Despite the potential of Machine learning (ML) to learn the behavior of malware, detect novel malware samples, and significantly improve information security (InfoSec) we see few, if any, high-impact ML techniques in deployed systems, notwithstanding multiple reported successes in open literature. We hypothesize that the failure of ML in making high-impacts in InfoSec are rooted in a disconnect between the two communities as evidenced by a semantic gap---a difference in how executables are described (e.g. the data and features extracted from the data). Specifically, current datasets and representations used by ML are not suitable for learning the behaviors of an executable and differ significantly from those used by the InfoSec community. In this paper, we survey existing datasets used for classifying malware by ML algorithms and the features that are extracted from the data. We observe that: 1) the current set of extracted features are primarily syntactic, not behavioral, 2) datasets generally contain extreme exemplars producing a dataset in which it is easy to discriminate classes, and 3) the datasets provide significantly different representations of the data encountered in real-world systems. For ML to make more of an impact in the InfoSec community requires a change in the data (including the features and labels) that is used to bridge the current semantic gap. As a first step in enabling more behavioral analyses, we label existing malware datasets with behavioral features using open-source threat reports associated with malware families. This behavioral labeling alters the analysis from identifying intent (e.g. good vs bad) or malware family membership to an analysis of which behaviors are exhibited by an executable. We offer the annotations with the hope of inspiring future improvements in the data that will further bridge the semantic gap between the ML and InfoSec communities.

Machine learning is the latest to make waves in the field of Information Security, and for good reason. The support of complex algorithms that'learn' and grow is invaluable to human analysts, allowing them to focus on larger tactical fights and strengthen security systems to be virtually bulletproof. In both routine and structural changes to Information Security, machine learning plays an increasingly important role and will continue to do so, leading into the coming years. What is Information Security (InfoSec)? InfoSec refers to the systems, tools and processes that are designed and then deployed to field sensitive and confidential data from being compromised or tampered with.

Machine learning is the latest to make waves in the field of Information Security, and for good reason. The support of complex algorithms that'learn' and grow is invaluable to human analysts, allowing them to focus on larger tactical fights and strengthen security systems to be virtually bulletproof. In both routine and structural changes to Information Security, machine learning plays an increasingly important role and will continue to do so, leading into the coming years. InfoSec refers to the systems, tools and processes that are designed and then deployed to field sensitive and confidential data from being compromised or tampered with. Disruption, modification and destruction of data are some of the more common results of InfoSec breaches.

There's no doubt that machine learning is having a significant impact on information security. But how can it be applied to data protection? What types of algorithms are the best to use? Can't organizations simply buy a third-party data set or model? These might seem like simple questions to answer. And yet, there still appears to be some confusion about what is and what isn't possible with Artificial Intelligence and machine learning, particularly in cybersecurity.