Mobile Information Systems

Research Article

An Enhancement of Optimized Detection Rule of Security Monitoring and Control for Detection of Cyberthreat in Location-Based Mobile System

Optimization of Header Rules: Rule Action, Protocol.


Command format	Selection of detection rule standardization

Rule Action	alert	Generate a warning
	drop	Drop the packet and leave a log

Protocol	tcp	TCP protocol support
	udp	UDP protocol support
	icmp	ICMP protocol support
	ip	IP protocol support

Command format	Excluded detection rules standardized/excluded reasons

Rule Action	log	Logged	It is an option for packet logging or packet override, which is mainly used for logging after attack detection, but it is for the purpose of notifying the occurrence of an attack
	pass	Ignore packets
	activate	Send an alert and activate the specified dynamic rule	This option is used for additional logging after detection of an attack, but it is consistent with the purpose of notifying the occurrence of the attack
	dynamic	It is activated by the activate rule and acts like the log option
	reject	Connection terminated and logged	Added after Intrusion rrevention and exclude as action
	sdrop	Discards packets and leaves no logs