Bullet-proof detection of mobile malware

Current Anti-Virus (AV) software works in a similar way to how TSA personnel screens air travelers as they enter the airport - based on their identification documents, belongings and behavior. This is a labor-intensive approach that needs constant updates of blacklists. In the context of mobile malware, this approach will be too costly - in terms of system resources - once the number of malware threats increase. Keeping with our analogy, this is similar to how it would be too expensive to deploy TSA personnel for each taxi, bus, and other form of public transportation, should these start to be targeted by attackers. In this talk, we will argue for a paradigm shift to address this problem. We describe a solution based on a centralized pattern-based anomaly detection, and associated techniques to guarantee truthful reporting from devices - without draining their batteries. An additional benefit of the proposed solution is that it allows retroactive detection - and even if the detection software is installed after the infection occurs.