First longitudinal analysis of 6,859 detection rule histories shows 56% undergo logic revisions that are predominantly non-monotonic with frequent reversions and alternation between coverage expansion and false-positive reduction.
SoK: Pragmatic assessment of machine learning for network intrusion detection
1 Pith paper cite this work. Polarity classification is still indexing.
1
Pith paper citing it
fields
cs.CR 1years
2026 1verdicts
UNVERDICTED 1representative citing papers
citing papers explorer
-
Evolution of Log-Based Detection Rules in Public Repositories
First longitudinal analysis of 6,859 detection rule histories shows 56% undergo logic revisions that are predominantly non-monotonic with frequent reversions and alternation between coverage expansion and false-positive reduction.