12] proposed a behavior analysis system which records all system calls of process management and file I/O operations and matches activities with signatures described by regular expressions.
System calls transfer the application's request to the kernel, and call the corresponding kernel function to finish the required work, and then return the result to the application .
4 (Ice Cream Sandwich), which has 196 system calls as a part of its OS architecture .
The reason is that the farther the distance between two system calls is, the weaker the intensity of the two system calls is, which means that there will be a weak relationship betweeen the two system calls.
Anil, "Intrusion detection using sequences of system calls," Journal of Computer Security, vol.
An additional benefit from the fact that Ufo uses system call interposition is that the user can have Ufo dynamically attach to a running process and detach from it.
For example, we expect to reduce the overhead for the open system call from 611 to below 400 microseconds.
The behavior of intercepted system calls is then modified to implement new functionality.
Section 4 gives a detailed description of the Catcher and explains how it intercepts system calls at the user-level.
The Catcher is a user-level process which attaches to an application and intercepts selected system calls issued by the application.
While the cost for intercepting system calls is significant, our performance analysis shows that Ufo introduces acceptable overhead for common applications.
User-Level Plug-Ins: When a one-time modification to the operating system can be tolerated, a flexible strategy is to add hooks to the operating system so that system calls can trigger additional functions that extend the functionality.