基于windows nt内核的主机入侵防御方法及性能研究-research on host intrusion prevention method and performance based on windows nt kernel.docxVIP

AbstractWiththeaccelerationoftheprocessofinformationandtherapiddevelopmentof Internettechnology,peoplesdependentsoncomputersandtheInternetkeepgrowingin learning,workingandliving.Atthesametime,theinformationsecurityproblemsarised fromthesharingofinformationresourcesbecomemorethanbefore.Fortheincreasingof waysabouthackinuserscomputerandthechangingoftypesininternetsecurity,itmakes moredamageforpersonalinformationofinternetionaluser.Withthedevelopmentofdiversityofneedinenterprisesanduser,theboundary betweenmalwareandnormalsoftwareblurtoobscurity.Normalsoftwaremayalsohavesecuritybehavior problemsbecauseofthe usingofsome securityflawsbyattacker. Becauseofthelackingindefendingwithunknownvirusesintraditionalantivirus technologywhichbasedinsignaturescanning,activedefensetechnologywhichbasedin processbehaviorsdevelopfordefendingthiskindofthreat. Host-basedintusionprevention systemcalledHIPSiskindofantivirussoftwarethatusethistechnology.HIPSisnow becometheoneofmostpopularresearchmajorsininternetsecurityfield.ThispaperintroducebasictheoryandtechnologyaboutHIPSatfirst,thenmakesaresearchandrealizationofmethodofintrusionpreventiononWindows32bitand64bitversionwhichcontainsfourprotectaspectswhichareprocess,registry,fileand driver.SecondthispaperanalysestheperformanceofHIPS,andfindoutthemethodof namelistmatchingisthemostfactorthataffectedtotheperformance.Afteranalysis theoriesandcomparingadvantageanddisadvantagebetweensimplymethodandBM method,thispapershowsanamelistmatchingmehodthatbasedinstring compressingand usedonlyforfullmatchingmode.Experimentshowsitworksbetterthanothermethodsatmemorycost,securityandmatchingtime.Keywords:HIPSPatchGuardX64ListMatchingAlgorithm目录1 绪论11.1研究背景11.2国内外研究现状41.3主要研究内容51.4论文组织结构52 相关技术与理论基础72.1主机入侵防御系统72.2WINDOWS 的访问模式92.3系统服务调用112.4PATCHGUARD和驱动程序强制签名142.5本章小结153 主机入侵防御方法163.1主动防御思想164.3基于字符串压缩的全模式匹配算法474.4算法分析与验证514.5本章小结545 总结与展望555.1论文工作总结555.2论文不足及今后工作展望55参考文献57后记60附录：攻读硕士学位期间发表的部分学术论著611绪论“攻”与“防”是计算机安全领域的永恒话题，正是两者的不断斗争促使了计算机安全技术的不断发展。由于传统反病毒技术