SoK: Applying Machine Learning in Security - A Survey

Jiang, Heju; Nagra, Jasvir; Ahammad, Parvez

doi:10.48550/arxiv.1611.03186

Cited by 4 publications

(6 citation statements)

References 80 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…There is an immense amount of work needed to improve the safety of ML from adversarial cyberattacks. Jiang et al in [37] examined the various publications on using machine learning techniques in cybersecurity from 2008 to early 2016. The authors also described that, despite the growing role of machine learning techniques in cybersecurity, the selection of appropriate and suitable machine learning technique for a specific underlying safety problem is still a challenging matter of grave concern.…”

Section: Includedmentioning

confidence: 99%

Performance Comparison and Current Challenges of Using Machine Learning Techniques in Cybersecurity

et al. 2020

View full text Add to dashboard Cite

Cyberspace has become an indispensable factor for all areas of the modern world. The world is becoming more and more dependent on the internet for everyday living. The increasing dependency on the internet has also widened the risks of malicious threats. On account of growing cybersecurity risks, cybersecurity has become the most pivotal element in the cyber world to battle against all cyber threats, attacks, and frauds. The expanding cyberspace is highly exposed to the intensifying possibility of being attacked by interminable cyber threats. The objective of this survey is to bestow a brief review of different machine learning (ML) techniques to get to the bottom of all the developments made in detection methods for potential cybersecurity risks. These cybersecurity risk detection methods mainly comprise of fraud detection, intrusion detection, spam detection, and malware detection. In this review paper, we build upon the existing literature of applications of ML models in cybersecurity and provide a comprehensive review of ML techniques in cybersecurity. To the best of our knowledge, we have made the first attempt to give a comparison of the time complexity of commonly used ML models in cybersecurity. We have comprehensively compared each classifier’s performance based on frequently used datasets and sub-domains of cyber threats. This work also provides a brief introduction of machine learning models besides commonly used security datasets. Despite having all the primary precedence, cybersecurity has its constraints compromises, and challenges. This work also expounds on the enormous current challenges and limitations faced during the application of machine learning techniques in cybersecurity.

show abstract

Section: Includedmentioning

confidence: 99%

Performance Comparison and Current Challenges of Using Machine Learning Techniques in Cybersecurity

et al. 2020

View full text Add to dashboard Cite

show abstract

“…increasing type of attacks on the Internet [7]. More recently, endto-end solutions based on deep learning models have achieved state-of-the-art performance without explicitly utilizing domain knowledge or performing feature engineering.…”

Section: Modelmentioning

confidence: 99%

Toward more generalized Malicious URL Detection Models

Tsai¹,

Liow²,

Siang³

et al. 2022

Preprint

View full text Add to dashboard Cite

This paper reveals a data bias issue that can severely affect the performance while conducting a machine learning model for malicious URL detection. We describe how such bias can be identified using interpretable machine learning techniques, and further argue that such biases naturally exist in the real world security data for training a classification model. We then propose a debiased training strategy that can be applied to most deep-learning based models to alleviate the negative effects from the biased features. The solution is based on the technique of self-supervised adversarial training to train deep neural networks learning invariant embedding from biased data. We conduct a wide range of experiments to demonstrate that the proposed strategy can lead to significantly better generalization capability for both CNN-based and RNN-based detection models. CCS CONCEPTS• Security and privacy → Artificial immune systems; • Computing methodologies → Machine learning algorithms; Neural networks; Learning latent representations.

show abstract

“…Limited evaluations are often seem in the cybersecurity context because collecting real malicious artifacts is a hard task, as most organizations do not share the threats that affect them to not reveal their vulnerabilities. On the other hand, a big dataset may result in long training times and produce too complex models and decision boundaries (according to the classifier and parameters used) that are not feasible in the reality (e.g., real-time models for resource-constrained devices), such as some deep learning models that usually requires a large amount of data to achieve good results [81]. As an analogy, consider that a dataset is a map and, for instance, represents a city.…”

Section: Dataset Size Definitionmentioning

confidence: 99%

“…Rieck et al [131] stated that only few research has produced practical results, presenting directions and perspectives of how to successfully link cybersecurity and Machine Learning and aiming at fostering research on intelligent security methods, based on a cyclic process that starts discovering new threats, followed by their analysis and the development of prevention measures. Jiang et al systematically studied some publications that applied ML in security domains, providing a taxonomy on ML paradigms and their applications in cybersecurity [81]. Salehi et al categorized existing strategies to detect anomalies in evolving data using unsupervised approaches, since label information is mostly unavailable in real-world applications [135].…”

Section: Introductionmentioning

confidence: 99%

Machine Learning (In) Security: A Stream of Problems

Ceschin,

Gomes,

Botacin

et al. 2020

Preprint

View full text Add to dashboard Cite

Machine Learning (ML) has been widely applied to cybersecurity, and is currently considered state-of-the-art for solving many of the field´s open issues. However, it is very difficult to evaluate how good the produced solutions are, since the challenges faced in security may not appear in other areas (at least not in the same way). One of these challenges is the concept drift, that actually creates an arms race between attackers and defenders, given that any attacker may create novel, different threats as time goes by (to overcome defense solutions) and this "evolution´´is not always considered in many works. Due to this type of issue, it is fundamental to know how to correctly build and evaluate a ML-based security solution. In this work, we list, detail, and discuss some of the challenges of applying ML to cybersecurity, including concept drift, concept evolution, delayed labels, and adversarial machine learning. We also show how existing solutions fail and, in some cases, we propose possible solutions to fix them.

show abstract

SoK: Applying Machine Learning in Security - A Survey

Cited by 4 publications

References 80 publications

Performance Comparison and Current Challenges of Using Machine Learning Techniques in Cybersecurity

Performance Comparison and Current Challenges of Using Machine Learning Techniques in Cybersecurity

Toward more generalized Malicious URL Detection Models

Machine Learning (In) Security: A Stream of Problems

Contact Info

Product

Resources

About