Application protocol-based intrusion detection system: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 01:06, 6 October 2006 edit CmdrObot (talk \| contribs) 339,230 edits m sp: ofen→often ← Previous edit		Latest revision as of 18:42, 22 October 2024 edit undo BattyBot (talk \| contribs) Bots 1,957,304 edits →top: Removed Template:Multiple issues and General fixes Tag: AWB
(38 intermediate revisions by 26 users not shown)
Line 1: {{notability\|date=April 2012}} An '''Application Protocol-based Intrusion Detection System (APIDS)''', is a special category of an [[Intrusion detection system\|Intrusion-Detection System]], and focuses its monitoring and analysis on sprific application protocol or protocols in use by the computing system. An '''application protocol-based intrusion detection system''' ('''APIDS''') is an [[intrusion detection system]] that focuses its monitoring and analysis on a specific application [[protocol (computing)\|protocol]] or protocols in use by the computing system.<ref>{{Cite web \|date=2024-04-01 \|title=6 Types of Intrusion Detection System \|url=https://internationalsecurityjournal.com/types-of-intrusion-detection-system/ \|access-date=2024-07-09 \|website=internationalsecurityjournal.com \|language=en-GB}}</ref> == Overview == An APIDS will monitor the dynamic behavior and [[state (computer science)\|state]] of the protocol and will typically ~~consists~~consist of a system or agent that would typically sit between a [[process (computing)\|process]], or group of [[server (computing)\|server]]s, [[System Monitoring\|monitoring]] and analyzing the application protocol between two connected devices. ~~that would typically sit between a process, or group of servers, monitoring and analysing the application protocol between two connected devices.~~ A typical place for an APIDS would be between a [[web server]] ~~with~~and the [[database management system]], monitoring the [[SQL]] protocol specific to the [[middleware]]/[[business- logic]] as it ~~transacts~~interacts with the [[database]].<ref>{{Cite web \|date=2023-04-19 \|title=What is an Intrusion Detection System (IDS)? {{!}} IBM \|url=https://www.ibm.com/topics/intrusion-detection-system \|access-date=2024-07-09 \|website=www.ibm.com \|language=en-us}}</ref> === Monitoring dynamic behavior === AsAt a basic level an APIDS would look for, and enforce, the correct (legal) use of the protocol. However at a more advanced level the APIDS can learn, be taught or even reduce what itis often an infinite protocol set, to an acceptable understanding of the ~~sub-set~~[[subset]] of that application protocol that is used by the application being monitored/protected. Thus, an APIDS, correctly configured, will allow an application to be "~~fingerprinted~~[[fingerprint]]ed", thus should that application be subverted or changed, so will the fingerprint change. ==See also== * [[Intrusion detection system]] (IDS) * [[Application firewall\|Web application firewall (WAF)]] * [[network intrusion detection system\|Network Intrusion Detection System]] * [[Host-based intrusion detection system]] * [[Protocol-based intrusion detection System\|Protocol-based Intrusion Detection System]] * [[Tripwire (software)]] - a pioneering HIDS * [[Trusted Computing Group]] * [[Trusted platform module]] ==References== ~~[[Category:Security software]]~~ {{reflist}} ~~[[Category:System administration]]~~ [[Category:Intrusion detection systems]] {{software-type-stub}} {{security-software-stub}} [[es:APIDS]] ~~[[ko:호스트 기반 침입 탐지 시스템]]~~ ~~[[it:Application Protocol intrusion detection system]]~~