An Extensive Analysis and Taxonomy of Explainable Artificial Intelligence for Malware Identification

Abstract

As malware continues to evolve in sophistication and scale, traditional detection methods struggle to keep pace, especially when facing obfuscated or zero-day threats. In response, Machine Learning (ML) and Deep Learning (DL) techniques have shown significant promise in enhancing malware detection through pattern recognition and anomaly classification. However, their increasing complexity has introduced major interpretability challenges, particularly in high-stakes cybersecurity contexts. This paper provides a comprehensive survey of eXplainable Artificial Intelligence (XAI) methods applied to malware detection across diverse computing platforms, including Windows PE files, PDF, Linux, and hardware-based systems. We propose a novel taxonomy that categorizes explainable malware detection approaches by model transparency, explanation technique (model-agnostic or model-specific), and deployment environment. We also discuss major trends, highlight underexplored domains, and outline future research directions aimed at enhancing real-time interpretability, adversarial robustness, and human-in-the-loop integration. This work aims to bridge the gap between high-performance malware detection models and actionable, transparent security decision-making.