Research And Implement Of Host Security Protection System

In the Internet the host can often play a role of server, and a lot of important information is stored in them. Therefore, hosts easily become the targets of the attackers. How to protect host security, find out attacking of host system, block attacks and reduce the system security risk to the greatest extent has become an important research topic in the area of network security.Based on the detailed discussion on the basic steps of attack, this paper analyzes the tasks of the key steps of attack and concludes some attacking characteristics. On the basis of attacking characteristics and P2DR (Policy Protection Detection Response) theory, HSPS (Host Security Protection System) is designed. Though the monitor of the system, the ability of the host real time protection is improved and the security performance of the host is increased.In HSPS the attacking characteristics are different from the traditional host protection measures (Intrusion Detection System, etc). The attacking characteristics include abnormal activicities of the host system, such as some abnormal processes, ports and etc. With the help of these attacking characteristics, the system can effectively find out attacks, reduce false alerts and lost alerts.HSPS uses the technology of multithread. Though the multithread, the parallel processing efficiency of the host system is improved and the system expenditure is reduced to some extent. HSPS designs configuring library. Based on the different demands of the host security, the different configures are puted forward. Therefore the flexibility and extensibility are increased. In order to improve the ability of the host initiative protection, HSPS designs the protection module. By this module, HSPS can effectively block attacks and increase the host security.In the test, HSPS is tested by making use of venerability of .printer remote buffer overflow, Unicode, and .ida remote buffer overflow. The results show that HSPS can effectively find out attacks, block attacks and analyze the effect that is produced by the attacks.