A Research On Webpages Tamer-Resistant Software With Integrative Ability Of Security Defense

First of all,this paper describes the grave security situation of the current website,webpages tampering incidents grow with increasing number,and then analyse the increasingly apparent inadaptability of the traditional security tools of website to prevent website tampering over time,after that,It give an analysis of the current technology used in tamper-resistant software and the inadequacies of current website tamper-resistant software,and then put forward the goal of this research:to add the dynamic webpages security inspection technology and process memory scanning technology to the previous website tamper-resistant technology system,organically combine with the two basic tamper-resistant technology(event trigging and external hanging poll),to enhance the ability of dynamic webpages security defense and to achieve the targeted scan on file integrity,to implement a website tamer-resistant software have integrative ability of security defense.The software is operated in accordance with the time taken in tampering with the sequence of events is divided into 2 parts:the part of intercepting aforehand and the part of discovering afterward.The former is divided into Part 2:static file protection and dynamic data protection.The former use of a file filter driver technology to intercept requests for file operations to control the file operations,and the latter uses NDIS(Network Driver Interface Specification) IMD(Intermediate Driver) driver to intercept network packets to detect SQL injection and XSS attacks.The part of discovering afterward which uses method of timing scanning to detect the temper behavior which has occurred and the part of intercepting aforehand have not detected,to make up the omissions of the part of intercepting aforehand.Test results show that this software offers two basic function of file tamer-resistant software,that is the function of preventing the target file from being written and preventing documents is tampered from being read,in addition,this software has the ability of defense of SQL injection attack XSS attack,furthermore,it can trigger the scan when it detected the behavior of attack and tamper,and the goal of the research is achieved successfully.