| In the widely using of computer and network, the danger and crime from the outside and inside the local network increase greatly. For one respect, the speed of infection in the network grow even fast; for another respect, the response to the attack grow even slowly, in addition the initial design of Window OS does not care about security problem. The combination of various dangers evolves continuously. The traditional technique of Fire Wall, Intrusion Detect System and Anti-Virus has lost their capabilities. The information security defending system calls for the host intrusion protection system. In order to solve this conflict, we need to put more emphases on the HIPS, host intrusion protection system, in addition its core technique is monitoring the system actions.In this article, we summarize the current threat of network in the first, then analyze the solution of network security which is provided by security industry, specify elaborately that it can not match the need of security. Beginning from analysis of a simple attack procedure of malicious program, expatiate elaborately the operation of drivers, core services, system call in the Window XP OS accompanying this attack procedure, and put more emphases on the file, register and process etc system resources. On the basis of above, we research the core technology and detail content involving the file, register and process. A new idea of security solution, Host Intrusion Prevention System, has been provided.This project depends on a research project in the 2008. On the basis of Windows XP OS security platform, we provide the HIPS which is able to defend application, register and file. The user has the capability to control the operations of process, file and register by customize the rules. In the meantime, we design the total frame work, all the modules respectively and the final test work for the above research result. Finally we prospect the new technology and research direction in the action monitoring. |
PDF Full Text Request