DeepVMUnProtect: Neural network-based recovery of VM‑protected Android apps for semantics‑aware malware detection

Author

Xin ZHAO
Mu ZHANG
Xiaopeng KE
Yu PAN
Yue DUAN, Singapore Management UniversityFollow
Sheng ZHONG
Fengyuan XU

Publication Type

Journal Article

Publication Date

3-2025

Abstract

The emerging virtual machine-based Android packers render existing unpacking techniques ineffective. The state-of-the-art unpacker falls short because it relies on unreliable heuristics and manually crafted semantic models. Hence, it cannot precisely recover app semantics necessary for malware detection. In this paper, we propose DeepVMUnProtect, a deep learning-based approach to automatically and accurately capture the semantics of VM-packed code, so as to facilitate semantic-based Android malware classification. Experiments have shown that DeepVMUnProtect outperforms the state-of-the-art tool on recovering opcode semantics in Qihoo(58.3%), Baidu(47.5%) and NMMP (58.8%) respectively, and can enable semantics-aware malware detection which prior work fails to do.

Discipline

Information Security | OS and Networks

Research Areas

Information Systems and Management

Publication

IEEE Transactions on Information Forensics and Security

Volume

20

First Page

3689

Last Page

3704

ISSN

1556-6013

Identifier

10.1109/TIFS.2025.3550049

Publisher

Institute of Electrical and Electronics Engineers

Citation

ZHAO, Xin; ZHANG, Mu; KE, Xiaopeng; PAN, Yu; DUAN, Yue; ZHONG, Sheng; and XU, Fengyuan. DeepVMUnProtect: Neural network-based recovery of VM‑protected Android apps for semantics‑aware malware detection. (2025). IEEE Transactions on Information Forensics and Security. 20, 3689-3704.
Available at: https://ink.library.smu.edu.sg/sis_research/10999

Additional URL

https://doi.org/10.1109/TIFS.2025.3550049