The advent of the so-called digital revolution and its rapid growth has radically transformed the way we live and interact with society, ofering unprecedented opportunities in terms of connectivity, education, and economic development. However, this progress brings with it an extreme dichotomy. While it is undeniable how it has brought prosperity and growth, one cannot ignore how the same progress has amplified and complicated certain pre-existing criminal phenomena, creating a stark contrast between technological advancement and the ethical issues that have inherently arisen from it [ 1 ].

Among these, Child Sexual Abuse (CSA) represents one of the most serious violations of human rights1. This crime has devastating and long-term consequences on the psycho-physical health of its victims, leading to what is referred to in psychopathology as complex post-traumatic stress disorder (C-PTSD)2. The psychological impact can vary significantly depending on elements such as personal resilience, the levels of stress the victim is subjected to, the family environment and, finally, the quality, timeliness, and efectiveness of the support received. This phenomenon has taken on alarming dimensions, evolving into increasingly complex and hard-to-counteract manifestations, including Online Child Sexual Abuse (OCSA) and the digital production and distribution of child sexual abuse material (CSAM).

Online child sexual abuse has become a significant concern with the rise of the Internet and social networking sites [2]. This form of abuse can occur through online grooming, sexual solicitation, and the Copyright © 2025 for this paper by its authors. Use permitted under Creative Commons License Attribution 4.0 International (CC BY 4.0). ∗Corresponding author. †These authors contributed equally.

CEUR

ceur-ws.org distribution of child abuse images [3]. The distinction between online and ofline abuse is increasingly blurred, as abuse can begin ofline and transition online through filming or photography. Vulnerable children are at risk, and research focuses on identifying these children and fostering resilience [3]. While online abuse is not necessarily more serious than ofline abuse, social media behaviors may present significant risk factors for some children [ 4]. To address this issue, experts recommend increased awareness of online risks among children, improved training for law enforcement (Martellozzo, 2012), and the adoption of a public health approach to prevention and management [2, 4].

According to INTERPOL’s most recent data, in 2022 the phenomenon of CSA reached epidemic proportions, with a 29% increase in CSAM reports compared to the previous year and with over 4.3 million images and videos analysed by their International Child Sexual Exploitation (ICSE) image and video database3. A joint report by INTERPOL and ECPAT International [5], based on the analysis of the information recorded for more than one million data records in the ICSE database, revealed the existence of an inversely proportional correlation between the age of the victims and the severity of the abuse: the younger the victim, the more severe the abuse sufered. The analysis of the images revealed that 84% of the images contained explicit sexual acts and that 65% of the unidentified victims were female, while 92% of the visible rapists were male. It was also found that when the victims are male, the perpetrated abuses are more violent and more often involve paraphilic themes. Particularly worrying is the finding that over 60 per cent of unidentified victims are prepubescent, a group that includes infants and very young children. This figure dispels the myth that sexual abuse mainly afects adolescents, revealing instead a much starker reality, in which the youngest are the main targets of these crimes.

UNICEF and the World Health Organization (WHO) estimate that globally, about 73 million boys and 150 million girls under 18 have sufered some form of sexual violence, with around 90% being committed by a person known to the victim, often a family member or authority figure.

The rapid spread of digital technologies and the increasingly early access of children to the internet have created new vulnerabilities. Like INTERPOL, the National Center for Missing and Exploited Children (NCMEC) has seen an exponential increase in online CSAM reports from 1 million in 2014 to over 65 million in 2023. This dramatic increase is partly attributable to increased detection capacity and awareness, but also reflects a real expansion of the phenomenon.

Finally, the COVID-19 pandemic has further negatively afected the problem. Social isolation, increased online time, and reduced adult supervision have created favorable conditions for attackers. Europol reported a 30% increase in cases of online child grooming4 during the first months of the pandemic in 2020. It is therefore evident that the contrast to CSA and CSAM comes up against numerous technological and legal dificulties. Moreover, given the sensitive nature of the subject and the sheer volume of data, the figures released may underestimate the true extent of the problem. In order to take a step towards improving CSAM detection techniques, it is necessary to analyse existing methods to identify common techniques and methodological approaches, to propose a set of guidelines for the development of such systems, covering all the challenges mentioned above.

The literature review revealed how interest in this area of research has only recently developed. The limited number of publications does not reflect the actual scope of the problem, but rather the existence of strong cultural, social, and psychological barriers that have long hindered, and still limit, in-depth scientific investigation. No literature emerged from this analysis that perfectly matched the goal of our research

Therefore, the aim of this paper is reviewing the current methodologies and technologies proposed for the detection of Child Sexual Abuse Material. The results will help to identify new methods to be tested in the fight against this type of cybercrime.

The rest of the paper is organized as follows. Section 2 explains the research methodology adopted and data extraction method. In Section 3, the results of the systematic review are presented and discussed. Finally, Section 4 presents the conclusions and introduces future research activities. 3https://www.interpol.int/How-we-work/Databases/International-Child-Sexual-Exploitation-database 4Internet solicitation of a child through psychological manipulation to overcome resistance and gain trust for sexual abuse.

A systematic literature review was conducted following the approach proposed by Kitchenham [6].

To ensure transparency and reliability of the entire review process, the following quality parameters were chosen: • The presence of possible publication bias was verified using all the standard search strategies suggested by [6]: scanning of conference proceedings, scanning of grey literature, and contacting experts and researchers working in the area asking if they are aware of unpublished results. • Exclusion of grey literature, such as dissertations, theses, posters, and unpublished works; only peer-reviewed journals and conference proceedings were included, as they guarantee a certified level of quality of the results. • Rigor in following Kitchenham’s review process [6], except for the selection of studies and quality assessment. For these tasks, it was necessary to apply more stringent specifications, given the significant number of research articles dealing with topics related to the proposed research questions, but not containing relevant information for CSAM detection.

In the following graph, the distribution of research conducted over a ten-year range is reported, consistent with the IN1 filter adopted in the previous chapter. The dashed line represents and demonstrates the growing interest, although still limited, in the search for structured methods for the detection of material containing Child Sexual Abuse. Below is the analysis and synthesis of the documents resulting from the previously described research.

The systematic analysis of the literature revealed three predominant macro-areas: Advanced Hashing Cryptographic techniques, Source Camera Identification (SCI) techniques, and methodologies based on Machine Learning algorithms.

Hashing is a cryptographic technique that represents a linear function capable of transforming an input of arbitrary size into an output of fixed and predetermined length, called a fingerprint or hash. In the context of modern cryptography, hashing algorithms play a fundamental role in computer security processes, as they make it possible to verify that a digital document is authentic, has not been modified, and can be traced back to its author with certainty. In the specific field of Content Security detection (as in the case of CSAM), hashing techniques allow for the rapid identification and classification of explicit content by comparing their fingerprints with specialised databases, guaranteeing a fast and efective screening process.

The Source Camera Identification (SCI) is a technique used in digital forensics that aims to identify the source of an image or video by tracing it back to the original camera or capture device. This technique takes advantage of the fact that devices such as cameras, smartphones, or tablets possess distinctive physical and electronic characteristics that generate recurring ’imperfections’ or ’noise’ in the images produced. It is precisely these imperfections that can be considered as identifying ’signatures’ of the device. Typical analysis methodologies are based on techniques such as Pattern Noise Analysis, which studies the electronic noise of the image sensor, and the identification of Fixed Pattern Noise (FPN), i.e. constant structural defects in the sensor. Experts analyze the chrominance and luminance components, extracting features using machine learning algorithms. However, research in this field faces several challenges, such as the variability of acquisition conditions, image degradation, the complexity of identification algorithms, and the need for constantly updated reference databases.

Last but not least are the methodologies based on Machine Learning (ML), a subset of artificial intelligence (AI) that deals with creating systems capable of learning or improving their performance based on the data used. Al-Nabki et al.[10] emerged as an alternative to the classification and identification of CSEM by LEAs, procedures which currently take place through manual inspection, which is why, in most cases, they are not feasible in the available time. One option for detection consists of analyzing the file names stored on the hard disk of the suspected person, searching the text for references to CSEM. However, due to the peculiarities of the names themselves, namely their length and their being deliberately distorted by owners through the use of obfuscated words and user-defined naming patterns, current file name classification methods sufer from a low recall rate, essential in counteracting this problem.

This study was recently revisited by the same research group in [9] with the aim of further accelerating ifle identification, focusing not only on the analysis of names but also of their absolute paths, continuing to leave out their content.

The proposal by Pereira et al. [21] also addresses the ethical and legal challenges associated with acquiring images for training machine learning models, presenting a detection framework based on file metadata. This approach stands out because metadata does not constitute a record of a crime, which allows circumventing the legal restrictions that would normally hinder the collection of sensitive data.

The study by Oronowicz-Jaśkowiak et al.[11] stands out for a rigorous methodological approach in training convolutional neural networks, using explicit images previously examined by forensic experts in anthropology. This research fills important gaps in existing methodologies, addressing three fundamental limitations: the absence of expert annotations, the lack of models trained with real explicit content involving minors, and insuficient justification of classification decisions. Instead, Ngo et al.[13, 12] address the issue of sharing child sexual abuse material (CSAM) within dark web forums, an environment that ofers a high degree of anonymity, making it dificult for law enforcement to identify the criminals involved. The research analyzed and manually labeled a massive dataset comprising over 353,000 posts generated by 35,400 distinct users, operating in 118 diferent languages across eight forums. The study by Fauzi et al.[14] focuses on creating an automatic system capable of detecting potentially predatory conversations and distinguishing between the predator and victim profiles. This resulted in the development of a two-phase approach that integrates linguistic and behavioral analysis techniques, analyzed in two diferent stages.

Spalazzi et al.[16] address the growing challenge represented by the volume of heterogeneous multimedia evidence presented for digital forensic analysis, highlighting the need to apply big data technologies, cloud-based forensic services, and Machine Learning (ML) techniques.

Regarding the tasks of automatic age estimation and nudity detection, Rondeau et al.[15] highlights how modern machine learning algorithms can predict with surprising accuracy the presence of a minor or explicit content. The research introduces an innovative framework to automatically identify sexually exploitative images and videos of minors, merging separate models for apparent age estimation and nudity detection. Specifically, two CNNs are tested: DenseNet-161, pre-trained on ImageNet and then further refined on specific datasets for age classification, and OpenNSFW, also pre-trained, for nudity detection.

As in the previous study, also in the research by Gangwar et al.[17] the problem of automatic CSA detection has been divided into two sub-problems, each with a specialized network: the detection of pornographic content and the age classification of a person as minor or adult. An innovative convolutional neural network (CNN) architecture, called AttM-CNN, that integrates an attention mechanism and metric learning, has been proposed. This architecture is designed to improve the model’s ability to focus on the most relevant features of images, thus optimizing classification performance.

Sae-Bae et al.[20] present a system for detecting images containing CSA, structured around two fundamental modules: the first, dedicated to the detection of explicit images (Explicit Image Detection, EID), and the second, focused on the detection and classification of child faces. The methodology adopted for classification is based on LIBSVM, a powerful support tool for vector machines, which allows optimizing the system’s performance in the recognition and classification of images. The novelty of the proposed technique lies in the adoption of a rapid and robust filter to discriminate skin color from the rest of the photo, along with a new set of facial features that significantly improve the identification of child faces. Vitorino et al.[18] analyze the evolution of the phenomenon of child sexual abuse over the last two decades, highlighting how the modes of generating, distributing, and possessing images have radically changed, moving from reserved and ofline exchanges to a massive network of contacts and data sharing. In the process, a convolutional neural network (CNN) architecture known as GoogLeNet is used, chosen for its consolidated performance in image classification tasks, which includes several processing modules called ”inception”, which allow extracting features at diferent scales and levels of complexity.

De Oliveira et al.[19] address the risks of Internet use by minors, highlighting how privacy and protection from indiscriminate exposure are frequently overlooked issues, leaving young people vulnerable to potential sexual predators. The research is based on a previous study that proposed a tool to detect potentially dangerous conversations, which was based on the analysis of minors’ behavior. The authors, recognizing that such an approach did not comprehensively address the textual analysis of exchanged messages, limiting itself to a superficial analysis, have proposed a new version.

This paper stems from the desire and need to explore a complex and dramatic phenomenon, Child Sexual Abuse, which leads to the uncontrolled spread of Child Sexual Abuse Material (CSAM) on the internet, as well as cases of Grooming. Despite the growing attention dedicated to research in this field today, it is undeniable that much remains to be done both in the state of the art and in practice, given the proportions of the problem, and there are many challenges associated with it from technical, legal, and ethical perspectives.

This systematic review seeks to outline some primary guidelines for designing methods for the detection of material containing CSA, ofering a broad overview of current methodologies and technologies proposed for the detection of Child Sexual Abuse Material at the state of the art.

Machine learning methods prove to be fast, efective, and capable of analyzing large amounts of data while maintaining high performance. On the other hand, however, they raise important issues such as respecting the privacy of victims and being strictly dependent on the use of explicit material during training, a constraint that binds them closely to the need for a joint project with law enforcement. Valid solutions to ”circumvent” the legal restrictions that would normally hinder the collection of sensitive data are those based on the analysis of file metadata that do not constitute a record of a crime in themselves. Examples of studies on detection through metadata are those proposed in [9], [10], and [21], which focus on the study of file names (FNC) and file paths (FPC) stored on the suspect’s hard drive, looking for references to CSEM in the text.

In conclusion, it would be appropriate to emphasize the added value of the results of this work, both in terms of identifying the main gaps in research on this topic, and outlining the future research agenda to fill these gaps. Subsequent research in this field should focus on developing methodological solutions based on the proposed guidelines, which ensure tangible and practical support for designing these systems more efectively, ethically, safely, and sustainably. It is important to emphasize how these advances should not be limited to the sterile academic sphere but should also extend to public dynamics, promoting collaboration and the implementation of innovative approaches.

This work was partially supported by the following projects: SERICS - “Security and Rights In the CyberSpace - SERICS” (PE00000014) under the MUR National Recovery and Resilience Plan funded by the European Union - NextGenerationEU; Accordo Quadro CrASte - “Cyber Academy for Security and Intelligence”.

The author(s) have not employed any Generative AI tools. [2] E. Martellozzo, Chapter 4 - online child sexual abuse, in: I. Bryce, Y. Robinson, W. Petherick (Eds.), Child Abuse and Neglect, Academic Press, 2019, pp. 63–77. URL: https://www. sciencedirect.com/science/article/pii/B9780128153444000040. doi:https://doi.org/10.1016/ B978-0-12-815344-4.00004-0. [3] C. May-Chahal, E. Kelly, 1introduction, in: Online Child Sexual Victimisation, Policy Press, 2020. URL: https://doi.org/10.1332/policypress/9781447354505.003.0001. doi:10.1332/ policypress/9781447354505.003.0001. arXiv:https://academic.oup.com/policypress-scholarship-online/book/0/chapter/264465636/chapter-agpdf/44543872/book_31694_section_264465636.ag.pdf. [4] E. Quayle, N. Koukopoulos, Deterrence of online child sexual abuse and exploitation, Policing: A Journal of Policy and Practice 13 (2018) 345–362. URL: https://doi.org/10.1093/police/pay028. doi:10.1093/police/pay028. arXiv:https://academic.oup.com/policing/articlepdf/13/3/345/29198223/pay028.pdf. [5] I. ECPAT International, Towards a global indicator on unidentified victims in child sexual exploitation material, Technical Report, INTERPOL, ECPAT, 2018. [6] B. Kitchenham, S. Charters, Guidelines for performing systematic literature reviews in software engineering 2 (2007). [7] V. S. Barletta, F. Caruso, T. Di Mascio, A. Piccinno, Serious games for autism based on immersive virtual reality: A lens on methodological and technological challenges, in: M. Temperini, V. Scarano, I. Marenzi, M. Kravcik, E. Popescu, R. Lanzilotti, R. Gennari, F. De La Prieta, T. Di Mascio, P. Vittorini (Eds.), Methodologies and Intelligent Systems for Technology Enhanced Learning, 12th International Conference, Springer International Publishing, Cham, 2023, pp. 181–195. [8] M. Gusenbauer, N. Haddaway, Which academic search systems are suitable for systematic reviews or meta‐analyses? evaluating retrieval qualities of google scholar, pubmed and 26 other resources [open access], Research Synthesis Methods 11 (2020) 181–217. doi:10.1002/jrsm.1378. [9] W. Al Nabki, E. Fidalgo, E. Alegre, R. Alaiz, Short text classification approach to identify child sexual exploitation material, Scientific Reports 13 (2023). doi: 10.1038/s41598-023-42902-8. [10] W. Al Nabki, E. Fidalgo, E. Alegre, R. Alaiz, File name classification approach to identify child sexual abuse, 2020, pp. 228–234. doi:10.5220/0009154802280234. [11] W. Oronowicz-Jaśkowiak, T. Kozłowski, M. Polanska, J. Wojciechowski, P. Wasilewski, D. Ślęzak, M. Kowaluk, Using expert-reviewed csam to train cnns and its anthropological analysis, Journal of Forensic and Legal Medicine 101 (2023) 102619. doi:10.1016/j.jflm.2023.102619. [12] V. Ngo, R. Gajula, C. Thorpe, S. Mckeever, Discovering child sexual abuse material creators’ behaviors and preferences on the dark web, Child Abuse Neglect 147 (2023) 106558. doi:10.1016/ j.chiabu.2023.106558. [13] V. Ngo, S. Mckeever, C. Thorpe, Identifying online child sexual texts in dark web through machine learning and deep learning algorithms, 2024. [14] M. Fauzi, S. Wolthusen, B. Yang, P. Bours, P. Yeng, Identifying sexual predators in chats using svm and feature ensemble, 2023, pp. 1–6. doi:10.1109/ETNCC59188.2023.10284950. [15] J. Rondeau, D. Deslauriers, T. Howard, M. Alvarez, A deep learning framework for finding illicit images/videos of children, Machine Vision and Applications 33 (2022). doi:10.1007/ s00138-022-01318-6. [16] L. Spalazzi, M. Paolanti, E. Frontoni, An ofline parallel architecture for forensic multimedia classification, Multimedia Tools and Applications 81 (2022). doi: 10.1007/s11042-021-10819-x. [17] A. Gangwar, V. González-Castro, E. Alegre, E. Fidalgo, Attm-cnn: Attention and metric learning based cnn for pornography, age and child sexual abuse (csa) detection in images, Neurocomputing 445 (2021). doi:10.1016/j.neucom.2021.02.056. [18] P. Vitorino, S. Avila, M. Perez, A. Rocha, Leveraging deep neural networks to fight child pornography in the age of social media, Journal of Visual Communication and Image Representation 50 (2017). doi:10.1016/j.jvcir.2017.12.005. [19] M. De Oliveira, T. Viana, T. Coelho da Silva, E. Gonçalves, M. Jr, Textual analysis for the protection of children and teenagers in social media: Classification of inappropriate messages for children and teenagers, 2017. doi:10.5220/0006370606560662. [20] N. Sae-Bae, X. Sun, T. Sencar, N. Memon, Towards automatic detection of child pornography, 2014 IEEE International Conference on Image Processing, ICIP 2014 (2015) 5332–5336. doi:10.1109/ ICIP.2014.7026079. [21] M. Pereira, R. Dodhia, H. Anderson, R. Brown, Metadata-based detection of child sexual abuse material, IEEE Transactions on Dependable and Secure Computing PP (2023) 1–13. doi:10.1109/ TDSC.2023.3324275. [22] G. Bennabhaktula, E. Alegre, D. Karastoyanova, G. Azzopardi, Camera model identification based on forensic traces extracted from homogeneous patches, Expert Systems with Applications 206 (2022) 117769. doi:10.1016/j.eswa.2022.117769. [23] S. Reinders, Y. Guan, D. Ommen, J. Davidson, Source‐anchored, trace‐anchored, and general match score‐based likelihood ratios for camera device identification, Journal of Forensic Sciences 67 (2022). doi:10.1111/1556-4029.14991. [24] B. Sarkar, S. Barman, R. Naskar, Blind Source Camera Identification of Online Social Network Images Using Adaptive Thresholding Technique, 2021, pp. 637–648. doi:10.1007/ 978-981-15-7834-2_59. [25] D. Timmerman, S. Bennabhaktula, E. Alegre, G. Azzopardi, Video camera identification from sensor pattern noise with a constrained convnet, 2020. doi:10.48550/arXiv.2012.06277. [26] G. Bennabhaktula, E. Alegre, D. Karastoyanova, G. Azzopardi, Device-based image matching with similarity learning by convolutional neural networks that exploit the underlying camera sensor pattern noise (2020). doi:10.48550/arXiv.2004.11443. [27] C. Meij, Z. Geradts, Source camera identification using photo response non-uniformity on whatsapp, Digital Investigation 24 (2018). doi:10.1016/j.diin.2018.02.005. [28] M. Steinebach, T. Berwanger, H. Liu, Image hashing robust against cropping and rotation, Journal of Cyber Security and Mobility (2023). doi:10.13052/jcsm2245-1439.1221. [29] P. Singh, H. Farid, Robust homomorphic image hashing, in: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR) Workshops, 2019. URL: https://www.scopus.com/inward/record.uri?eid=2-s2.0-85113838951&partnerID=40&md5= 024473edc4f5619b1f642d58f48ff490. [30] J. Garcia, A fragment hashing approach for scalable and cloud-aware network file detection, 2018, pp. 1–5. doi:10.1109/NTMS.2018.8328746. [31] A. Kulshrestha, J. Mayer, Identifying harmful media in end-to-end encrypted communication: Eficient private membership computation, 2021, p. 893 – 910. URL: https://www.scopus.com/inward/ record.uri?eid=2-s2.0-85114489270&partnerID=40&md5=707478615c4762e128ebc2f49c1f41f9. [32] E. Guerra, B. Westlake, Detecting child sexual abuse images: Traits of child sexual exploitation hosting and displaying websites, Child Abuse Neglect 122 (2021) 105336. doi:10.1016/j.chiabu. 2021.105336. [33] A. Ibrahim, C. Valli, Image similarity using dynamic time warping of fractal features (2015). doi:10.4225/75/57b3fe44fb890.