Initial release: XGBoost + MLP for insider threat type classification

ed9d6a1 verified 2 days ago

2.11 kB

	{
	"feature_names": [
	"timestep",
	"data_access_volume_mb",
	"privilege_event_count",
	"communication_anomaly_score",
	"dlp_confidence_score",
	"exfiltration_volume_mb_cumulative",
	"behavioural_risk_score",
	"log_data_volume",
	"log_cumulative_exfil",
	"exfil_velocity",
	"is_privileged_event",
	"risk_x_dlp_composite",
	"is_late_stage",
	"incident_phase_access_escalation",
	"incident_phase_cover_tracks",
	"incident_phase_data_staging",
	"incident_phase_exfiltration_attempt",
	"incident_phase_idle_dwell",
	"incident_phase_incident_resolution",
	"incident_phase_lateral_access",
	"incident_phase_reconnaissance",
	"detection_outcome_exfil_success",
	"detection_outcome_high_risk_alert",
	"detection_outcome_moderate_risk_alert",
	"detection_outcome_suppressed",
	"target_data_sensitivity_tier_confidential",
	"target_data_sensitivity_tier_internal",
	"target_data_sensitivity_tier_restricted"
	],
	"numeric_features": [
	"timestep",
	"data_access_volume_mb",
	"privilege_event_count",
	"communication_anomaly_score",
	"dlp_confidence_score",
	"exfiltration_volume_mb_cumulative",
	"behavioural_risk_score",
	"log_data_volume",
	"log_cumulative_exfil",
	"exfil_velocity",
	"is_privileged_event",
	"risk_x_dlp_composite",
	"is_late_stage"
	],
	"categorical_levels": {
	"incident_phase": [
	"access_escalation",
	"cover_tracks",
	"data_staging",
	"exfiltration_attempt",
	"idle_dwell",
	"incident_resolution",
	"lateral_access",
	"reconnaissance"
	],
	"detection_outcome": [
	"exfil_success",
	"high_risk_alert",
	"moderate_risk_alert",
	"suppressed"
	],
	"target_data_sensitivity_tier": [
	"confidential",
	"internal",
	"restricted"
	]
	},
	"label_to_int": {
	"negligent_user": 0,
	"malicious_employee": 1,
	"privileged_insider": 2
	},
	"int_to_label": {
	"0": "negligent_user",
	"1": "malicious_employee",
	"2": "privileged_insider"
	},
	"leakage_excluded": []
	}