Application Protocol-based Intrusion Detection System
   HOME

TheInfoList



OR:

An application protocol-based intrusion detection system (APIDS) is an intrusion detection system that focuses its monitoring and analysis on a specific application protocol or protocols in use by the computing system.


Overview

An APIDS will monitor the dynamic behavior and
state State most commonly refers to: * State (polity), a centralized political organization that regulates law and society within a territory **Sovereign state, a sovereign polity in international law, commonly referred to as a country **Nation state, a ...
of the protocol and will typically consist of a system or agent that would typically sit between a
process A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic. Things called a process include: Business and management * Business process, activities that produce a specific s ...
, or group of servers, monitoring and analyzing the application protocol between two connected devices. A typical place for an APIDS would be between a
web server A web server is computer software and underlying Computer hardware, hardware that accepts requests via Hypertext Transfer Protocol, HTTP (the network protocol created to distribute web content) or its secure variant HTTPS. A user agent, co ...
and the
database management system In computing, a database is an organized collection of data or a type of data store based on the use of a database management system (DBMS), the software that interacts with end users, applications, and the database itself to capture and an ...
, monitoring the SQL protocol specific to the
middleware Middleware is a type of computer software program that provides services to software applications beyond those available from the operating system. It can be described as "software glue". Middleware makes it easier for software developers to imple ...
/
business logic In computer software, business logic or domain logic is the part of the program that encodes the real-world business rules that determine how data can be created, stored, and changed. It is contrasted with the remainder of the software that might ...
as it interacts with the
database In computing, a database is an organized collection of data or a type of data store based on the use of a database management system (DBMS), the software that interacts with end users, applications, and the database itself to capture and a ...
.


Monitoring dynamic behavior

At a basic level an APIDS would look for, and enforce, the correct (legal) use of the protocol. However at a more advanced level the APIDS can learn, be taught or even reduce what is often an infinite protocol set, to an acceptable understanding of the
subset In mathematics, a Set (mathematics), set ''A'' is a subset of a set ''B'' if all Element (mathematics), elements of ''A'' are also elements of ''B''; ''B'' is then a superset of ''A''. It is possible for ''A'' and ''B'' to be equal; if they a ...
of that application protocol that is used by the application being monitored/protected. Thus, an APIDS, correctly configured, will allow an application to be "
fingerprint A fingerprint is an impression left by the friction ridges of a human finger. The recovery of partial fingerprints from a crime scene is an important method of forensic science. Moisture and grease on a finger result in fingerprints on surfa ...
ed", thus should that application be subverted or changed, so will the fingerprint change.


See also

* Intrusion detection system (IDS) * Web application firewall (WAF)


References

Intrusion detection systems {{security-software-stub es:APIDS