Research On Embedded Virus Dissemination Principle And Active Defense Technolog

With computer virus defense technology's development, the viral dissemination's way and the method unceasingly are also renewing, specially the embedded technology's appearance, Causes viral the dissemination to be more covert and the danger. This article rests on the computer science the system theory, take the embedded guidance virus as the admittance spot, has carried on the thorough analysis to the embedded virus's each behavior mechanism and the characteristic, In analysis discussion's foundation,discussed one kind based on the system call mechanism's active defense system's solution. Has been clear about its process and so on invasion, infection and outbreak regarding the embedded virus chief features and the embedded virus realizes its dissemination key question.This article unifies the operating system principle, the application system transfer mechanism and the access control principle, take the advancement and the registry as the core. In order to defend the embedded virus to design one kind based on the system access control invasion defense technology.Through to the system call interception, has custom-made the system access control strategy using the user, from the visitor status, the access time, visited the place, visit use advancement and advancement aspects and so on authorized jurisdiction has carried on the fine grain access control to the system activity and the user behavior. Has realized to operating system's registry enhancement protection; The important advancement which moves to the system in carries on the protection through the advancement hideaway and the thread foundation preservation technology; Loaded/the unloading technology through the essence module hideaway and the essence module to realize system own protection. Realizes the protection through these different technologies to achieve the active defense embedded virus the goal.Finally, has realized the above security model prototype prototype debug under the Windows environment, and in system test's foundation, to used the key technologies "the core system call interception" the model validity to carry on the actual confirmation. Has analyzed this defense model system superiority and the insufficiency, had pointed out under further needs work and prospect.