Be it for a malicious or legitimate purpose, packing, a transformation that consists in applying various operations like compression or encryption to a binary file, i.e. for making reverse engineering harder or obfuscating code, is widely employed since decades already. Particularly in the field of malware analysis where a stumbling block is evasion, it has proven effective and still gives a hard time to scientists who want to efficiently detect it. While already extensively covered in the scientific literature, it remains an open issue especially when considering its detection time and accuracy trade-off. Many approaches, including machine learning, have been proposed but most studies often restrict their scope (i.e. malware and PE files), rely on uncertain datasets (i.e. built based on a super-detector or using labels from an questionable source) and do no provide any open implementation, which makes comparing state-of-the-art solutions tedious. Considering the many challenges that packing implies, there exists room for improvement in the way it is addressed, especially when dealing with static detection techniques. In order to tackle with these challenges, we propose an experimental toolkit, aptly called the Packing Box, leveraging automation and containerization in an open source platform that brings a unified solution to the research community and we showcase it with some experiments including unbiased ground truth generation, data visualization, machine learning pipeline automation and performance of open source packing static detectors.

翻译：无论是出于恶意还是合法目的，加壳——即对二进制文件应用压缩或加密等多种变换操作（例如为增加逆向工程难度或混淆代码）——已有数十年的广泛应用。尤其在恶意软件分析领域，逃避检测是核心障碍，加壳已被证明行之有效，至今仍令致力于高效检测的研究者面临挑战。尽管科学文献对此已有大量论述，但考虑到检测时间与精度的权衡问题，该领域仍存在开放性难题。现有方法（包括机器学习）虽被广泛提出，但多数研究常局限其范围（如仅针对恶意软件和PE文件）、依赖不确定的数据集（如基于超级检测器或来源存疑的标签构建）且未提供开源实现，这使得前沿解决方案的对比分析极为繁琐。考虑到加壳带来的诸多挑战，尤其在静态检测技术中，当前研究方法仍有改进空间。为应对这些挑战，我们提出了一款名为Packing Box的实验工具包，通过开源平台中的自动化和容器化技术，为研究社区提供统一解决方案，并通过多项实验（包括无偏基准数据集生成、数据可视化、机器学习流水线自动化及开源加壳静态检测器性能评估）展示其应用价值。