First longitudinal analysis of 6,859 detection rule histories shows 56% undergo logic revisions that are predominantly non-monotonic with frequent reversions and alternation between coverage expansion and false-positive reduction.
auditd")) PRED(field=proctitle, operator=IN, value=[WILDCARD(
1 Pith paper cite this work. Polarity classification is still indexing.
1
Pith paper citing it
fields
cs.CR 1years
2026 1verdicts
UNVERDICTED 1representative citing papers
citing papers explorer
-
Evolution of Log-Based Detection Rules in Public Repositories
First longitudinal analysis of 6,859 detection rule histories shows 56% undergo logic revisions that are predominantly non-monotonic with frequent reversions and alternation between coverage expansion and false-positive reduction.