摘要
针对个人计算机面临的安全威胁提出一种基于行为的主机入侵防御系统方案(B-HIPS)。B-HIPS系统针对应用程序、注册表、文件、自身保护等方面进行全方位的设计与功能模块划分,并针对进程创建、注册表写入、驱动加载等部分功能实现B-HIPSDemo。对于Demo程序采用"灰鸽子"与"熊猫烧香"两种样本进行测试,成功阻止了样本对主机的破坏行为,完成防护的目的。
In the face of the security threats,this paper presents a solution named behavior-based intrusion prevention system(B-HIPS)with protects computer all-directional, including application defend, registry defend, file defend, self defend and so on. B-HIPS Demo is completed as a demo program with some function of system, which monitors all behaviors of creating process, writes registry and loads driver. The demo program is successfully in passing the test of two samples named "Worm. WhBoy" and "win32.hack.huigezi". It prevents virus sample from destroying personal computer.
关键词
信息安全
主机入侵防御
行为
information security
host intrusion prevention
behavior