摘要
随着信息技术的广泛应用,要害部门和机构对敏感机密文件的保护也越来越重视。现有的监控技术很难发现具有危害的文件操作行为。在对中间层驱动进行分析的基础上,提出了基于IRP序列的文件行为监控模型,并解决了IRP信息的异步提取、序列跟踪和行为判定方法等关键问题,提高了文件行为监控的覆盖率和判定的准确性。对比实验验证了提出方法的有效性和准确性。
With the extensive application of information technology, key organizations pay increasing attention to the protection of sensitive or confidential files. But existing monitoring techniques can hardly find harmful file operations. After the analysis of the intermediate driver, a file monitoring model based on the IRP feature sequence is proposed. With this model, key issues such as the asyn-chronous extraction of IRP feature information, sequence tracking and operation judging can be solved effectively, which means improved file monitoring coverage and judgment accuracy. Compar-ative experiments demonstrate the validity and accuracy of the proposed method.
出处
《信息工程大学学报》
2012年第4期508-512,共5页
Journal of Information Engineering University
基金
河南省重大科技攻关专项资助项目(092101210501)
