POIROT: Aligning Attack Behavior with Kernel Audit Records for Cyber Threat Hunting.