Computer Security and Machine Learning: Worst Enemies or Best Friends?

摘要

Computer systems linked to the Internet are confronted with a plethora of security threats, ranging from classic computer worms to involved drive-by downloads and bot networks. In the last years these threats have reached a new quality of automatization and sophistication, rendering most defenses ineffective. Conventional security measures that rely on the manual analysis of security incidents and attack development inherently fail to provide a timely protection from these threats. As a consequence, computer systems often remain unprotected over longer periods of time. The field of machine learning has been considered an ideal match for this problem, as learning methods provide the ability to automatically analyze data and support early detection of threats. However, only few research has produced practical results so far and there is notable skepticism in the community about learning-based defenses. In this paper, we reconsider the problems, challenges and advantages of combining machine learning and computer security. We identify factors that are critical for the efficacy and acceptance of learning methods in security. We present directions and perspectives for successfully linking both fields and aim at fostering research on intelligent security methods.