Research On Dynamic Memory Security Monitoring And Prevention

With the development of information security technology, the traditional user state intrusion means most to be on the market killing antivirus software or intercept, intrusion technology more and more to start from the system kernel, by modifying the kernel data structure to achieve malicious hidden processes to bypass antivirus software and system configuration to achieve the criminal purpose tampering. The characteristic code technology killing is not applicable to this way of using the traditional antivirus software, by modifying the kernel data structure of computer intrusion means is not easy to be detected. Through deep study of the technical principle of Windows kernel hacking, analysis of the process of hiding, SSDT HOOK, Rootkits and other common attack means, is proposed to detect hidden processes and Rootkits attack and recovery scheme.(1) Analysis of the malware producers how to use the kernel memory implementation of malicious attacks on Windows operating system, analysis of its impact on the safe operation of the system state and user information security, Windows kernel mode memory can be exploited by attackers, which makes the research of the kernel memory dynamic security monitoring technology is very important to become.(2) Analysis of the kernel memory attack detection current popular technologies, such as Rootkit detection, kernel object hijacking detection, SSDT HOOK detection, through the analysis of its technical principle, good technical support for dynamic memory safety monitoring system for the next step.(3)Based on the above theory, the design and implementation of dynamic memory safety monitoring system, the system can monitor the system registry file, transform, can through the scanning system in kernel memory address space, the kernel hooks and hidden process detection, kernel object hijacking attacks, can be in when the attack took place in a timely manner to the user to send out a warning, to achieve safe protection for the system kernel mode memory.(4)In kernel dynamic security prevention, through the principle and technical characteristic analysis of common kernel mode memory attacks, combined with the traditional defense technology advantage, put forward the dynamic memory security active defense technology frame of the system kernel level memory implementation of active defense, ensure the safe operation of the main machine core user.