UNM live inetd data

The inetd program was traced on a UNM computer running a modified Linux 2.0.35 kernel which allows us to collect system call traces. These data were used in experiments reported in the Alternative Data Models paper.

The inetd program is typically started as a foreground process, which initiates a daemon process to run in the background and then exits. The daemon process initiates child processes to perform a fixed set of initialization steps before executing some other program. Child processes are, therefore, very nearly identical. The normal data for inetd include a trace of the startup process, a daemon process, and a representative child process, included here in one gzipped file.

The intrusion we ran against the inetd program is a denial-of-service a ttack that ties up network connection resources. As the attack progresses, more of the system calls requesting resources return abnormally and are re-issued. The intrusion data collected include a startup process, a daemon process, and several child processes, but only the daemon process is expected to show any deviation from normal behavior. All traces are included in a single gzipped file.

Use the linux 4.2 mapping file for these traces.