Advanced Adaptive Techniques for Securing Applications Against Dynamic Reverse Engineering Attacks
Received: 13 February 2026 | Revised: 13 March 2026 | Accepted: 24 March 2026 | Online: 4 May 2026
Corresponding author: Khair Eddin Sabri
Abstract
Dynamic reverse engineering analyzes a program during execution to understand its behavior and modify its logic to bypass authentication mechanisms or extract sensitive information, with such analysis commonly relying on debugging and runtime instrumentation tools. However, many protection techniques usually use a single anti-debugging or anti-instrumentation mechanism, which can be easily bypassed once attackers identify the detection method. To combat this limitation, this paper proposes an adaptive framework for Windows that detects dynamic program analysis by combining multiple indicators. Specifically, each indicator is assigned a weight that reflects its reliability in identifying active analysis, while a confidence score is calculated from these weights to classify the risk level as low, medium, or high. The program then dynamically adapts its behavior according to the classified risk level. The framework incorporates additional indicators to detect modern instrumentation tools, such as Frida, which can often bypass traditional anti-debugging techniques. The proposed framework was implemented in C and evaluated under multiple scenarios, with experimental results showing that the framework effectively detects dynamic analysis, while performance evaluation indicates low runtime overhead.
Keywords:
reverse engineering, anti-debugging, anti-instrumentation, Frida, x86gdbDownloads
References
x64dbg: An open-source x64/x32 debugger for Windows. (2025). x64dbg. [Online]. Available: https://x64dbg.com.
Frida: A world-class dynamic instrumentation toolkit. (2026). O. A. V. Ravnås. [Online]. Available: https://frida.re.
M. A. Haq and M. Khan, "DNNBoT: Deep neural network-based botnet detection and classification," Computers, Materials & Continua, vol. 71, no. 1, Oct. 2021.
M. A. Haq, M. A. R. Khan, and T. AL-Harbi, "Development of PCCNN-based network intrusion detection system for EDGE computing," Computers, Materials and Continua, vol. 71, no. 1, pp. 1769–1788, 2021.
M. A. Haq and M. Khuthaylah, "Leveraging Machine Learning for Android Malware Analysis: Insights from Static and Dynamic Techniques," Engineering, Technology & Applied Science Research, vol. 14, no. 4, pp. 15027–15032, Aug. 2024.
A. Alhussen, "Advanced Android Malware Detection through Deep Learning Optimization," Engineering, Technology & Applied Science Research, vol. 14, no. 3, pp. 14552–14557, June 2024.
M. Abu-Jazoh, I. Almomani, and K. E. Sabri, "DCmal-2025: A Novel Routing-Based DisConnectivity Malware—Development, Impact, and Countermeasures," Applied Sciences, vol. 15, no. 18, Sept. 2025, Art. no. 10219.
J. C. De La Torre, J. Jareño, J. M. Aragón-Jurado, S. Varrette, and B. Dorronsoro, "Source code obfuscation with genetic algorithms using LLVM code optimizations," Logic Journal of the IGPL, vol. 33, no. 5, Aug. 2025.
M. Schloegel et al., "Loki: Hardening code obfuscation against automated attacks," in 31st USENIX security symposium (USENIX security 22), Boston, MA, USA, Aug. 2022, pp. 3055–3073.
A. Norby, B. P. Rimal, and B. Brizendine, "Measurement of Anti-Debugging Techniques on the Windows and Linux Operating Systems for the Intel x86_64 Architecture," IEEE Access, vol. 13, pp. 46568–46583, 2025.
M. Steinböck et al., "SoK: Hardening Techniques in the Mobile Ecosystem — Are We There Yet?," in 2025 IEEE 10th European Symposium on Security and Privacy (EuroS&P), June 2025, pp. 789–806.
D. Pizzolotto, S. Berlato, and M. Ceccato, "Mitigating Debugger-based Attacks to Java Applications with Self-debugging," ACM Transactions on Software Engineering and Methodology, vol. 33, no. 4, pp. 1–38, May 2024.
E. Soriano-Salvador and G. Guardiola-Múzquiz, "Detecting and bypassing frida dynamic function call tracing: exploitation and mitigation," Journal of Computer Virology and Hacking Techniques, vol. 19, no. 4, pp. 503–513, Dec. 2022.
I.-A. Császár and R. R. Slavescu, "Building fast and reliable reverse engineering tools with Frida and Rust," in 2022 IEEE 18th International Conference on Intelligent Computer Communication and Processing (ICCP), Cluj-Napoca, Romania, Sept. 2022, pp. 289–294.
Downloads
How to Cite
License
Copyright (c) 2026 Khair Eddin Sabri
This work is licensed under a Creative Commons Attribution 4.0 International License.
Authors who publish with this journal agree to the following terms:
- Authors retain the copyright and grant the journal the right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.
- Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) after its publication in ETASR with an acknowledgement of its initial publication in this journal.
