Mobile Information Systems / 2017 / Article / Tab 11

Research Article

An Enhancement of Optimized Detection Rule of Security Monitoring and Control for Detection of Cyberthreat in Location-Based Mobile System

Table 11

Comparison of Snort Detection Rules and Optimization Options.

Detection rule optionsSnortDetection rule
optimization grammar selection

Header (24/17)
 Rule Actions (8/2)
  alertOO
  logOX
  passOX
  activateOX
  dynamicOX
  dropOO
  rejectOX
  sdropOX
 Protocols (4/4)
  tcpOO
  udpOO
  icmpOO
  ipOO
 IP (5/5)
  anyOO
  numeric IPOO
  numeric IP listOO
  CIDROO
  negation(!)OO
 Port (4/4)
  anyOO
  static portOO
  ranges(:)OO
  negation(!)OO
 Direction (3/2)
  ->OO
  <-OX
  bidirectional(<>)OO
Option (47/24)
 Meta Data (6/1)
  msgOO
  referenceOX
  sidOX
  revOX
  classtypeOX
  priorityOX
 Payload Detection (19/12)
  contentOO
  content modifier
   NocaseOO
   RawbytesOO
   DepthOO
   OffsetOO
   DistanceOO
   WithinOO
   http_client_bodyOX
   http_uriOX
  http_headerOX
  http_cookieOX
  uricontentOO
  isdataatOO
  pcreOO
  byte_testOO
  byte_jumpOO
  ftpbounceOX
  asn1OX
  regexOX
 Non Payload Detection (20/9)
  fragoffsetOX
  ttlOO
  tosOX
  idOX
  ipoptsOX
  fragbitsOX
  dsizeOO
  flagsOO
  flowOO
  flowbitsOO
  seqOX
  ackOX
  windowOX
  itypeOO
  icodeOO
  icmp_idOO
  icmp_seqOO
  rpcOX
  ip_protoOX
  sameipOX
 Thresholding (2/2)
  limitOO
  thresholdOO

Article of the Year Award: Outstanding research contributions of 2020, as selected by our Chief Editors. Read the winning articles.