Application protocol-based intrusion detection system
- Application protocol-based intrusion detection system
An application protocol-based intrusion detection system (APIDS) is an intrusion detection system that focuses its monitoring and analysis on a specific application protocol or protocols in use by the computing system.
Overview
An APIDS will monitor the dynamic behavior and state of the protocol and will typically consist of a system or agent that would typically sit between a process, or group of servers, monitoring and analyzing the application protocol between two connected devices.
A typical place for an APIDS would be between a web server and the database management system, monitoring the SQL protocol specific to the middleware/business logic as it interacts with the database.
Monitoring dynamic behavior
At a basic level an APIDS would look for, and enforce, the correct (legal) use of the protocol.
However at a more advanced level the APIDS can learn, be taught or even reduce what is often an infinite protocol set, to an acceptable understanding of the subset of that application protocol that is used by the application being monitored/protected.
Thus, an APIDS, correctly configured, will allow an application to be "fingerprinted", thus should that application be subverted or changed, so will the fingerprint change.
ee also
* Intrusion detection system (IDS)
Wikimedia Foundation.
2010.
Look at other dictionaries:
Protocol-based intrusion detection system — A protocol based intrusion detection system (PIDS) is an intrusion detection system which is typically installed on a web server, and is used in the monitoring and analysis of the protocol in use by the computing system. A PIDS will monitor the… … Wikipedia
Intrusion detection system — An intrusion detection system (IDS) is a device or software application that monitors network and/or system activities for malicious activities or policy violations and produces reports to a Management Station.[1] Some systems may attempt to stop … Wikipedia
Network intrusion detection system — A Network Intrusion Detection System (NIDS) is an intrusion detection system that tries to detect malicious activity such as denial of service attacks, port scans or even attempts to crack into computers by Network Security Monitoring (NSM) of… … Wikipedia
Intrusion detection system evasion techniques — are modifications made to attacks in order to prevent detection by an Intrusion Detection System (IDS). Almost all published evasion techniques modify network attacks. The 1998 paper [http://citeseer.ist.psu.edu/ptacek98insertion.html Insertion,… … Wikipedia
Intrusion-prevention system — An intrusion prevention system is a network security device that monitors network and/or system activities for malicious or unwanted behavior and can react, in real time, to block or prevent those activities. Network based IPS, for example, will… … Wikipedia
Система обнаружения вторжений — (СОВ) программное или аппаратное средство, предназначенное для выявления фактов неавторизованного доступа в компьютерную систему или сеть либо несанкционированного управления ими в основном через Интернет. Соответствующий английский… … Википедия
Сетевая система обнаружения вторжений — (англ. network intrusion detection system, NIDS) система обнаружения вторжений, которая отслеживает такие виды вредоносной деятельности, как DoS атаки, сканирование портов или даже попытки проникновения в сеть. Сетевая СОВ… … Википедия
OSSEC — Developer(s) Daniel B. Cid Stable release 2.6 / Jul 19, 2011 Operating system Cross platform Type Security / HIDS … Wikipedia
Fault-tolerant system — This article contains specific implementations of fault tolerant systems. For general theory, see fault tolerant design. Fault tolerance or graceful degradation is the property that enables a system (often computer based) to continue operating… … Wikipedia
Denial-of-service attack — DoS redirects here. For other uses, see DOS (disambiguation). DDoS Stacheldraht Attack diagram. A denial of service attack (DoS attack) or distributed denial of service attack (DDoS attack) is an attempt to make a computer resource unavailable to … Wikipedia
