Windows客户端行为实时监控系统设计与实现计算机科学与技术专业论文.docxVIP

哈尔滨工业大学工学硕士学位论文 哈尔滨工业大学工学硕士学位论文 - - II - Abstract With the rapid development of Internet, more and more people become Internet users. People benefit from the Internet. At the same time, due to the fact that client side attacks are on the rise, people are also threatened because of Internet. It is necessary to find an effective way to reduce the client side attacks to improve the Internet security. The current firewall and antivirus software can act on known malware, but not for unknown malware. Furthermore, the firewall and antivirus software are passive to interception and detection. How to take initiative to detect, confirm the existence of threat on the Internet, and further to avoid Internet users visiting the web page containing malicious actions has become an urgent problem. For the above problem, real-time monitoring system for windows client is proposed. Windows virtual client with this system can be used to log to websites. The system analyzes the captured data, it is easy to judge whether system is attacked. Firstly, the system defines a set of core Windows client-side behavior, including process, remote thread, registry, driver load and file. The group behavior can identify the security situation of host and judge whether clien t-side attacks happened. Secondly, the system defines relevant analysis rules. Through relevant analysis of result data, valid data sets can be obtained. Finally, according to the analysis of relevant data sets and the definition of malicious behavior, the safety state of system can be judged. After testing, the system proposed in this paper can judge the safety state of websites effectively, so that users can prevent logging to those websites containing malware. Keywords: real-time monitoring, active detection, malicious behavior, driver load - - PAGE IV - 目 录 摘 要 I Abstract II 第 1 章 绪论 1 1.1 课题来源 1 1.2 课题背景及意义 1 1.3 国内外研究现状 2 1.4 本文的主要任务及研究内容 4 1.5 本文组织结构 5 第 2 章 恶意软件原理分析与客户端行为定义 6 2.1 恶意软件定义 6 2.2 恶意软件类型 7 2.3 恶意软件捕获