Research Article
An Enhancement of Optimized Detection Rule of Security Monitoring and Control for Detection of Cyberthreat in Location-Based Mobile System
Table 11
Comparison of Snort Detection Rules and Optimization Options.
| | Detection rule options | Snort | Detection rule
optimization grammar selection |
| | Header (24/17) | | | | Rule Actions (8/2) | | | | alert | O | O | | log | O | X | | pass | O | X | | activate | O | X | | dynamic | O | X | | drop | O | O | | reject | O | X | | sdrop | O | X | | Protocols (4/4) | | | | tcp | O | O | | udp | O | O | | icmp | O | O | | ip | O | O | | IP (5/5) | | | | any | O | O | | numeric IP | O | O | | numeric IP list | O | O | | CIDR | O | O | | negation(!) | O | O | | Port (4/4) | | | | any | O | O | | static port | O | O | | ranges(:) | O | O | | negation(!) | O | O | | Direction (3/2) | | | | -> | O | O | | <- | O | X | | bidirectional(<>) | O | O | | Option (47/24) | | | | Meta Data (6/1) | | | | msg | O | O | | reference | O | X | | sid | O | X | | rev | O | X | | classtype | O | X | | priority | O | X | | Payload Detection (19/12) | | | | content | O | O | | content modifier | | | | Nocase | O | O | | Rawbytes | O | O | | Depth | O | O | | Offset | O | O | | Distance | O | O | | Within | O | O | | http_client_body | O | X | | http_uri | O | X | | http_header | O | X | | http_cookie | O | X | | uricontent | O | O | | isdataat | O | O | | pcre | O | O | | byte_test | O | O | | byte_jump | O | O | | ftpbounce | O | X | | asn1 | O | X | | regex | O | X | | Non Payload Detection (20/9) | | | | fragoffset | O | X | | ttl | O | O | | tos | O | X | | id | O | X | | ipopts | O | X | | fragbits | O | X | | dsize | O | O | | flags | O | O | | flow | O | O | | flowbits | O | O | | seq | O | X | | ack | O | X | | window | O | X | | itype | O | O | | icode | O | O | | icmp_id | O | O | | icmp_seq | O | O | | rpc | O | X | | ip_proto | O | X | | sameip | O | X | | Thresholding (2/2) | | | | limit | O | O | | threshold | O | O |
|
|
