Adaptive unpacking of android apps

Lei Xue, Xiapu Luo, Le Yu, Shuai Wang, Dinghao Wu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

22 Citations (Scopus)

Abstract

More and more app developers use the packing services (or packers) to prevent attackers from reverse engineering and modifying the executable (or Dex files) of their apps. At the same time, malware authors also use the packers to hide the malicious component and evade the signature-based detection. Although there are a few recent studies on unpacking Android apps, it has been shown that the evolving packers can easily circumvent them because they are not adaptive to the changes of packers. In this paper, we propose a novel adaptive approach and develop a new system, named PackerGrind, to unpack Android apps. We also evaluate PackerGrind with real packed apps, and the results show that PackerGrind can successfully reveal the packers' protection mechanisms and recover the Dex files with low overhead, showing that our approach can effectively handle the evolution of packers.

Original languageEnglish (US)
Title of host publicationProceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages358-369
Number of pages12
ISBN (Electronic)9781538638682
DOIs
StatePublished - Jul 19 2017
Event39th IEEE/ACM International Conference on Software Engineering, ICSE 2017 - Buenos Aires, Argentina
Duration: May 20 2017May 28 2017

Publication series

NameProceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017

Other

Other39th IEEE/ACM International Conference on Software Engineering, ICSE 2017
CountryArgentina
CityBuenos Aires
Period5/20/175/28/17

Fingerprint

Packers
Application programs
Reverse engineering
Android (operating system)

All Science Journal Classification (ASJC) codes

  • Safety, Risk, Reliability and Quality
  • Software

Cite this

Xue, L., Luo, X., Yu, L., Wang, S., & Wu, D. (2017). Adaptive unpacking of android apps. In Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017 (pp. 358-369). [7985676] (Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/ICSE.2017.40
Xue, Lei ; Luo, Xiapu ; Yu, Le ; Wang, Shuai ; Wu, Dinghao. / Adaptive unpacking of android apps. Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017. Institute of Electrical and Electronics Engineers Inc., 2017. pp. 358-369 (Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017).
@inproceedings{0347de1a74424bab94495534971542e5,
title = "Adaptive unpacking of android apps",
abstract = "More and more app developers use the packing services (or packers) to prevent attackers from reverse engineering and modifying the executable (or Dex files) of their apps. At the same time, malware authors also use the packers to hide the malicious component and evade the signature-based detection. Although there are a few recent studies on unpacking Android apps, it has been shown that the evolving packers can easily circumvent them because they are not adaptive to the changes of packers. In this paper, we propose a novel adaptive approach and develop a new system, named PackerGrind, to unpack Android apps. We also evaluate PackerGrind with real packed apps, and the results show that PackerGrind can successfully reveal the packers' protection mechanisms and recover the Dex files with low overhead, showing that our approach can effectively handle the evolution of packers.",
author = "Lei Xue and Xiapu Luo and Le Yu and Shuai Wang and Dinghao Wu",
year = "2017",
month = "7",
day = "19",
doi = "10.1109/ICSE.2017.40",
language = "English (US)",
series = "Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "358--369",
booktitle = "Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017",
address = "United States",

}

Xue, L, Luo, X, Yu, L, Wang, S & Wu, D 2017, Adaptive unpacking of android apps. in Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017., 7985676, Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017, Institute of Electrical and Electronics Engineers Inc., pp. 358-369, 39th IEEE/ACM International Conference on Software Engineering, ICSE 2017, Buenos Aires, Argentina, 5/20/17. https://doi.org/10.1109/ICSE.2017.40

Adaptive unpacking of android apps. / Xue, Lei; Luo, Xiapu; Yu, Le; Wang, Shuai; Wu, Dinghao.

Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017. Institute of Electrical and Electronics Engineers Inc., 2017. p. 358-369 7985676 (Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

TY - GEN

T1 - Adaptive unpacking of android apps

AU - Xue, Lei

AU - Luo, Xiapu

AU - Yu, Le

AU - Wang, Shuai

AU - Wu, Dinghao

PY - 2017/7/19

Y1 - 2017/7/19

N2 - More and more app developers use the packing services (or packers) to prevent attackers from reverse engineering and modifying the executable (or Dex files) of their apps. At the same time, malware authors also use the packers to hide the malicious component and evade the signature-based detection. Although there are a few recent studies on unpacking Android apps, it has been shown that the evolving packers can easily circumvent them because they are not adaptive to the changes of packers. In this paper, we propose a novel adaptive approach and develop a new system, named PackerGrind, to unpack Android apps. We also evaluate PackerGrind with real packed apps, and the results show that PackerGrind can successfully reveal the packers' protection mechanisms and recover the Dex files with low overhead, showing that our approach can effectively handle the evolution of packers.

AB - More and more app developers use the packing services (or packers) to prevent attackers from reverse engineering and modifying the executable (or Dex files) of their apps. At the same time, malware authors also use the packers to hide the malicious component and evade the signature-based detection. Although there are a few recent studies on unpacking Android apps, it has been shown that the evolving packers can easily circumvent them because they are not adaptive to the changes of packers. In this paper, we propose a novel adaptive approach and develop a new system, named PackerGrind, to unpack Android apps. We also evaluate PackerGrind with real packed apps, and the results show that PackerGrind can successfully reveal the packers' protection mechanisms and recover the Dex files with low overhead, showing that our approach can effectively handle the evolution of packers.

UR - http://www.scopus.com/inward/record.url?scp=85019246649&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85019246649&partnerID=8YFLogxK

U2 - 10.1109/ICSE.2017.40

DO - 10.1109/ICSE.2017.40

M3 - Conference contribution

AN - SCOPUS:85019246649

T3 - Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017

SP - 358

EP - 369

BT - Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017

PB - Institute of Electrical and Electronics Engineers Inc.

ER -

Xue L, Luo X, Yu L, Wang S, Wu D. Adaptive unpacking of android apps. In Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017. Institute of Electrical and Electronics Engineers Inc. 2017. p. 358-369. 7985676. (Proceedings - 2017 IEEE/ACM 39th International Conference on Software Engineering, ICSE 2017). https://doi.org/10.1109/ICSE.2017.40