{"id":"https://openalex.org/W7160606736","doi":"https://doi.org/10.48550/arxiv.2605.05531","title":"Beyond Collection: Measuring the Detection Efficacy of Modern Security Logging Standards","display_name":"Beyond Collection: Measuring the Detection Efficacy of Modern Security Logging Standards","publication_year":2026,"publication_date":"2026-05-07","ids":{"openalex":"https://openalex.org/W7160606736","doi":"https://doi.org/10.48550/arxiv.2605.05531"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2605.05531","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.05531","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2605.05531","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5135674437","display_name":"Ryan Holeman","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Holeman, Ryan","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"middle","author":{"id":"https://openalex.org/A5135664557","display_name":"John Hastings","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Hastings, John","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]},{"author_position":"last","author":{"id":"https://openalex.org/A5135707250","display_name":"Varghese Mathew Vaidyan","orcid":null},"institutions":[],"countries":[],"is_corresponding":false,"raw_author_name":"Vaidyan, Varghese Mathew","raw_affiliation_strings":[],"raw_orcid":null,"affiliations":[]}],"institutions":[],"countries_distinct_count":0,"institutions_distinct_count":0,"corresponding_author_ids":[],"corresponding_institution_ids":[],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.4392000138759613,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T12127","display_name":"Software System Performance and Reliability","score":0.4392000138759613,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10734","display_name":"Information and Cyber Security","score":0.22419999539852142,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T10400","display_name":"Network Security and Intrusion Detection","score":0.12630000710487366,"subfield":{"id":"https://openalex.org/subfields/1705","display_name":"Computer Networks and Communications"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.9485999941825867},{"id":"https://openalex.org/keywords/logging","display_name":"Logging","score":0.7458000183105469},{"id":"https://openalex.org/keywords/scalability","display_name":"Scalability","score":0.5993000268936157},{"id":"https://openalex.org/keywords/key","display_name":"Key (lock)","score":0.5182999968528748},{"id":"https://openalex.org/keywords/telemetry","display_name":"Telemetry","score":0.5081999897956848},{"id":"https://openalex.org/keywords/schema","display_name":"Schema (genetic algorithms)","score":0.4496999979019165},{"id":"https://openalex.org/keywords/illegal-logging","display_name":"Illegal logging","score":0.3273000121116638}],"concepts":[{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.9485999941825867},{"id":"https://openalex.org/C125620115","wikidata":"https://www.wikidata.org/wiki/Q845249","display_name":"Logging","level":2,"score":0.7458000183105469},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.692300021648407},{"id":"https://openalex.org/C48044578","wikidata":"https://www.wikidata.org/wiki/Q727490","display_name":"Scalability","level":2,"score":0.5993000268936157},{"id":"https://openalex.org/C26517878","wikidata":"https://www.wikidata.org/wiki/Q228039","display_name":"Key (lock)","level":2,"score":0.5182999968528748},{"id":"https://openalex.org/C183121708","wikidata":"https://www.wikidata.org/wiki/Q209867","display_name":"Telemetry","level":2,"score":0.5081999897956848},{"id":"https://openalex.org/C52146309","wikidata":"https://www.wikidata.org/wiki/Q7431116","display_name":"Schema (genetic algorithms)","level":2,"score":0.4496999979019165},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.4189999997615814},{"id":"https://openalex.org/C2777989319","wikidata":"https://www.wikidata.org/wiki/Q597393","display_name":"Illegal logging","level":3,"score":0.3273000121116638},{"id":"https://openalex.org/C192278026","wikidata":"https://www.wikidata.org/wiki/Q4915350","display_name":"Biotelemetry","level":3,"score":0.3174000084400177},{"id":"https://openalex.org/C195518309","wikidata":"https://www.wikidata.org/wiki/Q13424265","display_name":"Security testing","level":5,"score":0.28859999775886536},{"id":"https://openalex.org/C29852176","wikidata":"https://www.wikidata.org/wiki/Q373338","display_name":"Critical infrastructure","level":2,"score":0.2831999957561493},{"id":"https://openalex.org/C29983905","wikidata":"https://www.wikidata.org/wiki/Q7445066","display_name":"Security service","level":3,"score":0.2680000066757202},{"id":"https://openalex.org/C182590292","wikidata":"https://www.wikidata.org/wiki/Q989632","display_name":"Network security","level":2,"score":0.2669000029563904},{"id":"https://openalex.org/C133462117","wikidata":"https://www.wikidata.org/wiki/Q4929239","display_name":"Data collection","level":2,"score":0.26429998874664307},{"id":"https://openalex.org/C159234332","wikidata":"https://www.wikidata.org/wiki/Q1172468","display_name":"Data logger","level":2,"score":0.251800000667572},{"id":"https://openalex.org/C38369872","wikidata":"https://www.wikidata.org/wiki/Q7445009","display_name":"Security analysis","level":2,"score":0.25130000710487366}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2605.05531","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.05531","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2605.05531","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2605.05531","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Effective":[0],"security":[1,39,162],"logging":[2,21,40,70,92,127,170],"is":[3,94],"crucial":[4],"for":[5,161],"the":[6,15,33,48],"timely":[7],"and":[8,82,100,122,145],"accurate":[9],"detection":[10,88],"of":[11,18,37,90,148],"cyber":[12],"threats;":[13],"however,":[14],"relative":[16],"effectiveness":[17],"various":[19],"industry-standard":[20],"frameworks":[22],"remains":[23],"understudied.":[24],"This":[25],"paper":[26],"addresses":[27],"this":[28],"critical":[29,120],"gap":[30],"by":[31,96],"presenting":[32],"first":[34],"systematic":[35],"evaluation":[36,140],"modern":[38],"standards":[41],"utilizing":[42],"a":[43,138],"novel":[44,139],"methodology":[45,141],"built":[46],"upon":[47],"automated":[49],"Security":[50],"Exploit":[51],"Telemetry":[52],"Collection":[53],"(SETC)":[54],"framework.":[55],"SETC":[56],"systematically":[57],"generates":[58],"reproducible":[59,146],"exploit":[60,101,149],"scenarios":[61],"in":[62,126],"containerized":[63],"environments,":[64],"collecting":[65],"rich":[66],"telemetry":[67,98],"across":[68,103],"multiple":[69],"standards,":[71],"including":[72],"CIM":[73],"(Common":[74],"Information":[75],"Model),":[76],"OCSF":[77],"(Open":[78],"Cybersecurity":[79],"Schema":[80],"Framework),":[81],"ECS":[83],"(Elastic":[84],"Common":[85],"Schema).":[86],"The":[87,116],"efficacy":[89],"each":[91],"standard":[93],"quantified":[95],"measuring":[97],"completeness":[99],"detectability":[102],"standardized":[104],"logs":[105],"through":[106],"detailed":[107],"experiments":[108],"involving":[109],"50":[110],"diverse":[111],"remote":[112],"code":[113],"execution":[114],"vulnerabilities.":[115],"resulting":[117],"findings":[118,155],"identify":[119],"gaps":[121],"reveal":[123],"significant":[124],"differences":[125],"standards'":[128],"abilities":[129],"to":[130,164],"capture":[131],"key":[132],"attack":[133],"indicators.":[134],"Our":[135],"contributions":[136],"include":[137],"that":[142,156],"enables":[143],"scalable":[144],"analysis":[147],"telemetry,":[150],"as":[151,153],"well":[152],"new":[154],"provide":[157],"clear,":[158],"evidence-based":[159],"guidance":[160],"practitioners":[163],"make":[165],"informed":[166],"decisions":[167],"about":[168],"adopting":[169],"standards.":[171]},"counts_by_year":[],"updated_date":"2026-07-01T06:00:48.157686","created_date":"2026-05-09T00:00:00"}
