MalVol-25: a diverse, labelled and detailed volatile memory dataset for malware detection and response testing and validation [paper]

Dunsin, Dipo, Ghanem, Mohamed Chahine, Almeida Palmieri, Eduardo, Kheddar, Hamza and Habchi, Yassine (2025) MalVol-25: a diverse, labelled and detailed volatile memory dataset for malware detection and response testing and validation [paper]. In: 8th IEEE Conference on Cloud and Internet of Things CIoT-2025, 29-31 October 2025, London, UK. (In Press)

Abstract

This paper addresses the critical need for high-quality malware datasets that support advanced analysis techniques, particularly machine learning and agentic AI frameworks. Existing datasets often lack diversity, comprehensive labelling, and the complexity necessary for effective machine learning and agent-based AI training. To fill this gap, we developed a systematic approach for generating a dataset that combines automated malware execution in controlled virtual environments with dynamic monitoring tools. The resulting dataset comprises clean and infected memory snapshots across multiple malware families and operating systems, capturing detailed behavioural and environmental features. Key design decisions include applying ethical and legal compliance, thorough validation using both automated and manual methods, and comprehensive documentation to ensure replicability and integrity. The dataset’s distinctive features enable modelling system states and transitions, facilitating RL-based malware detection and response strategies. This resource is significant for advancing adaptive cybersecurity defences and digital forensic research. Its scope supports diverse malware scenarios and offers potential for broader applications in incident response and automated threat mitigation.

Documents
10786:54348
[thumbnail of MalVol_25__A_Diverse__Labeled_and_Detailed_Malware_Volatile_Memory_Dataset_for_Detection_and_Response_Testing_and_Validation-1.pdf]
Preview
MalVol_25__A_Diverse__Labeled_and_Detailed_Malware_Volatile_Memory_Dataset_for_Detection_and_Response_Testing_and_Validation-1.pdf - Accepted Version
Available under License Creative Commons Attribution 4.0.

Download (930kB) | Preview
Details
Record

Available Versions of this Item

View Item View Item