Research Article
An Enhancement of Optimized Detection Rule of Security Monitoring and Control for Detection of Cyberthreat in Location-Based Mobile System
Table 9
Optimization of Nonpayload Detection Rules 1.
| Command format | Selection of detection rule standardization |
| Nonpayload Detection (IP) | ttl | Inspect IP Time-To-Live field | ip_proto | Inspect IP protocol field |
| Nonpayload Detection (TCP) | flags | Inspect TCP flag bit field |
| Nonpayload Detection (ICMP) | itype | Inspect ICMP type | icode | Inspect ICMP code | icmp_id | Inspect ICMP identification field | icmp_seq | Inspect ICMP sequence number |
| Command format | Excluded detection rules standardized/excluded reasons |
| Nonpayload Detection (IP) | fragoffset | Inspect IP fragment Offset field | It is excluded through consultation with related companies, Because it is not useful in creating detection rule | fragbits | Check whether IP fragmentation and reserved bits are set | tos | Inspect IP Service type field | id | Inspect IP identification field | ipopts | Inspect IP Options field | Nonpayload Detection (TCP) | seq | Inspect TCP Sequence number | ack | Inspect TCP acknowledge number | window | Inspect TCP window size |
|
|