pith. sign in

arxiv: 2010.09470 · v2 · pith:H6PIPEE6new · submitted 2020-10-19 · 💻 cs.CR · cs.LG

Dos and Don'ts of Machine Learning in Computer Security

classification 💻 cs.CR cs.LG
keywords securitypitfallslearningmachinesystemslearning-basedanalysiscomputer
0
0 comments X
read the original abstract

With the growing processing power of computing systems and the increasing availability of massive datasets, machine learning algorithms have led to major breakthroughs in many different areas. This development has influenced computer security, spawning a series of work on learning-based security systems, such as for malware detection, vulnerability discovery, and binary code analysis. Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance and render learning-based systems potentially unsuitable for security tasks and practical deployment. In this paper, we look at this problem with critical eyes. First, we identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We conduct a study of 30 papers from top-tier security conferences within the past 10 years, confirming that these pitfalls are widespread in the current security literature. In an empirical analysis, we further demonstrate how individual pitfalls can lead to unrealistic performance and interpretations, obstructing the understanding of the security problem at hand. As a remedy, we propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible. Furthermore, we identify open problems when applying machine learning in security and provide directions for further research.

This paper has not been read by Pith yet.

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.

Forward citations

Cited by 3 Pith papers

Reviewed papers in the Pith corpus that reference this work. Sorted by Pith novelty score.

  1. Unmasking LAION-5B: Age, Gender, Race, and Emotion Biases in Large-Scale Image Datasets

    cs.CV 2026-06 unverdicted novelty 6.0

    Empirical audit of LAION-2B-en and LAION-2B-multi finds overrepresentation of young adults, White people, and males plus stereotypical emotion associations across two attribute classifiers.

  2. Can LLMs Infer Conversational Agent Users' Personality Traits from Chat History?

    cs.CL 2026-03 unverdicted novelty 6.0

    Fine-tuned RoBERTa models infer users' personality traits from real ChatGPT chat histories with accuracy better than random in multiple categories, including a +44% relative improvement for extraversion on relationshi...

  3. Contextualizing Security and Privacy of Software-Defined Vehicles: A Literature Review and Industry Perspectives

    cs.CR 2024-11 unverdicted novelty 3.0

    A literature review and industry survey on SDV security and privacy produces a framework for addressing mixed-criticality systems, layered defenses, privacy techniques, and harmonized vehicle-cloud protections.