Model quality, in plain English

You’re currently viewing metrics for AURA classifier v0.1. On this snapshot it was evaluated on 10,095 labeled Windows files. About 76% were harmless and 24% were malware.

This page turns “91.6% accuracy” into things humans care about: how often malware is caught, how noisy alerts are, and how often something bad might slip by.

Model version

Click a version to see its metrics. All numbers come from the encrypted training dataset snapshot used for that model.

Short version

• Accuracy snapshot: 91.6%
• Finds most malware: ~93% caught
• Some false alarms on safe files
• A small number of misses on malware (see slider below)

Good to know

Traceix should be one signal in your pipeline, not the only one. For high-risk decisions, pair it with other detections and human review.

See it like a human, not a statistic

Drag the slider. We’ll estimate what happens if this model scans that many files, based on its benchmark dataset.

Imagine scanning 1,000 files

1001k5k10k

What your files look like

Out of 1,000 files:

• ~760 are harmless
• ~240 are malware

Malware caught

This version correctly flags about 220 of those malware files.

Driven by a malware recall of ~93.4%.

Malware missed

About 15 malware files are treated as safe.

These are false negatives — the small risk that a bad file slips by.

Safe files flagged

About 70 harmless files are flagged as suspicious.

These false positives are often acceptable when a human or a second system reviews alerts.

Numbers are approximate and based on the dataset used to evaluate each model version. Real-world performance will vary depending on what you scan.

Accuracy (snapshot)

91.6%

On this model’s test set, about 9 out of 10 files get the correct “safe vs malware” verdict.

Malicious precision

76.9%

When the model says “malware,” this is how often it’s right on that dataset.

Malicious recall

93.4%

Out of all real malware files, this is the share the model actually catches.

Error profile

FPR ≈ 8.9% • FNR ≈ 6.6%

False positive rate (safe flagged as malware) and false negative rate (malware treated as safe).

Confusion matrix (safe vs malicious)

Rows are the real world. Columns are what the model said.

	Predicted safe	Predicted malware
Actual safe	6,978 True safe (TN)	682 Safe flagged as malware (FP)
Actual malware	161 Missed malware (FN)	2,274 Malware correctly flagged (TP)

Class balance

Safe: 7,660 files
Malware: 2,435 files

Malware metrics

Precision ≈ 76.9%
Recall ≈ 93.4%
F₁ ≈ 84.4%

Error rates

False positive rate ≈ 8.9%
False negative rate ≈ 6.6%

Where this shows up in Traceix data

• metadata.model_information — model name, version, and reported accuracy at the time of verdict.
• model_classification_info — high-level verdict and confidence.
• file_capabilities — CAPA output + MITRE ATT&CK / MBC mappings.

• file_exif_data — EXIF/PE metadata used for analysis (without storing the original binary).
• Every encrypted training dataset row is tied to a specific model version, so future upgrades don’t rewrite history.
• You can fetch this metadata via the PCEF API or bulk exports for your own evaluations.

Model quality, in plain English

See it like a human, not a statistic

Compare model versions

Confusion matrix (safe vs malicious)

Where this shows up in Traceix data