| Most of the traditional information protection technologies are based on PDR model. PDR model has constructed the safety inequality:Pt>Dt+Rt and the main technologies are encryption technology, detection technology and emergency response(reinforcement) technology. However, with the emergence of Trojan technology, PDR model is destroyed by such a new method. Under extreme conditions, Pt=0, which means that the security of information is guaranteed only by detection and response mechanisms. Therefore, this thesis analyzes the challenges of safety on hosts, illustrates the design goals and ideas of a host-based intrusion prevention system, studies the key technologies relating to the development of the intrusion prevention system, implements the promotion from protection to defense and reaches the objective of security pre-alarming, the defense in depth and enhancement of the self immunity.Monitoring and capturing the significant system calls is the basic starting point for the host-based intrusion prevention system. It hooks the system service descriptor table and intercepts the system calls from kernel-level. As a result, it provides the real-time and comprehensive monitoring of the operating system and the fine-grained access control of the activities of process and users. The intrusion prevention system realizes the protections of file, registry, process, driver, system hook, network access, system service descriptor table and itself. As for the operations on the sensitive files, the system not only requires the confirmation of access right, but also examines if the local corresponding hardware signals exist, such as the mouse and keyboard, thorough the Mandatory Hardware Confirming Control Technology. It puts an end to any malicious manipulations from the Trojan programs and ensures non-repudiation of operations. This thesis carries out an in-depth research of the host protection with theoretical values and practical values. |
PDF Full Text Request