Research In Active Defense Based On Program Behavior Analysis

This paper describes the status of network security, threats, trends and the focus of the study starting on the current active defense technology ,this paper basic introduction and compare to the various technologies, point out the advantages and disadvantages.Active defense technologies based on program behavior analysis presented in this paper, the system uses a LKM technology to achieve, in contrast to traditional system call access to and on the basis of pretreatment technology, use modify the interrupt vector table to intercept system calls, thus generating a normal program behavior database, while the adoption of improved Boyer-Moore algorithm to accurately analyze program behavior, this algorithm there is the possibility to skip the text sub-strings, you can quickly move, in terms of performance, efficiency, resource consumption have achieved better results. The truth is the active defense technologies based on program behavior analysis has a detection rate of high false positive rate of small features, for an unknown attacker intrusion defense also played a certain role.