期刊文献+

基于行为的主机入侵防御系统设计 被引量:1

Design of behavior-based host intrusion prevention system
下载PDF
导出
摘要 针对个人计算机面临的安全威胁提出一种基于行为的主机入侵防御系统方案(B-HIPS)。B-HIPS系统针对应用程序、注册表、文件、自身保护等方面进行全方位的设计与功能模块划分,并针对进程创建、注册表写入、驱动加载等部分功能实现B-HIPSDemo。对于Demo程序采用"灰鸽子"与"熊猫烧香"两种样本进行测试,成功阻止了样本对主机的破坏行为,完成防护的目的。 In the face of the security threats,this paper presents a solution named behavior-based intrusion prevention system(B-HIPS)with protects computer all-directional, including application defend, registry defend, file defend, self defend and so on. B-HIPS Demo is completed as a demo program with some function of system, which monitors all behaviors of creating process, writes registry and loads driver. The demo program is successfully in passing the test of two samples named "Worm. WhBoy" and "win32.hack.huigezi". It prevents virus sample from destroying personal computer.
作者 成洁
出处 《信息化纵横》 2009年第10期42-45,共4页
关键词 信息安全 主机入侵防御 行为 information security host intrusion prevention behavior
  • 相关文献

参考文献4

二级参考文献20

  • 1Prasad Dabak, Sandeep Phadke, Milind Borate. Undocumented windows NT[M]. John Wiley & Sons, 1999.
  • 2David A Solomon, Mark E Russinovich. Inside microsoft Windows 2000,Third edition[M]. Microsoft Press, 2000.
  • 3Gary Nebbet. Windows NT/2000 native API reference[M].Que. 1 st edition, 2000.
  • 4Dmitri Leman.Tracing NT kemel-mode calls[EB/OL], WDJ,2000, (4). http://www.wdj.com/articles/2000/00E04/0004b/0004b.htm? topic=articles.
  • 5Mark Russinovich, Bryce Cogswell. Windows NT systemcall hooking[J]. Dobbs Journal, 1997,(1).
  • 6James Finnegan. Windows NT process monitoring[D]. MS J,1999.
  • 7Galen Hunt, Doug Brubacher. Detours: Binary Interception of Win32 functions [C]. Proceedings of the 3rd USENIX Windows NT Symposium. Seattle, WA, 1999.
  • 8Yona Hollander, Romain Agostini. Stop hacker attacks at theOS level [EB/OL], Intemet Security Advisor Magazine,2000, (9/10). http://www.entercept.com/products/entercept/news/intsecadvmag.pdf.
  • 9Sekar R, Bowen T, Segal M. On preventing intrusions by process behavior monitoring [C]. Usenix Intrusion Detection Workshop, 1999.
  • 10Prasad Dabak, Milind Borate, Sandeep Phadke. Hooking windows nt system services[M]. M&T Books, 1999.

共引文献15

同被引文献13

引证文献1

二级引证文献1

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部