This work addresses two key challenges in malware detection: the complexity of modeling behavioral relationships and insufficient model interpretability. We propose the first systematic framework integrating Graph Neural Networks (GNNs) with eXplainable AI (XAI). Methodologically, we construct a fine-grained malware behavioral graph and combine graph reduction, adaptive embedding, and post-hoc explanation techniques—including GNNExplainer—to achieve high-accuracy detection alongside synergistic local and global attribution. Our main contributions are: (1) the first auditable GNN architecture specifically designed for malware detection; (2) significantly improved false-positive traceability and analyst decision efficiency; and (3) an open-source behavioral graph dataset and reproducible framework supporting industrial-scale deployment. Experiments demonstrate that our approach maintains high detection robustness while delivering strong transparency and scalability.

The rapid evolution of malware has necessitated the development of sophisticated detection methods that go beyond traditional signature-based approaches. Graph learning techniques have emerged as powerful tools for modeling and analyzing the complex relationships inherent in malware behavior, leveraging advancements in Graph Neural Networks (GNNs) and related methods. This survey provides a comprehensive exploration of recent advances in malware detection, focusing on the interplay between graph learning and explainability. It begins by reviewing malware analysis techniques and datasets, emphasizing their foundational role in understanding malware behavior and supporting detection strategies. The survey then discusses feature engineering, graph reduction, and graph embedding methods, highlighting their significance in transforming raw data into actionable insights, while ensuring scalability and efficiency. Furthermore, this survey focuses on explainability techniques and their applications in malware detection, ensuring transparency and trustworthiness. By integrating these components, this survey demonstrates how graph learning and explainability contribute to building robust, interpretable, and scalable malware detection systems. Future research directions are outlined to address existing challenges and unlock new opportunities in this critical area of cybersecurity.