By Topic

Implementation of program behavior anomaly detection and protection using hook technology

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

3 Author(s)
Jianfang Shen ; Fac. of Comput., Guangdong Univ. of Technol., Guangzhou ; Lianglun Cheng ; Xiufen Fu

Windows is an operating system based on message which is built on event - driven mechanism. Hook is one of surveillance point of message processing mechanism in Windows system. In this paper using Windows kernel technology, using Hook Service Table to replace Native's API, detect process and thread behavior, and realize detection and protection of registry and file and process. A program behavior anomaly detection and protection system is designed and implemented in Windows operating system. Hook and some key techniques of Hook are introduced, system frame and key technology of this system. At last, the experimental result validated the feasibility and availability of this system.

Published in:

Communications and Mobile Computing, 2009. CMC '09. WRI International Conference on  (Volume:3 )

Date of Conference:

6-8 Jan. 2009