SOREL-20M: A Large Scale Benchmark Dataset for Malicious PE Detection

Abstract: In this paper we describe the SOREL-20M (Sophos/ReversingLabs-20 Million) dataset: a large-scale dataset consisting of nearly 20 million files with pre-extracted features and metadata, high-quality labels derived from multiple sources, information about vendor detections of the malware samples at the time of collection, and additional tags'' related to each malware sample to serve as additional targets. In addition to features and metadata, we also provide approximately 10 milliondisarmed'' malware samples -- samples with both the optional_headers.subsystem and file_header.machine flags set to zero -- that may be used for further exploration of features and detection strategies. We also provide Python code to interact with the data and features, as well as baseline neural network and gradient boosted decision tree models and their results, with full training and evaluation code, to serve as a starting point for further experimentation.