Abstract :
In view of the analysis of hostility and working principle of the malicious software and their actions, based on the kernel driver, this paper designs a real-time inspection system framework and solution of malicious software and actions. This system applies shared memory, Windows message mechanism, I/O driver technology and others, implements information synchronization and data communications in interprocess which is between processes, the user mode and kernel mode. Syncretizing traditional detection mode (feature library), heuristic scan and active defensive technology, the system designs a hybrid anti-malicious actions monitoring system which is active to identify accurately the malicious behaviors in register table, process and Webpage. Finally, the application example and test results prove that this system reacts to malicious actions in a higher speed and identifies unknown malicious actions more effectively than compared software.
Keywords :
device drivers; inspection; invasive software; operating system kernels; shared memory systems; software libraries; system monitoring; I/O driver technology; Web page; Windows message mechanism; active defensive technology; data communications; detection mode; feature library; heuristic scan technology; hybrid antimalicious actions monitoring system; information synchronization; kernel driver; real-time inspection system framework; register table; shared memory; software malicious actions; system design; user mode; active defense; heuristic Scan; kernel driver; real time inspection; the malicious actions of software;
