Dynamic runtime protection technique against the file system injecting malwares

Abstract

Malwares enters into the victim system by injecting the code into victim system executable files or well-known files or folders. In this paper, the proposed dynamic runtime protection technique (DRPT) will ensure for protection of all the modes of the malware entering into the system. In the affected system, the behaviours of the injected file are monitored and controlled and the malware spreads either through online or offline modes via files. The DRPT unpack the malware, continuously monitors and analyses the windows application programming interface (API) calls in the imported and exported dynamic link library (DLL's) of the malwares to find the injection code. DRPT also protects against the malware spread into the other files and the stealing of information from the victim machine. The DRPT tested with 1,517 executable files, among which 811 malicious files have been taken with different malware families. The result of DRPT shows true positive of 94.20% and false positive of 0.05%.