Categories
  Encyclosphere.org ENCYCLOREADER
  supported by EncyclosphereKSF

Application protocol-based intrusion detection system

From HandWiki - Reading time: 1 min

An application protocol-based intrusion detection system (APIDS) is an intrusion detection system that focuses its monitoring and analysis on a specific application protocol or protocols in use by the computing system.

Overview

An APIDS will monitor the dynamic behavior and state of the protocol and will typically consist of a system or agent that would typically sit between a process, or group of servers, monitoring and analyzing the application protocol between two connected devices.

A typical place for an APIDS would be between a web server and the database management system, monitoring the SQL protocol specific to the middleware/business logic as it interacts with the database.

Monitoring dynamic behavior

At a basic level an APIDS would look for, and enforce, the correct (legal) use of the protocol.

However at a more advanced level the APIDS can learn, be taught or even reduce what is often an infinite protocol set, to an acceptable understanding of the subset of that application protocol that is used by the application being monitored/protected.

Thus, an APIDS, correctly configured, will allow an application to be "fingerprinted", thus should that application be subverted or changed, so will the fingerprint change.

See also

es:APIDS ko:호스트 기반 침입 탐지 시스템




Licensed under CC BY-SA 3.0 | Source: https://handwiki.org/wiki/Application_protocol-based_intrusion_detection_system
1 | Status: cached on July 24 2024 16:07:01
↧ Download this article as ZWI file
Encyclosphere.org EncycloReader is supported by the EncyclosphereKSF