This repository hosts our public feature set of opcode sequences generated with Radare2 disassembler from Windows portable executable (PE) files for malware detection using machine learning models. The feature set has been leveraged for malware detection in a journal paper titled “Malware Detection Using Ensemble N-gram Opcode Sequences found here” by authors Paul Ntim Yeboah, Stephen Kweku Amuquandoh and Haruna Musa Balle Baz.
The feature set consist a total of 2000 benign and malware opcode sequences with labels (0-benign, 1-malware). As described in section 3.1 of the paper, the feature set was used as the base for generating n-gram opcode sequences for training ensemble models for malware detection of which a detection accuracy of 98.1% and AUC of 1 was reached for the best models. The original dataset from which this feature set was generated as described in section 4 of the paper was obtained from a research project found here.