Drive-by downloads defense based on kernel level filtering

Recently, How to secure your browser out of malware attacks became the hottest topics on system security. According to the characteristics of Windows systems and drive-by download, this paper designed to eliminate drive-by malware installations present a browser-independent system architecture based on windows kernel file system filter driver and user-level hook technology. By Intercepting the user´s download behavior, user-level module will get the file path information passed to the kernel-level file filter driver module, which can redirect all malicious program to a particular directory in which is to prevent the execution of any binary file. The capabilities of the design combining user-level modules and kernel-level modules can ensure the safety of the operation system. The experimental results present that our defense system has a good protection of the injection of malicious programs because of the fragile web browser and lower running overhead and little impacts to user.