Security through the Eyes of AI: How Visualization is Shaping Malware Detection

TL;DR

This paper surveys visualization-based malware detection techniques, proposing a comprehensive framework to analyze their effectiveness, challenges, and future directions across various platforms and detection stages.

Contribution

It introduces an all-encompassing framework for studying visualization techniques in malware detection and systematically analyzes existing approaches within this framework.

Findings

Visualization enhances interpretability of malware detection methods

Current approaches face challenges in scalability and robustness

Future research should focus on integrating visualization with machine learning

Abstract

Malware, a persistent cybersecurity threat, increasingly targets interconnected digital systems such as desktop, mobile, and IoT platforms through sophisticated attack vectors. By exploiting these vulnerabilities, attackers compromise the integrity and resilience of modern digital ecosystems. To address this risk, security experts actively employ Machine Learning or Deep Learning-based strategies, integrating static, dynamic, or hybrid approaches to categorize malware instances. Despite their advantages, these methods have inherent drawbacks and malware variants persistently evolve with increased sophistication, necessitating advancements in detection strategies. Visualization-based techniques are emerging as scalable and interpretable solutions for detecting and understanding malicious behaviors across diverse platforms including desktop, mobile, IoT, and distributed systems as well as through analysis of network packet capture files. In this comprehensive survey of more than 100 high-quality research articles, we evaluate existing visualization-based approaches applied to malware detection and classification. As a first contribution, we propose a new all-encompassing framework to study the landscape of visualization-based malware detection techniques. Within this framework, we systematically analyze state-of-the-art approaches across the critical stages of the malware detection pipeline. By analyzing not only the single techniques but also how they are combined to produce the final solution, we shed light on the main challenges in visualization-based approaches and provide insights into the advancements and potential future directions in this critical field.