Adaptive unpacking of android apps

Lei Xue; Xiapu Luo; Le Yu; Shuai Wang; Dinghao Wu

doi:10.1109/ICSE.2017.40

Adaptive unpacking of android apps

Lei Xue, Xiapu Luo, Le Yu, Shuai Wang, Dinghao Wu

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

73 Citations (Scopus)

Abstract

More and more app developers use the packing services (or packers) to prevent attackers from reverse engineering and modifying the executable (or Dex files) of their apps. At the same time, malware authors also use the packers to hide the malicious component and evade the signature-based detection. Although there are a few recent studies on unpacking Android apps, it has been shown that the evolving packers can easily circumvent them because they are not adaptive to the changes of packers. In this paper, we propose a novel adaptive approach and develop a new system, named PackerGrind, to unpack Android apps. We also evaluate PackerGrind with real packed apps, and the results show that PackerGrind can successfully reveal the packers' protection mechanisms and recover the Dex files with low overhead, showing that our approach can effectively handle the evolution of packers.

Original language	English
Title of host publication	Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	358-369
Number of pages	12
ISBN (Electronic)	9781538638682
DOIs	https://doi.org/10.1109/ICSE.2017.40
Publication status	Published - 19 Jul 2017
Event	39th IEEE/ACM International Conference on Software Engineering, ICSE 2017 - Buenos Aires, Argentina Duration: 20 May 2017 → 28 May 2017

Publication series

Name	Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017

Conference

Conference	39th IEEE/ACM International Conference on Software Engineering, ICSE 2017
Country/Territory	Argentina
City	Buenos Aires
Period	20/05/17 → 28/05/17

Keywords

App Unpacking
Dynamic Analysis

ASJC Scopus subject areas

Safety, Risk, Reliability and Quality
Software

More information

10.1109/ICSE.2017.40

Cite this

Xue, L., Luo, X., Yu, L., Wang, S., & Wu, D. (2017). Adaptive unpacking of android apps. In Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017 (pp. 358-369). Article 7985676 (Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICSE.2017.40

@inproceedings{4bf7b6a2caee4c77b00d233e69fd585d,

title = "Adaptive unpacking of android apps",

abstract = "More and more app developers use the packing services (or packers) to prevent attackers from reverse engineering and modifying the executable (or Dex files) of their apps. At the same time, malware authors also use the packers to hide the malicious component and evade the signature-based detection. Although there are a few recent studies on unpacking Android apps, it has been shown that the evolving packers can easily circumvent them because they are not adaptive to the changes of packers. In this paper, we propose a novel adaptive approach and develop a new system, named PackerGrind, to unpack Android apps. We also evaluate PackerGrind with real packed apps, and the results show that PackerGrind can successfully reveal the packers' protection mechanisms and recover the Dex files with low overhead, showing that our approach can effectively handle the evolution of packers.",

keywords = "App Unpacking, Dynamic Analysis",

author = "Lei Xue and Xiapu Luo and Le Yu and Shuai Wang and Dinghao Wu",

year = "2017",

month = jul,

day = "19",

doi = "10.1109/ICSE.2017.40",

language = "English",

series = "Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "358--369",

booktitle = "Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017",

note = "39th IEEE/ACM International Conference on Software Engineering, ICSE 2017 ; Conference date: 20-05-2017 Through 28-05-2017",

}

Xue, L, Luo, X, Yu, L, Wang, S & Wu, D 2017, Adaptive unpacking of android apps. in Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017., 7985676, Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017, Institute of Electrical and Electronics Engineers Inc., pp. 358-369, 39th IEEE/ACM International Conference on Software Engineering, ICSE 2017, Buenos Aires, Argentina, 20/05/17. https://doi.org/10.1109/ICSE.2017.40

Adaptive unpacking of android apps. / Xue, Lei; Luo, Xiapu; Yu, Le et al.
Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 358-369 7985676 (Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017).

Research output: Chapter in book / Conference proceeding › Conference article published in proceeding or book › Academic research › peer-review

TY - GEN

T1 - Adaptive unpacking of android apps

AU - Xue, Lei

AU - Luo, Xiapu

AU - Yu, Le

AU - Wang, Shuai

AU - Wu, Dinghao

PY - 2017/7/19

Y1 - 2017/7/19

N2 - More and more app developers use the packing services (or packers) to prevent attackers from reverse engineering and modifying the executable (or Dex files) of their apps. At the same time, malware authors also use the packers to hide the malicious component and evade the signature-based detection. Although there are a few recent studies on unpacking Android apps, it has been shown that the evolving packers can easily circumvent them because they are not adaptive to the changes of packers. In this paper, we propose a novel adaptive approach and develop a new system, named PackerGrind, to unpack Android apps. We also evaluate PackerGrind with real packed apps, and the results show that PackerGrind can successfully reveal the packers' protection mechanisms and recover the Dex files with low overhead, showing that our approach can effectively handle the evolution of packers.

AB - More and more app developers use the packing services (or packers) to prevent attackers from reverse engineering and modifying the executable (or Dex files) of their apps. At the same time, malware authors also use the packers to hide the malicious component and evade the signature-based detection. Although there are a few recent studies on unpacking Android apps, it has been shown that the evolving packers can easily circumvent them because they are not adaptive to the changes of packers. In this paper, we propose a novel adaptive approach and develop a new system, named PackerGrind, to unpack Android apps. We also evaluate PackerGrind with real packed apps, and the results show that PackerGrind can successfully reveal the packers' protection mechanisms and recover the Dex files with low overhead, showing that our approach can effectively handle the evolution of packers.

KW - App Unpacking

KW - Dynamic Analysis

UR - http://www.scopus.com/inward/record.url?scp=85019246649&partnerID=8YFLogxK

U2 - 10.1109/ICSE.2017.40

DO - 10.1109/ICSE.2017.40

M3 - Conference article published in proceeding or book

AN - SCOPUS:85019246649

T3 - Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017

SP - 358

EP - 369

BT - Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 39th IEEE/ACM International Conference on Software Engineering, ICSE 2017

Y2 - 20 May 2017 through 28 May 2017

ER -

Xue L, Luo X, Yu L, Wang S, Wu D. Adaptive unpacking of android apps. In Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 358-369. 7985676. (Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017). doi: 10.1109/ICSE.2017.40

Adaptive unpacking of android apps

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

More information

Other files and links

Fingerprint

Cite this