SecuML’s documentation

SecuML is a Python tool that aims to foster the use of machine learning in computer security. It is distributed under the GPL2+ license.

It allows to apply diverse machine learning techniques (e.g. supervised learning, active learning, rare category detection, clustering). It does not propose new implementations of machine learning algorithms. It is built upon third-party libraries (scikit-learn and metric-learn), and offers additionnal features: it comes with a graphical user interface and it hides some of the machine learning machinery to let security experts focus mainly on detection.

Graphical User Interface. It visualizes the results of the machine learning analyses and allows to interact with the models (e.g. active learning, rare category detection). It is generic and can be used on any data type thanks to the pluggable problem-specific visualizations.

Hiding some of the Machine Learning Machinery. SecuML deals with data loading and performs automatically some parts of the machine learning pipeline (e.g. feature standardization, search of the best hyperparameters) to let security experts focus mainly on detection.