Simple Example
- Anomalous system call sequence detected
- Process has exec'ed; Process has open network connections; Instruction Pointer is in a writeable memory segment
- Record process state information (open network connections, open descriptors, memory segment map, etc.); Dump memory segment containing EIP; Terminate process; Issue alert
Curious: how many of you know what kinds of vulnerabilities, when exploited, could have these attributes?