计算机安全
計算機安全
계산궤안전
NETWORK AND COMPUTER SECURITY
2013年
7期
21-24
,共4页
吕滨%关双城%刘晓红%张艳艳
呂濱%關雙城%劉曉紅%張豔豔
려빈%관쌍성%류효홍%장염염
主机安全%入侵防御%API 调用%行为分析
主機安全%入侵防禦%API 調用%行為分析
주궤안전%입침방어%API 조용%행위분석
Host security%Intrusion Prevention%API cals%Behavior Analysis
系统基于 API 监控原理,针对个人主机资源有限和系统应用相对稳定的特点,按照精简的设计原则,利用Hooking 技术截获 API 调用信息。在行为分析模式上,简化判定规则和执行逻辑,不需要复杂的行为分析算法和过程。系统的优势是具备动态的自动学习功能,通过前期的适应性训练,可以很快地适应用户系统并具备足够的入侵防御能力,对于防御频繁出现的非法访问和各种弹出窗口非常有效。
繫統基于 API 鑑控原理,針對箇人主機資源有限和繫統應用相對穩定的特點,按照精簡的設計原則,利用Hooking 技術截穫 API 調用信息。在行為分析模式上,簡化判定規則和執行邏輯,不需要複雜的行為分析算法和過程。繫統的優勢是具備動態的自動學習功能,通過前期的適應性訓練,可以很快地適應用戶繫統併具備足夠的入侵防禦能力,對于防禦頻繁齣現的非法訪問和各種彈齣窗口非常有效。
계통기우 API 감공원리,침대개인주궤자원유한화계통응용상대은정적특점,안조정간적설계원칙,이용Hooking 기술절획 API 조용신식。재행위분석모식상,간화판정규칙화집행라집,불수요복잡적행위분석산법화과정。계통적우세시구비동태적자동학습공능,통과전기적괄응성훈련,가이흔쾌지괄응용호계통병구비족구적입침방어능력,대우방어빈번출현적비법방문화각충탄출창구비상유효。
The system intercepts the API cal information using Hooking technology, according to the design principle of streamlined, in view of the characteristics of individual hosts with limited resources and relatively stable application , based on the principle of API monitoring. In the behavior analysis model the system simplifies the decision rules and execution logic, does not need the complex behavior analysis algorithm and process. The system has an advantage function of automotive learning, through adaptive training early, it can adapt to the user system quickly and have enough intrusion defense capability, and it is very effective for the defense of frequent ilegal access and pop-up window.