Simple Example

Anomalous system call sequence detected
Process has exec'ed; Process has open network connections; Instruction Pointer is in a writeable memory segment
Record process state information (open network connections, open descriptors, memory segment map, etc.); Dump memory segment containing EIP; Terminate process; Issue alert

Curious: how many of you know what kinds of vulnerabilities, when exploited, could have these attributes?