Mobile Information Systems / 2017 / Article / Tab 10

Research Article

An Enhancement of Optimized Detection Rule of Security Monitoring and Control for Detection of Cyberthreat in Location-Based Mobile System

Table 10

Optimization of Nonpayload Detection Rules 2.

Command format Standardization of detection rules Candidates for selection

Nonpayload DetectiondsizePacket detection of abnormal size by checking the packet’s payload size
flowDefines the direction of the packet in relation to the client-server communication stream
flowbitsOptions to support session-based detection

Rule ThresholdsLimitAlert for the first time when multiple identical events occur within a certain time
ThresholdAlert when the number of the same events that occur within a certain time is exceeded

Command format Excluded detection rules standardized/excluded Reasons

Nonpayload DetectionrpcIdentify the rpc serviceIt identifies the rpc service, but it can be specified using mandatory options. It can be specified through the dsize option.
sameipCheck if origin and destination IP are the same
stream sizeCheck the size of the session according to the TCP sequence number

Article of the Year Award: Outstanding research contributions of 2020, as selected by our Chief Editors. Read the winning articles.