Authors: Easwaramoorthy Arul; Venugopal Manikandan
Addresses: Coimbatore Institute of Technology, Coimbatore-641 014,India ' Coimbatore Institute of Technology, Coimbatore-641 014,India
Abstract: Malwares enters into the victim system by injecting the code into victim system executable files or well-known files or folders. In this paper, the proposed dynamic runtime protection technique (DRPT) will ensure for protection of all the modes of the malware entering into the system. In the affected system, the behaviours of the injected file are monitored and controlled and the malware spreads either through online or offline modes via files. The DRPT unpack the malware, continuously monitors and analyses the windows application programming interface (API) calls in the imported and exported dynamic link library (DLL's) of the malwares to find the injection code. DRPT also protects against the malware spread into the other files and the stealing of information from the victim machine. The DRPT tested with 1,517 executable files, among which 811 malicious files have been taken with different malware families. The result of DRPT shows true positive of 94.20% and false positive of 0.05%.
Keywords: malware; dynamic runtime protection technique; DRPT; dynamic link library; DLL; application programming interface; API.
International Journal of Business Intelligence and Data Mining, 2019 Vol.14 No.1/2, pp.54 - 61
Received: 26 Mar 2017
Accepted: 23 Sep 2017
Published online: 16 Nov 2018 *