Abstract: The most popular mobile Operating System is Android. Due to its popularity it attracts many malware attacks. In fact people have uncover around one million new malware samples per quarter and it was reported that over 98 % of these new malware samples are in fact variants from existing malware families. In this paper we first show that runtime behaviors of malware’s core functionalities are in fact similar within a malware family. We propose a framework to combine runtime behavior with static structures to detect malware variants. We present the design and implementation of MONET which has a client and backend server module. The client module is a light-weight in device app for behavior monitoring and signature generation and we expound these using two novel interception techniques. The backend server is responsible for excellence scale malware detection. Our analysis shows that MONET can achieve accuracy in detecting malware variants. This paper examines the problem of malware in android and recent progress made in detection techniques. We first present a detailed analysis on how malware has evolved over the last years for the most popular stage. We identify show behaviors pursued goals infection and distribution strategies and provide numerous examples through case studies of the most relevant specimens. We next survey classify and ventilate efforts made on detecting both malware and other suspicious software.

Keywords: Code Offload Malware Detection, Android, Runtime Behavior, Mobile Computing, Energy Management, Jade System, Distributed Computing.