Intrusion detection systems (IDS) are usually one of the basic mechanisms in use when defining security measures in one organization. However, there are a few active research lines still to be addressed regarding these complex systems. This is the case of event aggregation and correlation when dealing with complex attacks, or the improvement in flexibility when dealing with different versions (mutations) of a given attack. These are two of the main objectives of the research work done so far in our group. As part of this effort, this paper presents an event-driven and multi-layer architecture based on the concept of pattern and where concepts such as similarity and credibility degrees are presented as part of a probabilistic approach for dealing with possible variations of a given attack.