Module timerfd_signalfd 

Timer/signal FD abuse detection.

Functions

is_suspicious_fd_count

Classify whether a process has a suspicious number of timer/signal/event file descriptors by comparing against a threshold.

scan_fd_abuse

Scan for timerfd/signalfd/eventfd abuse patterns.