Abstract

Due to technological progress, mobile phones evolved into technically and functionally sophisticated devices called smartphones. Providing comprehensive capabilities, smartphones are getting increasingly popular not only for the targeted users but all. Since 2004, several malwares appeared targeting these devices. General countermeasures to smartphone malwares are currently limited to signature-based anti-virus scanners which efficiently detect known malwares, but they have serious shortcomings with new and unknown malwares creating a window of opportunity for attackers. As smartphones become a host for sensitive data and applications, extended malware detection mechanisms not basing on signatures are necessary complying with the resource constraints of current mobile devices. In this work, we tackle the field of smartphone malware. We give a clear definition on what a smartphone actually is since an industry standard does not exist. For understanding the threat of malwares targeting smartphones, we present an updated list including all published malwares that were recognized by anti-virus companies until the end of 2010. We introduce the fields of dynamic and static analysis. In the field of dynamic analysis, a monitoring system is introduced gathering behavior and system-based information that are processed by a remote system using machine learning for anomaly detection. Furthermore, a monitoring and detection architecture for linux-based smartphones is presented which is used to trace execution of binaries for extracting invoked system calls. In the field of static analysis, we discuss its applicability to the domain of different smartphone platforms, namely Symbian OS and Android. In both cases, function and system calls are used that are extracted from binaries in a static manner. Results of the analyses are promising and showed competitive character in comparison with standard state-of-the-art learning algorithms, such as Naive Bayes.