Research Article
An Enhancement of Optimized Detection Rule of Security Monitoring and Control for Detection of Cyberthreat in Location-Based Mobile System
Table 7
Optimization of Payload Detection (Content, Content Modifier) Rules.
| Command format | Selection of detection rule standardization |
| Payload Detection | content | Specific content to look for in the payload of a packet | nocase | Case insensitive | rawbytes | Ignore the decoding process and check raw packet data | offset | Pattern search start position (after the first few bytes of the packet) | depth | Pattern search range (compare pattern search from offset to several bytes) | distance | New pattern search start position after a previous pattern match (after a few bytes) | within | Pattern search range (compare pattern search from distance to several bytes) |
| Command format | Excluded detection rules standardized/excluded reasons |
| Payload Detection | http_client_body | Search in body part of HTTP request | Except for the content option | http_cookie | Search in the cookie portion of the HTTP header | http_header | Search in the HTTP header section | http_method | Search in the HTTP methods section | http_uri | Search in the HTTP URI section | fast_pattern | Specify the pattern to search first | Excluded as string matching from specified priority |
|
|