Initial release: XGBoost + MLP for phishing campaign-phase classification

16be928 verified 3 days ago

4.35 kB

	{
	"feature_names": [
	"timestep",
	"emails_sent_cumulative",
	"click_through_rate",
	"credential_submission_rate",
	"gateway_detection_score",
	"lure_personalisation_score",
	"target_department_id",
	"employee_count",
	"privileged_account_density",
	"mfa_enrollment_rate",
	"click_susceptibility_base",
	"email_volume_daily",
	"log_emails_sent",
	"is_gateway_blocked_step",
	"is_evasion_active",
	"is_high_personalisation",
	"has_credential_capture",
	"has_user_engagement",
	"evasion_technique_active_base64_payload_embedding",
	"evasion_technique_active_homoglyph_substitution",
	"evasion_technique_active_html_obfuscation",
	"evasion_technique_active_image_only_lure",
	"evasion_technique_active_none",
	"evasion_technique_active_redirect_chain",
	"actor_capability_tier_cybercriminal_gang",
	"actor_capability_tier_initial_access_broker",
	"actor_capability_tier_nation_state_apt",
	"actor_capability_tier_opportunistic",
	"department_type_executive_leadership",
	"department_type_finance_accounts_payable",
	"department_type_human_resources",
	"department_type_information_technology",
	"industry_sector_financial_services",
	"industry_sector_government_state_local",
	"industry_sector_retail_ecommerce",
	"industry_sector_technology",
	"awareness_training_level_annual",
	"awareness_training_level_basic",
	"awareness_training_level_continuous",
	"awareness_training_level_none",
	"awareness_training_level_quarterly",
	"gateway_architecture_ai_sender_reputation",
	"gateway_architecture_ensemble_layered_gateway",
	"gateway_architecture_integrated_cloud_defender",
	"gateway_architecture_legacy_spam_filter",
	"gateway_architecture_ml_classifier_gateway",
	"gateway_architecture_rule_based_filter",
	"gateway_architecture_sandbox_detonation",
	"gateway_architecture_zero_trust_email_proxy",
	"dmarc_enforcement_level_monitoring",
	"dmarc_enforcement_level_none",
	"dmarc_enforcement_level_quarantine",
	"dmarc_enforcement_level_reject"
	],
	"numeric_features": [
	"timestep",
	"emails_sent_cumulative",
	"click_through_rate",
	"credential_submission_rate",
	"gateway_detection_score",
	"lure_personalisation_score",
	"target_department_id",
	"employee_count",
	"privileged_account_density",
	"mfa_enrollment_rate",
	"click_susceptibility_base",
	"email_volume_daily",
	"log_emails_sent",
	"is_gateway_blocked_step",
	"is_evasion_active",
	"is_high_personalisation",
	"has_credential_capture",
	"has_user_engagement"
	],
	"categorical_levels": {
	"evasion_technique_active": [
	"base64_payload_embedding",
	"homoglyph_substitution",
	"html_obfuscation",
	"image_only_lure",
	"none",
	"redirect_chain"
	],
	"actor_capability_tier": [
	"cybercriminal_gang",
	"initial_access_broker",
	"nation_state_apt",
	"opportunistic"
	],
	"department_type": [
	"executive_leadership",
	"finance_accounts_payable",
	"human_resources",
	"information_technology"
	],
	"industry_sector": [
	"financial_services",
	"government_state_local",
	"retail_ecommerce",
	"technology"
	],
	"awareness_training_level": [
	"annual",
	"basic",
	"continuous",
	"none",
	"quarterly"
	],
	"gateway_architecture": [
	"ai_sender_reputation",
	"ensemble_layered_gateway",
	"integrated_cloud_defender",
	"legacy_spam_filter",
	"ml_classifier_gateway",
	"rule_based_filter",
	"sandbox_detonation",
	"zero_trust_email_proxy"
	],
	"dmarc_enforcement_level": [
	"monitoring",
	"none",
	"quarantine",
	"reject"
	]
	},
	"label_to_int": {
	"target_reconnaissance": 0,
	"infrastructure_setup": 1,
	"lure_crafting": 2,
	"email_delivery": 3,
	"victim_engagement": 4,
	"credential_harvesting": 5,
	"post_compromise_escalation": 6
	},
	"int_to_label": {
	"0": "target_reconnaissance",
	"1": "infrastructure_setup",
	"2": "lure_crafting",
	"3": "email_delivery",
	"4": "victim_engagement",
	"5": "credential_harvesting",
	"6": "post_compromise_escalation"
	},
	"leakage_excluded": [
	"delivery_outcome"
	]
	}