Hugging Face's logo

xpertsystems
/
cyb003-baseline-classifier

Tabular Classification
PyTorch
cybersecurity
malware
malware-behaviour
sandbox-analysis
edr
synthetic-data
xgboost
baseline
Eval Results (legacy)
Model card Files
xet
 Community
cyb003-baseline-classifier / ablation_results.json
pradeep-xpert's picture
pradeep-xpert
Initial release: XGBoost + MLP for malware execution phase classification
c6a80e7 verified
raw
history blame contribute delete
16.4 kB
{
 "purpose": "Quantify how much each feature group contributes to the headline XGBoost score. Identical architecture, same group-aware split, with one feature group dropped at a time.",
 "full_model_metrics": {
 "model": "xgboost",
 "accuracy": 0.9177777777777778,
 "macro_f1": 0.7780699645112974,
 "weighted_f1": 0.9064879129227142,
 "per_class_f1": {
 "c2_communication": 1.0,
 "data_exfiltration": 0.9699570815450643,
 "dormancy_dwell": 0.5301204819277109,
 "initial_drop": 0.9453125,
 "lateral_movement": 0.9917355371900827,
 "payload_execution": 0.963302752293578,
 "persistence_establishment": 0.9918032786885246,
 "privilege_escalation": 0.9907407407407407,
 "sandbox_evasion_stall": 0.125,
 "self_destruct_cleanup": 0.2727272727272727
 },
 "confusion_matrix": {
 "labels": [
 "c2_communication",
 "data_exfiltration",
 "dormancy_dwell",
 "initial_drop",
 "lateral_movement",
 "payload_execution",
 "persistence_establishment",
 "privilege_escalation",
 "sandbox_evasion_stall",
 "self_destruct_cleanup"
 ],
 "matrix": [
 [
 108,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0
 ],
 [
 0,
 113,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0
 ],
 [
 0,
 4,
 22,
 7,
 0,
 1,
 0,
 0,
 2,
 4
 ],
 [
 0,
 0,
 2,
 121,
 0,
 0,
 0,
 0,
 0,
 0
 ],
 [
 0,
 0,
 0,
 0,
 120,
 0,
 0,
 0,
 0,
 1
 ],
 [
 0,
 0,
 1,
 0,
 0,
 105,
 0,
 0,
 0,
 0
 ],
 [
 0,
 0,
 1,
 0,
 0,
 0,
 121,
 0,
 0,
 0
 ],
 [
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 107,
 0,
 0
 ],
 [
 0,
 0,
 17,
 3,
 0,
 1,
 1,
 2,
 3,
 5
 ],
 [
 0,
 3,
 0,
 2,
 1,
 5,
 0,
 0,
 11,
 6
 ]
 ]
 },
 "macro_roc_auc_ovr": 0.979171667321058
 },
 "ablations": {
 "no_pe_static": {
 "n_features": 58,
 "dropped_count": 11,
 "metrics": {
 "model": "xgboost_no_pe_static",
 "accuracy": 0.9166666666666666,
 "macro_f1": 0.7808429949060417,
 "weighted_f1": 0.9063054516980296,
 "per_class_f1": {
 "c2_communication": 1.0,
 "data_exfiltration": 0.9783549783549783,
 "dormancy_dwell": 0.4675324675324675,
 "initial_drop": 0.9494163424124513,
 "lateral_movement": 0.995850622406639,
 "payload_execution": 0.963302752293578,
 "persistence_establishment": 0.9836065573770492,
 "privilege_escalation": 0.9771689497716894,
 "sandbox_evasion_stall": 0.16666666666666666,
 "self_destruct_cleanup": 0.32653061224489793
 },
 "confusion_matrix": {
 "labels": [
 "c2_communication",
 "data_exfiltration",
 "dormancy_dwell",
 "initial_drop",
 "lateral_movement",
 "payload_execution",
 "persistence_establishment",
 "privilege_escalation",
 "sandbox_evasion_stall",
 "self_destruct_cleanup"
 ],
 "matrix": [
 [
 108,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0
 ],
 [
 0,
 113,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0
 ],
 [
 0,
 3,
 18,
 7,
 0,
 1,
 0,
 0,
 6,
 5
 ],
 [
 0,
 0,
 1,
 122,
 0,
 0,
 0,
 0,
 0,
 0
 ],
 [
 0,
 0,
 0,
 0,
 120,
 0,
 0,
 0,
 0,
 1
 ],
 [
 0,
 0,
 1,
 0,
 0,
 105,
 0,
 0,
 0,
 0
 ],
 [
 0,
 0,
 1,
 0,
 0,
 0,
 120,
 0,
 0,
 1
 ],
 [
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 107,
 0,
 0
 ],
 [
 0,
 0,
 15,
 3,
 0,
 1,
 1,
 2,
 4,
 6
 ],
 [
 0,
 2,
 1,
 2,
 0,
 5,
 1,
 3,
 6,
 8
 ]
 ]
 },
 "macro_roc_auc_ovr": 0.9785892106991877
 },
 "delta_accuracy": 0.0011111111111111738,
 "delta_macro_f1": -0.0027730303947443025
 },
 "no_behavioural": {
 "n_features": 60,
 "dropped_count": 9,
 "metrics": {
 "model": "xgboost_no_behavioural",
 "accuracy": 0.9088888888888889,
 "macro_f1": 0.7578825763491894,
 "weighted_f1": 0.8916039125438652,
 "per_class_f1": {
 "c2_communication": 1.0,
 "data_exfiltration": 0.9372384937238494,
 "dormancy_dwell": 0.463768115942029,
 "initial_drop": 0.9494163424124513,
 "lateral_movement": 0.9596774193548387,
 "payload_execution": 0.9422222222222222,
 "persistence_establishment": 0.9876543209876543,
 "privilege_escalation": 0.9907407407407407,
 "sandbox_evasion_stall": 0.24,
 "self_destruct_cleanup": 0.10810810810810811
 },
 "confusion_matrix": {
 "labels": [
 "c2_communication",
 "data_exfiltration",
 "dormancy_dwell",
 "initial_drop",
 "lateral_movement",
 "payload_execution",
 "persistence_establishment",
 "privilege_escalation",
 "sandbox_evasion_stall",
 "self_destruct_cleanup"
 ],
 "matrix": [
 [
 108,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0
 ],
 [
 0,
 112,
 1,
 0,
 0,
 0,
 0,
 0,
 0,
 0
 ],
 [
 0,
 6,
 16,
 7,
 2,
 5,
 0,
 0,
 3,
 1
 ],
 [
 0,
 0,
 0,
 122,
 0,
 0,
 0,
 0,
 1,
 0
 ],
 [
 0,
 0,
 0,
 0,
 119,
 0,
 0,
 0,
 1,
 1
 ],
 [
 0,
 0,
 0,
 0,
 0,
 106,
 0,
 0,
 0,
 0
 ],
 [
 0,
 0,
 2,
 0,
 0,
 0,
 120,
 0,
 0,
 0
 ],
 [
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 107,
 0,
 0
 ],
 [
 0,
 2,
 8,
 3,
 2,
 3,
 1,
 2,
 6,
 5
 ],
 [
 0,
 6,
 2,
 2,
 4,
 5,
 0,
 0,
 7,
 2
 ]
 ]
 },
 "macro_roc_auc_ovr": 0.9704768382021074
 },
 "delta_accuracy": 0.008888888888888946,
 "delta_macro_f1": 0.020187388162107966
 },
 "no_timestep": {
 "n_features": 68,
 "dropped_count": 1,
 "metrics": {
 "model": "xgboost_no_timestep",
 "accuracy": 0.6933333333333334,
 "macro_f1": 0.5963303534115096,
 "weighted_f1": 0.6919482762076271,
 "per_class_f1": {
 "c2_communication": 1.0,
 "data_exfiltration": 0.7619047619047619,
 "dormancy_dwell": 0.5882352941176471,
 "initial_drop": 0.5072463768115942,
 "lateral_movement": 0.6985645933014354,
 "payload_execution": 0.5106382978723404,
 "persistence_establishment": 0.8433734939759037,
 "privilege_escalation": 0.9047619047619048,
 "sandbox_evasion_stall": 0.05555555555555555,
 "self_destruct_cleanup": 0.09302325581395349
 },
 "confusion_matrix": {
 "labels": [
 "c2_communication",
 "data_exfiltration",
 "dormancy_dwell",
 "initial_drop",
 "lateral_movement",
 "payload_execution",
 "persistence_establishment",
 "privilege_escalation",
 "sandbox_evasion_stall",
 "self_destruct_cleanup"
 ],
 "matrix": [
 [
 108,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0
 ],
 [
 0,
 96,
 0,
 4,
 9,
 2,
 1,
 0,
 0,
 1
 ],
 [
 0,
 0,
 25,
 10,
 0,
 1,
 0,
 0,
 4,
 0
 ],
 [
 0,
 2,
 6,
 70,
 1,
 12,
 7,
 0,
 22,
 3
 ],
 [
 0,
 39,
 0,
 1,
 73,
 7,
 0,
 1,
 0,
 0
 ],
 [
 0,
 1,
 0,
 37,
 5,
 48,
 2,
 1,
 5,
 7
 ],
 [
 0,
 0,
 1,
 7,
 0,
 2,
 105,
 6,
 1,
 0
 ],
 [
 0,
 0,
 0,
 0,
 0,
 2,
 9,
 95,
 1,
 0
 ],
 [
 0,
 0,
 13,
 12,
 0,
 2,
 1,
 0,
 2,
 2
 ],
 [
 0,
 1,
 0,
 12,
 0,
 6,
 2,
 0,
 5,
 2
 ]
 ]
 },
 "macro_roc_auc_ovr": 0.9263760295591874
 },
 "delta_accuracy": 0.22444444444444445,
 "delta_macro_f1": 0.18173961109978776
 },
 "no_engineered": {
 "n_features": 63,
 "dropped_count": 6,
 "metrics": {
 "model": "xgboost_no_engineered",
 "accuracy": 0.92,
 "macro_f1": 0.7931081498668057,
 "weighted_f1": 0.9099535506095557,
 "per_class_f1": {
 "c2_communication": 0.9906542056074766,
 "data_exfiltration": 0.9617021276595744,
 "dormancy_dwell": 0.5205479452054794,
 "initial_drop": 0.9534883720930233,
 "lateral_movement": 0.9958847736625515,
 "payload_execution": 0.963302752293578,
 "persistence_establishment": 0.9836065573770492,
 "privilege_escalation": 0.9861751152073732,
 "sandbox_evasion_stall": 0.23529411764705882,
 "self_destruct_cleanup": 0.3404255319148936
 },
 "confusion_matrix": {
 "labels": [
 "c2_communication",
 "data_exfiltration",
 "dormancy_dwell",
 "initial_drop",
 "lateral_movement",
 "payload_execution",
 "persistence_establishment",
 "privilege_escalation",
 "sandbox_evasion_stall",
 "self_destruct_cleanup"
 ],
 "matrix": [
 [
 106,
 2,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0
 ],
 [
 0,
 113,
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 0
 ],
 [
 0,
 4,
 19,
 7,
 0,
 1,
 0,
 0,
 4,
 5
 ],
 [
 0,
 0,
 0,
 123,
 0,
 0,
 0,
 0,
 0,
 0
 ],
 [
 0,
 0,
 0,
 0,
 121,
 0,
 0,
 0,
 0,
 0
 ],
 [
 0,
 0,
 1,
 0,
 0,
 105,
 0,
 0,
 0,
 0
 ],
 [
 0,
 0,
 0,
 0,
 0,
 0,
 120,
 0,
 1,
 1
 ],
 [
 0,
 0,
 0,
 0,
 0,
 0,
 0,
 107,
 0,
 0
 ],
 [
 0,
 0,
 13,
 3,
 0,
 1,
 1,
 3,
 6,
 5
 ],
 [
 0,
 3,
 0,
 2,
 1,
 5,
 1,
 0,
 8,
 8
 ]
 ]
 },
 "macro_roc_auc_ovr": 0.9796965243561164
 },
 "delta_accuracy": -0.0022222222222222365,
 "delta_macro_f1": -0.015038185355508271
 }
 }
}