Monitoring Dynamic Behavior
At a basic level an APIDS would look for, and enforce, the correct (legal) use of the protocol.
However at a more advanced level the APIDS can learn, be taught or even reduce what is often an infinite protocol set, to an acceptable understanding of the subset of that application protocol that is used by the application being monitored/protected.
Thus, an APIDS, correctly configured, will allow an application to be "fingerprinted", thus should that application be subverted or changed, so will the fingerprint change.
Read more about this topic: Application Protocol-based Intrusion Detection System
Famous quotes containing the words dynamic and/or behavior:
“The nearer a conception comes towards finality, the nearer does the dynamic relation, out of which this concept has arisen, draw to a close. To know is to lose.”
—D.H. (David Herbert)
“The inability to control our children’s behavior feels the same as not being able to control it in ourselves. And the fact is that primitive behavior in children does unleash primitive behavior in mothers. That’s what frightens mothers most. For young children, even when out of control, do not have the power to destroy their mothers, but mothers who are out of control feel that they may destroy their children.”
—Elaine Heffner (20th century)