摘要： USB 设备的普及对内部网的信息安全形成了很大的威胁，用户有意或无意地违规操作，如数据拷贝、拨号上网和打印操作行为等，都有可能造成敏感信息的泄露。该文提出了一个通用的监控模型，对用户的USB 设备操作行为进行监控，通过驱动注入的方法实现了USB设备实时监控系统(UDMC)，UDMC 采用集中式管理，分布式控制架构，具有动态的USB 设备变更检测、类型检测、敏感USB 设备控制，安全警报，日志审计等功能。应用表明，UDMC 能够有效地控制和降低USB 设备对内部网造成的信息安全风险。

关键词: WDM；驱动注入；USB 设备监控

Abstract: At present, USB devices are used widely, these are a serious menace to security of information in the Intranet. The action of users like copying data, connecting to network and printing file be likely to make information to blab. This paper puts forward a universal model and realizes a real-time system to monitor and control USB device based on driver injection, This system named UDMC. UDMC can check the type of USB device and monitor the change of state, if this device is a hypersensitive device, system will forbid it and raise the alarm, and UDMC will log this event. In this way, UDCM can protect important information from leak in the intranet.

Key words: WDM; Driver injection; USB device monitor and control