{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,5]],"date-time":"2026-04-05T09:44:51Z","timestamp":1775382291253,"version":"3.50.1"},"publisher-location":"New York, NY, USA","reference-count":33,"publisher":"ACM","license":[{"start":{"date-parts":[[2022,5,30]],"date-time":"2022-05-30T00:00:00Z","timestamp":1653868800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"DOI":"10.13039\/100006602","name":"Air Force Research Laboratory","doi-asserted-by":"publisher","award":["FA8750-19-1-0152"],"award-info":[{"award-number":["FA8750-19-1-0152"]}],"id":[{"id":"10.13039\/100006602","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2022,5,30]]},"DOI":"10.1145\/3488932.3517412","type":"proceedings-article","created":{"date-parts":[[2022,5,24]],"date-time":"2022-05-24T04:23:26Z","timestamp":1653366206000},"page":"799-814","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":6,"title":["Ruling the Rules"],"prefix":"10.1145","author":[{"given":"Mathew","family":"Vermeer","sequence":"first","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Michel","family":"van Eeten","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Carlos","family":"Ga\u00f1\u00e1n","sequence":"additional","affiliation":[{"name":"Delft University of Technology, Delft, Netherlands"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2022,5,30]]},"reference":[{"key":"e_1_3_2_2_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/WAINA.2012.29"},{"key":"e_1_3_2_2_2_1","volume-title":"Proceedings of the 37th International Conference on Computer Safety, Reliability, and Security (SAFECOMP),","author":"Asad Hafizul","unstructured":"Hafizul Asad and Ilir Gashi . 2018. Diversity in Open Source Intrusion Detection Systems . In Proceedings of the 37th International Conference on Computer Safety, Reliability, and Security (SAFECOMP), , Barbara Gallina, Amund Skavhaug, and Friedemann Bitsch (Eds.). Springer International Publishing , Cham , 267--281. Hafizul Asad and Ilir Gashi. 2018. Diversity in Open Source Intrusion Detection Systems. In Proceedings of the 37th International Conference on Computer Safety, Reliability, and Security (SAFECOMP),, Barbara Gallina, Amund Skavhaug, and Friedemann Bitsch (Eds.). Springer International Publishing, Cham, 267--281."},{"key":"e_1_3_2_2_3_1","unstructured":"Bricata. 2021. IDS is Dead! Long Live IDS! An Analyst Prediction from 2003 Remains Relevant. https:\/\/bricata.com\/blog\/ids-is-dead\/  Bricata. 2021. IDS is Dead! Long Live IDS! An Analyst Prediction from 2003 Remains Relevant. https:\/\/bricata.com\/blog\/ids-is-dead\/"},{"key":"e_1_3_2_2_4_1","unstructured":"Cisco. 2021 a. Snort - Network Intrusion Detection & Prevention System. https:\/\/www.snort.org\/  Cisco. 2021 a. Snort - Network Intrusion Detection & Prevention System. https:\/\/www.snort.org\/"},{"key":"e_1_3_2_2_5_1","unstructured":"Cisco. 2021 b. Talos - Author of the Official Snort Rule Sets. https:\/\/www.snort.org\/talos  Cisco. 2021 b. Talos - Author of the Official Snort Rule Sets. https:\/\/www.snort.org\/talos"},{"key":"e_1_3_2_2_6_1","unstructured":"Cisco. 2021 c. Why are rules commented out by default? https:\/\/www.snort.org\/faq\/why-are-rules-commented-out-by-default  Cisco. 2021 c. Why are rules commented out by default? https:\/\/www.snort.org\/faq\/why-are-rules-commented-out-by-default"},{"key":"e_1_3_2_2_7_1","volume-title":"Proceedings of the 5th International Conference on Digital Society (ICDS). 187--192","author":"Day David","year":"2011","unstructured":"David Day and Benjamin Burns . 2011 . A performance analysis of Snort and Suricata network intrusion detection and prevention engines . In Proceedings of the 5th International Conference on Digital Society (ICDS). 187--192 . David Day and Benjamin Burns. 2011. A performance analysis of Snort and Suricata network intrusion detection and prevention engines. In Proceedings of the 5th International Conference on Digital Society (ICDS). 187--192."},{"key":"e_1_3_2_2_8_1","unstructured":"Jason Firch. 2021. 2021 Cyber Security Statistics: The Ultimate List Of Stats Data & Trends. https:\/\/purplesec.us\/resources\/cyber-security-statistics  Jason Firch. 2021. 2021 Cyber Security Statistics: The Ultimate List Of Stats Data & Trends. https:\/\/purplesec.us\/resources\/cyber-security-statistics"},{"key":"e_1_3_2_2_9_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2007.40"},{"key":"e_1_3_2_2_10_1","unstructured":"Yaser Mansour. 2021. Rules Authors Introduction to Writing Snort 3 Rules. https:\/\/www.snort.org\/documents\/rules-writers-guide-to-snort-3-rules  Yaser Mansour. 2021. Rules Authors Introduction to Writing Snort 3 Rules. https:\/\/www.snort.org\/documents\/rules-writers-guide-to-snort-3-rules"},{"key":"e_1_3_2_2_11_1","volume-title":"IS Management Handbook","author":"Mell P.","unstructured":"P. Mell . 2003. Understanding Intrusion Detection Systems . In IS Management Handbook . Auerbach Publications , 409--418. P. Mell. 2003. Understanding Intrusion Detection Systems. In IS Management Handbook. Auerbach Publications, 409--418."},{"key":"e_1_3_2_2_12_1","volume-title":"Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection.","author":"Mirsky Y.","year":"2018","unstructured":"Y. Mirsky , T. Doitshman , Y. Elovici , and A. Shabtai . 2018 . Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection. (2018). Y. Mirsky, T. Doitshman, Y. Elovici, and A. Shabtai. 2018. Kitsune: An Ensemble of Autoencoders for Online Network Intrusion Detection. (2018)."},{"key":"e_1_3_2_2_13_1","unstructured":"OISF. 2021 a. Announcing Suricata 5.0.0. https:\/\/suricata.io\/2019\/10\/15\/announcing-suricata-5-0-0\/  OISF. 2021 a. Announcing Suricata 5.0.0. https:\/\/suricata.io\/2019\/10\/15\/announcing-suricata-5-0-0\/"},{"key":"e_1_3_2_2_14_1","unstructured":"OISF. 2021 b. Suricata Update. https:\/\/suricon.net\/wp-content\/uploads\/2019\/01\/SuriCon2018_Ish.pdf  OISF. 2021 b. Suricata Update. https:\/\/suricon.net\/wp-content\/uploads\/2019\/01\/SuriCon2018_Ish.pdf"},{"key":"e_1_3_2_2_15_1","unstructured":"The Zeek Project. 2020. The Zeek Network Security Monitor. https:\/\/zeek.org\/  The Zeek Project. 2020. The Zeek Network Security Monitor. https:\/\/zeek.org\/"},{"key":"e_1_3_2_2_16_1","unstructured":"Proofpoint. 2021 a. Daily Ruleset Update Summary 2020\/02\/24. https:\/\/www.proofpoint.com\/us\/daily-ruleset-update-summary-20200224  Proofpoint. 2021 a. Daily Ruleset Update Summary 2020\/02\/24. https:\/\/www.proofpoint.com\/us\/daily-ruleset-update-summary-20200224"},{"key":"e_1_3_2_2_17_1","unstructured":"Proofpoint. 2021 b. Daily Ruleset Update Summary 2020\/02\/25. https:\/\/www.proofpoint.com\/us\/daily-ruleset-update-summary-20200225  Proofpoint. 2021 b. Daily Ruleset Update Summary 2020\/02\/25. https:\/\/www.proofpoint.com\/us\/daily-ruleset-update-summary-20200225"},{"key":"e_1_3_2_2_18_1","unstructured":"Proofpoint. 2021 c. Daily Ruleset Update Summary 2020\/02\/26. https:\/\/www.proofpoint.com\/us\/daily-ruleset-update-summary-20200226  Proofpoint. 2021 c. Daily Ruleset Update Summary 2020\/02\/26. https:\/\/www.proofpoint.com\/us\/daily-ruleset-update-summary-20200226"},{"key":"e_1_3_2_2_19_1","unstructured":"Proofpoint. 2021 d. Emerging Threats Pro Ruleset | Proofpoint. https:\/\/www.proofpoint.com\/us\/threat-insight\/et-pro-ruleset  Proofpoint. 2021 d. Emerging Threats Pro Ruleset | Proofpoint. https:\/\/www.proofpoint.com\/us\/threat-insight\/et-pro-ruleset"},{"key":"e_1_3_2_2_20_1","unstructured":"Proofpoint. 2021 e. Proofpoint Emerging Threats Rules. https:\/\/rules.emergingthreats.net\/  Proofpoint. 2021 e. Proofpoint Emerging Threats Rules. https:\/\/rules.emergingthreats.net\/"},{"key":"e_1_3_2_2_21_1","volume-title":"Performance characterization & improvement of snort as an IDS. Bell Labs Report","author":"Sen Soumya","year":"2006","unstructured":"Soumya Sen . 2006. Performance characterization & improvement of snort as an IDS. Bell Labs Report ( 2006 ). Soumya Sen. 2006. Performance characterization & improvement of snort as an IDS. Bell Labs Report (2006)."},{"key":"e_1_3_2_2_22_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.future.2017.10.016"},{"key":"e_1_3_2_2_23_1","doi-asserted-by":"publisher","DOI":"10.1109\/TETCI.2017.2772792"},{"key":"e_1_3_2_2_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/948109"},{"key":"e_1_3_2_2_25_1","volume-title":"Proceedings of the 2013 IEEE Advance Computing Conference (IACC). IEEE, IEEE, 682--689","author":"Srivastav N.","unstructured":"N. Srivastav and R.K. Challa . 2013. Novel Intrusion Detection System Integrating Layered Framework with Neural Network . In Proceedings of the 2013 IEEE Advance Computing Conference (IACC). IEEE, IEEE, 682--689 . N. Srivastav and R.K. Challa. 2013. Novel Intrusion Detection System Integrating Layered Framework with Neural Network. In Proceedings of the 2013 IEEE Advance Computing Conference (IACC). IEEE, IEEE, 682--689."},{"key":"e_1_3_2_2_26_1","unstructured":"Suricata. 2021. Suricata | Open Source IDS \/ IPS \/ NSM engine. https:\/\/suricata-ids.org\/  Suricata. 2021. Suricata | Open Source IDS \/ IPS \/ NSM engine. https:\/\/suricata-ids.org\/"},{"key":"e_1_3_2_2_27_1","volume-title":"Emerging Threats: Announcing Support for Suricata 5.0. https:\/\/www.proofpoint.com\/us\/corporate-blog\/post\/emerging-threats-announcing-support-suricata-50","author":"Research Team Emerging Threats","year":"2021","unstructured":"Emerging Threats Research Team . 2021 . Emerging Threats: Announcing Support for Suricata 5.0. https:\/\/www.proofpoint.com\/us\/corporate-blog\/post\/emerging-threats-announcing-support-suricata-50 Emerging Threats Research Team. 2021. Emerging Threats: Announcing Support for Suricata 5.0. https:\/\/www.proofpoint.com\/us\/corporate-blog\/post\/emerging-threats-announcing-support-suricata-50"},{"key":"e_1_3_2_2_28_1","doi-asserted-by":"publisher","DOI":"10.1109\/TENCON.2013.6718975"},{"key":"e_1_3_2_2_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/1920261.1920279"},{"key":"e_1_3_2_2_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030088"},{"key":"e_1_3_2_2_31_1","doi-asserted-by":"publisher","DOI":"10.1109\/ACSAC.2006.34"},{"key":"e_1_3_2_2_32_1","volume-title":"Matthews","author":"White Joshua S.","year":"2013","unstructured":"Joshua S. White , Thomas Fitzsimmons , and Jeanna N . Matthews . 2013 . Quantitative analysis of intrusion detection systems: Snort and Suricata. In Cyber Sensing 2013, Igor V. Ternovskiy and Peter Chin (Eds.), Vol. 8757 . International Society for Optics and Photonics, SPIE , 10--21. https:\/\/doi.org\/10.1117\/12.2015616 10.1117\/12.2015616 Joshua S. White, Thomas Fitzsimmons, and Jeanna N. Matthews. 2013. Quantitative analysis of intrusion detection systems: Snort and Suricata. In Cyber Sensing 2013, Igor V. Ternovskiy and Peter Chin (Eds.), Vol. 8757. International Society for Optics and Photonics, SPIE, 10--21. https:\/\/doi.org\/10.1117\/12.2015616"},{"key":"e_1_3_2_2_33_1","volume-title":"Proceedings of the 14th USENIX Security Symposium (USENIX Security). 97--112","author":"Yegneswaran Vinod","year":"2005","unstructured":"Vinod Yegneswaran , Jonathon T Giffin , Paul Barford , and Somesh Jha . 2005 . An Architecture for Generating Semantic Aware Signatures .. In Proceedings of the 14th USENIX Security Symposium (USENIX Security). 97--112 . Vinod Yegneswaran, Jonathon T Giffin, Paul Barford, and Somesh Jha. 2005. An Architecture for Generating Semantic Aware Signatures.. In Proceedings of the 14th USENIX Security Symposium (USENIX Security). 97--112."}],"event":{"name":"ASIA CCS '22: ACM Asia Conference on Computer and Communications Security","location":"Nagasaki Japan","acronym":"ASIA CCS '22","sponsor":["SIGSAC ACM Special Interest Group on Security, Audit, and Control"]},"container-title":["Proceedings of the 2022 ACM on Asia Conference on Computer and Communications Security"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3488932.3517412","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/abs\/10.1145\/3488932.3517412","content-type":"text\/html","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3488932.3517412","content-type":"application\/pdf","content-version":"vor","intended-application":"syndication"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3488932.3517412","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T20:48:29Z","timestamp":1750193309000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3488932.3517412"}},"subtitle":["Quantifying the Evolution of Rulesets, Alerts and Incidents in Network Intrusion Detection"],"short-title":[],"issued":{"date-parts":[[2022,5,30]]},"references-count":33,"alternative-id":["10.1145\/3488932.3517412","10.1145\/3488932"],"URL":"https:\/\/doi.org\/10.1145\/3488932.3517412","relation":{},"subject":[],"published":{"date-parts":[[2022,5,30]]},"assertion":[{"value":"2022-05-30","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}