| In recent years,with the rapid development of computer and network technologies,and network applications is coming into all walks of life,providing people with a great convenience,freedom and unlimited wealth.However,the information network not only brought all kinds of material and cultural enjoyment,but also brought negative impact can not be ignored.In order to protect the safety and reliability of the information network,a lot of security technologies and products emerged in to protect all aspects of the information network.It is in this context,host intrusion prevention system has been duly noted.As a last line of defense for network security,host intrusion defense system of protection goals is the host.Check the legitimacy of the system call,the host intrusion defense system in real time detecting and stopping attacks.This paper introduced the research of host intrusion prevention system,elaborated on the design ideas of the host intrusion prevention system,and made in-depth study of key technologies.In this paper,the realization of the host intrusion prevention system uses kernel hooks hooked to the critical system services of the operating system kernel,which intercept from the underlying operating system,and has a strong ability to control,can monitor the operating system real-timely,comprehensively.The specific functions of this defense system,including file access monitoring,process load monitoring,registry access monitoring,driver load monitoring and self-protection.In addition,the defense system hooked to the file system driver’s message dispatch function to achieve a transparent file encryption and decryption,which provides a double protection of sensitive documents.This paper made in-depth study of the host intrusion prevention system,and has some theoretical value,while its implementation also has good practical value. |