European Symposium on Security and Artificial Intelligence

The European Symposium on Security and AI (ESSAI) was held for the first time during the European Cyber Week (ECW) on November 20 and 21, 2024. This event focuses on the security of artificial intelligence systems, covering topics such as data integrity and privacy, the use of artificial intelligence to enhance cybersecurity, and the malicious use of generative artificial intelligence. Speakers at the event presented work that has been recognized at leading conferences in artificial intelligence and security.

2024-11-21

Daniel Arp presented his work titled “Dos and Don’ts of Machine Learning in Computer Security,” which was previously featured at the USENIX Security Symposium 2022. Alongside his co-authors, Arp delves into the critical intersection of machine learning and computer security. As computing systems grow more powerful and massive datasets become increasingly accessible, machine learning algorithms have catalyzed significant breakthroughs across various fields. These developments have significantly impacted computer security, leading to innovative work on learning-based systems for malware detection, vulnerability discovery, and binary code analysis.

However, despite their potential, these learning-based security systems are susceptible to subtle pitfalls that can severely impair their performance and make them unreliable for security tasks and practical deployment. In his paper, Arp critically examines these issues. He identifies common design, implementation, and evaluation pitfalls in learning-based security systems by reviewing 30 papers from top-tier security conferences over the past decade. His study confirms that such pitfalls are prevalent in current security research.

Through empirical analysis, Arp demonstrates how these pitfalls can skew results, leading to unrealistic performance assessments and misinterpretations that obscure the true nature of security challenges. To combat these issues, he offers actionable recommendations to help researchers avoid or mitigate these pitfalls and highlights unresolved problems in applying machine learning to security. Arp’s presentation also outlines directions for future research, aiming to refine the application of machine learning in enhancing computer security.