Grabbing freely from the documentation:

STAT (State Transition Analysis Tool) is a new model for representing computer penetrations, and the model is applied to the development of a real-time intrusion detection tool. In STAT, a penetration is identified as a sequence of state changes that take the computer system from some initial state to a target compromised state.

STAT is a technique for representing high-level descriptions of computer attacks. Attack scenarios are abstracted into states, which describe the security status of a system, and transitions, which model the evolution between states. By abstracting from the details of particular exploits and by modeling only the key events involved in an attack scenario STAT is able to model entire classes of attacks with a single scenario, overcoming some of the limitations of plain signature-based misuse detection systems.

The STATL Language

STATL is an extendible language that is used to represent STAT attack scenarios. The language defines the domain-independent features of the STAT technique. The STATL language can be extended to express the characteristics of a particular domain and/or environment. The extension process includes the definition of the set of events that are specific to the particular domain or environment being addressed and the definition of new predicates on those events.

For mor information, please see: http://www.cs.ucsb.edu/~rsg/STAT/software/stat/stat.html