Search papers, labs, and topics across Lattice.
This paper formalizes detection rule generation as a unified mapping problem, aiming to create a single system capable of handling diverse contexts and target languages. They introduce UniRule, an agentic RAG framework that utilizes dual semantic projection spaces (detection intent and detection logic) to retrieve and generate rules. Experiments across 12 scenarios demonstrate that UniRule outperforms pure LLM generation, achieving a Bradley-Terry coefficient of 0.52, thus validating the effectiveness of semantic projection for this task.
A single system can now generate detection rules across diverse contexts and languages, outperforming pure LLM generation by leveraging dual semantic projection spaces.
Existing methods for detection rule generation are tightly coupled to specific input-output combinations, requiring dedicated pipelines for each. We formalize this problem as a unified mapping f:C*L->R and characterize optimal rules through semantic distance. We propose UniRule, an agentic RAG framework built on dual semantic projection spaces: detection intent and detection logic. This design enables retrieval and generation across arbitrary contexts and target languages within a single system. Experiments across 12 scenarios (3 languages, 4 context types, 12,000 pairwise comparisons) show that UniRule significantly outperforms pure LLM generation with a Bradley-Terry coefficient of 0.52, validating semantic projection as an effective abstraction for unified rule generation. Together, the formalization, method, and evaluation provide an initial framework for studying detection rule generation as a unified task.
