SecuML’s documentation

SecuML is a Python tool that aims to foster the use of machine learning in computer security. It is distributed under the GPL2+ license.

It allows to apply diverse machine learning techniques (e.g. supervised learning, active learning, rare category detection, clustering). It does not propose new implementations of machine learning algorithms. It is built upon third-party libraries (scikit-learn and metric-learn), and offers additionnal features: it comes with a graphical user interface and it hides some of the machine learning machinery to let security experts focus mainly on detection.

Graphical User Interface. It visualizes the results of the machine learning analyses and allows to interact with the models (e.g. active learning, rare category detection). It is generic and can be used on any data type thanks to the pluggable problem-specific visualizations.

Hiding some of the Machine Learning Machinery. SecuML deals with data loading and performs automatically some parts of the machine learning pipeline (e.g. feature standardization, search of the best hyperparameters) to let security experts focus mainly on detection.

Getting Started

• Setting up SecuML
  • Database
  • Installation
  • Configuration
  • Web User Interface
• Use Case: Spam Detection
  • Training and Diagnosing a Detection Model
  • Annotating a Dataset with a Reduced Workload

Data and Experiments

• Data
  • idents.csv
  • features directory
  • annotations directory
• Experiments
  • Running Experiments
  • Visualizing the Results
  • Types of Experiments Available
  • Removing Experiments
• Visualization of Individual Instances
  • Default Visualization: All the Features
  • Pluggable Problem-Specific Visualizations

Available Experiments

• Features Analysis
• DIADEM: DIAgnosis of DEtection Models
• ILAB: Interactive LABeling
• Rare Category Detection
• Clustering
• Projection for Data Visualization

Miscellaneous

• Detection Performance Metrics
• Running SecuML on Large Datasets