基于进程管理的安全策略分析

The Analysis of the Security Strategy based on Process Management

文章针对进程管理的安全性问题,分析了目前进程的类型和特点,并对几种常见恶意进程进行介绍。结合主动查找和监控的思想,提出了一种基于HOOK技术的进程管理安全分析策略。该策略借助Windows消息处理机制、API函数调用技术、数据库技术以及黑白名单规则等,将进程采集、进程分析、响应、黑白名单规则以及数据库添加等功能模块化,从安全性、低耗能、自我保护等方面对计算机系统进程进行监控和管理。系统能够分析出可疑、非法、高内存消耗的恶意进程,实现进程管理的安全运行。文章方案在VC语言平台下,针对局域网环境,分别对上述功能模块进行代码实现,最后从功能性测试(常用进程、进程采集、进程分析等),运行效率测试(系统自身的内存占用、CPU占用等)两个方面进行实验。实验结果表明,该方案可以安全、快速、准确地实现对系统进程的安全管理、对恶意进程的监控和强制关闭、对系统进程的自我保护功能,减轻安全管理人员监控的负担,从而提高其在网络安全工作中的效率。

The strategy of the process managements＇ security and analyses based on hook technology was put forward against the security problems of process management, which analyzing the types and characters of recent vicious process. And under the help of message processing mechanism of Windows, API functions＇ invocation technologies, database technologies, the rules of black and white list and so on to achieve the modularity of the collection of process, the analysis of process, the responses, the rules of black and white list, the database’s adding and the like to monitor and manage system process from the aspects of security, low power, self-protection and the like. To analyze the malicious process of suspicious, illegal and high memory consumption, this could make the process management operating safely. The results of the experiment validate that under the VC language platform and aiming at LAN environment to achieve the functions’ modularity respectively above mentioned and ifnally experimenting from two aspects： the test of function （commonly-used process, the collection of process, the analysis of process and so on） as well as the test of operational efifciency （the memory usage of the system itself and the usage of CPU） the project can achieve security management of the system process safely, quickly and accurately, monitoring and force close the vicious process, realize the function of self-protection for system process and lighten the monitoring burdens of the safety regulators, thus improving the efifciency in the work of network security.