We suggest a flexible cartridge-like detector to address
these challenges. The detector is a cartridge which should
be general enough to plug in a variety of (a) anomaly
detection algorithms such as [8] and [45], (b) application
semantics extraction algorithms, and (c) application
semantics based adaptation policies. The user should be able to prepare some of these algorithms and policies. The
detector should provide the interfaces for the user to pick
existing and provide new bullets, and the detector should
not be required to rebuild itself again and again to support
each new bullet. (Here each bullet indicates an algorithm or
a policy that the detector wants to plug in.) In this way, one
detector can be used to meet the intrusion detection needs of
multiple applications. Flexibility and expressiveness are the
key challenges for developing such a detector.