A Query Tool for Efficiently Investigating Risky Software Behaviors
share
Advanced Persistent Threat (APT) attacks are sophisticated and stealthy, exploiting multiple software vulnerabilities and plaguing many well-protected businesses with significant financial losses. Due to the complexity introduced by numerous installed software applications and the limited visibility into their behaviors, enterprises are seeking solutions to connect and investigate risky software behaviors across software applications. In this demo, we present AIQL, a tool for investigating complex risky software behaviors via interactive queries. To obtain a global view of software behaviors, AIQL is built upon ubiquitous system monitoring, which records interactions among software applications and system resources. In particular, AIQL provides: (1) domain-specific data model and storage for storing the massive system monitoring data, (2) a domain-specific query language, Attack Investigation Query Language, which integrates critical primitives for risky behavior specification, and (3) an optimized query engine based on the characteristics of the data and the query to efficiently schedule the execution. Demo URL: https://youtu.be/2dDVngg0UN8
READ FULL TEXT