MalVol-25: A Diverse, Labelled and Detailed Volatile Memory Dataset for Malware Detection and Response Testing and Validation

TL;DR

MalVol-25 is a comprehensive, labeled volatile memory dataset designed to enhance malware detection, response testing, and validation through detailed behavioral and environmental features across multiple malware families and OS.

Contribution

The paper introduces a systematic approach to generate a diverse, well-validated malware memory dataset with detailed labels, supporting advanced AI and machine learning cybersecurity research.

Findings

Dataset includes multiple malware families and OS environments.

Enables modeling system states and transitions for RL-based detection.

Supports diverse malware scenarios and automated response testing.

Abstract

This paper addresses the critical need for high-quality malware datasets that support advanced analysis techniques, particularly machine learning and agentic AI frameworks. Existing datasets often lack diversity, comprehensive labelling, and the complexity necessary for effective machine learning and agent-based AI training. To fill this gap, we developed a systematic approach for generating a dataset that combines automated malware execution in controlled virtual environments with dynamic monitoring tools. The resulting dataset comprises clean and infected memory snapshots across multiple malware families and operating systems, capturing detailed behavioural and environmental features. Key design decisions include applying ethical and legal compliance, thorough validation using both automated and manual methods, and comprehensive documentation to ensure replicability and integrity. The dataset's distinctive features enable modelling system states and transitions, facilitating RL-based malware detection and response strategies. This resource is significant for advancing adaptive cybersecurity defences and digital forensic research. Its scope supports diverse malware scenarios and offers potential for broader applications in incident response and automated threat mitigation.