server with database monitoring the SQL protocol specific to the middleware/business-logic as it transacts with the database.

Monitoring dynamic behavior

As a basic level an APIDS would look for, and enforce the correct (legal) use of the protocol.

However at a more advanced level the APIDS can learn, be taught or even reduce what it often an infinite protocol set, to an acceptable understanding of the sub-set of that application protocol that is used by the application being monitored/protected.

Thus, an APIDS, correctly configured, will allow an application to be "fingerprinted", thus should that application be subverted or changed, so will the fingerprint change.

See also

Retrieved from "https://en.wikipedia.org/w/index.php?title=Application_protocol-based_intrusion_detection_system&oldid=94821550"