AVDA: An MCP-Based Automated Security Detection Rule Generation Framework

AVDA (Autonomous Vibe Detection Authoring) is an automated security detection rule generation framework based on the Model Context Protocol (MCP). Its core innovation lies in using MCP to integrate organizational context (existing detection rule libraries, telemetry data schemas, coding style guidelines) into the AI-assisted code generation process, enabling automated writing of cybersecurity detection rules while maintaining high quality and significantly reducing costs.

In the cybersecurity field, detection rule writing is a critical but time-consuming task. Current challenges include: code scattered across multiple repositories, frequent duplicate implementations, lack of a unified view of detection knowledge within the organization, and workflows highly dependent on manual labor. These constraints affect the speed of expanding detection coverage and restrict the agility of security teams in responding to new threats. Advances in large language models have brought opportunities for automated transformation.

The core of the AVDA framework is the Model Context Protocol (MCP), an open protocol that allows AI models to securely access external data sources. Through MCP, large language models can obtain three types of organizational context: existing detection rule libraries (reference and style benchmarks), telemetry data schemas (to understand fields and data structures), and coding style guidelines (to ensure code complies with team standards). Injecting these contexts into prompt engineering enables the model to generate detection rules that fit the organization's specific environment.

The research team designed three progressive strategies:

1. Baseline Strategy: Zero-shot/few-shot prompting to directly generate rules, lacking deep utilization of organizational context;
2. Sequential Strategy: Multi-stage process—first retrieve historical detection references, then generate new rules, balancing quality and cost;
3. Agent Strategy: Autonomous agent architecture that proactively calls tools to query schemas, retrieve similar detections, verify results, and iteratively optimize. This strategy has the best effect but is complex.

Experimental results show:

• The agent strategy improves similarity by 19% compared to the baseline and is currently the best; the sequential strategy achieves 87% of the agent's quality while reducing token consumption by 40x, making it suitable for resource-constrained scenarios.
• Capability Boundaries: TTP (Tactics, Techniques, and Procedures) matching accuracy is 99.4%, syntax validity is 95.9%, but excluding logical equivalence is only 8.9% and semantic equivalence is 18.4%. The model excels at syntax and attack feature recognition but lacks deep understanding of business logic.
• Expert Validation: Automated metrics are strongly correlated with expert judgments (Spearman ρ=0.64, p<0.002), verifying the reliability of the evaluation system.

AVDA is designed with engineering practice needs in mind:

• IDE Integration: Embed into daily editors via MCP servers;
• Progressive Adoption: Start with the sequential strategy and upgrade to the agent strategy as needed;
• Quality Gate: Combine automated metrics and manual reviews to ensure the reliability of online detections.

Insights from AVDA:

1. Context is Key: Domain context needs to be injected in a protocolized way, rather than relying solely on the model's general knowledge;
2. Quality-Cost Tradeoff: Different strategies provide Pareto frontiers, allowing teams to choose flexibly;
3. Human-Machine Collaboration is Necessary: Deep understanding tasks still require human experts;
4. Value of MCP Paradigm: An effective way to securely access internal organizational data. In the future, the AVDA direction will become an important path for SOCs (Security Operations Centers) to improve efficiency.