摘要:Based on the analysis of several kinds of methods generally used to intercept network packets in different layers, a dynamic mechanism using NDIS intermediate drivers is proposed to protect web security, which can block malicious connection in real time. The mechanism is mainly composed of three components which include NDIS intermediate driver-based interception module, filter module and cooperation module. Characteristics of every component are also introduced. Then the system realization is discussed in detail. Finally, experiments results show that the system can detect attacks and intercept malicious packets effectively, and the time delay of the developed driver from intercepting to denying or passing data is small.