SOREL-20M: A Large Scale Benchmark Dataset for Malicious PE Detection
This dataset provides a new, large-scale benchmark for researchers and practitioners working on malicious PE detection, offering a standardized platform for evaluating detection strategies.
The SOREL-20M dataset, comprising nearly 20 million files with pre-extracted features and metadata, high-quality labels, and vendor detection information, was created to benchmark malicious PE detection. It also includes 10 million 'disarmed' malware samples for further feature exploration.
In this paper we describe the SOREL-20M (Sophos/ReversingLabs-20 Million) dataset: a large-scale dataset consisting of nearly 20 million files with pre-extracted features and metadata, high-quality labels derived from multiple sources, information about vendor detections of the malware samples at the time of collection, and additional ``tags'' related to each malware sample to serve as additional targets. In addition to features and metadata, we also provide approximately 10 million ``disarmed'' malware samples -- samples with both the optional\_headers.subsystem and file\_header.machine flags set to zero -- that may be used for further exploration of features and detection strategies. We also provide Python code to interact with the data and features, as well as baseline neural network and gradient boosted decision tree models and their results, with full training and evaluation code, to serve as a starting point for further experimentation.