Research Article
An Enhancement of Optimized Detection Rule of Security Monitoring and Control for Detection of Cyberthreat in Location-Based Mobile System
Table 2
Definition of Snort Header detection rules [
4].
| Snort instruction format | Definition |
| Header | | Rule Action | | alert | Generate Alert | log | Leave log | pass | Ignore pat | activate | Send alerts and activate dynamic rules | dynamic | It is activated by the activate rule and the Log option | drop | Drop a packet and leave a log | reject | Connection terminated and logged | drop | Discard packets and leave no logs | Protocol | | tcp | TCP protocol support | udp | UDP protocol support | icmp | ICMP protocol support | ip | IP protocol support | IP | | any | All IP address | numeric IP | Specific IP addresses | numeric IP list | Multiple IP addresses | CIDR | Specific network class destination (i) Class A Network (8 bits) (ii) Class B Network (16 bits) (iii) Class C Network (24 bits) | negation(!) | All IP addresses except the specified IP address | Port | | any | All port numbers | static port | Fixed Port Number | ranges(:) | Port range destination | negation(!) | All ports except the specified port | Direction | | -> | From the origin host to the destination host | <- | Change the source and destination information and specify to “->” | bidirectional(<>) | Bidirectional detection support |
|
|