Machine learning and information security are well-established disciplines that benefit mutually from their interaction because many modern network and system intrusion and prevention systems rely on advanced anomaly detection models in order to detect unknown attack vectors and thus offer excellent application use cases for machine learning algorithms. This book bridges the gap between two different areas in computer science that have multiple intersection points.

For many years, the academic research community has been approaching the information security area from a machine learning perspective, but this knowledge was mostly scattered over the multiple International Symposium on Research in Attacks, Intrusions and Defenses (RAID) conference proceedings. Marc Stamp’s book is a much needed, and until now missing, addition to any IT security bookshelf, covering a pragmatic set of conceptual machine learning approaches and relevant practical use cases.

The book is structured in two parts. The first section lays down the theoretical foundations (hidden Markov models, principal component analysis, support vector machines, and clustering concepts) as well as multiple practical classification and clustering methods. Each of these topics is covered in a standalone chapter. Concepts are introduced formally, detailed with many examples, pseudocode algorithms, and worked-out exercises and examples. The first part of the book represents about two-thirds of the overall content and can on its own be used for an introduction to machine learning. However, for the security-minded reader, the second part of the book (chapters 9 through 13) is a must read. Each of these chapters contains realistic applications for the concepts introduced in the first part of the book. With use cases ranging from malware detection and spam identification through cryptanalysis, this section is very valuable for discovering how to design and evaluate security mechanisms that rely on machine learning.

The target audience of this book can be quite varied. The most appropriate audience is a graduate class in information security, but it may also be useful for readers interested in learning about the underlying theory behind advanced security mitigation tools.

Since the content also addresses conceptual issues as well as very practical technology-driven material, a broader audience can benefit from it. Experienced security professionals can deepen their knowledge on the machine learning content of the book, while data scientists will appreciate the background material on the security part. This book can be read cover to cover, but most probably selected chapters are suitable for a particular interest focus. For these different reader categories, the book does provide timely, necessary, sufficient, and relevant content.