Security through the Eyes of AI: How Visualization is Shaping Malware Detection
Matteo Brosolo, Asmitha K. A., Mauro Conti, Rafidha Rehiman K. A., Muhammed Shafi K. P., Serena Nicolazzo, Antonino Nocera, Vinod P
TL;DR
This paper addresses the escalating malware threat and the need for scalable, interpretable detection approaches. It surveys visualization-based malware detection methods and proposes a unified framework to analyze the end-to-end detection pipeline. The review covers more than 100 studies from 2018 to 2025, detailing static, dynamic, and hybrid image-based representations, feature pipelines, classifiers, and robustness concerns. The findings emphasize gaps in current benchmarks, dataset freshness, and interpretability, and outline directions for robust, transferable, and explainable solutions in real-world deployments.
Abstract
Malware, a persistent cybersecurity threat, increasingly targets interconnected digital systems such as desktop, mobile, and IoT platforms through sophisticated attack vectors. By exploiting these vulnerabilities, attackers compromise the integrity and resilience of modern digital ecosystems. To address this risk, security experts actively employ Machine Learning or Deep Learning-based strategies, integrating static, dynamic, or hybrid approaches to categorize malware instances. Despite their advantages, these methods have inherent drawbacks and malware variants persistently evolve with increased sophistication, necessitating advancements in detection strategies. Visualization-based techniques are emerging as scalable and interpretable solutions for detecting and understanding malicious behaviors across diverse platforms including desktop, mobile, IoT, and distributed systems as well as through analysis of network packet capture files. In this comprehensive survey of more than 100 high-quality research articles, we evaluate existing visualization-based approaches applied to malware detection and classification. As a first contribution, we propose a new all-encompassing framework to study the landscape of visualization-based malware detection techniques. Within this framework, we systematically analyze state-of-the-art approaches across the critical stages of the malware detection pipeline. By analyzing not only the single techniques but also how they are combined to produce the final solution, we shed light on the main challenges in visualization-based approaches and provide insights into the advancements and potential future directions in this critical field.
