Module shared_mem_anomaly 

Shared memory forensics / anomaly detection.

Functions

is_suspicious_shm

Classify whether a shared memory segment has an anomalously high attach count (nattch) that exceeds the given threshold.

scan_shared_mem_anomalies

Scan for shared memory anomalies (executable memfd, ELF headers, cross-uid sharing).