SoK: Applying Machine Learning in Security - A Survey

TL;DR

This survey reviews two decades of research on applying machine learning to security, analyzing methods, systems, and challenges across various security domains to guide future work.

Contribution

It provides a comprehensive taxonomy of ML paradigms and security domains, and proposes a new perspective of viewing security as a game theory problem.

Findings

Most research papers are published in top security conferences.

Identified key system designs and assumptions in ML security applications.

Highlighted open challenges and future directions in ML for security.

Abstract

The idea of applying machine learning(ML) to solve problems in security domains is almost 3 decades old. As information and communications grow more ubiquitous and more data become available, many security risks arise as well as appetite to manage and mitigate such risks. Consequently, research on applying and designing ML algorithms and systems for security has grown fast, ranging from intrusion detection systems(IDS) and malware classification to security policy management(SPM) and information leak checking. In this paper, we systematically study the methods, algorithms, and system designs in academic publications from 2008-2015 that applied ML in security domains. 98 percent of the surveyed papers appeared in the 6 highest-ranked academic security conferences and 1 conference known for pioneering ML applications in security. We examine the generalized system designs, underlying assumptions, measurements, and use cases in active research. Our examinations lead to 1) a taxonomy on ML paradigms and security domains for future exploration and exploitation, and 2) an agenda detailing open and upcoming challenges. Based on our survey, we also suggest a point of view that treats security as a game theory problem instead of a batch-trained ML problem.