LAUSR

By using wrapping techniques, malicious developers can build a packed app (or packer) to deceive the basic analysis layer and successfully publish it through Android‘s application distribution service (such as Google Play) before being detected by an in-depth analysis process. Although a thorough dynamic analysis can help in identifying packers, it is impossible to analyze mass numbers of apps in a short time. Regarding static analysis, most of the existing research on identifying packers depends on the signature of packers such as files or directories. In this paper, we propose a model for detecting packers through static analysis of various contents in an Android Package file. By applying entropy-based algorithms in conjunction with common classification solutions, our model can provide output about whether a target app has the potential to be a packer or not through prediction values. Compared with previous solutions with absolute results, the relative results could increase the likelihood of identifying variants from known packers. The results of our experiment have shown that our model can identify potential packers with high accuracy. Our proposed model can help improve the detection of potential packers as well as contribute new research directions for detecting packer by static analysis.