摘要
近年来,反恶意软件技术的研究主要禁锢于特征码扫描,很少对恶意软件主动防御技术进行深入的探讨和研究。该文基于SSDT HOOK技术,通过HOOK各个敏感Native API,实现了进程创建监控,驱动加载监控,远程线程监控,注册表访问监控,设计并完成了一个基于Windows平台的完备的恶意软件主动防御系统—SimpHips,经过测试,能够成功拦截大部分恶意软件的执行。
In recent years,anti -virus technology researching detain in signature scanning, and rarely take the initiative to conduct an in - depth research on the technology of active defense. This paper based on the SSDT HOOK technology,through HOOKing the various sensitive Native API ,implemented process creating monitoring, driver loading monitoring, remote thread monitoring, registry access monitoring, file ac- cess monitoring, designed and implemented a completed malicious software active defense system--SimpHips, tested and be able to successfully block the execution of most malicious software.
出处
《世界科技研究与发展》
CSCD
2010年第2期154-156,150,共4页
World Sci-Tech R&D
基金
铁道部科技计划项目(2008J002)
