摘要
基于HOOK内核代码的传统主动防御软件在放行恶意驱动后对于高危险的恶意代码无法做到有效防御,因此在在已有的病毒行为分析和模式识别技术的基础上,提出了一种基于硬件虚拟化的主动防御模型.详细阐述了硬件虚拟化的主动防御系统的主体构架和实现,系统功能模块的划分及实现原理,行为视窗监控、黑白名单等关键技术的实现方法,从更底层的角度进行行为检测防御,并通过影子页表可以实现高强度的自我保护.
The traditional proactive defense software based on HOOK Kernel code can't defend effectively to the high risk of malicious code after releasing malicious drivers. So based on existing virus behavior analysis and patternrecognition technology, we put forward a new proactive defense model based on Hardware virtualization. It describes in detail the main structure and realization of active defense system of hardware virtualization, the divisionof the module and the principle of realization of the system function, the behavior of Windows monitoring, the black and white lists and so on, all the Implementation of key technologies. It can undertake the behavior detection defensefrom the perspective of lower-level, and it can also achieve high strength of the self-protection through the shadow page table.
出处
《微电子学与计算机》
CSCD
北大核心
2012年第12期189-192,共4页
Microelectronics & Computer
