{"id":"https://openalex.org/W4408970994","doi":"https://doi.org/10.1109/access.2025.3555926","title":"Explainable Artificial Intelligence (XAI) for Malware Analysis: A Survey of Techniques, Applications, and Open Challenges","display_name":"Explainable Artificial Intelligence (XAI) for Malware Analysis: A Survey of Techniques, Applications, and Open Challenges","publication_year":2025,"publication_date":"2025-01-01","ids":{"openalex":"https://openalex.org/W4408970994","doi":"https://doi.org/10.1109/access.2025.3555926"},"language":"en","primary_location":{"id":"doi:10.1109/access.2025.3555926","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3555926","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"type":"article","indexed_in":["crossref","doaj"],"open_access":{"is_oa":true,"oa_status":"gold","oa_url":"https://doi.org/10.1109/access.2025.3555926","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5007185742","display_name":"Harikha Manthena","orcid":"https://orcid.org/0000-0002-5976-537X"},"institutions":[{"id":"https://openalex.org/I35777872","display_name":"North Carolina Agricultural and Technical State University","ror":"https://ror.org/02aze4h65","country_code":"US","type":"education","lineage":["https://openalex.org/I35777872"]}],"countries":["US"],"is_corresponding":true,"raw_author_name":"Harikha Manthena","raw_affiliation_strings":["Computer Science Department, North Carolina Agricultural and Technical State University, Greensboro, NC, USA","North Carolina Agricultural and Technical State University, Greensboro, North Carolina, USA"],"affiliations":[{"raw_affiliation_string":"Computer Science Department, North Carolina Agricultural and Technical State University, Greensboro, NC, USA","institution_ids":["https://openalex.org/I35777872"]},{"raw_affiliation_string":"North Carolina Agricultural and Technical State University, Greensboro, North Carolina, USA","institution_ids":["https://openalex.org/I35777872"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5107821273","display_name":"Shaghayegh Shajarian","orcid":null},"institutions":[{"id":"https://openalex.org/I35777872","display_name":"North Carolina Agricultural and Technical State University","ror":"https://ror.org/02aze4h65","country_code":"US","type":"education","lineage":["https://openalex.org/I35777872"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Shaghayegh Shajarian","raw_affiliation_strings":["Computer Science Department, North Carolina Agricultural and Technical State University, Greensboro, NC, USA","North Carolina Agricultural and Technical State University, Greensboro, North Carolina, USA"],"affiliations":[{"raw_affiliation_string":"Computer Science Department, North Carolina Agricultural and Technical State University, Greensboro, NC, USA","institution_ids":["https://openalex.org/I35777872"]},{"raw_affiliation_string":"North Carolina Agricultural and Technical State University, Greensboro, North Carolina, USA","institution_ids":["https://openalex.org/I35777872"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5024310477","display_name":"Jeffrey C Kimmell","orcid":"https://orcid.org/0000-0001-6926-2832"},"institutions":[{"id":"https://openalex.org/I63920570","display_name":"Tennessee Technological University","ror":"https://ror.org/05drmrq39","country_code":"US","type":"education","lineage":["https://openalex.org/I63920570"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Jeffrey C. Kimmell","raw_affiliation_strings":["Computer Science Department, Tennessee Tech University, Cookeville, TN, USA","Tennessee Tech University, Cookeville, Tennessee, USA"],"affiliations":[{"raw_affiliation_string":"Computer Science Department, Tennessee Tech University, Cookeville, TN, USA","institution_ids":["https://openalex.org/I63920570"]},{"raw_affiliation_string":"Tennessee Tech University, Cookeville, Tennessee, USA","institution_ids":["https://openalex.org/I63920570"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5064628952","display_name":"Mahmoud Abdelsalam","orcid":"https://orcid.org/0000-0001-5627-5239"},"institutions":[{"id":"https://openalex.org/I35777872","display_name":"North Carolina Agricultural and Technical State University","ror":"https://ror.org/02aze4h65","country_code":"US","type":"education","lineage":["https://openalex.org/I35777872"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Mahmoud Abdelsalam","raw_affiliation_strings":["Computer Science Department, North Carolina Agricultural and Technical State University, Greensboro, NC, USA","North Carolina Agricultural and Technical State University, Greensboro, North Carolina, USA"],"affiliations":[{"raw_affiliation_string":"Computer Science Department, North Carolina Agricultural and Technical State University, Greensboro, NC, USA","institution_ids":["https://openalex.org/I35777872"]},{"raw_affiliation_string":"North Carolina Agricultural and Technical State University, Greensboro, North Carolina, USA","institution_ids":["https://openalex.org/I35777872"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5082756758","display_name":"Sajad Khorsandroo","orcid":"https://orcid.org/0000-0003-0649-9247"},"institutions":[{"id":"https://openalex.org/I35777872","display_name":"North Carolina Agricultural and Technical State University","ror":"https://ror.org/02aze4h65","country_code":"US","type":"education","lineage":["https://openalex.org/I35777872"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Sajad Khorsandroo","raw_affiliation_strings":["Computer Science Department, North Carolina Agricultural and Technical State University, Greensboro, NC, USA","North Carolina Agricultural and Technical State University, Greensboro, North Carolina, USA"],"affiliations":[{"raw_affiliation_string":"Computer Science Department, North Carolina Agricultural and Technical State University, Greensboro, NC, USA","institution_ids":["https://openalex.org/I35777872"]},{"raw_affiliation_string":"North Carolina Agricultural and Technical State University, Greensboro, North Carolina, USA","institution_ids":["https://openalex.org/I35777872"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5047952246","display_name":"Maanak Gupta","orcid":"https://orcid.org/0000-0001-9189-2478"},"institutions":[{"id":"https://openalex.org/I63920570","display_name":"Tennessee Technological University","ror":"https://ror.org/05drmrq39","country_code":"US","type":"education","lineage":["https://openalex.org/I63920570"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Maanak Gupta","raw_affiliation_strings":["Computer Science Department, Tennessee Tech University, Cookeville, TN, USA","Tennessee Tech University, Cookeville, Tennessee, USA"],"affiliations":[{"raw_affiliation_string":"Computer Science Department, Tennessee Tech University, Cookeville, TN, USA","institution_ids":["https://openalex.org/I63920570"]},{"raw_affiliation_string":"Tennessee Tech University, Cookeville, Tennessee, USA","institution_ids":["https://openalex.org/I63920570"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5007185742"],"corresponding_institution_ids":["https://openalex.org/I35777872"],"apc_list":{"value":1850,"currency":"USD","value_usd":1850},"apc_paid":{"value":1850,"currency":"USD","value_usd":1850},"fwci":28.7812,"has_fulltext":false,"cited_by_count":20,"citation_normalized_percentile":{"value":0.99784006,"is_in_top_1_percent":true,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":99,"max":100},"biblio":{"volume":"13","issue":null,"first_page":"61611","last_page":"61640"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9954000115394592,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9954000115394592,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9929999709129333,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.9787999987602234,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.753558874130249},{"id":"https://openalex.org/keywords/malware","display_name":"Malware","score":0.7288722991943359},{"id":"https://openalex.org/keywords/data-science","display_name":"Data science","score":0.349803626537323},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.32947999238967896}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.753558874130249},{"id":"https://openalex.org/C541664917","wikidata":"https://www.wikidata.org/wiki/Q14001","display_name":"Malware","level":2,"score":0.7288722991943359},{"id":"https://openalex.org/C2522767166","wikidata":"https://www.wikidata.org/wiki/Q2374463","display_name":"Data science","level":1,"score":0.349803626537323},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.32947999238967896}],"mesh":[],"locations_count":2,"locations":[{"id":"doi:10.1109/access.2025.3555926","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3555926","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},{"id":"pmh:oai:doaj.org/article:2a16402e3ba4416cab02fbbd3fc6ab76","is_oa":true,"landing_page_url":"https://doaj.org/article/2a16402e3ba4416cab02fbbd3fc6ab76","pdf_url":null,"source":{"id":"https://openalex.org/S112646816","display_name":"SHILAP Revista de lepidopterolog\u00eda","issn_l":"0300-5267","issn":["0300-5267","2340-4078"],"is_oa":true,"is_in_doaj":true,"is_core":false,"host_organization":null,"host_organization_name":null,"host_organization_lineage":[],"host_organization_lineage_names":[],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"submittedVersion","is_accepted":false,"is_published":false,"raw_source_name":"IEEE Access, Vol 13, Pp 61611-61640 (2025)","raw_type":"article"}],"best_oa_location":{"id":"doi:10.1109/access.2025.3555926","is_oa":true,"landing_page_url":"https://doi.org/10.1109/access.2025.3555926","pdf_url":null,"source":{"id":"https://openalex.org/S2485537415","display_name":"IEEE Access","issn_l":"2169-3536","issn":["2169-3536"],"is_oa":true,"is_in_doaj":true,"is_core":true,"host_organization":"https://openalex.org/P4310319808","host_organization_name":"Institute of Electrical and Electronics Engineers","host_organization_lineage":["https://openalex.org/P4310319808"],"host_organization_lineage_names":["Institute of Electrical and Electronics Engineers"],"type":"journal"},"license":"cc-by","license_id":"https://openalex.org/licenses/cc-by","version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"IEEE Access","raw_type":"journal-article"},"sustainable_development_goals":[],"awards":[{"id":"https://openalex.org/G1341791957","display_name":null,"funder_award_id":"2230610","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G2566884350","display_name":null,"funder_award_id":"2416990","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G4767151281","display_name":null,"funder_award_id":"2113945","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5409530191","display_name":null,"funder_award_id":"2200538","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G5472796524","display_name":null,"funder_award_id":"2416992","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"},{"id":"https://openalex.org/G6980688025","display_name":null,"funder_award_id":"2230609","funder_id":"https://openalex.org/F4320306076","funder_display_name":"National Science Foundation"}],"funders":[{"id":"https://openalex.org/F4320306076","display_name":"National Science Foundation","ror":"https://ror.org/021nxhr62"}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":126,"referenced_works":["https://openalex.org/W1970131138","https://openalex.org/W1993651556","https://openalex.org/W2048231652","https://openalex.org/W2077278164","https://openalex.org/W2085807744","https://openalex.org/W2097117768","https://openalex.org/W2119954997","https://openalex.org/W2122672392","https://openalex.org/W2125847307","https://openalex.org/W2143612262","https://openalex.org/W2154529672","https://openalex.org/W2215444025","https://openalex.org/W2293923001","https://openalex.org/W2508015754","https://openalex.org/W2516809705","https://openalex.org/W2536311873","https://openalex.org/W2538940504","https://openalex.org/W2623990103","https://openalex.org/W2731925707","https://openalex.org/W2753669113","https://openalex.org/W2754212721","https://openalex.org/W2782578820","https://openalex.org/W2807026630","https://openalex.org/W2889717770","https://openalex.org/W2890991187","https://openalex.org/W2891130433","https://openalex.org/W2914516771","https://openalex.org/W2921159494","https://openalex.org/W2944012984","https://openalex.org/W2945526235","https://openalex.org/W2958992432","https://openalex.org/W2963777745","https://openalex.org/W2964088652","https://openalex.org/W2969673498","https://openalex.org/W2975495759","https://openalex.org/W2981731882","https://openalex.org/W3005994722","https://openalex.org/W3015177564","https://openalex.org/W3021357056","https://openalex.org/W3033780445","https://openalex.org/W3033988828","https://openalex.org/W3047318188","https://openalex.org/W3083155189","https://openalex.org/W3090855408","https://openalex.org/W3091163785","https://openalex.org/W3091621850","https://openalex.org/W3092273386","https://openalex.org/W3093543579","https://openalex.org/W3093718041","https://openalex.org/W3097333530","https://openalex.org/W3109446245","https://openalex.org/W3113774281","https://openalex.org/W3116286104","https://openalex.org/W3116877279","https://openalex.org/W3117696238","https://openalex.org/W3117705485","https://openalex.org/W3125596609","https://openalex.org/W3133963303","https://openalex.org/W3145971023","https://openalex.org/W3154716387","https://openalex.org/W3158694465","https://openalex.org/W3160238701","https://openalex.org/W3161794458","https://openalex.org/W3164164026","https://openalex.org/W3174361912","https://openalex.org/W3174752098","https://openalex.org/W3183342202","https://openalex.org/W3185872651","https://openalex.org/W3186769346","https://openalex.org/W3188740654","https://openalex.org/W3196807348","https://openalex.org/W3197347140","https://openalex.org/W3198931783","https://openalex.org/W3199703676","https://openalex.org/W3202641376","https://openalex.org/W3211182750","https://openalex.org/W3211639647","https://openalex.org/W3214404698","https://openalex.org/W4206967005","https://openalex.org/W4211030792","https://openalex.org/W4213174075","https://openalex.org/W4223561153","https://openalex.org/W4283159491","https://openalex.org/W4283809064","https://openalex.org/W4285059789","https://openalex.org/W4285592749","https://openalex.org/W4294559022","https://openalex.org/W4296105182","https://openalex.org/W4307571902","https://openalex.org/W4309730097","https://openalex.org/W4312290548","https://openalex.org/W4320723990","https://openalex.org/W4366085876","https://openalex.org/W4385059984","https://openalex.org/W4385336663","https://openalex.org/W4386142022","https://openalex.org/W4386193536","https://openalex.org/W4387097414","https://openalex.org/W4388820046","https://openalex.org/W4390517513","https://openalex.org/W4390673835","https://openalex.org/W4392816088","https://openalex.org/W4393970627","https://openalex.org/W4398198426","https://openalex.org/W4401751497","https://openalex.org/W4405704706","https://openalex.org/W6637845829","https://openalex.org/W6731085181","https://openalex.org/W6736518430","https://openalex.org/W6737947904","https://openalex.org/W6745899033","https://openalex.org/W6746350782","https://openalex.org/W6757708574","https://openalex.org/W6761377332","https://openalex.org/W6762067330","https://openalex.org/W6762090766","https://openalex.org/W6779540071","https://openalex.org/W6787959460","https://openalex.org/W6788550721","https://openalex.org/W6788605172","https://openalex.org/W6789073751","https://openalex.org/W6792837690","https://openalex.org/W6803247238","https://openalex.org/W6803380382","https://openalex.org/W6846526659","https://openalex.org/W6866141348"],"related_works":["https://openalex.org/W4391375266","https://openalex.org/W2899084033","https://openalex.org/W2748952813","https://openalex.org/W2097492617","https://openalex.org/W2753240997","https://openalex.org/W1764168690","https://openalex.org/W2537959205","https://openalex.org/W2740895074","https://openalex.org/W2772446090","https://openalex.org/W4284893819"],"abstract_inverted_index":{"Machine":[0],"learning":[1],"(ML)":[2],"has":[3],"rapidly":[4],"advanced":[5],"in":[6,50,116,142,180],"recent":[7,135],"years,":[8],"revolutionizing":[9],"fields":[10],"such":[11],"as":[12,162],"finance,":[13],"medicine,":[14],"and":[15,65,102,119,121,137,168,178],"cybersecurity.":[16,181],"In":[17],"malware":[18,93,117,127,147,156],"detection,":[19,120],"ML-based":[20],"approaches":[21],"have":[22],"demonstrated":[23],"high":[24],"accuracy;":[25],"however,":[26],"their":[27,45,48,114],"lack":[28],"of":[29,88,145,154],"transparency":[30],"poses":[31],"a":[32,58,85,96,151,163],"significant":[33],"challenge.":[34],"Traditional":[35],"ML":[36,90,176],"models":[37,129],"often":[38],"fail":[39],"to":[40,107,171],"provide":[41],"interpretable":[42],"justifications":[43],"for":[44,62,92,166],"predictions,":[46],"limiting":[47],"adoption":[49],"security-critical":[51],"environments":[52],"where":[53],"understanding":[54],"the":[55,122,143,173],"reasoning":[56],"behind":[57],"detection":[59,80,128,157],"is":[60],"essential":[61],"threat":[63],"mitigation":[64],"response.":[66],"Explainable":[67],"AI":[68],"(XAI)":[69],"addresses":[70],"this":[71,159],"gap":[72,174],"by":[73],"enhancing":[74],"model":[75],"interpretability":[76],"while":[77],"maintaining":[78],"strong":[79],"capabilities.":[81],"This":[82],"survey":[83,160],"presents":[84],"comprehensive":[86],"review":[87],"state-of-the-art":[89],"techniques":[91],"analysis,":[94],"with":[95,125],"specific":[97],"focus":[98],"on":[99],"explainability":[100,179],"methods":[101],"research":[103,140],"mainly":[104],"from":[105],"2018":[106],"2024.":[108],"We":[109],"examine":[110],"existing":[111],"XAI":[112],"frameworks,":[113],"application":[115],"classification":[118],"challenges":[123,141],"associated":[124],"making":[126],"more":[130],"interpretable.":[131],"Additionally,":[132],"we":[133],"explore":[134],"advancements":[136],"highlight":[138],"open":[139],"field":[144],"explainable":[146],"analysis.":[148],"By":[149],"providing":[150],"structured":[152],"overview":[153],"XAI-driven":[155],"approaches,":[158],"serves":[161],"valuable":[164],"resource":[165],"researchers":[167],"practitioners":[169],"seeking":[170],"bridge":[172],"between":[175],"performance":[177]},"counts_by_year":[{"year":2026,"cited_by_count":8},{"year":2025,"cited_by_count":12}],"updated_date":"2026-04-03T22:45:19.894376","created_date":"2025-10-10T00:00:00"}