WinAPI-AdvMal: A Six-Class Windows API Import Dataset for Adversarial Malware
收藏Zenodo2026-05-18 更新2026-05-26 收录
下载链接:
https://zenodo.org/doi/10.5281/zenodo.20208957
下载链接
链接失效反馈官方服务:
资源简介:
Windows API imports dataset for adversarial malware sample generation and malware detection evasion experiments (6 classes: office, development, multimedia, security, administration, malware (collected using MalwareBazaar database)). Data was obtained by parsing IAT (import address table). The dataset consists of 3,799 samples, from which 2,713 unique features were extracted. Each feature is binary (0 – Win32 API not imported, 1 – Win32 API imported).
Proposed dataset can be used for adversarial malware generation by making malicious samples look like a specific benign class. These adversarial samples can be used to test the robustness of existing malware classifiers or be used to train new malware classifiers that can detect adversarial attacks.
Furthermore, this approach can also be used for malware detection as malware changes quite rapidly (new malware techniques emerge, while other become obsolete), whereas benign software is more stable and does not change that often (benign software authors have no need to evade detections).
PE file names are anonymized for ethical purposes.
Class
Category
Number of samples
1
Office tools
667
2
Development tools
746
3
Multimedia
623
4
Security tools
519
5
Admin tools
566
6
Malware
678
Total:
3,799
FUNDING:
This work has received funding from the Research Council of Lithuania (LMTLT), agreement No S-MIP-24-116.
RELATED PUBLICATION
This dataset accompanies: J. Dautartas, O. Kurasova, J. R. Čypas, and V. Medvedev, "Learning to Look Benign: Targeted Evasion of Malware Detectors via API Import Injection," submitted to IEEE Transactions on Information Forensics and Security, 2026.
提供机构:
Zenodo创建时间:
2026-05-18



