Mobile Information Systems / 2017 / Article / Tab 2

Research Article

An Enhancement of Optimized Detection Rule of Security Monitoring and Control for Detection of Cyberthreat in Location-Based Mobile System

Table 2

Definition of Snort Header detection rules [4].

Snort instruction formatDefinition

Header
 Rule Action
  alertGenerate Alert
  logLeave log
  passIgnore pat
  activateSend alerts and activate dynamic rules
  dynamicIt is activated by the activate rule and the Log option
  dropDrop a packet and leave a log
  rejectConnection terminated and logged
  dropDiscard packets and leave no logs
 Protocol
  tcpTCP protocol support
  udpUDP protocol support
  icmpICMP protocol support
  ipIP protocol support
 IP
  anyAll IP address
  numeric IPSpecific IP addresses
  numeric IP listMultiple IP addresses
  CIDRSpecific network class destination
(i) Class A Network (8 bits)
(ii) Class B Network (16 bits)
(iii) Class C Network (24 bits)
  negation(!)All IP addresses except the specified IP address
 Port
  anyAll port numbers
  static portFixed Port Number
  ranges(:)Port range destination
  negation(!)All ports except the specified port
 Direction
  ->From the origin host to the destination host
  <-Change the source and destination information and specify to “->”
  bidirectional(<>)Bidirectional detection support

Article of the Year Award: Outstanding research contributions of 2020, as selected by our Chief Editors. Read the winning articles.