Table of Contents
Fetching ...

Security through the Eyes of AI: How Visualization is Shaping Malware Detection

Matteo Brosolo, Asmitha K. A., Mauro Conti, Rafidha Rehiman K. A., Muhammed Shafi K. P., Serena Nicolazzo, Antonino Nocera, Vinod P

TL;DR

This paper addresses the escalating malware threat and the need for scalable, interpretable detection approaches. It surveys visualization-based malware detection methods and proposes a unified framework to analyze the end-to-end detection pipeline. The review covers more than 100 studies from 2018 to 2025, detailing static, dynamic, and hybrid image-based representations, feature pipelines, classifiers, and robustness concerns. The findings emphasize gaps in current benchmarks, dataset freshness, and interpretability, and outline directions for robust, transferable, and explainable solutions in real-world deployments.

Abstract

Malware, a persistent cybersecurity threat, increasingly targets interconnected digital systems such as desktop, mobile, and IoT platforms through sophisticated attack vectors. By exploiting these vulnerabilities, attackers compromise the integrity and resilience of modern digital ecosystems. To address this risk, security experts actively employ Machine Learning or Deep Learning-based strategies, integrating static, dynamic, or hybrid approaches to categorize malware instances. Despite their advantages, these methods have inherent drawbacks and malware variants persistently evolve with increased sophistication, necessitating advancements in detection strategies. Visualization-based techniques are emerging as scalable and interpretable solutions for detecting and understanding malicious behaviors across diverse platforms including desktop, mobile, IoT, and distributed systems as well as through analysis of network packet capture files. In this comprehensive survey of more than 100 high-quality research articles, we evaluate existing visualization-based approaches applied to malware detection and classification. As a first contribution, we propose a new all-encompassing framework to study the landscape of visualization-based malware detection techniques. Within this framework, we systematically analyze state-of-the-art approaches across the critical stages of the malware detection pipeline. By analyzing not only the single techniques but also how they are combined to produce the final solution, we shed light on the main challenges in visualization-based approaches and provide insights into the advancements and potential future directions in this critical field.

Security through the Eyes of AI: How Visualization is Shaping Malware Detection

TL;DR

This paper addresses the escalating malware threat and the need for scalable, interpretable detection approaches. It surveys visualization-based malware detection methods and proposes a unified framework to analyze the end-to-end detection pipeline. The review covers more than 100 studies from 2018 to 2025, detailing static, dynamic, and hybrid image-based representations, feature pipelines, classifiers, and robustness concerns. The findings emphasize gaps in current benchmarks, dataset freshness, and interpretability, and outline directions for robust, transferable, and explainable solutions in real-world deployments.

Abstract

Malware, a persistent cybersecurity threat, increasingly targets interconnected digital systems such as desktop, mobile, and IoT platforms through sophisticated attack vectors. By exploiting these vulnerabilities, attackers compromise the integrity and resilience of modern digital ecosystems. To address this risk, security experts actively employ Machine Learning or Deep Learning-based strategies, integrating static, dynamic, or hybrid approaches to categorize malware instances. Despite their advantages, these methods have inherent drawbacks and malware variants persistently evolve with increased sophistication, necessitating advancements in detection strategies. Visualization-based techniques are emerging as scalable and interpretable solutions for detecting and understanding malicious behaviors across diverse platforms including desktop, mobile, IoT, and distributed systems as well as through analysis of network packet capture files. In this comprehensive survey of more than 100 high-quality research articles, we evaluate existing visualization-based approaches applied to malware detection and classification. As a first contribution, we propose a new all-encompassing framework to study the landscape of visualization-based malware detection techniques. Within this framework, we systematically analyze state-of-the-art approaches across the critical stages of the malware detection pipeline. By analyzing not only the single techniques but also how they are combined to produce the final solution, we shed light on the main challenges in visualization-based approaches and provide insights into the advancements and potential future directions in this critical field.
Paper Structure (38 sections, 11 equations, 5 figures, 6 tables)

This paper contains 38 sections, 11 equations, 5 figures, 6 tables.

Figures (5)

  • Figure 1: PRISMA Diagram
  • Figure 2: An End-to-End Framework for Visualization-Based Malware Detection Across Diverse and Evolving Threat Landscapes.
  • Figure 3: The percentage of datasets used in the considered papers during the year 2018-2025
  • Figure 4: Taxonomy of visualization-based malware detection
  • Figure 5: The figure shows a representation of the most common SFC used in the literature. The line-by-line method is the most common way grayscale bytecode images are generated.