SecuML https://anssi-fr.github.io/SecuML/

SecuML is a Python tool that aims to foster the use of Machine Learning in Computer Security. It is distributed under the GPL2+ license.

It allows security experts to train detection models easily and comes with a web user interface to visualize the results and interact with the models. SecuML can be applied to any detection problem. It requires as input numerical features representing each instance. It supports binary labels (malicious vs. benign) and categorical labels which represent families of malicious or benign behaviours.

Benefits of SecuML

SecuML relies on scikit-learn to train the Machine Learning models and offers the additionnal features:

• Web user interface
  diagnosis and interaction with Machine Learning models (active learning, rare category detection)
• Hide some of the Machine Learning machinery
  automation of data loading, feature standardization, and search of the best hyperparameters

What you can do with SecuML

• Training and diagnosing a detection model before deployment with DIADEM
• Annotating a dataset with a reduced workload with ILAB
• Exploring a dataset interactively with rare category detection
• Clustering
• Projection
• Computing descriptive statistics of each feature

See the sphinx documentation for more detail.

Papers

• Beaugnon, Anaël, and Pierre Chifflier. "Machine Learning for Computer Security Detection Systems: Practical Feedback and Solutions" Computer & Electronics Security Applications Rendez-vous (C&ESAR 2018)
• Beaugnon, Anaël, Pierre Chifflier, and Francis Bach. "End-to-End Active Learning for Computer Security Experts."
  KDD Workshop on Interactive Data Exploration and Analytics (IDEA 2018). Extended version of AICS 2018.
• Beaugnon, Anaël, Pierre Chifflier, and Francis Bach. "End-to-End Active Learning for Computer Security Experts."
  AAAI Workshop on Artificial Intelligence for Computer Security (AICS 2018).
• Beaugnon, Anaël, Pierre Chifflier, and Francis Bach. "ILAB: An Interactive Labelling Strategy for Intrusion Detection."
  International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2017).
• [FRENCH] Bonneton, Anaël, and Antoine Husson. "Le Machine Learning confronté aux contraintes opérationnelles des systèmes de détection."
  Symposium sur la sécurité des technologies de l'information et des communications (SSTIC 2017).

PhD Dissertation

• Beaugnon, Anaël. "Expert-in-the-Loop Supervised Learning for Computer Security Detection Systems."
  Ph.D. thesis, École Normale Superieure (2018)

Presentations

• [FRENCH] Beaugnon, Anaël. "Appliquer le Machine Learning de manière pertinente à la détection d’intrusion."
  Forum annuel du CERT-IST (CERT-IST 2017).
• Bonneton, Anaël. "Machine Learning for Computer Security Experts using Python & scikit-learn."
  PyParis 2017.

Authors

• Anaël Beaugnon ([email protected])
• Pierre Collet ([email protected])
• Antoine Husson ([email protected])