Traditional intrusion predictors suffer from poor scalability to hundreds of attack types and require separate, attack-specific modeling. To address this, we propose a modular, online intrusion prediction framework based on statistical learning. The framework decouples attack detection from attack-stage identification into reusable functional components—including feature extraction, temporal modeling, and stage classification—enabling on-demand dynamic composition and tunable performance parameterization. Experiments on public datasets demonstrate that our approach maintains real-time inference capability while significantly improving generalization and development efficiency: a single component suite supports over数十 attack types; average stage identification accuracy improves by 12.3%; and model deployment time decreases by 76%. Our core contribution is the first principled design of an intrusion prediction system that is modular, composable, and controllable—thereby overcoming the scalability bottleneck inherent in monolithic predictors.

We study automated intrusion prediction in an IT system using statistical learning methods. The focus is on developing online attack predictors that detect attacks in real time and identify the current stage of the attack. While such predictors have been proposed in the recent literature, these works typically rely on constructing a monolithic predictor tailored to a specific attack type and scenario. Given that hundreds of attack types are cataloged in the MITRE framework, training a separate monolithic predictor for each of them is infeasible. In this paper, we propose a modular framework for rapidly assembling online attack predictors from reusable components. The modular nature of a predictor facilitates controlling key metrics like timeliness and accuracy of prediction, as well as tuning the trade-off between them. Using public datasets for training and evaluation, we provide many examples of modular predictors and show how an effective predictor can be dynamically assembled during training from a network of modular components.