GrammaTech ARTCAT

GrammaTech ARTCAT (Autonomic Response To Cyber-Attack) is a runtime monitoring and mitigation system that identifies and responds to execution anomalies in applications. The system operates by translating user-specified policies into runtime monitors that track program behavior and modify execution toward safer states. ARTCAT monitors internal program events including inappropriate values and authentication bypasses, providing visibility beyond traditional SIEM and EDR systems that focus on network and file activity. The system includes a reasoning engine that detects anomalies, directs corrective actions, and interfaces with users about system health. The tool has been tested on real-world applications including Nginx (200 KLOC), Bash (250 KLOC), and tar (25 KLOC). According to the NIST Taxonomy of Software Flaws, ARTCAT can fully protect against 11 out of 16 flaw categories and partially protect against 13 categories. ARTCAT can be deployed as an end-to-end tool chain or as modules that integrate with existing SIEM systems. The system uses policy-based monitoring where policies specify correct execution behavior rather than known attack signatures, enabling detection of unknown vulnerabilities. GrammaTech provides behavioral policy templates and support for policy creation, refinement, tuning, and troubleshooting deployments.