Interception and Automating Blocking of Malicious Traffic Based on NDIS Intermediate Driver

With the evolution of malware technology, modern malware often hide its malicious behavior in various methods. One of the popular manners is to conceal the network communication. This concealment technique poses obstacles to security mechanisms which are used to detect malicious behaviors. In this paper, we give an overview of the automated blocking malicious code technique, a new approach to computer security via malicious software analysis and automatic blocking software. In particular, this technique focuses on building a unified executable program analysis platform and using it to provide novel solutions to a broad spectrum of different security problems. We propose a technique for the Network Driver Interface Specification (NDIS) integrate together with a unified malicious software analysis platform. The NDIS model supports hybrid network transport NDIS drivers, called NDIS intermediate drivers. This driver lies between transport driver and NDIS driver. The advantage of using NDIS intermediate drivers is that it can see the entire network traffic taking place on a system as the drivers lie between protocol drivers and network drivers. By intercepting securityand#8208;related properties from network traffic directly, this technique enables a principled, root cause basedapproach to computer security, offering novel and effective solutions.