Research And Implementation Of File Monitor System Base On File System Filter Driver

With the rapid development of network and information technology, a large number of files and data have been produced which importance cannot be ignored.such as:Trojan horses, worms, viruses and so on. When view or download the network resource, the user's misuse or visit unsafe sites, are likely to touch to the network of malicious software, they will be created in the host file, tamper file, change the file, remove documents and other operations, All above is a serious threat to the security of the system. Although there have been security and defense products available, such as firewalls, intrusion detection systems, its features is a static call.In the paper, with the distributed parallel computing framework of Hadoop, the reasons to which refer the cloud security in the system was introduced, the safety of the key technology of cloud was discussed. With the acknowledge of the file system filter driver, filter driver's principle and related technologies, The resulting document the key technical monitoring system.File monitor system based on files filter driver was designed in the paper. The system modules and the flow chart was designed, the system was implemented in the end. System functions include real-time monitoring file operations, restore the deleting files and alerts the restore files, save the log and write log files. Different strategy was made for different types of files in monitoring system to monitor the system files. Then, deleted files were compressed with files compression, this is something to saving the user's disk; Recovery is given to remind in the storage period. The log records the illegal operation of the time, users, processes, and file path, IRP type and refused to perform in the operating system. High efficiency and comprehensiveness log was designed in the paper," delayed write "was used in the log files, the log was wrote into files when the logs to a certain number. This method does not affect the monitoring function and the performance of the system, In the validation section, the function of the file monitoring system, the files integrity were tested. The feasibility of log files was tested; fully verify the practical value of files monitoring system.Creative work in this article:Available Hadoop distributed file system in monitoring system, it upload the rules file to the cloud, with the powerful scheduling features Hadoop platform to call the files; Divided the monitoring files into data files and executable files, different monitoring strategies were develop, this strategy save system costs and play a significant role of the monitoring system stability; The function of modify and backup the files was proposed, compression algorithm was used to back up the deleting files. Finally, recover reminded the user whether to recover the files or delete the files. The method of back up the illegal operation by the user was provided.