An application protocol-based intrusion detection system (APIDS) is an

intrusion detection system An intrusion detection system (IDS; also intrusion prevention system or IPS) is a device or software application that monitors a network or systems for malicious activity or policy violations. Any intrusion activity or violation is typically rep ...

that focuses its monitoring and analysis on a specific application

protocol Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technolog ...

or protocols in use by the computing system.

Overview

An APIDS will monitor the dynamic behavior and

state State may refer to: Arts, entertainment, and media Literature * ''State Magazine'', a monthly magazine published by the U.S. Department of State * ''The State'' (newspaper), a daily newspaper in Columbia, South Carolina, United States * ''Our S ...

of the protocol and will typically consist of a system or agent that would typically sit between a

process A process is a series or set of activities that interact to produce a result; it may occur once-only or be recurrent or periodic. Things called a process include: Business and management *Business process, activities that produce a specific se ...

, or group of

server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...

monitoring Monitoring may refer to: Science and technology Biology and healthcare * Monitoring (medicine), the observation of a disease, condition or one or several medical parameters over time * Baby monitoring * Biomonitoring, of toxic chemical compounds, ...

and analyzing the application protocol between two connected devices. A typical place for an APIDS would be between a web server and the database management system, monitoring the SQL protocol specific to the

middleware Middleware is a type of computer software that provides services to software applications beyond those available from the operating system. It can be described as "software glue". Middleware makes it easier for software developers to implement c ...

business logic In computer software, business logic or domain logic is the part of the program that encodes the real-world business rules that determine how data can be created, stored, and changed. It is contrasted with the remainder of the software that might ...

as it interacts with the

database In computing, a database is an organized collection of data stored and accessed electronically. Small databases can be stored on a file system, while large databases are hosted on computer clusters or cloud storage. The design of databases s ...

Monitoring dynamic behavior

At a basic level an APIDS would look for, and enforce, the correct (legal) use of the protocol. However at a more advanced level the APIDS can learn, be taught or even reduce what is often an infinite protocol set, to an acceptable understanding of the subset of that application protocol that is used by the application being monitored/protected. Thus, an APIDS, correctly configured, will allow an application to be "

fingerprint A fingerprint is an impression left by the friction ridges of a human finger. The recovery of partial fingerprints from a crime scene is an important method of forensic science. Moisture and grease on a finger result in fingerprints on surfac ...

ed", thus should that application be subverted or changed, so will the fingerprint change.

Overview

Monitoring dynamic behavior

See also