Evaluating LLMs for Obfuscation Detection and Classification in Android Apps

📅 2026-06-12
📈 Citations: 0
Influential: 0
📄 PDF
🤖 AI Summary
This work addresses the significant challenge posed by Android code obfuscation to static analysis and vulnerability detection. Existing approaches rely heavily on handcrafted features or domain-specific models, limiting their generalizability. The study presents the first systematic evaluation of off-the-shelf large language models (LLMs) for directly identifying obfuscated code in a zero-shot setting—without requiring predefined rules, signatures, or task-specific training. Through comprehensive experiments on both open-source and proprietary LLMs, employing diverse prompting strategies and decision thresholds across benchmark datasets and real-world Google Play applications, the research demonstrates the effectiveness of LLMs in obfuscation detection. It further elucidates their advantages and limitations compared to conventional static application security testing (SAST) tools, thereby establishing a novel paradigm for Android security analysis.
📝 Abstract
Android applications (apps) developers increasingly rely on code obfuscation techniques to hinder reverse engineering and protect intellectual property. However, obfuscation also reduces the effectiveness of static analysis and vulnerability detection tools, creating challenges for Android security analysis. Existing approaches for detecting obfuscation in Android apps predominantly rely on handcrafted heuristics, engineered features, or task-specific learning pipelines, which may struggle to generalize across evolving obfuscation strategies. This paper presents a large-scale empirical study investigating the capability of Large Language Models (LLMs) to detect obfuscation in Android apps through semantic reasoning. Our study evaluates whether off-the-shelf LLMs can identify obfuscated code without relying on handcrafted rules, predefined signatures, or dedicated model training. The empirical evaluation is conducted on both a controlled benchmark containing an app obfuscated with multiple techniques and a real-world dataset of Android apps collected from Google Play. The study further examines the impact of prompt design, model selection, and decision thresholds across several open-weight and proprietary LLMs. Finally, the analysis compares LLM-based reasoning with existing SAST-based obfuscation-detection approaches and discusses the broader implications and limitations of applying LLMs to Android security analysis.
Problem

Research questions and friction points this paper is trying to address.

obfuscation detection
Android apps
code obfuscation
static analysis
vulnerability detection
Innovation

Methods, ideas, or system contributions that make the work stand out.

Large Language Models
Obfuscation Detection
Android Security
Semantic Reasoning
Static Analysis
🔎 Similar Papers
No similar papers found.