<div class="csl-bib-body">
<div class="csl-entry">Arp, D., Quiring, E., Pendlebury, F., Warnecke, A., Pierazzi, F., Wressnegger, C., Cavallaro, L., & Rieck, K. (2024). Pitfalls in Machine Learning for Computer Security. <i>Communications of the ACM</i>, <i>67</i>(11), 104–112. https://doi.org/10.1145/3643456</div>
</div>
-
dc.identifier.issn
0001-0782
-
dc.identifier.uri
http://hdl.handle.net/20.500.12708/204487
-
dc.description.abstract
With the growing processing power of computing systems and the increasing availability of massive datasets, machine learning algorithms have led to major breakthroughs in many different areas. This development has influenced computer security, spawning a series of work on learning-based security systems, such as for malware detection, vulnerability discovery, and binary code analysis. Despite great potential, machine learning in security is prone to subtle pitfalls that undermine its performance and render learning-based systems potentially unsuitable for security tasks and practical deployment.
In this paper, we look at this problem with critical eyes. First, we identify common pitfalls in the design, implementation, and evaluation of learning-based security systems. We conduct a study of 30 papers from top-tier security conferences within the past 10 years, confirming that these pitfalls are widespread in the current security literature. In an empirical analysis, we further demonstrate how individual pitfalls can lead to unrealistic performance and interpretations, obstructing the understanding of the security problem at hand. As a remedy, we propose actionable recommendations to support researchers in avoiding or mitigating the pitfalls where possible. Furthermore, we identify open problems when applying machine learning in security and provide directions for further research.
en
dc.language.iso
en
-
dc.publisher
ASSOC COMPUTING MACHINERY
-
dc.relation.ispartof
Communications of the ACM
-
dc.rights.uri
http://creativecommons.org/licenses/by/4.0/
-
dc.subject
Maching Learning
en
dc.subject
Computer Security
en
dc.subject
Pitfalls
en
dc.title
Pitfalls in Machine Learning for Computer Security
en
dc.type
Article
en
dc.type
Artikel
de
dc.rights.license
Creative Commons Namensnennung 4.0 International
de
dc.rights.license
Creative Commons Attribution 4.0 International
en
dc.description.startpage
104
-
dc.description.endpage
112
-
dc.type.category
Original Research Article
-
tuw.container.volume
67
-
tuw.container.issue
11
-
tuw.journal.peerreviewed
true
-
tuw.peerreviewed
true
-
wb.publication.intCoWork
International Co-publication
-
tuw.researchTopic.id
I1
-
tuw.researchTopic.name
Logic and Computation
-
tuw.researchTopic.value
100
-
dcterms.isPartOf.title
Communications of the ACM
-
tuw.publication.orgunit
E192-06 - Forschungsbereich Security and Privacy
-
tuw.publisher.doi
10.1145/3643456
-
dc.date.onlinefirst
2024
-
dc.identifier.eissn
1557-7317
-
dc.identifier.libraryid
AC17364283
-
dc.description.numberOfPages
9
-
tuw.author.orcid
0000-0003-3628-794X
-
tuw.author.orcid
0009-0004-7170-1274
-
tuw.author.orcid
0000-0003-1140-322X
-
tuw.author.orcid
0009-0006-3617-3968
-
tuw.author.orcid
0000-0002-1254-1758
-
tuw.author.orcid
0009-0007-1493-9552
-
tuw.author.orcid
0000-0002-3878-2680
-
tuw.author.orcid
0000-0002-5054-8758
-
dc.rights.identifier
CC BY 4.0
de
dc.rights.identifier
CC BY 4.0
en
dc.description.sponsorshipexternal
German Federal Ministry of Education and Research (BMBF) as BIFOLD—Berlin Institute for the Foundations of Learning and Data
