Purpose The purpose of this study is the rapid evolution of malware encompassing viruses, worms, ransomware and spyware, which poses an escalating threat to global cybersecurity, necessitating the development of advanced detection techniques. Traditional signature-based methods have become increasingly ineffective against the sophisticated tactics used by polymorphic malware. Design/methodology/approach This study uses machine learning techniques, specifically Latent Dirichlet Allocation (LDA) topic modeling, to analyze and summarize the research literature on malware detection from 2006 to 2024 and all the abstracts were analyzed. Findings By applying LDA, the authors uncover prevailing trends, identify underexplored areas and highlight emerging themes within the field. Additionally, they conduct an in-depth text analysis to investigate publication trends, publishers’ patterns and hidden research topics over the years. The findings provide a comprehensive overview of ongoing research directions and illuminate potential avenues for future studies in malware detection. Research limitations/implications This research offers actionable guidance for cybersecurity stakeholders. By identifying underexplored threats (e.g. artificial intelligence (AI)-driven polymorphic malware) and shifting focus from legacy systems to emerging attack vectors, it enables targeted R&D investment. The analysis informs next-generation detection tool development, emphasizing behavioral analysis and cross-platform solutions. Policymakers can address regulatory gaps in AI ethics and international cyber treaties, while industry-academia collaboration can bridge data-sharing gaps to enhance real-world threat intelligence. Originality/value This study pioneers large-scale LDA topic modeling in malware detection research, revealing three paradigm shifts (2006–2024) and quantifying field fragmentation through topic entropy. It uniquely synthesizes computational linguistics with cybersecurity, exposing latent semantic patterns like the isolation of “cryptojacking” from blockchain security. The proposed Topic Impact Index (TII) prioritizes research by combining citation centrality and real-world applicability, offering a novel framework for future studies.
Pachouri et al. (Mon,) studied this question.