| The project is a branch of "Network Active Intrusion Prevention System" funded by the Science and Technology Department of Zhengzhou. Aiming at the flaws of present passive prevention products, the thesis studies and implements a more efficient and perfect Host Active Intrusion Prevention System. Organically amalgamating multiple security techniques, it puts deep defense in practice centered on the key resources in the host/servers.Host Active Intrusion Prevention System is the last line of defense against system compromise. It uses user-defined access control rules, examines system activities and user behaviors according to the factors of who, when, where, what process and which right etc, and provides finer granularity access control than the Operating System. What Host Active Intrusion Prevention System implements is as follows: By locking down critical files and key registries, it achieves file and registry protection; Using process hiding and process termination protection, it prevents important processes from being seen, attacked and terminated; Though driver hiding, loading and unloading protection, it prevents important system modules from being seen, unloaded, and also prevents kernel rootkits and backdoors from being loaded into kernel memory; By controlling application's execution, it can block unknown or unauthorized applications' running and stop malicious applications from modifying normal applications. It is convenient to examine, add, delete and modify the access control rules using Host Active Intrusion Prevention System, which also records the illegal access behaviors. Through these functions, Host Active Intrusion Prevention System extends security performance of Windows Operating System.Finally, we test Host Active Intrusion Prevention System, the result indicates that Host Active Intrusion Prevention System, with little impact on OS, has realized its functions designed. |
PDF Full Text Request