Abstract: RSAP technology injects the protection module itself into the application, integrates with the application, has the ability of real-time monitoring and blocking attacks, and becomes one of the protection means of key information infrastructure. By analyzing the detection principle of rasp technology and combining with the analysis of examples, this paper lists the defects of rasp technology, and summarizes the solutions to make up for the limitations of rasp technology combined with the advantages of rasp technology close to the attack foothold and trusted detection based on white list, which has strong detection ability and can prevent unknown threats It can provide more comprehensive protection for the key information infrastructure, and is the technical realization of the Ministry of public security's "three modernizations and six Preventions" protection idea.

Key words: RASP, limitation, critical information infrastructure, white list, detection bypass

摘要： RSAP技术是将防护模块自身注入到应用程序中，与应用程序融为一体，具有实时监测、阻断攻击的能力，成为关键信息基础设施的防护手段之一。本文通过分析RASP技术的检测原理并结合实例分析，列举了RASP技术存在缺陷，并结合关键信息基础设施防护中的工作实践总结出弥补RASP技术局限性的解决方案，该方案结合了RASP技术贴近攻击落脚点与基于白名单可信检测的优点，具有检测能力强，可以预防未知威胁的特点，可以为关键信息基础设施提供更全面的防护，是公安部“三化六防”防护思路的技术实现。

关键词: RASP, 局限性, 关键信息基础设施, 白名单, 检测绕过