Description: There are more and more serious attacks on Windows operating systems, and a number of Native API sequences are proposed
The step consensus model and index iteration detection algorithm realize the abnormal invasion of Windows operating system from kernel space
Design kernel virtual device to intercept system service allocation table so that Native API information can be obtained in real time
The Native API data establishes a one-step and two-step consensus model to describe the normal behavior of the process. During the detection process, the index is passed
Iterative detection algorithm can be used to measure the normal index of Native API
The analysis can only determine the corresponding attack, providing guarantee for the administrator to master the security situation of the system in time
The experimental results of Windows operating system show that the method has good accuracy.
File list (Check if you may need any files):