Research Article
An Enhancement of Optimized Detection Rule of Security Monitoring and Control for Detection of Cyberthreat in Location-Based Mobile System
Table 11
Comparison of Snort Detection Rules and Optimization Options.
| Detection rule options | Snort | Detection rule optimization grammar selection |
| Header (24/17) | | | Rule Actions (8/2) | | | alert | O | O | log | O | X | pass | O | X | activate | O | X | dynamic | O | X | drop | O | O | reject | O | X | sdrop | O | X | Protocols (4/4) | | | tcp | O | O | udp | O | O | icmp | O | O | ip | O | O | IP (5/5) | | | any | O | O | numeric IP | O | O | numeric IP list | O | O | CIDR | O | O | negation(!) | O | O | Port (4/4) | | | any | O | O | static port | O | O | ranges(:) | O | O | negation(!) | O | O | Direction (3/2) | | | -> | O | O | <- | O | X | bidirectional(<>) | O | O | Option (47/24) | | | Meta Data (6/1) | | | msg | O | O | reference | O | X | sid | O | X | rev | O | X | classtype | O | X | priority | O | X | Payload Detection (19/12) | | | content | O | O | content modifier | | | Nocase | O | O | Rawbytes | O | O | Depth | O | O | Offset | O | O | Distance | O | O | Within | O | O | http_client_body | O | X | http_uri | O | X | http_header | O | X | http_cookie | O | X | uricontent | O | O | isdataat | O | O | pcre | O | O | byte_test | O | O | byte_jump | O | O | ftpbounce | O | X | asn1 | O | X | regex | O | X | Non Payload Detection (20/9) | | | fragoffset | O | X | ttl | O | O | tos | O | X | id | O | X | ipopts | O | X | fragbits | O | X | dsize | O | O | flags | O | O | flow | O | O | flowbits | O | O | seq | O | X | ack | O | X | window | O | X | itype | O | O | icode | O | O | icmp_id | O | O | icmp_seq | O | O | rpc | O | X | ip_proto | O | X | sameip | O | X | Thresholding (2/2) | | | limit | O | O | threshold | O | O |
|
|