Introduction to the Special Issue on Challenges and Trends in Malware Analysis

Malicious software (malware) has become one of the main threats to Internet security, with a sustained growth in complexity and volume during the last three decades. Malware has experienced an impressive evolution since the 1980s, moving from simple worms, backdoors, and file-infection viruses to multi-stage campaigns, complex platforms that support a variety of modules, and sophisticated evasion mechanisms that make analysis increasingly difficult [2]. A key reason for this evolution is the fact that the malware industry long ago acquired the role of a commodity [1, 3] in the underground cybercrime economy [4]. This prompted malware developers to continuously improve their arsenal of techniques tailored to make quick money in different ways, from click fraud and spamming to cryptocurrency mining and bank credentials theft. The increasing sophistication and impact of malware attacks has gone hand-in-hand with a growing interest from both industry and academia in defense and analysis techniques. Traditional signature-based malware detection techniques are easily bypassed by samples using obfuscation, software packing, or other similar techniques [5]. In addition, malware often incorporates capabilities to detect the execution environment and change its behavior when it runs on an analysis system. In this ever-changing world, there is a need for a broader spectrum of techniques to understand, detect, and respond in a timely manner to the diverse nature of malware. This special issue welcomed submissions on these important challenges, including survey studies and works presenting novel research and experimentation results on malware science. We selected three papers that report novel methodologies and results in two key areas of malware detection and analysis: malware targeting smartphone platforms and analysis techniques using dynamic binary instrumentation (DBI). Each submission was reviewed by at least three reviewers and went through two rounds of reviews that helped the authors to address the identified issues. In the article “Dynamic Detection of Mobile Malware using Smartphone Data and Machine Learning,” the authors explore the problem of detecting mobile malware using features related to performance counts (e.g., CPU, battery, and memory usage). These features can be obtained without requiring privileged access, making the approach highly applicable to current platforms. The authors present several machine learning models that are tested with a dataset of known mobile Trojans and show promising results.