research · gate-2-classifier · 2026-06-16
XGBoost sets the bar at 97.78 — on validation
Three approaches are being compared for ARGUS’s Gate-2 classifier: symbolic rules against named features, XGBoost on the 2381 EMBER 2018 v2 features, and a 1D CNN reading raw file bytes.
First result: XGBoost, trained on 509,932 samples and evaluated on 89,988 samples it had never seen, scores 97.78% accuracy and 0.98 F1 — on the validation set. Both classes hit 0.98 precision and recall; no significant bias toward benign or malware.
These are validation numbers, not final results. The held-out test set was isolated before any model was trained and stays locked until all three approaches are complete — it gets touched once, at the end. Anything else would let the test set leak into model choices, and the final numbers would be quietly dishonest.
CNN and fusion are next.