The detection of intrusions into distributed applications is a complex problem. Current security tools primarily often focus on detecting attack patterns visible on the network, and are mostly used as means to detect attacks against the operating system (as opposed to the distributed application). In some cases, application vendors may be aware of existing vulnerabilities in their systems, but lack a means to effectively enable the customers of their products to be alerted in case a non-patched vulnerability is being exploited or if any of the application's weak points is being targeted.