DeGuard (http://www.apk-deguard.com) is a novel system for statistical deobfuscation of Android APKs, developed at the Secure, Reliable, and Intelligent Systems Lab, ETH Zurich, the same group which developed the widely used JSNice system. Similarly to JSNice, DeGuard is based on powerful probabilistic graphical models learned from thousands of open source programs. Using these models, DeGuard recovers important information in Android APKs, including method and class names as well as third-party libraries. DeGuard can reveal string decoders and classes that handle sensitive data in Android malware.
What is the Technology Behind DeGuard?DeGuard is developed as part of the Machine Learning for Programming project at ETH Zurich. In particular, DeGuard is built on top of the open source Nice2Predict framework. A paper describing how DeGuard works is available here: DeGuard CCS'16 paper. For more information on this general direction, including invited and keynote talks, tutorials, and papers, see here.
If you are interested in using DeGuard with larger APK files or have other suggestions, please contact: Martin Vechev.