/SecuML

Machine Learning for Computer Security

Primary LanguagePythonGNU General Public License v2.0GPL-2.0

SecuML is a Python tool that aims to foster the use of Machine Learning in Computer Security. It is distributed under the GPL2+ license.

It allows security experts to train detection models easily and comes with a web user interface to visualize the results and interact with the models. SecuML can be applied to any detection problem. It requires as input numerical features representing each instance. It supports binary labels (malicious vs. benign) and categorical labels which represent families of malicious or benign behaviours.

Benefits of SecuML

SecuML relies on scikit-learn to train the Machine Learning models and offers the additionnal features:

  • Web user interface
    diagnosis and interaction with Machine Learning models (active learning, rare category detection)
  • Hide some of the Machine Learning machinery
    automation of data loading, feature standardization, and search of the best hyperparameters

What you can do with SecuML

  • Training and diagnosing a detection model before deployment with DIADEM
  • Annotating a dataset with a reduced workload with ILAB
  • Exploring a dataset interactively with rare category detection
  • Clustering
  • Projection
  • Computing descriptive statistics of each feature

See the sphinx documentation for more detail.

Papers

PhD Dissertation

Presentations

Authors