Live system call trace reconstruction on Linux

Live system call traces provide essential information in analyzing modern malware. Prior work demonstrated how system call traces can be used to differentiate benign from malicious applications. For example, ransomware invokes file system API to remove users’ access to their sensitive data, and asks for a ransom to restore the access privileges.