Wikipedia

Application protocol-based intrusion detection system: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
Wikified as part of the wikification drive.
Complete wikification
Line 1:
An '''application protocol-based intrusion detection system (APIDS)''' is an [[intrusion detection system]] that focuses its monitoring and analysis on a specific application [[protocol (computing)|protocol]] or protocols in use by the computing system.
 
== Overview ==
An APIDS will monitor the dynamic behavior and [[state (computer science)|state]] of the protocol and will typically consists of a system or agent that would typically sit between a [[process (computing)|process]], or group of [[server (computing)|server]]s, [[monitoring]] and analyzing the application protocol between two connected devices.
that would typically sit between a process, or group of servers, monitoring and analysing the application protocol between two connected devices.
 
A typical place for an APIDS would be between a [[web server]] with [[database management system]], monitoring the [[SQL]] protocol specific to the [[middleware]]/[[business- logic]] as it transactsinteracts with the [[database]].
 
== Monitoring dynamic behavior ==
As a basic level an APIDS would look for, and enforce the correct (legal) use of the protocol.
 
However at a more advanced level the APIDS can learn, be taught or even reduce what it often an infinite protocol set, to an acceptable understanding of the sub-set[[subset]] of that application protocol that is used by the application being monitored/protected.
 
Thus, an APIDS, correctly configured, will allow an application to be "fingerprinted[[fingerprint]]ed", thus should that application be subverted or changed, so will the fingerprint change.
 
==See also==
Retrieved from "https://en.wikipedia.org/wiki/Application_protocol-based_intrusion_detection_system"