Analysis of 6,859 rule histories shows 56% undergo detection logic revisions, with over half both adding and removing clauses and a quarter to a third alternating between coverage expansion and false-positive reduction.
A novel hybrid-based approach of snort automatic rule gen- erator and security event correlation (SARG-SEC).PeerJ Computer Science
1 Pith paper cite this work. Polarity classification is still indexing.
1
Pith paper citing it
fields
cs.CR 1years
2026 1verdicts
UNVERDICTED 1representative citing papers
citing papers explorer
-
Evolution of Log-Based Detection Rules in Public Repositories
Analysis of 6,859 rule histories shows 56% undergo detection logic revisions, with over half both adding and removing clauses and a quarter to a third alternating between coverage expansion and false-positive reduction.