The Application And Research Of Hook Technology In The Field Of Monitoring And Safety Protection

With the development of information technology, the requirements of safety and efficiency increases. Monitoring system and safety protection system play a important role in protecting people's normal work, and attract more and more attention. Hook is a kind of technology has been developed for many years, which allows the user to monitor the behaviors and change the way of running of a process, and thus improving the performance of a software. This technology has been widely used in the field of computer security and data mining. According to the actual situation, this thesis discusses how to use the Hook Technology to improve the monitoring system and the safety protection system.In this thesis, the main work done is as follows:(1)The concept and application of the Hook Technology are introduced, and the principle of hooking cross processes in the Windows user layer is illustrated. A experiment of stealing the result of the decryption of RSA algorithm in OpenSSL is conducted to verify the principle.(2)The SPI network firewall model based on the Hook Technology is introduced. The topic about how to use the firewall to monitor the packet in the network communications, defend hackers' intrusions, and prevent the user of the monitored terminal accessing the websites in the blacklist is discussed.(3)A method of using the Hook Technology to improve the ultrasonic welding system which is used in the LED production is proposed. This method enables the system to give a warning when the golden wire was just welding well, and thus reduce the losses caused by the inappropriate welding time.(4)The cross process modification in the Windows user layer is explained by a example of modifying a game's memory. In order to protect the specified process, the method of using the Hook Technology to modify services in the Windows kernel layer is proposed, and the way of how debugger runs and the technique of protecting a process from being debugged is explained.(5)Two reliable and popular message digest algorithms, MD5 and SHA-1,are introduced, and combined with the Hook Technology to detect the files which are malicious or in the blacklist.(6)The structure of the executable file is analyzed, and the method which can obtain part of APIs in the user layer that the executable file needs to use when it is running is explained. Two classification algorithms, kNN and SVM, are introduced and analyzed, and a new algorithm of using kNN to improve SVM is proposed. A test for the new algorithm is executed. By combining the new algorithm and the Hook Technology, a method which can determine the categories of an executable file without running it is proposed.This thesis shows the important role of the Hook Technology in aspects such as improving the industrial production process, ensuring the network security of operating system, protecting the correct operation of the process, detecting malicious files and the files in the blacklist. In the end, this thesis summarizes the achievements, shortcomings of the work and the improving methods, and determines the direction of the future research.