Protocol-based intrusion detection system

From Wikipedia, the free encyclopedia

This article (or section) may need to be wikified to meet Wikipedia's quality standards.
Please help improve this article, especially its section layout, and relevant internal links. (help)
This article has been tagged since December 2006.

A protocol-based intrusion detection system (PIDS) is an intrusion detection system that focuses its monitoring and analysis on the protocol or protocols in use by the computing system.

[edit] Overview

A PIDS will monitor the dynamic behavior and state of the protocol and will typically consists of a system or agent that would typically sit at the front end of a server, monitoring and analysing the communication protocol between a connected device (a user/PC or system) and the system it is protecting.

A typical place for a PIDS would at the front end of a web server monitoring the HTTP (or HTTPS) protocol stream and would understand the HTTP protocol relative to the web server/system it is trying to protect.

Where HTTPS is in use then this system would need to reside in the "shim" or interface between where HTTPS is un-encrypted and immediately prior to it entering the Web presentation layer.

[edit] Monitoring dynamic behavior

As a basic level PIDS would look for, and enforce the correct (legal) use of the protocol.

At a more advanced level the PIDS can learn or be taught acceptable constricts of the protocol, and thus better detect anomalous behaviour.

[edit] See also

Retrieved from "http://en.wikipedia.org../../../p/r/o/Protocol-based_intrusion_detection_system.html"
In other languages