Research And Implementation Of Behavior-based Host Intrusion Prevention System

With the acceleration of the process of information and the rapid development of the Internet technology, people's learning, working and living level of information is gradually deepening. Their efficiency is greatly improved and more people share information resources on the Internet. It must recognize that followed the development of information network security issues are also important. Host invasion and attacking are increasing and Invasive techniques are also changing and they give the security of personal information great damage.The traditional firewall because working in network boundary, cannot replace the whole security system and Intrusion Detection System only can passive detection attack. Because of these shortcomings of the system itself, the key issue is that network defense system does not automatically make a reliable, targeted and adaptive response. For the lack of firewall and IDS and this ideology in the layered defense, this paper designs a host intrusion defense system. It applies to control the strong ability of kernel system call intercept technology and makes a comprehensive design and implemented partially.Firstly, the paper introduces intrusion defense system research status. It explains and compares advantages and disadvantages of the current intrusion detection and intrusion prevention defense system. It mainly introduces this design system applied access control technology and packet filtering technology, then, gives the system calling the method and implementation process.Secondly, through the intrusion detection and intrusion prevention systems analysis this paper designs a host intrusion defense system and carefully describes the overall system framework and the overall process. It mainly introduces the intrusion detection and intrusion defense system respectively in material misstatement, omission and their safety problems.Finally, through the access control technology and system call technology, this paper develops a based on behavior host intrusion defense system son module including file protection, registry protection, process protection and self protection. On behavior-based host intrusion prevention system simulation, code injection attacks as an example to show the effectiveness in practice and application.