Research Article
An Enhancement of Optimized Detection Rule of Security Monitoring and Control for Detection of Cyberthreat in Location-Based Mobile System
Table 7
Optimization of Payload Detection (Content, Content Modifier) Rules.
| | Command format | Selection of detection rule standardization |
| | Payload Detection | content | Specific content to look for in the payload of a packet | | nocase | Case insensitive | | rawbytes | Ignore the decoding process and check raw packet data | | offset | Pattern search start position (after the first few bytes of the packet) | | depth | Pattern search range (compare pattern search from offset to several bytes) | | distance | New pattern search start position after a previous pattern match (after a few bytes) | | within | Pattern search range (compare pattern search from distance to several bytes) |
| | Command format | Excluded detection rules standardized/excluded reasons |
| | Payload Detection | http_client_body | Search in body part of HTTP request | Except for the content option | | http_cookie | Search in the cookie portion of the HTTP header | | http_header | Search in the HTTP header section | | http_method | Search in the HTTP methods section | | http_uri | Search in the HTTP URI section | | fast_pattern | Specify the pattern to search first | Excluded as string matching from specified priority |
|
|
