search

elastic / ember

Elastic Malware Benchmark for Empowering Researchers
Other
953 stars 279 forks source link

Perdiction outputs #42

Closed ContegoCode closed 4 years ago

ContegoCode commented 4 years ago

So everything appears to be working fine and i do receive an output prediction but my question is which output's are deemed as being malicious and benign

Test One 7.374090014710014e-08

Test Two 0.9475527058964659

in this case is a higher prediction value indicate the file is benign and any prediction value under 1 is malicious?

thank you in advance.

mrphilroth commented 4 years ago

Prediction values are always between zero and one. The very low value you show in test one indicates the file is probably benign and the higher value in test two shows that the file is probably malicious.

ContegoCode commented 4 years ago

You are correct the test one is benign but has a value over 1 am I correct? 7.37...... and in test two the file is malicious but has a value of 0.94.... can you elaborate a bit sorry again for the simple question I'm just trying to understand the way files are scored.

Sent from Outlook Mobilehttps://aka.ms/blhgte

From: Phil Roth notifications@github.com Sent: Thursday, March 26, 2020 7:50:26 AM To: endgameinc/ember ember@noreply.github.com Cc: ContegoCode Cobaltonyx2013@live.com; Author author@noreply.github.com Subject: Re: [endgameinc/ember] Perdiction outputs (#42)

Prediction values are always between zero and one. The very low value you show in test one indicates the file is probably benign and the higher value in test two shows that the file is probably malicious.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/endgameinc/ember/issues/42#issuecomment-604441945, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKWKYRHIZSA2DOUSBTFV3J3RJNMSFANCNFSM4LT75NEA.

mrphilroth commented 4 years ago

The "e-08" at the end of the first score represents that the number should be multiplied by 10 raised to the -8 power. So it is actually 0.000000000737. https://en.wikipedia.org/wiki/Scientific_notation#E_notation

ContegoCode commented 4 years ago

Omg that makes allot of sense thank you very much!

Sent from Outlook Mobilehttps://aka.ms/blhgte

From: Phil Roth notifications@github.com Sent: Thursday, March 26, 2020 1:10:50 PM To: endgameinc/ember ember@noreply.github.com Cc: ContegoCode Cobaltonyx2013@live.com; Author author@noreply.github.com Subject: Re: [endgameinc/ember] Perdiction outputs (#42)

The "e-08" at the end of the first score represents that the number should be multiplied by 10 raised to the -8 power. So it is actually 0.000000000737. https://en.wikipedia.org/wiki/Scientific_notation#E_notation

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/endgameinc/ember/issues/42#issuecomment-604628809, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AKWKYRE2MDQTGWVYDRMKPYLRJOSDVANCNFSM4LT75NEA.