SecuML is a Python tool that aims to foster the use of Machine Learning in Computer Security. It is distributed under the GPL2+ license. It allows security experts to train models easily and comes up with a web user interface to visualize the results and interact with the models. SecuML can be applied to any detection problem. It requires as input numerical features representing each instance. It supports binary labels (malicious vs. benign) and categorical labels which represent families of malicious or benign behaviours.
- Training and analysing a detection model before deployment
- Collecting a labelled dataset with a reduced workload thanks to active learning
- Exploring a dataset interactively with rare category detection
- Clustering
- Projection
- Computing descriptive statistics of each feature
See the documentation for more detail.
We provide a dataset intended for spam detection for quick testing. See Getting Started for the instructions.
- Beaugnon, Anaël, Pierre Chifflier, and Francis Bach. "ILAB: An Interactive Labelling Strategy for Intrusion Detection." International Symposium on Research in Attacks, Intrusions, and Defenses. Springer, Cham, 2017.
- Bonneton, Anaël. "Machine Learning for Computer Security Experts using Python & scikit-learn", PyParis, 2017.
- Bonneton, Anaël, and Antoine Husson. "Le Machine Learning confronté aux contraintes opérationnelles des systèmes de détection.", SSTIC, 2017.
- Anaël Beaugnon (anael.beaugnon@ssi.gouv.fr)
- Pierre Collet (pierre.collet@ssi.gouv.fr)
- Antoine Husson (antoine.husson@ssi.gouv.fr)