System Design and Application of Real Time Inspection for Software Malicious Actions

In view of the analysis of hostility and working principle of the malicious software and their actions, based on the kernel driver, this paper designs a real-time inspection system framework and solution of malicious software and actions. This system applies shared memory, Windows message mechanism, I/O driver technology and others, implements information synchronization and data communications in interprocess which is between processes, the user mode and kernel mode. Syncretizing traditional detection mode (feature library), heuristic scan and active defensive technology, the system designs a hybrid anti-malicious actions monitoring system which is active to identify accurately the malicious behaviors in register table, process and Webpage. Finally, the application example and test results prove that this system reacts to malicious actions in a higher speed and identifies unknown malicious actions more effectively than compared software.