Research And Implementation Of The Technology Against HIPS Under WIN32 Platform

With the development of computer technology widely applied in every walk of life, research on system security has become one of the most popular research directions in the field of information security. "Attack" and "defense" is an eternal subject. The complementation of these two technologies makes the technique of information security develop. With the rapid development of the technique of trojan horses and viruses, security software is also changing. HIPS (Host Intrusion Prevent System) is just as one of the future development directions for security software. This paper analyzes the technical principles of HIPS module in the security software, and then from the implicit and explicit ways, demonstrates the vulnerability of the current HIPS systems. Besides, some suggestions for improvement have also been put forward.This paper describes the characteristics, types, and related kernel system structure of HIPS technical. Based on these theories, the article analyses some weaknesses of the mechanism of HIPS from perspectives of the explicit confrontation and the implicit confrontation of the HIPS system. We take advantage of these flaws to antagonize the HIPS system.In the part of introducing explicit confrontation of HIPS system, we focus on two kinds of mechanism of process guard in HIPS system, and the deficiencies of security software itself. Base on the research of HIPS system, we take measures to combat security software and do the corresponding coding .Besides, we test and improve codes in the actual system environment and achieve a relatively good results in practical applications.In the part of introducing implicit confrontation of HIPS system, we focus on the resumption of Shadow SSDT (System Service Dispatch Table), the use of a inexpert functions and the escaping of driver-load monitoring. Basing on the resumption of Shadow SSDT and the underlying callback function, a new keyboard has been proposed. At the same time the paper stresses on the problems of driver-load monitoring of HIPS system as well as the corresponding bypass techniques.From the perspectives of the virus behavior and Man-made factors, several measures for improvement have been proposed in this paper according to the deficiencies of the HIPS. Besides, the corresponding technical realizations have also been given.At last of this article, we put forwards the direction of future research of the technology against HIPS. This research makes up for deficiencies in HIPS system and do certain help for HIPS improvements.