| In the process of widely using of computer and spread of network, The traditional technique of Fire Wall, Intrusion Detect System and Anti-Virus has lost their capability. In order to solve this conflict, We need to put more emphases on the HIPS, in addition the core technique is monitoring the system actions.In this paper, most researches are on the host behavior monitor, and focusing on the file, registry, process, network and other system resources, which is usually exploit by virus, Trojan horse, vicious software and scam software. The main work is Windows hooking, dll injection, remote thread injection, Behavior monitor, TDI net filter and so on, from the inmost drivers, kernel services to system function callings. Then, study how to use these techniques to monitor the file, registry, process and network in the system behavior.It can monitor the behavior of process, file, register and net in this paper. On the basis of Windows XP OS security platform, We provide the HIPS which is able to defend application, register, file. The user has the capability to control the operation of progress, file and register by customize the rule. In the meantime, We design the total frame, all the modules respectively and the final test work for the above research result. On the Innovation of this paper, two methods of monitoring is applied. on the other hand, rules put in core can provide the Efficiency of system. |
PDF Full Text Request