Skip to content
Machine Learning for Computer Security
Python JavaScript HTML Other
Branch: master
Clone or download

Latest commit

ab-anssi [DOC] improve documentation
- update screen shots for clustering, projection and features analysis
- more explanations for features analysis, projection and clustering
Latest commit 7d36a7a Feb 20, 2020


Type Name Latest commit message Commit time
Failed to load latest commit information.
conf Update documentation (#5) Jul 30, 2018
docs [DOC] improve documentation Feb 20, 2020
input_data [EFF] Improve interactions with DB. Sep 3, 2019
scripts Deal with input arguments errors. Apr 25, 2019
secuml [ENH] change the color of the projection bins Feb 20, 2020
travis_tools [EFF] Improve interactions with DB. Sep 3, 2019
.gitignore Update .gitignore. Discard config. files. Apr 23, 2019
.nojekyll add nojekyll at root Jun 27, 2018
.travis.yml Add files in packages (issue #14). May 16, 2019
LICENSE initial commit Dec 20, 2016 Add semi/unsupervised detection models + refactor. Feb 13, 2019 Features Analysis + some improvements Nov 25, 2018
requirements.txt New pandas version (0.25) Feb 20, 2020 Add semi/unsupervised detection models + refactor. Feb 13, 2019


SecuML is a Python tool that aims to foster the use of Machine Learning in Computer Security. It is distributed under the GPL2+ license.

It allows security experts to train detection models easily and comes with a web user interface to visualize the results and interact with the models. SecuML can be applied to any detection problem. It requires as input numerical features representing each instance. It supports binary labels (malicious vs. benign) and categorical labels which represent families of malicious or benign behaviours.

Benefits of SecuML

SecuML relies on scikit-learn to train the Machine Learning models and offers the additionnal features:

  • Web user interface
    diagnosis and interaction with Machine Learning models (active learning, rare category detection)
  • Hide some of the Machine Learning machinery
    automation of data loading, feature standardization, and search of the best hyperparameters

What you can do with SecuML

  • Training and diagnosing a detection model before deployment with DIADEM
  • Annotating a dataset with a reduced workload with ILAB
  • Exploring a dataset interactively with rare category detection
  • Clustering
  • Projection
  • Computing descriptive statistics of each feature

See the sphinx documentation for more detail.


PhD Dissertation



You can’t perform that action at this time.