Panel: Machine Learning and Security

Abstract: Machine learning (ML) techniques have been used in cyber-security {\em research} for over twenty years,  e.g., to detect malware using network, OS, and hardware-level signals. Yet, ML usage is viewed with deep distrust among researchers --- because ML models are used as a  black-box that can be hard to reverse (i.e., making ML transparent), because we do not know how the results will hold against adaptive adversaries that train to evade malware (all evaluations use off-the shelf "non-intelligent" malware), and because there is no consistent benchmarking methodology to evaluate whether ML defenses (different algorithms, those that work at different layers) even compose.