An intrusion detection system for customizing a security policy that
detects an attempt to exploit a vulnerability is provided. A security
policy contains criteria and a procedure. The criteria specify attributes
of a security event that may be an exploitation, and the procedure
specifies instructions to be performed that indicate when a security
event may be an exploitation. When the criteria and the procedure both
indicate that a security event may be an exploitation, then the security
event matches the security policy and an appropriate action is taken. The
intrusion detection system allows a user to modify the criteria to
customize the security policy.