We present a dataset of adversarial malware samples derived from the public RawMal-TF collection of real-world malware binaries. Using a suite of adversarial malware generators, we construct two sets of adversarial PE files: 44,347 family-labelled samples and 33,596 type-labelled samples, achieving evasion rates of 98.35 % and 92.20 % against the EMBER classifier, respectively. Each adversarial binary is accompanied by detailed metadata, including EMBER scores and VirusTotal classifications. We further demonstrate the susceptibility of malware classification pipelines to data poisoning attacks through a series of training experiments. Injecting fully mislabelled adversarial samples representing only 0.5 % of the training data in the family-labelled dataset increases the evasion rate against the re-trained classifier from 26.1 % to 92.8 %. The dataset is publicly released to facilitate future research on adversarial malware, poisoning attacks, and the robustness of machine-learning-based malware detection systems.

翻译：我们提出一个来源于公开RawMal-TF真实世界恶意软件二进制文件的对抗性恶意软件样本数据集。通过使用一套对抗性恶意软件生成器，我们构建了两组对抗性PE文件：44,347个带家族标签的样本和33,596个带类型标签的样本，分别对EMBER分类器实现了98.35%和92.20%的逃逸率。每个对抗性二进制文件均附有详细元数据，包括EMBER评分和VirusTotal分类结果。通过一系列训练实验，我们进一步证明了恶意软件分类流程对数据投毒攻击的敏感性。在带家族标签的数据集中，仅注入占训练数据0.5%的完全错误标记对抗性样本，即可使针对重新训练分类器的逃逸率从26.1%提升至92.8%。本数据集已公开发布，以促进未来在对抗性恶意软件、投毒攻击以及基于机器学习的恶意软件检测系统鲁棒性方面的研究。