| The popular use of telecommute makes the topology of business network become more complex. When remote terminals connect to the internal business network through the Internet, they also take security risks to the critical-business network.For the shortcomings of the existing access control system in remote terminals security check, this research proposes the idea of kernel mode remote diagnosis. And a computer remote diagnosis model is presented, which provides an effective solution for security access of business-critical network.Based on the deeply study of the existing technology of kernel mode malware detection, this paper presents the way of security diagnosis, which check the safety of remote terminals by detecting the system safety-related anomalies. In order to obtain accurate diagnostic information, and avoid the malicious forgery and tampering with system information, an idea of system code full-path tampering detection is presented. By tracing the system function executable path, the sign of the code tamping can be found even it is hidden deeply in system code. And the technology of obtain driver object IRP handler dynamically is also proposed, which solves the problem of the unknown driver IRP handler detection. Effectively detects kinds of diagnostic information.In the test, many actual malware samples are used, and the diagnosis system can find out the security anomalies in the test computer. A better safety determination of remote computer is achieved. System can prevent the proliferation of security risks and protect critical business networks better by isolating the remote terminals with security anomalies. |
PDF Full Text Request