
LEMNA: explaining deep learning based security applications - feross
https://blog.acolyer.org/2018/11/30/lemna-explaining-deep-learning-based-security-applications/
======
madhadron
> While deep learning has shown a great potential to build security
> applications...

Not in my experience. Essentially all attempts to apply deep learning to
security that I am aware of have either been 1) toys, 2) abandoned as
ineffective, or 3) snake oil.

~~~
feross
Indeed. Anyone interested in this might want to read "Outside the Closed
World: On Using Machine Learning For Network Intrusion Detection" which goes
into some of the reasons why all these ML security tools have remained toys.
[https://www.icir.org/robin/papers/oakland10-ml.pdf](https://www.icir.org/robin/papers/oakland10-ml.pdf)

Abstract: In network intrusion detection research, one popular strategy for
finding attacks is monitoring a network’s activity for anomalies: deviations
from profiles of normality previously learned from benign traffic, typically
identified using tools borrowed from the machine learning community. However,
despite extensive academic research one finds a striking gap in terms of
actual deployments of such systems: compared with other intrusion detection
approaches, machine learning is rarely employed in operational “real world”
settings. We examine the differences between the network intrusion detection
problem and other areas where machine learning regularly finds much more
success. Our main claim is that the task of finding attacks is fundamentally
different from these other applications, making it significantly harder for
the intrusion detection community to employ machine learning effectively. We
support this claim by identifying challenges particular to network intrusion
detection, and provide a set of guidelines meant to strengthen future research
on anomaly detection.

------
Michaelanjello
Is there even a software to go with this, or is it all talk? Where is the
code?

~~~
lol768
>Is there even a software to go with this

[https://english.stackexchange.com/a/52420](https://english.stackexchange.com/a/52420)

\----------

But in general, I don't think there's a requirement to share code alongside a
paper submission. There are arguments for [1] doing so, but it's definitely
not a universal practice.

[1] -
[https://faculty.washington.edu/rjl/pubs/topten/topten.pdf](https://faculty.washington.edu/rjl/pubs/topten/topten.pdf)

~~~
godelmachine
IMHO this has to become a universal practice. If you don’t wanna share code
with your publication, how are other researchers going to corroborate your
findings?

Publishing your research and not the code is only like taking a step behind.
Even Yoshua Bengio is a staunch proponent of code sharing with publication.

------
cgarciae
No repo like LIME? Would love to test this.

