基于钩子技术的终端安全监管系统设计与实现
Design and Implementation of Terminal Security Supervision System Based on Hook Technology
摘要: 针对企业计算机终端和信息系统面临诸多内部安全风险,尤其是内部人员误操作和恶意篡改所带来的安全威胁,基于Windows系统的钩子技术,设计并实现Windows平台的终端安全监管系统。系统通过钩子技术监听键盘和鼠标操作,以用户输入口令敲击键盘时独特的韵律来强化身份认证,对用户的行为进行完善记录,实现操作回放和逆向解析,并具备文档和系统配置的篡改检测与自动恢复功能,对内部人员攻击有较好的防范效果。测试表明,韵律密码可显著提升对口令泄露和冒名登录的防御能力,系统能正确记录并解析用户操作行为,对常见的篡改手段能自动恢复。
Abstract:
In view of the internal security risks faced by computer terminals and information systems in en-terprise, especially the security threats caused by internal personnel misoperation and malicious tampering, a terminal security supervision system based on the hook technology for Windows platform is designed and implemented. The keyboard and mouse operations are monitored through hook technology, which strengthens identity authentication with the unique rhythm of users when inputting the password through keyboard. The user’s behaviors are perfectly recorded, and the operation playback and reverse analysis are realized. Also, tampering with documents and system configurations can be detected and automatically recovered, which has a good preventive effect against internal personnel attacks. Tests showed that the rhythm password can significantly improve the defense ability against password disclosure and fake login. The system can correctly record and analyze the user’s operations, and common tampering can be automatically recovered.
参考文献
|
[1]
|
丁祥海, 贾坤, 王志会, 等. 基于界壳综合实力的企业信息系统安全评价研究[J]. 科技管理研究, 2021, 41(5): 144-150.
|
|
[2]
|
方玲, 仲伟俊, 梅姝娥. 企业信息系统安全技术策略选择: 自主防御还是外包[J]. 管理工程学报, 2019, 33(1): 205-213.
|
|
[3]
|
王剑平, 徐仙华. 火电厂热控系统网络安全建设探讨[J]. 热力发电, 2020, 49(1): 120-124.
|
|
[4]
|
游海鸿, 刘丽娜, 徐大伟. 医院网络安全系统的设计与实现[J]. 武警医学, 2021, 32(9): 827-828.
|
|
[5]
|
王晓恒, 杨勇昌. 军工企业信息安全保密管理体系文件构建与应用[J]. 信息安全与通信保密, 2018(11): 44-50.
|
|
[6]
|
李军, 黄健, 朱豪杰. 内部网络安全监管指标体系设计与实现[J]. 通信技术, 2022, 55(2): 241-246.
|
|
[7]
|
赵志恒, 于秀山, 黄松, 等. 基于Windows Hook的GUI测试操作捕获方法[J]. 计算机工程与设计, 2016, 37(3): 660-664.
|
|
[8]
|
张治元, 田国忠. 基于击键韵律的身份认证模型设计与实现[J]. 计算机应用, 2009, 29(10): 2799-2801.
|