| Dangers exist in current Internet all the time. If users don't adopt any prventive measures, they will encounter attacks from hackers.Besides, this paper progresses systematic analyses and research aiming at Windows Rootkit, and aiming at the shortcomings of current checking tools, it proposes the WinRKAD resolutions of using the preventive and checking tools at the same time, so it can effectively check all kinds of Windows Rootkit in existence. By way of configuring filtering program in the rootkit mostly used parts, the WinRKAD system can refuse the loading behavior of rootkit, for those rootkit that is running, it find out the abnormal situations that may happen from hidden process, hooking and hidden service. Thus, it can judge out whether or not the Windows Rootkit exists in the system.Through the study of the developing situations and realization technology of personal firewall, this paper designs and implements personal firewall system named DFW, which are the network security programs for personal usages, it defends the network according to user's configurations, provides the powerful functions of visiting access, information filtering and etc, helps users keep away with network intrusions and prevent information leakage. DFW system adopts the dual filtering mechanism in the user layer and kernel layer. In the user mode, it adopts Winsock API technology, while in the kernel mode, it adopts the NDIS intermediate layer driver technology.At the same time, we test the DFW system and WinRKAD rootkit prevention system. From the testing result, it shows that the two systems realize the design objects and reach the design requirement. WinRKAD resolution fetch up the shortcomings exist in the current checking methods, and it can effectively block and check different Windows rootkit.Finally, the thesis concludes the finished work and the existing drawbacks, and puts forward with some suggestions to future development. |
PDF Full Text Request