G. Suarez-Tangil, J. E. Tapiador, P. Peris, and A.

Ribagorda, “Evolution, detection and analysis of malware

for smart devices,”

Smart devices equipped with powerful sensing, computing and networking capabilities have proliferated
lately, ranging from popular smartphones and tablets to Internet appliances, smart TVs, and others that
will soon appear (e.g., watches, glasses, and clothes). One key feature of such devices is their ability to
incorporate third-party apps from a variety of markets. This poses strong security and privacy issues to
users and infrastructure operators, particularly through software of malicious (or dubious) nature that
can easily get access to the services provided by the device and collect sensory data and personal
information. Malware in current smart devices -mostly smartphones and tablets- have rocketed in the
last few years, in some cases supported by sophisticated techniques purposely designed to overcome
security architectures currently in use by such devices. Even though important advances have been
made on malware detection in traditional personal computers during the last decades, adopting and
adapting those techniques to smart devices is a challenging problem. For example, power consumption
is one major constraint that makes unaffordable to run traditional detection engines on the device,
while externalized (i.e., cloud-based) techniques rise many privacy concerns. This article examines the
problem of malware in smart devices and recent progress made in detection techniques. We first
present a detailed analysis on how malware has evolved over the last years for the most popular
platforms. We identify exhibited behaviors, pursued goals, infection and distribution strategies, etc. and
provide numerous examples through case studies of the most relevant specimens. We next survey,
classify and discuss efforts made on detecting both malware and other suspicious software (grayware),
concentrating on the 20 most relevant techniques proposed between 2010 and 2013. Based on the
conclusions extracted from this study, we finally provide constructive discussion on open- research
problems and areas where we believe that more work is needed.

Y. Zhou and X. Jiang, “Dissecting Android malware: Characterization and evolution,”

The popularity and adoption of smart phones has greatly stimulated the spread of mobile malware,
especially on the popular platforms such as Android. In light of their rapid growth, there is a pressing
need to develop effective solutions. However, our defense capability is largely constrained by the
limited understanding of these emerging mobile malware and the lack of timely access to related
samples. In this paper, we focus on the Android platform and aim to systematize or characterize existing
Android malware. Particularly, with more than one year effort, we have managed to collect more than
1,200 malware samples that cover the majority of existing Android malware families, ranging from their
debut in August 2010 to recent ones in October 2011. In addition, we systematically characterize them
from various aspects, including their installation methods, activation mechanisms as well as the nature
of carried malicious payloads. The characterization and a subsequent evolution-based study of
representative families reveal that they are evolving rapidly to circumvent the detection from existing
mobile anti-virus software. Based on the evaluation with four representative mobile security software,
our experiments show that the best case detects 79.6% of them while the worst case detects only 20.2%
in our dataset. These results clearly call for the need to better develop next-generation anti-mobile-
malware solutions.

G. Suarez-Tangil, F. Lombardi, J. E. Tapiador, and R. Di Pietro, “Thwarting obfuscated malware via

differential fault analysis,”

Detecting malware in mobile applications has become increasingly complex as malware developers turn
to advanced techniques to hide or obfuscate malicious components. Alterdroid is a dynamic-analysis
tool that compares the behavioral differences between an original app and numerous automatically
generated versions of it containing carefully injected modifications.