{ "version": "1.0.0", "dataset": "xpertsystems/cyb003-sample", "task": "10-class execution_phase classification", "baselines": { "always_predict_majority_accuracy": 0.13666666666666666, "majority_class": "initial_drop", "random_guess_accuracy": 0.1 }, "split": { "strategy": "group_aware (GroupShuffleSplit by sample_id, nested)", "rationale": "100 unique malware samples generate 6,000 timesteps (60 per sample). Random row-split would leak per-sample correlations into the test fold. Group-aware split keeps train/val/test samples disjoint.", "samples_train": 69, "samples_val": 16, "samples_test": 15, "timesteps_train": 4140, "timesteps_val": 960, "timesteps_test": 900, "seed": 42 }, "n_features": 69, "label_classes": [ "c2_communication", "data_exfiltration", "dormancy_dwell", "initial_drop", "lateral_movement", "payload_execution", "persistence_establishment", "privilege_escalation", "sandbox_evasion_stall", "self_destruct_cleanup" ], "class_distribution_train": { "lateral_movement": 550, "initial_drop": 549, "data_exfiltration": 543, "persistence_establishment": 541, "c2_communication": 492, "privilege_escalation": 489, "payload_execution": 487, "dormancy_dwell": 168, "sandbox_evasion_stall": 166, "self_destruct_cleanup": 155 }, "class_distribution_test": { "initial_drop": 123, "persistence_establishment": 122, "lateral_movement": 121, "data_exfiltration": 113, "c2_communication": 108, "privilege_escalation": 107, "payload_execution": 106, "dormancy_dwell": 40, "sandbox_evasion_stall": 32, "self_destruct_cleanup": 28 }, "models": { "xgboost": { "architecture": "Gradient-boosted decision trees, multi:softprob, 10 classes", "framework": "xgboost", "test_metrics": { "model": "xgboost", "accuracy": 0.9177777777777778, "macro_f1": 0.7780699645112974, "weighted_f1": 0.9064879129227142, "per_class_f1": { "c2_communication": 1.0, "data_exfiltration": 0.9699570815450643, "dormancy_dwell": 0.5301204819277109, "initial_drop": 0.9453125, "lateral_movement": 0.9917355371900827, "payload_execution": 0.963302752293578, "persistence_establishment": 0.9918032786885246, "privilege_escalation": 0.9907407407407407, "sandbox_evasion_stall": 0.125, "self_destruct_cleanup": 0.2727272727272727 }, "confusion_matrix": { "labels": [ "c2_communication", "data_exfiltration", "dormancy_dwell", "initial_drop", "lateral_movement", "payload_execution", "persistence_establishment", "privilege_escalation", "sandbox_evasion_stall", "self_destruct_cleanup" ], "matrix": [ [ 108, 0, 0, 0, 0, 0, 0, 0, 0, 0 ], [ 0, 113, 0, 0, 0, 0, 0, 0, 0, 0 ], [ 0, 4, 22, 7, 0, 1, 0, 0, 2, 4 ], [ 0, 0, 2, 121, 0, 0, 0, 0, 0, 0 ], [ 0, 0, 0, 0, 120, 0, 0, 0, 0, 1 ], [ 0, 0, 1, 0, 0, 105, 0, 0, 0, 0 ], [ 0, 0, 1, 0, 0, 0, 121, 0, 0, 0 ], [ 0, 0, 0, 0, 0, 0, 0, 107, 0, 0 ], [ 0, 0, 17, 3, 0, 1, 1, 2, 3, 5 ], [ 0, 3, 0, 2, 1, 5, 0, 0, 11, 6 ] ] }, "macro_roc_auc_ovr": 0.979171667321058 } }, "mlp": { "architecture": "PyTorch MLP, 69 -> 128 -> 64 -> 10, BatchNorm1d + ReLU + Dropout, weighted cross-entropy loss", "framework": "pytorch", "test_metrics": { "model": "mlp", "accuracy": 0.8222222222222222, "macro_f1": 0.7071652710164154, "weighted_f1": 0.8217291149270296, "per_class_f1": { "c2_communication": 1.0, "data_exfiltration": 0.9181818181818182, "dormancy_dwell": 0.5194805194805194, "initial_drop": 0.8854961832061069, "lateral_movement": 0.9067796610169492, "payload_execution": 0.6981132075471698, "persistence_establishment": 0.8695652173913043, "privilege_escalation": 0.9154228855721394, "sandbox_evasion_stall": 0.07692307692307693, "self_destruct_cleanup": 0.28169014084507044 }, "confusion_matrix": { "labels": [ "c2_communication", "data_exfiltration", "dormancy_dwell", "initial_drop", "lateral_movement", "payload_execution", "persistence_establishment", "privilege_escalation", "sandbox_evasion_stall", "self_destruct_cleanup" ], "matrix": [ [ 108, 0, 0, 0, 0, 0, 0, 0, 0, 0 ], [ 0, 101, 0, 0, 6, 3, 0, 0, 0, 3 ], [ 0, 1, 20, 5, 0, 7, 0, 0, 4, 3 ], [ 0, 0, 3, 116, 0, 0, 4, 0, 0, 0 ], [ 0, 2, 0, 0, 107, 7, 0, 0, 3, 2 ], [ 0, 1, 0, 0, 2, 74, 1, 0, 9, 19 ], [ 0, 0, 2, 7, 0, 0, 110, 2, 1, 0 ], [ 0, 0, 0, 0, 0, 2, 13, 92, 0, 0 ], [ 0, 1, 12, 7, 0, 3, 1, 0, 2, 6 ], [ 0, 1, 0, 4, 0, 10, 2, 0, 1, 10 ] ] }, "macro_roc_auc_ovr": 0.9680976851704761 } } } }