MimeLens: Position-Agnostic Content-Type Detection for Binary Fragments

MimeLens is a new BERT-based machine learning model designed to classify file types from binary fragments at any position within a file, without requiring file headers or complete files. It outperforms Google's Magika on standard benchmarks and uniquely handles use cases like packet inspection and forensic recovery where Magika fails.

MimeLens addresses a critical gap in content-type detection for security and forensic applications. While existing systems like Google's Magika assume access to complete files from known offsets, real-world tasks often operate on fragmented data—a single network packet, a carved disk block, or chunked uploads. MimeLens solves this by training BERT-style encoders on random-offset windows within files, eliminating dependency on file headers or fixed positions. This architectural choice fundamentally changes what's possible in malware triage, packet inspection, and disk forensics.

The model achieves impressive accuracy gains, improving over Magika by 10.7 percentage points on clean complete files while handling mid-stream UDP packets and random disk blocks with more than double the accuracy of competing tools. Its ability to classify from arbitrary byte sequences positions it as a significant advancement for security practitioners who encounter incomplete or fragmented data routinely.

The primary trade-off is computational cost. MimeLens runs one to two orders of magnitude slower on CPU than Magika, though it achieves parity on consumer GPUs and in batch processing scenarios. For most enterprise deployments with GPU availability, this latency concern diminishes substantially. The release of trained checkpoints on Hugging Face democratizes access to the technology, enabling widespread adoption across security teams and forensic tools.

The impact extends beyond academic interest. Improved fragment classification directly strengthens incident response capabilities, reduces false negatives in malware detection, and enhances data recovery workflows. Organizations handling cybersecurity and digital forensics will likely evaluate integration, making this a meaningful advancement in practical security tooling.

• →MimeLens outperforms Magika by 10.7 percentage points on standard file classification tasks while uniquely handling fragmented binary data
• →The model enables accurate content-type detection from arbitrary file positions without headers, addressing real-world use cases like packet inspection and forensic carving
• →GPU availability eliminates latency concerns that exist on CPU, making the solution viable for enterprise security deployments
• →Open-source release on Hugging Face accelerates adoption across malware analysis, incident response, and digital forensics workflows
• →Position-agnostic architecture represents a fundamental shift from header-dependent systems to robust fragment-based classification