ABSTRACT
Cybersecurity has become one of the key challenges in every aspect of computing. Increasingly, machine learning (ML) approaches are used in various areas of cybersecurity such as phishing detection, malware detection, and intrusion detection. ML algorithms transform data into computational models that drive cybersecurity applications. In this process, three types of human actors are involved: ML practitioners, domain experts, and end-users. In traditional ML workflow, domain experts label data. ML practitioners extract features, experiment with different algorithms, tune parameters, train, and evaluate models. If the model is deployed, end-users knowingly or unknowingly are at the receiving ends of the solutions. An incorrect decision made by an ML model could result in a successful cyberattack, or if a model produces many false positives, the model will not be trusted by its users. As a result, an ML-based model needs to leverage human expertise, as well as humans need to understand the reasoning behind the decision made by the model. Therefore, ML workflow needs to tightly integrate humans in its loop. We survey the roles of human elements in both traditional and interactive ML-based solutions to cybersecurity. This chapter also describes the interactive ML paradigm where humans iteratively provide feedback in response to the output of the model.
