The Study Of Windows Key Technology And Its Application On Intranet Security

With the rapid development of computer technology and communication technology,the network is gradually changing the way of people's work and lives,and has become a theme of social development.With the substantial increase in the amount of the network,the purpose of malicious code attacks,turned to show off the destructive power and purpose to obtain political and economic interests of destruction.In particular,when a malicious program in the internal network,including network terminal massive infection,it has increasable exponentially destructive power and persistence.Terminal within the network security mainly for filtration and treatment system messages,the security technology of terminal within network is mainly divided into user mode filtering technology and kernel-mode filtering technology.This paper studied Windows hook in user mode and file system filter driver and disk filter driver in kernel-mode to solve the terminal within the network security is facing the biggest problem,which is a malicious program Prevention and Control,to achieve the security of the network terminal curing and malware detection system,the main contents are as follows:1.Research and analysis,including network security management system within the network terminal in the prevention against malicious programs involved,including the prevention and detection of malicious programs malicious programs,and for each of these two aspects are analyzed in a highly-classified within the network we need to meet the requirements.2.Study the Windows driver development techniques and disk filter driver technology,which mainly studied the physical disk file sector address obtained in the disk filter driver problem,obtain the physical file system in the cluster list of questions and documentation and establish a correspondence between the sector address the issue,and in this study based on the registry can be avoided to achieve a registry entry to redirect links to bring the issue of the destruction program-based operating system disk filter driver curing.3.Study the Windows kernel device communication mechanism and file system filter driver technology,in which mainly studied when creating a file system filter driver how to get the exact file name to create a problem,the file system filter driver dispatch function and the function is not completed same thread buffer failures and rename files across volumes file system filter driver can not catch a problem rename the message.And in this study based on the realization of the file system filter driver-based operating system curing solution.4.Malware detection scheme proposed low rate of undetected.The program draws on Windows hook run sequence extraction program,and ion process,characterized as a program to reduce the amount of redundant information contained in the feature,and innovation is the introduction of the original calculation of the k-gram similarity algorithm the calculated results of this algorithm as input SVM classification algorithm,compared with other use SVM classification algorithm for detecting the program,not only reduces the dimension of the input vector detection scheme to improve computational efficiency,but also missed the lowest rate reached 1.91%effect.