Research On The Application Of File System Filter Driver In Anti-malicious Code

Confronted with the explosion of computer and communication technologies, the connection among human and information resources, information technology, information industry's is becoming more and more tighter. It makes Information Warfare, which is the martial behaviors in the Information Age, acted as water for life in economics and defense technology. Both malicious code technology and anti-malicious code technology acting as the necessary weapons of Information Warfare are rapidly developing. The status of building up the Information security is brought to an unprecedented height. This paper presents a strategy to prevent the malicious code invades computer in their stage of spread, rejects the access before the malicious code carrying out damage, thereby it reduces the malicious code's destructive。On the basis of this strategy, this paper also poses a case on anti-malicious technology based on File System Filter Driver named as Defender.Based on the analysis of malicious code and anti-malicious code technologies'development and trends, detailed analysis of the popular operating system ---- Windows operating system, and the architecture of Windows NT, coding according to the kernel-mode principles, as well as operations control process of files translate from user-model to the disk, and in-depth study of the file system filter driver technique, this paper presents an strategy based on kernel-model through a special files write access control, which guard the computer system applying the precautionary technology and detect technology to prevent invasion from malicious code .It assures the information system's integrity and reliability .In addition, compared with the technology of access control based on system call ,it plunge into the kernel of operating system, which enforcing higher security; at the same time, competed with malicious code detection method based on defense , it does not depend on prior knowledge of malicious code, against unknown malicious code so it realizes a dynamic defense.