Research Article
An Enhancement of Optimized Detection Rule of Security Monitoring and Control for Detection of Cyberthreat in Location-Based Mobile System
Table 10
Optimization of Nonpayload Detection Rules 2.
| | Command format | Standardization of detection rules Candidates for selection |
| | Nonpayload Detection | dsize | Packet detection of abnormal size by checking the packet’s payload size | | flow | Defines the direction of the packet in relation to the client-server communication stream | | flowbits | Options to support session-based detection |
| | Rule Thresholds | Limit | Alert for the first time when multiple identical events occur within a certain time | | Threshold | Alert when the number of the same events that occur within a certain time is exceeded |
| | Command format | Excluded detection rules standardized/excluded Reasons |
| | Nonpayload Detection | rpc | Identify the rpc service | It identifies the rpc service, but it can be specified using mandatory options. It can be specified through the dsize option. | | sameip | Check if origin and destination IP are the same | | stream size | Check the size of the session according to the TCP sequence number |
|
|
