Design And Implementation Of File Monitoring System Based On Minifilter

With the rapid development of network and information technology,it brought dramatic changes and many convenient to peoples life and work.More and more individuals and units are using computers instead of the traditional paper documents to store files and process documents.The computer has brought great convenience to process,transfer and store documents.While it also brings some security risks,both a wide range of malware and the operation of users may threaten the security of the file.When using the network resource,users may access some unsafe sites so that they inadvertently download malware;Malware can be lurking in the computer,and in the case of user doesn't know it which creates files,tamper with files,delete files and steal files in the computer.Or because users are intentional to read the confidential documents without authorization so that confidential information is leaked.These are serious threats to the computer's security,malicious behavior happens in some of the important department,resulting in confidential documents disclosure so that it can cause large economic loss.So the security of the file becomes to be the primary condition of information security.Although there are many file monitoring system on the market at present,they have some problems but due to core technology and running status constraints.So this article absorb wisdom of the file monitoring system on the market,cast away their indifference,research a new file monitoring system to put effective file monitor and protect the security of computer files.This paper first introduces the overall architecture of Windows and explains some basic knowledge,then analyzes three core technology that the file monitoring system uses.The first technology uses Windows API(Programming Interface Application),the advantages are simple,the disadvantage is that it only get limited the I/O information.The second is the hook technique,hook technique is to modify the file operation function.The advantage is that it can effectively acquire the I/O information,but because the file operation function is more,so it has disadvantages of high complexity and instability,and it is easy to lose I/O operation and be deceived by malware.The third technology uses traditional file filter driver,the technology can effectively capture I/O operation,but it has some problems,such as the poor compatibility and difficulty to achieve and the complex workflow process and so on,so a new monitoring technology is proposed.Finally,we study the document micro filter driver implementations and principles,as well as the design of the monitoring system.Minifiter is different from the traditional file filter driver,it is more simple and higher compatibility,and its advantages is more than the traditional file filter driver.Of course,it is more efficient than File monitoring system in user-state,and to prevent fraud,and not easy to be bypassed and so on.And this system also has the function to write the log,analysis of the I/0 operation is written to the log file which facilitate users to find security vulnerabilities,or find some abnormal behavior.Having run some tests,the efficiency of this file monitoring system is 1.5 times that of the previous monitoring system,and the advantages and disadvantages of file monitoring system are balanced.it can effectively monitor the file.