A Linux kernel-based behavior recorder is implemented in this paper,which has adopted kernel function hijacking technique to hijack and modify kernel functions and also utilized loadable kernel module technique to insert modified functions into kernel.
