The Research And Design Of A HIDS Based On Static Analysis Of Program Behavior

In the modern society, the threats faced by computer users keep growing as computers and Internet becomes more and more popular. How to guarantee the security of computer, especially the security of operating systems, and thus protect users'well-being from being impaired, has long been a focus. Third party HIDS is awidely acknowledged and used protecting method for the security of operating systems. The research on IDS means significantly for enhancing computer security, dwarfing attackers, ensuring the personal benefit of computer users, and even the security of the entire Internet.This paper starts by introducing the basis of operating system security, followed by basic concepts of IDS, and a further introduction of the application of program behavior analysis in IDS, as long as contemporary related researches.In the next part, based on advanced researches on program behavior analysis, this paper designs a static analysis method to profile a program's behavior. This method abstracts the behavior of a program into system calls and context information. It not only applicable to Window, also solves a defect in some other advanced researches.After the design of program behavior analysis method, this paper design a HIDS based on that method, by dividing the system into two subsystem and several modules according to its expected function. The system design demonstrates a large number of details of the system. It also lowers the implementation complexity with available tools and ensures its feasibility by exploring many internal even undocumented mechanisms of Windows.On the basis of the design, the paper illustrates the implementation of the system in detail, including important steps in every module and special notices. Then a basic verification of the system is conducted using an experiment. In the end, this paper summarizes the system features, and proposes some possible improvement for future research.Motivated by realistic demand, and after researching on program behavior analysis methods, this paper shows creativity by proposing, designing and implementing a HIDS based on static analysis of program behavior, which is specifically applicable to Windows. It provides a reference for developing more accurate and effective HIDS both in theory and implementation.