摘要
主机主动防御技术就是一种基于单机的新型的病毒防御技术,通过监视进程的行为,一但发现"违规"行为,就通知用户,或者直接终止进程,能够实现对未知病毒的防范。规则设置是主机入侵防御系统的重点和难点。本文从基础规则结构、规则定义、规则优先级、软件限制策略等方面对主机入侵防御系统的规则设置进行了深入研究。并进一步设计实现了基于规则的主机入侵防御系统,实验证明,该系统具有为较为灵活的主动防御功能。
Host active defense technology is one kind based on single new virus defense technology, by monitoring the process behav- ior, but found the" illegal" behavior, the user is informed, or terminate the process, can achieve the unknown virus prevention. Host intrusion prevention system rule set is the key and difficulty. Starting from the basic rules of structure, rule definition, priority of rules, software restriction strategy and other aspects of host intrusion prevention system of the rule set is studied. And further design and implementation of rule based host intrusion prevention system, experiments show that, the system has a relatively flexible active defence function.
出处
《微计算机信息》
2012年第10期374-377,共4页
Control & Automation
