论文部分内容阅读
USB设备的普及对内部网的信息安全形成了很大的威胁,用户有意或无意地违规操作,如数据拷贝、拨号上网和打印操作行为等,都有可能造成敏感信息的泄露。该文提出了一个通用的监控模型,对用户的USB设备操作行为进行监控,通过驱动注入的方法实现了USB设备实时监控系统(UDMC),UDMC采用集中式管理,分布式控制架构,具有动态的USB设备变更检测、类型检测、敏感USB设备控制,安全警报,日志审计等功能。应用表明,UDMC能够有效地控制和降低USB设备对内部网造成的信息安全风险。
The popularization of USB devices poses a great threat to the information security of intranet. Users may intentionally or unintentionally violate the operation, such as data copy, dial-up and print operation behavior, which may cause the disclosure of sensitive information. This paper presents a universal monitoring model to monitor the operation of the user’s USB device, realizes the USB device real-time monitoring system (UDMC) through the method of driver injection. UDMC adopts the centralized management and distributed control architecture with dynamic USB device change detection, type detection, sensitive USB device control, security alerts, log audit and other functions. Application shows that UDMC can effectively control and reduce the USB device on the intranet caused by information security risks.