摘要 |
PURPOSE: A kernel interface device in an IDS(Intrusion Detection System) for system security and a method therefor are provided to monitor any event without exception by recognizing a kernel interface, which can execute monitoring and reporting for system event generation at the same with system booting, as a driver, software-type hardware, and making it operated in the early stage of booting. CONSTITUTION: A kernel interface device in an IDS(Intrusion Detection System) for system security consists of a ring '0' monitor driver(310), a ring '3' application program(330), and a kernel interface driver(320). The ring '0' monitor driver(310) monitors events of a ring '0' level for the transmission and reception of driver information between a ring '0' kernel mode and a ring '3' user mode. The ring '3' application program(330) is executed in the ring '3' user mode. The kernel interface driver(320) transmits the events monitored between the ring '0' monitor driver(310) and the ring '3' application program(330). The kernel interface driver(320) is comprised of a data channel(321), a cyclic data buffer(322), a system service thread(323), a kernel interface(331), and a synchronization information buffer(340).
|