Fig. 2From: Optimus: association-based dynamic system call filtering for container attack surface reductionOverall workflow of lightweight system call monitoring. (1) The system call monitor checks if containers trigger any invoked system calls. (2) It verifies if the invoked system calls need to be monitored based on predefined criteria. (3) The monitor selectively records the required system calls and notifies the update to the user-space monitorBack to article page