Abstract: A new detection oriented attack classification approach——DetectClass, based on the data collected directly by the intrusion detection system (IDS), is proposed. The DetectClass approach is analyzed and testified using formal techniques. Based on the approach, the corresponding attack tree generating algorithm is presented, and is tested by concrete instances of attack. The results show that the algorithm is effective and efficient. In doing so, the efficiency and accuracy of IDS detection is improved, and the attack patterns can be generated automatically and reused applying the attack tree generating algorithm.