摘要： 提出了一种结合系统调用和过滤器驱动技术的基于行为HIPS，通过在操作系统内核的两个层次上实施强制访问控制，来实时阻止已知和未知攻击的破坏。研究了在Windows2000/XP操作系统中，可应用的安全策略及支持这些策略的实施机制。

关键词: 检测, 访问控制, 主机入侵防护系统

Abstract: This paper presents a behavior-based host intrusion prevention system(HIPS) combined with system call and filter driver technology. By implementing mandatory access control (MAC) in two lays of host operation system kernel, this system can hold back known and unknown attacks. It focuses on the research of applicable security policies and implementation mechanism in Windows2000/XP.

Key words: Detection, Access control, Host intrusion prevention system(HIPS)