CYB004 Baseline Classifier

Phishing campaign phase classifier trained on the CYB004 synthetic phishing campaign sample. Predicts which of 7 lifecycle phases a per-timestep telemetry record belongs to, from observable trajectory and victim-topology features.

Baseline reference, not for production use. This model demonstrates that the CYB004 sample dataset is learnable end-to-end and gives prospective buyers a working starting point. It is not a production email-security platform, SOAR component, or threat detector. See Limitations.

Model overview

Property	Value
Task	7-class campaign_phase classification
Training data	`xpertsystems/cyb004-sample` (3,952 timesteps across 100 phishing campaigns)
Models	XGBoost + PyTorch MLP
Input features	53 (after one-hot encoding)
Split	Group-aware by campaign_id (disjoint train/val/test campaigns)
Validation	Single seed (artifact) + multi-seed aggregate across 10 seeds
License	CC-BY-NC-4.0 (matches dataset)
Status	Reference baseline

Why this task instead of actor-tier attribution?

The CYB004 dataset README leads with "actor attribution modelling — 4-tier classification" as a suggested use case. We piloted that target first and found a serious issue: four features in the dataset (lure_personalisation_score, click_through_rate, credential_submission_rate, target_department_id) are constant per campaign, not per-timestep. They look like per-step features but each takes a single value across all ~40 timesteps of a given campaign.

Because these constants are tier-correlated (especially lure_personalisation_score, which differs systematically across the four actor tiers), they leak tier identity through the campaign-level fingerprint they create. With a 15-campaign test fold, many test campaigns land in the same feature ranges as training campaigns of the same tier, and the model achieves spurious 97%+ accuracy that does not generalize. Removing those features (the honest fix) drops tier prediction to accuracy 0.45, ROC-AUC 0.70 — below majority baseline of 0.59. The full 335k-row CYB004 product, with ~4,800 campaigns, will not have this constraint; the sample at n=100 cannot support honest tier learning.

We pivoted to campaign_phase prediction, which has 3,952 rows of per-timestep data spread across 7 phases with tight timestep windows. It learns cleanly under the same group-aware split: 65% accuracy, ROC-AUC 0.94, stable across 10 seeds. This is a legitimate email-security use case — SOAR playbooks and threat-hunting workflows need to tag what phase of a phishing campaign observed activity belongs to.

Two model artifacts are published. They are designed to be used together — disagreement is a useful triage signal:

model_xgb.json — gradient-boosted trees, primary recommendation
model_mlp.safetensors — PyTorch MLP in SafeTensors format

Quick start

pip install xgboost torch safetensors pandas huggingface_hub

from huggingface_hub import hf_hub_download
import json, numpy as np, torch, xgboost as xgb
from safetensors.torch import load_file

REPO = "xpertsystems/cyb004-baseline-classifier"

paths = {n: hf_hub_download(REPO, n) for n in [
    "model_xgb.json", "model_mlp.safetensors",
    "feature_engineering.py", "feature_meta.json", "feature_scaler.json",
]}

import sys, os
sys.path.insert(0, os.path.dirname(paths["feature_engineering.py"]))
from feature_engineering import (
    transform_single, load_meta, INT_TO_LABEL, build_department_lookup
)

meta = load_meta(paths["feature_meta.json"])
xgb_model = xgb.XGBClassifier(); xgb_model.load_model(paths["model_xgb.json"])
dept_lookup = build_department_lookup("path/to/victim_topology.csv")

# Predict (see inference_example.ipynb for the full pattern)
dept_aggs = dept_lookup.get(my_record["target_department_id"], {})
X = transform_single(my_record, meta, victim_aggregates=dept_aggs)
proba = xgb_model.predict_proba(X)[0]
print(INT_TO_LABEL[int(np.argmax(proba))])

See inference_example.ipynb for the full copy-paste demo.

Training data

Trained on the public sample of CYB004, 3,952 per-timestep trajectory rows from 100 phishing campaigns (~40 timesteps per campaign):

Phase	Total rows	Test rows (seed 42)
`email_delivery`	919	134
`victim_engagement`	667	102
`target_reconnaissance`	558	89
`post_compromise_escalation`	533	50
`credential_harvesting`	494	91
`lure_crafting`	435	71
`infrastructure_setup`	346	48

Group-aware split

A single campaign generates ~40 highly-correlated timesteps. Random row-level splitting would put timesteps from the same campaign in both train and test, inflating metrics in a way that does not generalize to new campaigns.

This release uses GroupShuffleSplit by campaign_id (nested, 70/15/15):

Fold	Campaigns	Timesteps
Train	69	2,792
Validation	16	575
Test	15	585

All test campaigns are completely unseen during training. Class imbalance is addressed with class_weight='balanced' (XGBoost sample_weight) and weighted cross-entropy (MLP).

Feature pipeline

The bundled feature_engineering.py is the canonical feature recipe. 53 features survive after encoding, drawn from:

Per-timestep numeric (7): timestep, emails_sent_cumulative, click_through_rate, credential_submission_rate, gateway_detection_score, lure_personalisation_score, target_department_id
Per-timestep categorical (2, one-hot): evasion_technique_active, actor_capability_tier
Victim topology numeric (5): employee_count, privileged_account_density, mfa_enrollment_rate, click_susceptibility_base, email_volume_daily
Victim topology categorical (5, one-hot): department_type, industry_sector, awareness_training_level, gateway_architecture, dmarc_enforcement_level
Engineered (6): log_emails_sent, is_gateway_blocked_step, is_evasion_active, is_high_personalisation, has_credential_capture, has_user_engagement

Leakage audit

One column dropped: delivery_outcome (7-class categorical). Its crosstab with campaign_phase shows that no_delivery appears only in the early phases (target_reconnaissance, infrastructure_setup, lure_crafting, credential_harvesting, post_compromise_escalation) and never in email_delivery or victim_engagement. Cell purity 0.36 (uniform baseline 0.14). Keeping it would give the model a near-oracle for partitioning early-vs-mid phases.

No oracle features remain. All retained features have phase-purity under 0.20.

Per-campaign-constant features

Four features (lure_personalisation_score, click_through_rate, credential_submission_rate, target_department_id) are constant within each campaign. For phase prediction this is acceptable — their phase-purity is low, so the model uses them as conditioning context (similar to "we know this is an APT campaign targeting finance" when reasoning about which phase we're in), not as oracle features. They became a problem only for the abandoned actor-tier task.

Evaluation

Test-set metrics, seed 42 (n = 585 timesteps from 15 disjoint campaigns)

XGBoost (the published model_xgb.json artifact)

Metric	Value
Macro ROC-AUC (OvR)	0.9356
Accuracy	0.6547
Macro-F1	0.6401
Weighted-F1	0.6526

MLP (the published model_mlp.safetensors artifact)

Metric	Value
Macro ROC-AUC (OvR)	0.9265
Accuracy	0.6427
Macro-F1	0.6275
Weighted-F1	0.6492

Multi-seed robustness (XGBoost, 10 seeds)

Stable performance across seeds — the task learns cleanly, not seed-lucky:

Metric	Mean	Std	Min	Max
Accuracy	0.649	0.038	0.592	0.711
Macro-F1	0.638	0.040	0.574	0.714
Macro ROC-AUC OvR	0.937	0.010	0.923	0.954

Full per-seed results in multi_seed_results.json. All 10 seeds yielded all 7 classes in the test fold.

Per-class F1 (seed 42) — where the signal is and isn't

Phase	XGBoost F1	MLP F1	Note
`target_reconnaissance`	0.888	0.831	Tight early window (timesteps 0-7)
`email_delivery`	0.791	0.761	Tight window (8-30); gateway signals + email volume
`infrastructure_setup`	0.712	0.702	Tight window (5-18)
`lure_crafting`	0.676	0.561	Tight window (3-13)
`post_compromise_escalation`	0.604	0.717	Late window (22-52)
`victim_engagement`	0.469	0.387	Mid window (14-38), overlaps with adjacent phases
`credential_harvesting`	0.341	0.434	Mid-late (19-45), similar features to victim_engagement

Four early phases (target_reconnaissance, infrastructure_setup, lure_crafting, email_delivery) classify cleanly because they sit in tight non-overlapping timestep windows with distinctive features. Three later phases (victim_engagement, credential_harvesting, post_compromise_escalation) overlap substantially in timestep range (14-52, 19-45, 22-52) and share similar behavioural footprints (non-zero click/credential rates, deployed evasion); these are genuinely harder for a flat-tabular model. Sequence models with campaign-level context would help here.

Ablation: which feature groups matter

Configuration	Accuracy	Macro-F1	ROC-AUC	Δ accuracy
Full feature set (published)	0.6547	0.6401	0.9356	—
No `timestep`	0.3624	0.3139	0.8128	−0.2923
No behavioural features	0.5795	0.5735	0.9188	−0.0752
No topology features	0.6410	0.6260	0.9342	−0.0137
No engineered features	0.6581	0.6402	0.9370	+0.0034

Three findings:

timestep is by far the dominant feature (drops 29 pp when removed, ROC-AUC still 0.81). Phishing campaigns progress through phases over time; where you are in the campaign timeline carries most of the phase signal.
Behavioural features contribute ~8 pp accuracy. These are the per-timestep observables (emails sent, gateway score, click rate, evasion technique).
Topology and engineered features each contribute ~1 pp. Trees recover most of the engineered features on their own; topology provides modest conditioning context.

Architecture

XGBoost: multi-class gradient boosting (multi:softprob, 7 classes), hist tree method, class-balanced sample weights, early stopping on validation mlogloss.

MLP: 53 → 128 → 64 → 7, each hidden layer followed by BatchNorm1d → ReLU → Dropout(0.3), weighted cross-entropy loss, AdamW optimizer, early stopping on validation macro-F1.

Training hyperparameters (learning rate, batch size, n_estimators, early-stopping patience, weight decay, class-weighting strategy) are held internally by XpertSystems and are not part of this release.

Limitations

This is a baseline reference, not a production email-security system.

Mid- and late-phase confusion. Per-class F1 for victim_engagement, credential_harvesting, and post_compromise_escalation is 0.34–0.60. These phases overlap in timestep range and share similar behavioural signatures. Sequence models that consider campaign-level context would help substantially.
The pivot away from actor-tier classification is dataset-limited, not method-limited. With 100 campaigns and 4 tiers (some with only 10 campaigns total), tier classification is below majority baseline once leakage-prone features are removed. The full 335k-row CYB004 product provides ~4,800 campaigns; the sample does not.
Synthetic-vs-real transfer. The dataset is synthetic and calibrated to email-security and threat-intelligence benchmark targets (Proofpoint State of the Phish, KnowBe4 Industry Benchmark, Cofense PIQ, Mandiant M-Trends, FBI IC3 BEC Report, Verizon DBIR, CISA, APWG). Real phishing telemetry has different noise characteristics, adversary adaptation, and instrumentation gaps. Do not assume metrics transfer.
Adversarial robustness not evaluated. The dataset is not adversarially generated; the model has not been red-teamed against evasive lures or novel infrastructure.
MLP brittleness on OOD inputs. With ~2.8k training timesteps, the MLP can produce confidently-wrong predictions on hand-crafted records far from the training manifold. XGBoost is more robust. Use both; treat disagreement as a signal for human review.
timestep dominance is a property of the dataset. Real phishing telemetry doesn't carry a clean per-campaign normalized timestep — that's a simulator artifact. A buyer transferring this baseline to real campaign telemetry would need to recover an equivalent temporal-position feature (e.g. hours since campaign first observation, position in stage-detection pipeline).

Notes on dataset schema

The CYB004 sample dataset README describes some fields differently from the actual schema. The model was trained on the actual schema; this note helps buyers reconcile what they read with what they receive.

What the README says	What the data actually contains
"9 campaign phases" (reconnaissance, infrastructure_setup, lure_creation, send_wave, gateway_evaluation, user_interaction, credential_capture, lateral_pivot, exfiltration)	7 phases with different names: target_reconnaissance, infrastructure_setup, lure_crafting, email_delivery, victim_engagement, credential_harvesting, post_compromise_escalation
4 actor tiers: `opportunistic`, `organized_crime`, `targeted`, `nation_state_apt`	4 tiers: `opportunistic`, `cybercriminal_gang`, `initial_access_broker`, `nation_state_apt`
8 department types listed	4 department types: `executive_leadership`, `finance_accounts_payable`, `human_resources`, `information_technology`
4 gateway architectures	8 gateway architectures including `ai_sender_reputation`, `integrated_cloud_defender`, `zero_trust_email_proxy`
Awareness training: none, annual, semi-annual, quarterly, monthly	annual, none, continuous, basic, quarterly (no semi-annual or monthly)
Per-timestep fields: `send_volume`, `gateway_blocked`, `emails_delivered`, `user_report_count`, `mfa_bypass_attempted`, `bec_attempt`, `lateral_pivot_attempted`, `operational_stealth_score`, `dmarc_enforcement_active`	None of these exist per-timestep. The actual per-timestep columns are: `emails_sent_cumulative`, `gateway_detection_score`, `delivery_outcome`, `lure_personalisation_score`, `evasion_technique_active`. BEC / MFA bypass / lateral phishing flags exist only at the campaign-summary level.

None of these discrepancies affects model correctness — the feature pipeline uses the actual column names. If you build your own pipeline against the dataset, use the actual columns.

Intended use

Evaluating fit of the CYB004 dataset for your email-security or threat-hunting research
Baseline reference for new model architectures (especially sequence models, which should beat this baseline on the overlapping mid-late phases)
Teaching and demo for tabular classification on phishing campaign telemetry
Feature engineering reference for per-timestep campaign data

Out-of-scope use

Production email security on real campaign telemetry
Threat hunting / SOAR playbooks on real systems
Actor attribution (this baseline does not address that task; see why above)
Adversarial-evasion evaluation (dataset not adversarially generated)
Any operational security decision

Reproducibility

Outputs above were produced with seed = 42 (published artifact), group-aware nested GroupShuffleSplit (70/15/15 by campaign_id), on the published sample (xpertsystems/cyb004-sample, version 1.0.0, generated 2026-05-16). The feature pipeline in feature_engineering.py is deterministic and the trained weights in this repo correspond exactly to the metrics above.

Multi-seed results (seeds 42, 7, 13, 17, 23, 31, 45, 99, 123, 200) in multi_seed_results.json confirm robust performance across splits.

The training script itself is private to XpertSystems.

Files in this repo

File	Purpose
`model_xgb.json`	XGBoost weights (seed 42)
`model_mlp.safetensors`	PyTorch MLP weights (seed 42)
`feature_engineering.py`	Feature pipeline (load → join topology → engineer → encode)
`feature_meta.json`	Feature column order + categorical levels
`feature_scaler.json`	MLP input mean/std (XGBoost ignores)
`validation_results.json`	Per-class metrics, confusion matrix, architecture
`ablation_results.json`	Per-feature-group ablation
`multi_seed_results.json`	XGBoost metrics across 10 seeds with aggregate statistics
`inference_example.ipynb`	End-to-end inference demo notebook
`README.md`	This file

Contact and full product

The full CYB004 dataset contains ~335,000 rows across four files, with calibrated benchmark validation against 12 metrics from email security and threat intelligence sources (Proofpoint, KnowBe4, Cofense, Mandiant, FBI IC3, Verizon, CISA, APWG). The full XpertSystems.ai synthetic data catalogue spans 41 SKUs across Cybersecurity, Healthcare, Insurance & Risk, Oil & Gas, and Materials & Energy.

📧 pradeep@xpertsystems.ai
🌐 https://xpertsystems.ai
🗂 Dataset: https://huggingface.co/datasets/xpertsystems/cyb004-sample
🤖 Companion models:
- https://huggingface.co/xpertsystems/cyb001-baseline-classifier (network traffic)
- https://huggingface.co/xpertsystems/cyb002-baseline-classifier (ATT&CK kill-chain)
- https://huggingface.co/xpertsystems/cyb003-baseline-classifier (malware execution phase)

Citation

@misc{xpertsystems_cyb004_baseline_2026,
  title  = {CYB004 Baseline Classifier: XGBoost and MLP for Phishing Campaign Phase Classification},
  author = {XpertSystems.ai},
  year   = {2026},
  url    = {https://huggingface.co/xpertsystems/cyb004-baseline-classifier},
  note   = {Baseline reference model trained on xpertsystems/cyb004-sample}
}

Downloads last month: -; Downloads are not tracked for this model. How to track

Dataset used to train xpertsystems/cyb004-baseline-classifier

Evaluation results

Test macro ROC-AUC OvR (XGBoost, seed 42) on CYB004 Synthetic Phishing Campaign Dataset (Sample)
self-reported

0.936
Test accuracy (XGBoost, seed 42) on CYB004 Synthetic Phishing Campaign Dataset (Sample)
self-reported

0.655
Test macro-F1 (XGBoost, seed 42) on CYB004 Synthetic Phishing Campaign Dataset (Sample)
self-reported

0.640
Multi-seed accuracy mean ± 0.038 (XGBoost, 10 seeds) on CYB004 Synthetic Phishing Campaign Dataset (Sample)
self-reported

0.649
Multi-seed ROC-AUC mean ± 0.010 (XGBoost, 10 seeds) on CYB004 Synthetic Phishing Campaign Dataset (Sample)
self-reported

0.937
Test macro ROC-AUC OvR (MLP, seed 42) on CYB004 Synthetic Phishing Campaign Dataset (Sample)
self-reported

0.926
Test accuracy (MLP, seed 42) on CYB004 Synthetic Phishing Campaign Dataset (Sample)
self-reported

0.643
Test macro-F1 (MLP, seed 42) on CYB004 Synthetic Phishing Campaign Dataset (Sample)
self-reported

0.627