Security Software Process Protection And Reinforcement Technology Based On Windows System

At present,the computer equipment based on Windows-system is the mainstream in various industries which are oriented to production and social progress,especially in major areas related to the livelihood of the nation.In recent years,attacks against Windows systems have rendered APT(Advanced persistent Threat),and virus authors often write kernel drivers to attack to get the highest privileges of the system,for example,the "Stuxnet" events in 2010 and the blackout in Ukraine at the end of 2015.Due to most Windows-system computers are protected by security software,many malicious programs target the attack target on windows-based security software to end the security software process.Therefore,it is vital to study the security software process protection of Windows system.Intensive study of the security software of the protection will be carried out in the following paper.Firstly,it reviews the process of attack and defense in recent years and it takes 360 security software as an example,at the same time,it analyzes the process protection technology adopted by current mainstream security software.Secondly,the paper points out the weakness of existed technology at a different angle.It gives the reinforcement technique based on the system kernel hook,system process/thread principle of reinforcement technology and the principle of system memory reinforcement technology etc.In addition,it analyses system security of the Windows 64-bit software process protection and the possibility of the social engineering attack and defense methods.At the same time,this article then developed the corresponding protection measures for these weaknesses,in order to implement appropriate measures.Finally,the feasibility and practicability of the security software process protection and reinforcement technology based on Windows-system are verified by experiments.