Some topic suggestions are listed below. Please note that the suggestions are not exhaustive — the selection committee will consider papers on any subjects that fall within the relevant areas.

Malware & botnets
0-days
APTs and targeted attacks
Banking malware
Linux threats
Adobe threats/security
Botnet analysis, infrastructure & takedowns
DGA algorithms
Exploit kits
Malware that targets specific AV products & their vulnerabilities
Web/browser attacks
Low-level attacks, such as UEFI, BIOS, DMA
Nation-sponsored attacks & espionage
Big Data challenges & capabilities
Anti-malware tools & methods
Classification/clustering/automation
Cloud/real-time blocking of malware
Testing trends/approaches
Multi-engine scanning
Automatic malware analysis
Custom malware signature creation
Whitelisting
Telemetry for classification
Reputation-based cloud services
Law enforcement work, view, focus
Security in multinational companies
Mobile devices
Android threats & security
Apple iOS threats & security
Windows mobile threats & security
Automated analysis systems for mobile platforms
Geolocated threats
Mobile botnets
Mobile anti-malware
BYOD
Malicious mobile ads
'Feudal security'
Spam & social networks
Anti-spam techniques
Targeted social engineering
SMS spam
Spam (campaign) analysis
Spam trends and statistics
Social network scams
Social networks and privacy
DNS-based blacklists
DKIM/SPF/DMARC
Social network spam
Hacking & vulnerabilities
Bug bounties
SCADA/ICS vulnerabilities
Penetration testing techniques
XSS/CSRF vulnerabilities
Medical device vulnerabilities
Hacktivism
Hacking ethics
Password cracking
Data breaches
Responsible disclosure
Network security
Network-level defences
DDoS attacks
SDN Openflow Sflow related topics
Network encryption
IPv6
DNS security
Network layer security and defence
Tor
DNSSEC
BGP