基于Windows平台的HIPS系统设计与实现

本文介绍了一个基于Windows操作系统的实时监测违反安全规则的行为和系统调用请求的主机防御系统(WinHIPS)的设计与实现。WinHIPS作为一个内核驱动程序,通过使用Windows操作系统的内核结构来实现,通过对进程、注册表与文件的保护防止恶意程序的执行,通过对系统行为的保护与阻止避免系统入侵从而对系统的核心资源进行保护。

This paper presents the design and implementation of a Host Intrusion Prevention System (WinHIPS) for Windows OS that immediately detects security rules violations by monitoring the system calls made by the application processes. WinHIPS is implemented as a kernel driver, by using kernel structures of the Windows OS, by protecting the process, registry and document from implementating malicious code, by protecting and preventing the action of the system to avoid system invasion, so as to protect the core resources of the system.