| 一种基于Winsock2 SPI架构的网络监控程序自我保护方案设计与实现 |
| |
| 引用本文: | 张亚航,文伟平.一种基于Winsock2 SPI架构的网络监控程序自我保护方案设计与实现[J].信息网络安全,2009(5):44-46. |
| |
| 作者姓名: | 张亚航 文伟平 |
| |
| 作者单位: | 北京大学软件与微电子学院信息安全系,北京,102600 |
| |
| 摘 要: | 如何保证涉密网络信息保密的问题一直受到政府、军队、航天等涉及国家秘密的行业所关注。在软件层次对计算机用户进行监控是一个较好的解决方案。这篇文章提出并实现了基于Winsock2 SPI框架的网络监控自我保护方案。监控程序本身的自我保护技术是保证网络监控抵抗非法用户攻击的关键。基于这种方案的网络监控程序能够将监控线程同系统关键进程进行绑定,既实现了程序的进程隐藏,又能够防止高级非法用户强制关闭监控程序,并且能够同Rootkit技术等其他相结合共同提高程序自我保护性能。
|
| 关 键 词: | 涉密网络 Winsock2 SPI 自我保护 |
Design and Implementation of Self-Protection Scheme for Network Monitor Program Based on Winsock2 SPI Framework |
| |
| ZHANG Ya-hang,WEN Wei-ping.Design and Implementation of Self-Protection Scheme for Network Monitor Program Based on Winsock2 SPI Framework[J].Netinfo Security,2009(5):44-46. |
| |
| Authors: | ZHANG Ya-hang WEN Wei-ping |
| |
| Affiliation: | (Department of Information Security, SSM, Peking University, Beijing 102600, China) |
| |
| Abstract: | The problem that how to protect the information without divulging in a secret-related network in terms of departments of government, army and energy is always be regarded by people. It is a good way to solve this problem by monitoring the computer user in the secret-related network using software. This paper presents and implements a self-protection scheme for network monitor program based on Winsock2 SPI Framework. The self-protection technology of the network monitor is the key point that protects the network monitor from being attacked by illegal users. The network monitor program based on this scheme can bind itself with the critical system process to hide the monitor process itself and protected itself being shut down or delete by senior attacker, besides, this technology can work with other technologies like rootkit to improve the performance of the monitor program. |
| |
| Keywords: | Winsock2SPI |
| 本文献已被 维普 万方数据 等数据库收录! |
