Abstract
In view of the analysis of hostility and working principle of the malicious software and their actions, based on the kernel driver, this paper designs a real-time inspection system framework and solution of malicious software and actions. This system applies shared memory, Windows message mechanism, I/O driver technology and others, implements information synchronization and data communications in interprocess which is between processes, the user mode and kernel mode. Syncretizing traditional detection mode (feature library), heuristic scan and active defensive technology, the system designs a hybrid anti-malicious actions monitoring system which is active to identify accurately the malicious behaviors in register table, process and Webpage. Finally, the application example and test results prove that this system reacts to malicious actions in a higher speed and identifies unknown malicious actions more effectively than compared software.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call