Mobile Information Systems / 2017 / Article / Tab 8

Research Article

An Enhancement of Optimized Detection Rule of Security Monitoring and Control for Detection of Cyberthreat in Location-Based Mobile System

Table 8

Optimization of Payload Detection Rules.

Command format Selection of detection rule standardization

Payload Detection
isdataatCheck if the payload has a certain number of bytes
pcreSearch by regular expression
byte_testCompare with specific value after specific byte operation
uricontentSearch patterns from URI information in HTTP

Command format Excluded detection rules standardized/excluded Reasons

Payload DetectionurilenCheck HTTP URI lengthExcluded as assignable opting using mandatory option
ftpbounceFTP bounce attack detectionExcluded as assignable opting using mandatory option
asn1Detect malicious encoding
cvsDetect invalid Entry String in CVS
dce_ifaceDCE/RPC request traffic pattern detection
dce_opnum
dce_stup_data

Article of the Year Award: Outstanding research contributions of 2020, as selected by our Chief Editors. Read the winning articles.