EMBER2024 -- A Benchmark Dataset for Holistic Evaluation of Malware Classifiers
This dataset addresses the need for holistic evaluation tools for malware classifiers, benefiting researchers in cybersecurity and machine learning, though it is incremental as it builds on prior EMBER versions.
The authors tackled the problem of limited and narrow public datasets for malware analysis by creating EMBER2024, a benchmark dataset with over 3.2 million files from six formats that supports seven classification tasks and includes a challenge set of evasive malware.
A lack of accessible data has historically restricted malware analysis research, and practitioners have relied heavily on datasets provided by industry sources to advance. Existing public datasets are limited by narrow scope - most include files targeting a single platform, have labels supporting just one type of malware classification task, and make no effort to capture the evasive files that make malware detection difficult in practice. We present EMBER2024, a new dataset that enables holistic evaluation of malware classifiers. Created in collaboration with the authors of EMBER2017 and EMBER2018, the EMBER2024 dataset includes hashes, metadata, feature vectors, and labels for more than 3.2 million files from six file formats. Our dataset supports the training and evaluation of machine learning models on seven malware classification tasks, including malware detection, malware family classification, and malware behavior identification. EMBER2024 is the first to include a collection of malicious files that initially went undetected by a set of antivirus products, creating a "challenge" set to assess classifier performance against evasive malware. This work also introduces EMBER feature version 3, with added support for several new feature types. We are releasing the EMBER2024 dataset to promote reproducibility and empower researchers in the pursuit of new malware research topics.