Research And Implementation Of Host Security Technology

In the last few years mass viruses, worms, Trojan horses and other malicious code have caused massive damage to individuals and organizations. Today, most of the security product vendors rely on signature-based technologies to detect malicious code. Signature-based detection identifies viruses using a unique string of bits that cannot be forged. However, threats and cyber criminals have advanced beyond the capabilities of any signature-based detection system. Security systems search for this binary pattern and halt file execution when it encounters a virus signature. If the database does not contain a specific signature, it is possible that viruses may slip through. New vulnerabilities and new exploits provide attackers with a wide enough window of opportunity to launch malicious rootkits and other sorts of marvel that remain completely undetected by signature-based security software.In this paper, a highly functional behavior based security framework is designed with kernel mode protection that provides functions such as process monitor,real-time file monitor and real-time registry monitor. In addition to this it also provides enhanced data protection and operating system integrity by monitoring the behavior of all running processes and loaded drives.This is a Host-based Intrusion Prevention System (HIPS),it protects MS Windows systems from various malware and spyware programs by monitoring all running programs' behavior and blocking malicious or suspicious actions. It provides you with protection against attacks that can bypass traditional firewalls, anti-virus, and other signature based security tools that can only deal with known threats already described in their signature database.In the first, some main technologies to detect malware programs will be introduced. Then, an active host protect system is basically established from study to design. The system will be divided into application protect, file protect and registry protect. The detail structure of system will be given. At the end of the paper, the advantages and disadvantages of the system will be analyzed, the future of the study filed will also be discussed.