AI-Driven Malware Analysis and Detection: A Comprehensive Survey of Techniques, Trends and Challenges
Article Sidebar
Main Article Content
Abstract
Malware represents the most critical threat in cybersecurity, meant to compromise the security for any individual or any organization. These are covert software, designed to perform malicious act like data theft, data alteration, and to interrupt a normal operation of the services. The persistent evolution of malware has called for more sophisticated techniques in its detection and prevention, resulted into direct need of Artificial Intelligence in cybersecurity. Artificial intelligence, using machine learning techniques and rising concepts like neural networks has greatly improved the traditional static and dynamic ways of detecting malware. Advances in AI-driven solutions have made them much more capable than their predecessors of detecting malware and addressing threats in real time. By training machine learning models on vast quantities of data, malicious patterns can easily be detected and identify patterns. With these emerging challenges, AI powers automated real-time analysis and adaptive security posture can effectively mitigate the threat. Large Language Models (LLMs) have revolutionized natural language processing and are increasingly being deployed across a wide range of applications, including text generation, summarization, translation, and detection systems. Recent research related to the methodologies employed in developing detection systems using LLMs, outlines the existing limitations and research gaps, and proposes potential areas for future investigation. The use of AI in malware analysis faces its own challenges with the potential for adversarial attacks and the scale of AI models that can muddy the waters of transparency and trust. Overcoming these challenges will involve the creation of mature, ethical, AI systems and an open dialogue between cybersecurity professionals, sustainable AI development and regulatory compliance all working in concert.
Article Details
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
All articles published in JIWE are licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License. Readers are allowed to
- Share — copy and redistribute the material in any medium or format under the following conditions:
- Attribution — You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use;
- NonCommercial — You may not use the material for commercial purposes;
- NoDerivatives — If you remix, transform, or build upon the material, you may not distribute the modified material.
References
H. Wang et al., “An evolutionary study of IoT malware”, IEEE Internet of Things Journal, vol. 8, no. 20, pp. 15422-15440, 2021, doi: 10.1109/jiot.2021.3063840.
L. Gregorio, “Evolution and disruption in network processing for the Internet of Things”, Ubiquity, vol. 2015, no. December, pp. 1-14, 2015, doi: 10.1145/2822877.
D. Vidyarthi, and S. Rakshit, “Static malware analysis to identify ransomware properties”, International Journal of Computer Science Issues, vol. 16, no. 3, pp. 10–17, 2019, doi: 10.5281/zenodo.3252963.
R. Sihwail, K. Omar, and K. Ariffin, “A survey on malware analysis techniques: Static, dynamic, hybrid and memory analysis”, International Journal on Advanced Science, Engineering and Information Technology, vol. 8, no. 4-2, pp. 1662-1671, 2018, doi: 10.18517/ijaseit.8.4-2.6827.
M. Amin, T. Tanveer, M. Tehseen, M. Khan, F. Khan, and S. Anwar, “Static malware detection and attribution in android byte-code through an end-to-end deep system”, Future Generation Computer Systems, vol. 102, pp. 112-126, 2020, doi: 10.1016/j.future.2019.07.070.
N. Balram, G. Hsieh, and C. McFall, “Static malware analysis using machine learning algorithms on APT1 dataset with string and PE header features,” 2019 International Conference on Computational Science and Computational Intelligence (CSCI), Las Vegas, NV, USA, pp. 90-95, 2019, doi: 10.1109/CSCI49370.2019.00022.
Y. LeCun, Y. Bengio, and G. Hinton, “Deep learning”, Nature, vol. 521, no. 7553, pp. 436-444, 2015, doi: 10.1038/nature14539.
M. Ijaz, M. Durad, and M. Ismail, “Static and dynamic malware analysis using machine learning”, 2019 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST), pp. 687-691, 2019, doi: 10.1109/ibcast.2019.8667136.
A. Djenna, A. Bouridane, S. Rubab, and I. Marou, “Artificial intelligence-based malware detection, analysis, and mitigation”, Symmetry, vol. 15, no. 3, pp. 677, 2023, doi: 10.3390/sym15030677.
VirusShare. [Online]. Available: https://virusshare.com/, Accessed Nov. 26, 2023.
T. Mithal, K. Shah, and D. Singh, “Case studies on intelligent approaches for static malware analysis”, Emerging Research in Computing, Information, Communication and Applications, pp. 555-567, 2016, doi: 10.1007/978-981-10-0287-8_52.
J. Feng, L. Shen, Z. Chen, Y. Wang, and H. Li, “A two-layer deep learning method for Android malware detection using network traffic,” in IEEE Access, vol. 8, pp. 125786-125796, 2020, doi: 10.1109/ACCESS.2020.3008081.
H. Rathore, S. Agarwal, S. Sahay, and M. Sewak, “Malware detection using machine learning and deep learning”, In Big Data Analytics: 6th International Conference, BDA 2018, Warangal, India, December 18–21, 2018, Proceedings, pp. 402-411, 2018, doi: 10.1007/978-3-030-04780-1_28.
N. Milosevic, A. Dehghantanha, and K. Choo, “Machine learning aided android malware classification”, Computers & Electrical Engineering, vol. 61, pp. 266-274, 2017, doi: 10.1016/j.compeleceng.2017.02.013.
K. Malik et al., "Static malware detection furthermore, analysis using machine learning methods," Advances and Applications in Mathematical Sciences, vol. 21, pp. 4183–4196, 2022.
H. Manthena, S. Shajarian, J. Kimmell, M. Abdelsalam, S. Khorsandroo, and M. Gupta, “Explainable Artificial Intelligence (XAI) for malware analysis: A survey of techniques, applications, and open challenges”, IEEE Access, vol. 13, pp. 61611-61640, 2025, doi: 10.1109/access.2025.3555926.
P. Agrawal, and B. Trivedi, “Machine learning classifiers for android malware detection”, Advances in Intelligent Systems and Computing, pp. 311-322, 2020, doi:10.1007/978-981-15-5616-6_22.
W. Fleshman, E. Raff, R. Zak, M. McLean, and C. Nicholas, “Static malware detection & subterfuge: Quantifying the robustness of machine learning and current anti-virus,” 2018 13th International Conference on Malicious and Unwanted Software (MALWARE), Nantucket, MA, USA, pp. 1-10, 2018, doi: 10.1109/MALWARE.2018.8659360.
E. Raff et al., “Malware detection by eating a whole EXE,” arXiv preprint, 2018, doi: 10.48550/arXiv.1710.0943.
M. Ijaz, M. H. Durad, and M. Ismail, “Static and dynamic malware analysis using machine learning,” 2019 16th International Bhurban Conference on Applied Sciences and Technology (IBCAST), Islamabad, Pakistan, pp. 687-691, 2019, doi: 10.1109/IBCAST.2019.8667136.
R. Vinayakumar, M. Alazab, K. P. Soman, P. Poornachandran, and S. Venkatraman, "Robust intelligent malware detection using deep learning," in IEEE Access, vol. 7, pp. 46717-46738, 2019, doi: 10.1109/ACCESS.2019.2906934.
J. Feng, L. Shen, Z. Chen, Y. Wang, and H. Li, “A two-layer deep learning method for Android malware detection using network traffic,” in IEEE Access, vol. 8, pp. 125786-125796, 2020, doi: 10.1109/ACCESS.2020.3008081.
Y. Pan, X. Ge, C. Fang, and Y. Fan, “A systematic literature review of Android malware detection using static analysis," in IEEE Access, vol. 8, pp. 116363-116379, 2020, doi: 10.1109/ACCESS.2020.3002842.
U. Baldangombo, N. Jambaljav, and S. J. Horng, "A static malware detection system using data mining methods," arXiv preprint, 2013, doi: 10.48550/arXiv.1308.2831.
I. Santos, J. Devesa, F. Brezo, J. Nieves, and P. Bringas, “OPEM: A static-dynamic approach for machine-learning-based malware detection”, Advances in Intelligent Systems and Computing, pp. 271-280, 2013, doi: 10.1007/978-3-642-33018-6_28.
A. Gholami, N. Torkzaban, and J. S. Baras, “Trusted decentralized federated learning," 2022 IEEE 19th Annual Consumer Communications & Networking Conference (CCNC), Las Vegas, NV, USA, pp. 1-6, 2022, doi: 10.1109/CCNC49033.2022.9700624.
O. Wahab, G. Rjoub, J. Bentahar, and R. Cohen, “Federated against the cold: A trust-based federated learning approach to counter the cold start problem in recommendation systems”, Information Sciences, vol. 601, pp. 189-206, 2022, doi: 10.1016/j.ins.2022.04.027.
Z.Cai et al., "An improved abnormal power consumption detection system based on federated learning," in 2023 4th International Conference on Big Data, Artificial Intelligence and Internet of Things Engineering (ICBAIE 2023), Hangzhou, China, pp. 378–382, 2023.
S. Li, J. Hu, X. Chen, Y. Tan, J. Zhang, and P. Li, “An object detection model for electric power operation sites based on federated self-supervised learning," 2023 Panda Forum on Power and Energy (PandaFPE), Chengdu, China, 2023, pp. 1706-1710, 2023, doi: 10.1109/PandaFPE57779.2023.10141090.
W. Fu et al., “A spatiotemporal federated learning based distributed photovoltaic ultra-short-term power forecasting method,” 2023 IEEE/IAS 59th Industrial and Commercial Power Systems Technical Conference (I&CPS), Las Vegas, NV, USA, pp. 1-7, 2023, doi: 10.1109/ICPS57144.2023.10142102.
H. -Y. Tran, J. Hu, X. Yin, and H. R. Pota, “An efficient privacy-enhancing cross-silo federated learning and applications for false data injection attack detection in smart grids," in IEEE Transactions on Information Forensics and Security, vol. 18, pp. 2538-2552, 2023, doi: 10.1109/TIFS.2023.3267892.
G. Shemov, B. Soto, and H. Alkhzaimi, “Blockchain applied to the construction supply chain: A case study with threat model”, Frontiers of Engineering Management, vol. 7, no. 4, pp. 564-577, 2020, doi: 10.1007/s42524-020-0129-x.
J. Duan, J. Duan, X. Wan, and Y. Li, “Efficient federated learning method for cloud-edge network communication”, 2023 5th International Conference on Communications, Information System and Computer Engineering (CISCE), pp. 118-121, 2023, doi: 10.1109/cisce58541.2023.10142819.
H. Wang, D. Mao, Z. Chen, H. Rao, and Z. Li, “Blockchain-based decentralized federated learning model," 2023 4th International Conference on Information Science, Parallel and Distributed Systems (ISPDS), Guangzhou, China, pp. 622-625, 2023, doi: 10.1109/ISPDS58840.2023.10235493.
H. Hu, and L. Yuan, “Poisoning attack in federated learning using normalizing flows,” 2023 International Seminar on Computer Science and Engineering Technology (SCSET), New York, NY, USA, pp. 310-313, 2023, doi: 10.1109/SCSET58950.2023.00075.
D. Dasgupta, and K. Gupta, “Dual-filtering (DF) schemes for learning systems to prevent adversarial attacks”, Complex & Intelligent Systems, vol. 9, no. 4, pp. 3717-3738, 2022, doi: 10.1007/s40747-022-00649-1.
H. S. Hmood, Z. Li, H. K. Abdulwahid, and Y. Zhang, “Adaptive caching approach to prevent DNS cache poisoning attack," in The Computer Journal, vol. 58, no. 4, pp. 973-985, April 2015, doi: 10.1093/comjnl/bxu023.
J. Emma, Cyber Security Breaches Survey 2020, London, UK: Dept. for Digital, Culture, Media & Sport, vol. 2020, pp. 4, 2020.
Infosec, “Phishing Attacks in the Construction Industry.” [Online]. Available: https://resources.infosecinstitute.com/topic/phishing-attacks-construction-industry/
P. Kunert, “Shut the front door: Jewson fesses up to data breach,” The Register. [Online]. Available: https://www.theregister.com/2017/11/14/jewson_suffers_data_breach/
C. Tunney, “Ransomware attack on construction company raises questions about federal contracts," CBC News. [Online]. Available: https://www.cbc.ca/news/politics/ransomware-bird-construction-military-1.5434308
R. Korman, “Hoffman construction reports hack of self-insured health plan data,” Engineering News-Record. [Online]. Available: https://www.enr.com/articles/51232-hoffman-construction-reports-hack-of-self-insured-health-plan-data
C. Christopher, Cyber Risk Management: Prioritize Threats, Identify Vulnerabilities, And Apply Controls. New York, NY, USA: Kogan Page Ltd., 2019.
D. Yao and B. Soto, “A preliminary swot evaluation for the applications of ML to cyber risk analysis in the construction industry”, IOP Conference Series: Materials Science and Engineering, vol. 1218, no. 1, pp. 012017, 2022, doi: 10.1088/1757-899x/1218/1/012017.
NIST, Framework for Improving Critical Infrastructure Cybersecurity, ver. 1.1, Gaithersburg, MD, USA: NIST, 2018.
T. R. McIntosh et al., “Inadequacies of Large Language Model benchmarks in the era of Generative Artificial Intelligence,” in IEEE Transactions on Artificial Intelligence, 2025, doi: 10.1109/TAI.2025.3569516.
S. A. Sokolov, T. B. Iliev, and I. S. Stoyanov, “Analysis of cybersecurity threats in cloud applications using deep learning techniques,” 2019 42nd International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO), Opatija, Croatia, pp. 441-446, 2019, doi: 10.23919/MIPRO.2019.8756755.
J. Li et al., “Index modulation multiple access for 6G communications: Principles, applications, and challenges," in IEEE Network, vol. 37, no. 1, pp. 52-60, January/February 2023, doi: 10.1109/MNET.002.2200433.
A. A. Khan, O. A. Beg, Y. -F. Jin, and S. Ahmed, “An explainable intelligent framework for anomaly mitigation in cyber-physical inverter-based systems," in IEEE Access, vol. 11, pp. 65382-65394, 2023, doi: 10.1109/ACCESS.2023.3289887.
M. Kasaei, M. Gandomkar, and J. Nikoukar, “Optimal management of renewable energy sources by virtual power plant”, Renewable Energy, vol. 114, pp. 1180-1188, 2017, doi: 10.1016/j.renene.2017.08.010.
A. Srivastava, A. Latif, S. Shaoo, D. Das, S. Hussain, and T. Ustun, “Analysis of GOA optimized two-stage controller for frequency regulation of grid integrated virtual power plant”, Energy Reports, vol. 8, pp. 493-500, 2022, doi: 10.1016/j.egyr.2021.11.117.
F. Zhou, R. Yu, Z. Li, H. Gu, and X. Wang, “FedAegis: Edge-based Byzantine-Robust federated learning for heterogeneous data”, GLOBECOM 2022 - 2022 IEEE Global Communications Conference, pp. 3005-3010, 2022, doi: 10.1109/globecom48099.2022.10000981.
T. Sawyer, and J. Rubenstone, “Construction Cybercrime is on the Rise,” Engineering News-Record. [Online]. Available: https://www.enr.com/articles/46832-construction-cybercrime-is-on-the-rise
M. Kalinin, V. Krundyshev, and P. Zegzhda, “Cybersecurity risk assessment in smart city infrastructures”, Machines, vol. 9, no. 4, pp. 78, 2021, doi: 10.3390/machines9040078.
CIS, Center for Internet Security Controls, ver. 7.1, New York, NY, USA: CIS, 2019. [Online]. Available: https://learn.cisecurity.org/20-controls-download
NYCRR, Part 500 Cybersecurity Requirements for Financial Services Companies, 2017. [Online]. Available: https://govt.westlaw.com
B. Mantha, and B. Soto, “Cybersecurity in construction: Where do we stand and how do we get better prepared”, Frontiers in Built Environment, vol. 7, 2021, doi: 10.3389/fbuil.2021.612668.
N. Pargoo, and M. Ilbeigi, “A scoping review for cybersecurity in the construction industry”, Journal of Management in Engineering, vol. 39, no. 2, 2023, doi: 10.1061/jmenea.meeng-5034.
A. Bello, and A. Maurushat, “Technical and behavioural training and awareness solutions for mitigating ransomware attacks”, Advances in Intelligent Systems and Computing, pp. 164-176, 2020, doi: 10.1007/978-3-030-51974-2_14.
G. Goh, S. Sing, and W. Yeong, “A review on machine learning in 3S printing: Applications, potential, and challenges”, Artificial Intelligence Review, vol. 54, no. 1, pp. 63-94, 2020, doi: 10.1007/s10462-020-09876-9.
M. Khayat, E. Barka, M. Adel Serhani, F. Sallabi, K. Shuaib, and H. M. Khater, “Empowering security operation center with artificial intelligence and machine learning-a systematic literature review," in IEEE Access, vol. 13, pp. 19162-19197, 2025, doi: 10.1109/ACCESS.2025.3532951.
I. Raji et al., “Closing the AI accountability gap”, Proceedings of the 2020 Conference on Fairness, Accountability, and Transparency, pp. 33-44, 2020, doi: 10.1145/3351095.3372873.
E. Bender, T. Gebru, A. McMillan-Major, and S. Shmitchell, “On the dangers of stochastic parrots: Can Language Models be too big?”, Proceedings of the 2021 ACM Conference on Fairness, Accountability, and Transparency, pp. 610-623, 2021, doi: 10.1145/3442188.3445922.
R. Bommasani et al., “On the opportunities and risks of foundation models,” arXiv preprint, 2021, doi: 10.48550/arXiv.2108.07258.
Z. Lipton, “The mythos of model interpretability”, Communications of the ACM, vol. 61, no. 10, pp. 36-43, 2018, doi: 10.1145/3233231.
Z. Pan, S. Hariri, and J. Pacheco, “Context aware intrusion detection for building automation systems”, Computers & Security, vol. 85, pp. 181-201, 2019, doi: 10.1016/j.cose.2019.04.011.
A. Djenna, A. Bouridane, S. Rubab, and I. Marou, “Artificial Intelligence-based malware detection, analysis, and mitigation”, Symmetry, vol. 15, no. 3, pp. 677, 2023, doi: 10.3390/sym15030677.