{"id":"https://openalex.org/W4321606825","doi":"https://doi.org/10.1109/comsnets56262.2023.10041379","title":"Improving Threat Detection Capabilities in Windows Endpoints with Osquery","display_name":"Improving Threat Detection Capabilities in Windows Endpoints with Osquery","publication_year":2023,"publication_date":"2023-01-03","ids":{"openalex":"https://openalex.org/W4321606825","doi":"https://doi.org/10.1109/comsnets56262.2023.10041379"},"language":"en","primary_location":{"id":"doi:10.1109/comsnets56262.2023.10041379","is_oa":false,"landing_page_url":"https://doi.org/10.1109/comsnets56262.2023.10041379","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 15th International Conference on COMmunication Systems &amp; NETworkS (COMSNETS)","raw_type":"proceedings-article"},"type":"article","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5038410783","display_name":"Akshay Bakshi","orcid":null},"institutions":[],"countries":[],"is_corresponding":true,"raw_author_name":"Akshay Bakshi","raw_affiliation_strings":["VJTI,Department of Computer Engineering and Information Technology,Mumbai","Department of Computer Engineering and Information Technology, VJTI, Mumbai"],"affiliations":[{"raw_affiliation_string":"VJTI,Department of Computer Engineering and Information Technology,Mumbai","institution_ids":[]},{"raw_affiliation_string":"Department of Computer Engineering and Information Technology, VJTI, Mumbai","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5008876332","display_name":"Tanish Sawant","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Tanish Sawant","raw_affiliation_strings":["VJTI,Department of Computer Engineering and Information Technology,Mumbai","Department of Computer Engineering and Information Technology, VJTI, Mumbai"],"affiliations":[{"raw_affiliation_string":"VJTI,Department of Computer Engineering and Information Technology,Mumbai","institution_ids":[]},{"raw_affiliation_string":"Department of Computer Engineering and Information Technology, VJTI, Mumbai","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5018962031","display_name":"Prasad M. Thakare","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Prasad Thakare","raw_affiliation_strings":["VJTI,Department of Computer Engineering and Information Technology,Mumbai","Department of Computer Engineering and Information Technology, VJTI, Mumbai"],"affiliations":[{"raw_affiliation_string":"VJTI,Department of Computer Engineering and Information Technology,Mumbai","institution_ids":[]},{"raw_affiliation_string":"Department of Computer Engineering and Information Technology, VJTI, Mumbai","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024412940","display_name":"Azeez Dandawala","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Azeez Dandawala","raw_affiliation_strings":["VJTI,Department of Computer Engineering and Information Technology,Mumbai","Department of Computer Engineering and Information Technology, VJTI, Mumbai"],"affiliations":[{"raw_affiliation_string":"VJTI,Department of Computer Engineering and Information Technology,Mumbai","institution_ids":[]},{"raw_affiliation_string":"Department of Computer Engineering and Information Technology, VJTI, Mumbai","institution_ids":[]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5057858044","display_name":"Manjesh K. Hanawal","orcid":"https://orcid.org/0000-0002-1807-5487"},"institutions":[{"id":"https://openalex.org/I162827531","display_name":"Indian Institute of Technology Bombay","ror":"https://ror.org/02qyf5152","country_code":"IN","type":"education","lineage":["https://openalex.org/I162827531"]}],"countries":["IN"],"is_corresponding":false,"raw_author_name":"Manjesh K. Hanawal","raw_affiliation_strings":["IEOR, IIT Bombay,MLiONS Lab,Mumbai","MLiONS Lab, IEOR, IIT Bombay, Mumbai"],"affiliations":[{"raw_affiliation_string":"IEOR, IIT Bombay,MLiONS Lab,Mumbai","institution_ids":["https://openalex.org/I162827531"]},{"raw_affiliation_string":"MLiONS Lab, IEOR, IIT Bombay, Mumbai","institution_ids":["https://openalex.org/I162827531"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5077596403","display_name":"Atul Kabra","orcid":"https://orcid.org/0000-0003-2890-1575"},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Atul Kabra","raw_affiliation_strings":["ElecticIQ,India","ElecticIQ, India"],"affiliations":[{"raw_affiliation_string":"ElecticIQ,India","institution_ids":[]},{"raw_affiliation_string":"ElecticIQ, India","institution_ids":[]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5038410783"],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":0.8036,"has_fulltext":false,"cited_by_count":4,"citation_normalized_percentile":{"value":0.71399033,"is_in_top_1_percent":false,"is_in_top_10_percent":false},"cited_by_percentile_year":{"min":89,"max":97},"biblio":{"volume":null,"issue":null,"first_page":"432","last_page":"435"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.9991999864578247,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.9976999759674072,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9955000281333923,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.8317463397979736},{"id":"https://openalex.org/keywords/trace","display_name":"TRACE (psycholinguistics)","score":0.6385537981987},{"id":"https://openalex.org/keywords/microsoft-windows","display_name":"Microsoft Windows","score":0.6270452737808228},{"id":"https://openalex.org/keywords/event","display_name":"Event (particle physics)","score":0.6128628253936768},{"id":"https://openalex.org/keywords/process","display_name":"Process (computing)","score":0.5534428358078003},{"id":"https://openalex.org/keywords/visibility","display_name":"Visibility","score":0.5022013187408447},{"id":"https://openalex.org/keywords/operating-system","display_name":"Operating system","score":0.46000319719314575},{"id":"https://openalex.org/keywords/software","display_name":"Software","score":0.2001323103904724}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.8317463397979736},{"id":"https://openalex.org/C75291252","wikidata":"https://www.wikidata.org/wiki/Q1315756","display_name":"TRACE (psycholinguistics)","level":2,"score":0.6385537981987},{"id":"https://openalex.org/C508378895","wikidata":"https://www.wikidata.org/wiki/Q1406","display_name":"Microsoft Windows","level":3,"score":0.6270452737808228},{"id":"https://openalex.org/C2779662365","wikidata":"https://www.wikidata.org/wiki/Q5416694","display_name":"Event (particle physics)","level":2,"score":0.6128628253936768},{"id":"https://openalex.org/C98045186","wikidata":"https://www.wikidata.org/wiki/Q205663","display_name":"Process (computing)","level":2,"score":0.5534428358078003},{"id":"https://openalex.org/C123403432","wikidata":"https://www.wikidata.org/wiki/Q654068","display_name":"Visibility","level":2,"score":0.5022013187408447},{"id":"https://openalex.org/C111919701","wikidata":"https://www.wikidata.org/wiki/Q9135","display_name":"Operating system","level":1,"score":0.46000319719314575},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.2001323103904724},{"id":"https://openalex.org/C121332964","wikidata":"https://www.wikidata.org/wiki/Q413","display_name":"Physics","level":0,"score":0.0},{"id":"https://openalex.org/C62520636","wikidata":"https://www.wikidata.org/wiki/Q944","display_name":"Quantum mechanics","level":1,"score":0.0},{"id":"https://openalex.org/C138885662","wikidata":"https://www.wikidata.org/wiki/Q5891","display_name":"Philosophy","level":0,"score":0.0},{"id":"https://openalex.org/C41895202","wikidata":"https://www.wikidata.org/wiki/Q8162","display_name":"Linguistics","level":1,"score":0.0},{"id":"https://openalex.org/C120665830","wikidata":"https://www.wikidata.org/wiki/Q14620","display_name":"Optics","level":1,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1109/comsnets56262.2023.10041379","is_oa":false,"landing_page_url":"https://doi.org/10.1109/comsnets56262.2023.10041379","pdf_url":null,"source":null,"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"2023 15th International Conference on COMmunication Systems &amp; NETworkS (COMSNETS)","raw_type":"proceedings-article"}],"best_oa_location":null,"sustainable_development_goals":[{"display_name":"Peace, Justice and strong institutions","id":"https://metadata.un.org/sdg/16","score":0.5899999737739563}],"awards":[],"funders":[],"has_content":{"grobid_xml":false,"pdf":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":["https://openalex.org/W2937484179","https://openalex.org/W4256444941","https://openalex.org/W2504308523","https://openalex.org/W4239548142","https://openalex.org/W618686436","https://openalex.org/W25917909","https://openalex.org/W4239882962","https://openalex.org/W2282620829","https://openalex.org/W2774100693","https://openalex.org/W2196547135"],"abstract_inverted_index":{"Good":[0],"visibility":[1],"of":[2,7,30,35,54,109],"system":[3,31,60],"events":[4],"is":[5,62],"one":[6],"the":[8,73,89,107],"important":[9],"requirements":[10],"in":[11,46],"detecting":[12],"malicious":[13,51],"attacks.":[14],"For":[15],"Windows":[16,23],"systems,":[17],"Sysmon":[18],"and":[19,68,95],"Event":[20],"Trace":[21],"for":[22],"(ETW)":[24],"are":[25,53],"popular":[26],"to":[27,98,120],"obtain":[28],"logs":[29,42],"activities.":[32],"However,":[33],"both":[34],"them":[36,70],"do":[37],"not":[38],"provide":[39],"\u2018evented\u2019":[40],"activity":[41],"which":[43],"can":[44],"result":[45],"failed":[47],"detections,":[48],"especially":[49],"when":[50],"attacks":[52,110],"short":[55],"span.":[56],"In":[57,83],"evented-activity-logs,":[58],"operating":[59],"information":[61,80],"aggregated":[63],"asynchronously":[64],"at":[65,72],"event":[66],"time":[67,75],"make":[69],"available":[71],"query":[74],"hence":[76],"providing":[77],"better":[78],"contextual":[79],"about":[81],"events.":[82],"this":[84],"work,":[85],"we":[86,105],"build":[87],"on":[88,112],"open-source":[90],"log":[91],"collection":[92],"tool":[93],"Osquery":[94,104],"enhance":[96],"it":[97],"collect":[99],"evented-activity-logs.":[100],"Using":[101],"our":[102],"custom":[103],"demonstrate":[106],"detection":[108],"based":[111],"process":[113],"hollowing":[114],"techniques":[115],"that":[116],"Microsoft":[117],"Defender":[118],"fails":[119],"detect.":[121]},"counts_by_year":[{"year":2025,"cited_by_count":3},{"year":2023,"cited_by_count":1}],"updated_date":"2025-11-06T03:46:38.306776","created_date":"2025-10-10T00:00:00"}