Research Article
An Enhancement of Optimized Detection Rule of Security Monitoring and Control for Detection of Cyberthreat in Location-Based Mobile System
Table 2
Definition of Snort Header detection rules [
4].
| | Snort instruction format | Definition |
| | Header | | | Rule Action | | | alert | Generate Alert | | log | Leave log | | pass | Ignore pat | | activate | Send alerts and activate dynamic rules | | dynamic | It is activated by the activate rule and the Log option | | drop | Drop a packet and leave a log | | reject | Connection terminated and logged | | drop | Discard packets and leave no logs | | Protocol | | | tcp | TCP protocol support | | udp | UDP protocol support | | icmp | ICMP protocol support | | ip | IP protocol support | | IP | | | any | All IP address | | numeric IP | Specific IP addresses | | numeric IP list | Multiple IP addresses | | CIDR | Specific network class destination
(i) Class A Network (8 bits)
(ii) Class B Network (16 bits)
(iii) Class C Network (24 bits) | | negation(!) | All IP addresses except the specified IP address | | Port | | | any | All port numbers | | static port | Fixed Port Number | | ranges(:) | Port range destination | | negation(!) | All ports except the specified port | | Direction | | | -> | From the origin host to the destination host | | <- | Change the source and destination information and specify to “->” | | bidirectional(<>) | Bidirectional detection support |
|
|
