Stateful Protocol Analysis

Stateful Protocol Analysis definition in Computer Security terms:

Acronym(s): None

Definition(s): A firewalling capability that improves upon standard stateful inspection by adding basic intrusion detection technology. This technology consists of an inspection engine that analyzes protocols at the application layer to compare vendor-developed profiles of benign protocol activity against observed events to identify deviations, allowing a firewall to allow or deny access based on how an application is running over a network.
Source(s): NIST SP 800-41 Rev. 1

The process of comparing predetermined profiles of generally accepted definitions of benign protocol activity for each protocol state against observed events to identify deviations.
Source(s): NIST SP 800-94

Synonym(s): None


reference: CSRC Glossary