September 9 – 14 , 2012, Dagstuhl Perspectives Workshop 12371

Machine Learning Methods for Computer Security


Anthony D. Joseph (University of California – Berkeley, US)
Pavel Laskov (Universität Tübingen, DE)
Fabio Roli (University of Cagliari, IT)
Doug Tygar (University of California – Berkeley, US)


Blaine Nelson (Universität Tübingen, DE)

For support, please contact

Dagstuhl Service Team


Dagstuhl Report, Volume 2, Issue 9 Dagstuhl Report
Dagstuhl Manifesto, Volume 3, Issue 1 Dagstuhl Manifesto
List of Participants
Dagstuhl's Impact: Documents available
Dagstuhl Perspectives Workshop Schedule [pdf]

Press Room


Arising organically from a variety of independent research projects in both computer security and machine learning, the topic of machine learning methods for computer security is emerging as a major direction of research that offers new challenges to both communities. Learning approaches are particularly advantageous for security applications designed to counter sophisticated and evolving adversaries because they are designed to cope with large data tasks that are too complex for hand-crafted solutions or need to dynamically evolve. However, in adversarial settings, the assets of learning can potentially be subverted by malicious manipulation of the learner's environment. This exposes applications that use learning techniques to a new type of security vulnerability in which an adversary can adapt to counter learning-based methods. Thus, unlike most application domains, computer security applications present a unique data domain that requires careful consideration of its adversarial nature to provide adequate learning-based solutions---a challenge requiring novel learning methods and domain-specific application design and analysis. The Perspectives Workshop, ``Machine Learning Methods for Computer Security'', brought together prominent researchers from the computer security and machine learning communities interested in furthering the state-of-the-art for this fusion research to discuss open problems, foster new research directions, and promote further collaboration between the two communities.

This workshop focused on tasks in three main topics: the role of learning in computer security applications, the paradigm of secure learning, and the future applications for secure learning. In the first group, participants discussed the current usage of learning approaches by security practitioners. The second group focused of the current approaches and challenges for learning in security-sensitive adversarial domains. Finally, the third group sought to identify future application domains, which would benefit from secure learning technologies.

Within this emerging field several recurrent themes arose throughout the workshop. A major concern that was discussed throughout the workshop was an uneasiness with machine learning and a reluctance to use learning within security applications and, to address this problem, participants identified the need for learning methods to provide better transparency, interpretability, and trust. Further, many workshop attendees raised the issue of how human operators could be incorporated into the learning process to guide it, interpret its results, and prevent unintended consequences, thus reinforcing the need for transparency and interpretability of these methods. On the learning side, researchers discussed how an adversary should be properly incorporated into a learning framework and how the algorithms can be designed in a game-theoretic manner to provide security guarantees. Finally, participants also identified the need for a proper characterization of a security objective for learning and for benchmarks for assessing an algorithm's security.


  • Artificial Intelligence / Robotics
  • Security / Cryptography


  • Adversarial Learning
  • Computer Security
  • Robust Statistical Learning
  • Online Learning with Experts
  • Game Theory
  • Learning Theory


In the series Dagstuhl Reports each Dagstuhl Seminar and Dagstuhl Perspectives Workshop is documented. The seminar organizers, in cooperation with the collector, prepare a report that includes contributions from the participants' talks together with a summary of the seminar.


Download overview leaflet (PDF).

Dagstuhl's Impact

Please inform us when a publication was published as a result from your seminar. These publications are listed in the category Dagstuhl's Impact and are presented on a special shelf on the ground floor of the library.


Furthermore, a comprehensive peer-reviewed collection of research papers can be published in the series Dagstuhl Follow-Ups.