Application protocol-based intrusion detection system: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 03:23, 17 December 2006 edit Intgr (talk \| contribs) Autopatrolled, Extended confirmed users, New page reviewers, Pending changes reviewers 32,266 edits cleanup; {{wikify}} ← Previous edit		Latest revision as of 18:42, 22 October 2024 edit undo BattyBot (talk \| contribs) Bots 1,957,317 edits →top: Removed Template:Multiple issues and General fixes Tag: AWB
(36 intermediate revisions by 26 users not shown)
Line 1: {{notability\|date=April 2012}} ~~{{wikify}}~~ An '''application protocol-based intrusion detection system''' ('''APIDS)''') is an [[intrusion- detection system]] that focuses its monitoring and analysis on ~~speific~~a specific application [[protocol (computing)\|protocol]] or protocols in use by the computing system.<ref>{{Cite web \|date=2024-04-01 \|title=6 Types of Intrusion Detection System \|url=https://internationalsecurityjournal.com/types-of-intrusion-detection-system/ \|access-date=2024-07-09 \|website=internationalsecurityjournal.com \|language=en-GB}}</ref>▼ ▲An '''application protocol-based intrusion detection system (APIDS)''' is an [[intrusion-detection system]] that focuses its monitoring and analysis on speific application protocol or protocols in use by the computing system. == Overview == An APIDS will monitor the dynamic behavior and [[state (computer science)\|state]] of the protocol and will typically ~~consists~~consist of a system or agent that would typically sit between a [[process (computing)\|process]], or group of [[server (computing)\|server]]s, [[System Monitoring\|monitoring]] and analyzing the application protocol between two connected devices. ~~that would typically sit between a process, or group of servers, monitoring and analysing the application protocol between two connected devices.~~ A typical place for an APIDS would be between a [[web server]] ~~with~~and the [[database management system]], monitoring the [[SQL]] protocol specific to the [[middleware]]/[[business- logic]] as it ~~transacts~~interacts with the [[database]].<ref>{{Cite web \|date=2023-04-19 \|title=What is an Intrusion Detection System (IDS)? {{!}} IBM \|url=https://www.ibm.com/topics/intrusion-detection-system \|access-date=2024-07-09 \|website=www.ibm.com \|language=en-us}}</ref> === Monitoring dynamic behavior === AsAt a basic level an APIDS would look for, and enforce, the correct (legal) use of the protocol. However at a more advanced level the APIDS can learn, be taught or even reduce what itis often an infinite protocol set, to an acceptable understanding of the ~~sub-set~~[[subset]] of that application protocol that is used by the application being monitored/protected. Thus, an APIDS, correctly configured, will allow an application to be "~~fingerprinted~~[[fingerprint]]ed", thus should that application be subverted or changed, so will the fingerprint change. ==See also== * [[Intrusion detection system]] (IDS) * [[Application firewall\|Web application firewall (WAF)]] * [[network intrusion detection system]] * [[Host-based intrusion detection system]] ==References== * [[Protocol-based intrusion detection System]] {{reflist}} * [[Tripwire (software)]] - a pioneering HIDS * [[Trusted Computing Group]] [[Category:Intrusion detection systems]] * [[Trusted Platform Module]] {{software-type-stub}} ~~[[Category:Security software]]~~ {{security-software-stub}} ~~[[Category:System administration]]~~ [[es:APIDS]] ~~[[ko:호스트 기반 침입 탐지 시스템]]~~ ~~[[it:Application Protocol intrusion detection system]]~~