信息网络安全
信息網絡安全
신식망락안전
NETINFO SECURITY
2014年
8期
61-66
,共6页
进程管理%HOOK技术%API函数%安全性%自我保护
進程管理%HOOK技術%API函數%安全性%自我保護
진정관리%HOOK기술%API함수%안전성%자아보호
process management%HOOK technology%API function%security%self-protection
文章针对进程管理的安全性问题,分析了目前进程的类型和特点,并对几种常见恶意进程进行介绍。结合主动查找和监控的思想,提出了一种基于HOOK技术的进程管理安全分析策略。该策略借助Windows消息处理机制、API函数调用技术、数据库技术以及黑白名单规则等,将进程采集、进程分析、响应、黑白名单规则以及数据库添加等功能模块化,从安全性、低耗能、自我保护等方面对计算机系统进程进行监控和管理。系统能够分析出可疑、非法、高内存消耗的恶意进程,实现进程管理的安全运行。文章方案在VC语言平台下,针对局域网环境,分别对上述功能模块进行代码实现,最后从功能性测试(常用进程、进程采集、进程分析等),运行效率测试(系统自身的内存占用、CPU占用等)两个方面进行实验。实验结果表明,该方案可以安全、快速、准确地实现对系统进程的安全管理、对恶意进程的监控和强制关闭、对系统进程的自我保护功能,减轻安全管理人员监控的负担,从而提高其在网络安全工作中的效率。
文章針對進程管理的安全性問題,分析瞭目前進程的類型和特點,併對幾種常見噁意進程進行介紹。結閤主動查找和鑑控的思想,提齣瞭一種基于HOOK技術的進程管理安全分析策略。該策略藉助Windows消息處理機製、API函數調用技術、數據庫技術以及黑白名單規則等,將進程採集、進程分析、響應、黑白名單規則以及數據庫添加等功能模塊化,從安全性、低耗能、自我保護等方麵對計算機繫統進程進行鑑控和管理。繫統能夠分析齣可疑、非法、高內存消耗的噁意進程,實現進程管理的安全運行。文章方案在VC語言平檯下,針對跼域網環境,分彆對上述功能模塊進行代碼實現,最後從功能性測試(常用進程、進程採集、進程分析等),運行效率測試(繫統自身的內存佔用、CPU佔用等)兩箇方麵進行實驗。實驗結果錶明,該方案可以安全、快速、準確地實現對繫統進程的安全管理、對噁意進程的鑑控和彊製關閉、對繫統進程的自我保護功能,減輕安全管理人員鑑控的負擔,從而提高其在網絡安全工作中的效率。
문장침대진정관리적안전성문제,분석료목전진정적류형화특점,병대궤충상견악의진정진행개소。결합주동사조화감공적사상,제출료일충기우HOOK기술적진정관리안전분석책략。해책략차조Windows소식처리궤제、API함수조용기술、수거고기술이급흑백명단규칙등,장진정채집、진정분석、향응、흑백명단규칙이급수거고첨가등공능모괴화,종안전성、저모능、자아보호등방면대계산궤계통진정진행감공화관리。계통능구분석출가의、비법、고내존소모적악의진정,실현진정관리적안전운행。문장방안재VC어언평태하,침대국역망배경,분별대상술공능모괴진행대마실현,최후종공능성측시(상용진정、진정채집、진정분석등),운행효솔측시(계통자신적내존점용、CPU점용등)량개방면진행실험。실험결과표명,해방안가이안전、쾌속、준학지실현대계통진정적안전관리、대악의진정적감공화강제관폐、대계통진정적자아보호공능,감경안전관리인원감공적부담,종이제고기재망락안전공작중적효솔。
The strategy of the process managements' security and analyses based on hook technology was put forward against the security problems of process management, which analyzing the types and characters of recent vicious process. And under the help of message processing mechanism of Windows, API functions' invocation technologies, database technologies, the rules of black and white list and so on to achieve the modularity of the collection of process, the analysis of process, the responses, the rules of black and white list, the database’s adding and the like to monitor and manage system process from the aspects of security, low power, self-protection and the like. To analyze the malicious process of suspicious, illegal and high memory consumption, this could make the process management operating safely. The results of the experiment validate that under the VC language platform and aiming at LAN environment to achieve the functions’ modularity respectively above mentioned and ifnally experimenting from two aspects: the test of function (commonly-used process, the collection of process, the analysis of process and so on) as well as the test of operational efifciency (the memory usage of the system itself and the usage of CPU) the project can achieve security management of the system process safely, quickly and accurately, monitoring and force close the vicious process, realize the function of self-protection for system process and lighten the monitoring burdens of the safety regulators, thus improving the efifciency in the work of network security.
