Hugging Face's logo

xpertsystems
/
cyb005-baseline-classifier

Tabular Classification
PyTorch
cybersecurity
ransomware
threat-intelligence
threat-attribution
mitre-attack
synthetic-data
xgboost
baseline
Eval Results (legacy)
Model card Files
xet
 Community
cyb005-baseline-classifier
File size: 4,373 Bytes
e8aa6ac
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
{
  "feature_names": [
    "timestep",
    "files_encrypted_cumulative",
    "encryption_throughput_mbps",
    "endpoints_compromised",
    "lateral_move_count",
    "credential_harvest_count",
    "c2_bytes_exfiltrated",
    "defender_alert_score",
    "blast_radius_pct",
    "living_off_land_score",
    "attribution_risk_score",
    "data_exfiltrated_gb",
    "wiper_flag",
    "double_extortion_flag",
    "ir_activated",
    "edr_coverage_rate",
    "network_segmentation_quality",
    "patch_posture_score",
    "ir_activation_latency_hrs",
    "endpoint_count",
    "ad_domain_complexity",
    "soc_maturity_score",
    "backup_recovery_prob",
    "backup_recovery_hrs_mean",
    "siem_rule_refresh_cadence_days",
    "segment_id_hash",
    "c2_intensity_score",
    "escalation_velocity",
    "is_destructive",
    "dwell_efficiency",
    "is_post_detonation",
    "lotl_intensity_bin",
    "attack_phase_encryption_detonation",
    "attack_phase_exfiltration_staging",
    "attack_phase_initial_access",
    "attack_phase_internal_recon",
    "attack_phase_lateral_movement",
    "attack_phase_privilege_escalation",
    "attack_phase_ransom_negotiation",
    "attack_phase_recovery_in_progress",
    "detection_outcome_alert_generated",
    "detection_outcome_delayed_detection",
    "detection_outcome_no_detection",
    "detection_outcome_partial_containment",
    "detection_outcome_recovery_in_progress",
    "segment_type_active_directory_domain",
    "segment_type_backup_infrastructure",
    "segment_type_cloud_workload_tier",
    "segment_type_corporate_workstation_fleet",
    "segment_type_dmz_perimeter",
    "segment_type_executive_endpoint_zone",
    "segment_type_file_server_cluster",
    "segment_type_ot_ics_control_network",
    "soc_maturity_tier_none",
    "soc_maturity_tier_tier1",
    "soc_maturity_tier_tier2",
    "soc_maturity_tier_tier3_mdr",
    "backup_maturity_tier_air_gapped_gold_standard",
    "backup_maturity_tier_local_only",
    "backup_maturity_tier_network_attached",
    "backup_maturity_tier_no_backup",
    "backup_maturity_tier_offsite_unverified",
    "backup_maturity_tier_offsite_verified_immutable"
  ],
  "numeric_features": [
    "timestep",
    "files_encrypted_cumulative",
    "encryption_throughput_mbps",
    "endpoints_compromised",
    "lateral_move_count",
    "credential_harvest_count",
    "c2_bytes_exfiltrated",
    "defender_alert_score",
    "blast_radius_pct",
    "living_off_land_score",
    "attribution_risk_score",
    "data_exfiltrated_gb",
    "wiper_flag",
    "double_extortion_flag",
    "ir_activated",
    "edr_coverage_rate",
    "network_segmentation_quality",
    "patch_posture_score",
    "ir_activation_latency_hrs",
    "endpoint_count",
    "ad_domain_complexity",
    "soc_maturity_score",
    "backup_recovery_prob",
    "backup_recovery_hrs_mean",
    "siem_rule_refresh_cadence_days",
    "segment_id_hash",
    "c2_intensity_score",
    "escalation_velocity",
    "is_destructive",
    "dwell_efficiency",
    "is_post_detonation",
    "lotl_intensity_bin"
  ],
  "categorical_levels": {
    "attack_phase": [
      "encryption_detonation",
      "exfiltration_staging",
      "initial_access",
      "internal_recon",
      "lateral_movement",
      "privilege_escalation",
      "ransom_negotiation",
      "recovery_in_progress"
    ],
    "detection_outcome": [
      "alert_generated",
      "delayed_detection",
      "no_detection",
      "partial_containment",
      "recovery_in_progress"
    ],
    "segment_type": [
      "active_directory_domain",
      "backup_infrastructure",
      "cloud_workload_tier",
      "corporate_workstation_fleet",
      "dmz_perimeter",
      "executive_endpoint_zone",
      "file_server_cluster",
      "ot_ics_control_network"
    ],
    "soc_maturity_tier": [
      "none",
      "tier1",
      "tier2",
      "tier3_mdr"
    ],
    "backup_maturity_tier": [
      "air_gapped_gold_standard",
      "local_only",
      "network_attached",
      "no_backup",
      "offsite_unverified",
      "offsite_verified_immutable"
    ]
  },
  "label_to_int": {
    "lone_actor": 0,
    "organised_syndicate": 1,
    "raas_affiliate": 2,
    "nation_state_nexus": 3
  },
  "int_to_label": {
    "0": "lone_actor",
    "1": "organised_syndicate",
    "2": "raas_affiliate",
    "3": "nation_state_nexus"
  },
  "leakage_excluded": []
}