| 基于Hook的程序异常行为检测系统设计与实现 |
| |
| 引用本文: | 郝东白,郭林,黄皓.基于Hook的程序异常行为检测系统设计与实现[J].计算机工程与设计,2007,28(18):4373-4376. |
| |
| 作者姓名: | 郝东白 郭林 黄皓 |
| |
| 作者单位: | 1. 南京大学,计算机科学与技术系,江苏,南京,210093;南京大学,软件新技术国家重点实验室,江苏,南京,210093;南京陆军指挥学院,信息作战与指挥系,江苏,南京,210045
2. 南京大学,计算机科学与技术系,江苏,南京,210093;南京大学,软件新技术国家重点实验室,江苏,南京,210093 |
| |
| 基金项目: | 江苏省高技术研究发展计划项目 |
| |
| 摘 要: | 从程序访问的资源入手,从中重点选取了注册表、文件以及创建其它进程这些资源的操作为主要监控点,实时检测进程操作资源的行为,并进行关联分析,给出了一种基于系统服务Hook的程序异常行为检测系统.重点介绍了Hook相关技术和该系统的设计结构与实现要点.最后,通过实验验证了该系统的可行性和有效性.
|
| 关 键 词: | 资源 进程 钩子 系统服务 监控 关联 Hook 程序 异常行为检测 系统设计 service system based anomaly detection behavior program implementation 有效性 实验验证 设计结构 相关 检测系统 系统服务 关联分析 实时检测 监控点 |
| 文章编号: | 1000-7024(2007)08-4373-04 |
| 修稿时间: | 2006-11-15 |
Design and implementation of program behavior anomaly detection system based on system service hook |
| |
| HAO Dong-bai,GUO Lin,HUANG Hao.Design and implementation of program behavior anomaly detection system based on system service hook[J].Computer Engineering and Design,2007,28(18):4373-4376. |
| |
| Authors: | HAO Dong-bai GUO Lin HUANG Hao |
| |
| Affiliation: | 1. Department of Computer Science and Technology, Nanjing University, Nanjing 210093, China; 2. State Key Laboratory for Novel Software Technology, Nanjing University, Nanjing 210093, China; 3. Department of Information Operation, Nanjing Army Command College, Nanjing 210045, China |
| |
| Abstract: | This paper started with monitoring system resource of program access. Registry and file and process resource creation are fo- cused on and associated to detect program behavior anomaly at runtime, a program behavior anomaly detection system is designed and implemented based on operating system service Hook some key techniques of Hook are introduced as well as the design structure and im- plementation points of this system. At last,the experimental result validated the feasibility and availability of this system. |
| |
| Keywords: | resource process hook system service monitoring association |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
