{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T16:50:34Z","timestamp":1760028634672},"reference-count":96,"publisher":"IEEE","license":[{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-009"},{"start":{"date-parts":[[2023,5,1]],"date-time":"2023-05-01T00:00:00Z","timestamp":1682899200000},"content-version":"stm-asf","delay-in-days":0,"URL":"https:\/\/doi.org\/10.15223\/policy-001"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2023,5]]},"DOI":"10.1109\/sp46215.2023.10179321","type":"proceedings-article","created":{"date-parts":[[2023,7,21]],"date-time":"2023-07-21T17:18:15Z","timestamp":1689959895000},"page":"2068-2085","source":"Crossref","is-referenced-by-count":15,"title":["Everybody\u2019s Got ML, Tell Me What Else You Have: Practitioners\u2019 Perception of ML-Based Security Tools and Explanations"],"prefix":"10.1109","author":[{"given":"Jaron","family":"Mink","sequence":"first","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Hadjer","family":"Benkraouda","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Limin","family":"Yang","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Arridhana","family":"Ciptadi","sequence":"additional","affiliation":[{"name":"Truera"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Ali","family":"Ahmadzadeh","sequence":"additional","affiliation":[{"name":"Blue Hexagon"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Daniel","family":"Votipka","sequence":"additional","affiliation":[{"name":"Tufts University"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gang","family":"Wang","sequence":"additional","affiliation":[{"name":"University of Illinois at Urbana-Champaign"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"263","reference":[{"doi-asserted-by":"publisher","key":"ref1","DOI":"10.1109\/MSP.2006.159"},{"doi-asserted-by":"publisher","key":"ref2","DOI":"10.1109\/SP.2010.25"},{"volume-title":"Proc. of USENIX Security","author":"Yang","article-title":"CADE: Detecting and explaining concept drift samples for security applications","key":"ref3"},{"doi-asserted-by":"publisher","key":"ref4","DOI":"10.4108\/eai.3-12-2015.2262516"},{"doi-asserted-by":"publisher","key":"ref5","DOI":"10.14722\/ndss.2020.24046"},{"doi-asserted-by":"publisher","key":"ref6","DOI":"10.1109\/SP40000.2020.00096"},{"volume-title":"Proc. of USENIX Security","author":"Arp","article-title":"Dos and don\u2019ts of machine learning in computer security","key":"ref7"},{"key":"ref8","article-title":"EMBER: an open dataset for training static PE malware machine learning models","author":"Anderson","year":"2018","journal-title":"CoRR"},{"volume-title":"Proc. of USENIX Security","author":"Alsaheel","article-title":"ATLAS: A sequence-based learning approach for attack investigation","key":"ref9"},{"doi-asserted-by":"publisher","key":"ref10","DOI":"10.1145\/3319535.3363217"},{"doi-asserted-by":"publisher","key":"ref11","DOI":"10.1145\/2523649.2523670"},{"volume-title":"Proc. of IEEE S&P","author":"van Ede","article-title":"DeepCASE: Semi-Supervised Contextual Analysis of Security Events","key":"ref12"},{"doi-asserted-by":"publisher","key":"ref13","DOI":"10.1109\/EuroSP53844.2022.00011"},{"doi-asserted-by":"publisher","key":"ref14","DOI":"10.1109\/EuroSP57164.2023.00022"},{"doi-asserted-by":"publisher","key":"ref15","DOI":"10.1145\/3548606.3560609"},{"doi-asserted-by":"publisher","key":"ref16","DOI":"10.1145\/3243734.3243792"},{"doi-asserted-by":"publisher","key":"ref17","DOI":"10.1109\/EuroSP48549.2020.00018"},{"year":"2022","author":"Crowley","article-title":"Sans 2022 soc survey","key":"ref18"},{"doi-asserted-by":"publisher","key":"ref19","DOI":"10.18653\/v1\/n16-3020"},{"volume-title":"Proc. of NeurIPS","author":"Lundberg","article-title":"A unified approach to interpreting model predictions","key":"ref20"},{"doi-asserted-by":"publisher","key":"ref21","DOI":"10.1109\/ICCV.2019.00304"},{"doi-asserted-by":"publisher","key":"ref22","DOI":"10.1109\/ACCESS.2022.3204171"},{"key":"ref23","article-title":"Darpa\u2019s explainable ai (xai) program: A retrospective","author":"Gunning","year":"2021","journal-title":"Authorea Preprints"},{"volume-title":"Proc. of NeurIPS","author":"Hooker","article-title":"A benchmark for interpretability methods in deep neural networks","key":"ref24"},{"doi-asserted-by":"publisher","key":"ref25","DOI":"10.1145\/3460120.3484589"},{"doi-asserted-by":"publisher","key":"ref26","DOI":"10.1007\/s13042-021-01393-7"},{"doi-asserted-by":"publisher","key":"ref27","DOI":"10.1145\/3548606.3559392"},{"volume-title":"Proc. of USENIX Security","author":"Alahmadi","article-title":"99% false positives: A qualitative study of SOC analysts\u2019 perspectives on security alarms","key":"ref28"},{"doi-asserted-by":"publisher","key":"ref29","DOI":"10.1109\/SRDS.2011.24"},{"doi-asserted-by":"publisher","key":"ref30","DOI":"10.1145\/3243734.3243811"},{"doi-asserted-by":"publisher","key":"ref31","DOI":"10.1111\/risa.12864"},{"doi-asserted-by":"publisher","key":"ref32","DOI":"10.1109\/ISI.2017.8004902"},{"volume-title":"Proc. of USENIX Security","author":"Li","article-title":"Reading the tea leaves: A comparative analysis of threat intelligence","key":"ref33"},{"doi-asserted-by":"publisher","key":"ref34","DOI":"10.1145\/2851613.2851636"},{"doi-asserted-by":"publisher","key":"ref35","DOI":"10.1145\/3474718.3474723"},{"volume-title":"Proc. of DIMVA","author":"Kr\u00fcgel","article-title":"Alert verification determining the success of intrusion attempts","key":"ref36"},{"doi-asserted-by":"publisher","key":"ref37","DOI":"10.1007\/978-3-642-37300-8_14"},{"volume-title":"Proc. of USENIX Security","author":"Ho","article-title":"Detecting credential spearphishing in enterprise settings","key":"ref38"},{"doi-asserted-by":"publisher","key":"ref39","DOI":"10.1145\/3319535.3354239"},{"doi-asserted-by":"publisher","key":"ref40","DOI":"10.1145\/3243734.3243794"},{"doi-asserted-by":"publisher","key":"ref41","DOI":"10.1145\/3230833.3233280"},{"volume-title":"Proc. of SOUPS","author":"Sundaramurthy","article-title":"A human capital model for mitigating security analyst burnout","key":"ref42"},{"doi-asserted-by":"publisher","key":"ref43","DOI":"10.1145\/1031607.1031663"},{"volume-title":"Proc. of SOUPS","author":"Sundaramurthy","article-title":"Turning contradictions into innovations or: How we learned to stop whining and improve security operations","key":"ref44"},{"doi-asserted-by":"publisher","key":"ref45","DOI":"10.1109\/iThings-GreenCom-CPSCom-SmartData-Cybermatics50389.2020.00111"},{"doi-asserted-by":"publisher","key":"ref46","DOI":"10.1145\/3359786"},{"doi-asserted-by":"publisher","key":"ref47","DOI":"10.1002\/cem.873"},{"volume-title":"Introduction to linear regression analysis.","year":"2021","author":"Montgomery","key":"ref48"},{"doi-asserted-by":"publisher","key":"ref49","DOI":"10.1145\/2939672.2939874"},{"doi-asserted-by":"publisher","key":"ref50","DOI":"10.1109\/ICCV.2017.74"},{"volume-title":"Proc. of USENIX Security","author":"Zhang","article-title":"Interpretable deep learning under fire","key":"ref51"},{"doi-asserted-by":"publisher","key":"ref52","DOI":"10.1145\/3491102.3501915"},{"doi-asserted-by":"publisher","key":"ref53","DOI":"10.1145\/3491102.3501826"},{"doi-asserted-by":"publisher","key":"ref54","DOI":"10.1145\/3313831.3376590"},{"doi-asserted-by":"publisher","key":"ref55","DOI":"10.1145\/2046684.2046692"},{"volume-title":"Proc. of SaTML","author":"Apruzzese","article-title":"Position: \u201dReal Attackers Don\u2019t Compute Gradients\": Bridging the Gap Between Adversarial ML Research and Practice","key":"ref56"},{"key":"ref57","article-title":"\"Why do so?\u201d - A Practical Perspective on Machine Learning Security","author":"Grosse","year":"2023","journal-title":"IEEE TIFS"},{"volume-title":"Proc. of IEEE SPW","author":"Kumar","article-title":"Adversarial machine learning-industry perspectives","key":"ref58"},{"volume-title":"Proc. of SOUPS","author":"Bieringer","article-title":"Industrial practitioners\u2019 mental models of adversarial machine learning","key":"ref59"},{"volume-title":"Proc. of USENIX Security","author":"Mink","article-title":"\"Security is not my field, I\u2019m a stats guy\u201d: A Qualitative Root Cause Analysis of Barriers to Adversarial Machine Learning Defenses in Industry","key":"ref60"},{"doi-asserted-by":"publisher","key":"ref61","DOI":"10.4135\/9781483397085"},{"key":"ref62","doi-asserted-by":"crossref","DOI":"10.1109\/SP46215.2023.10179321","article-title":"Everybody\u2019s Got ML, Tell Me What Else You Have: Practitioners\u2019 Perception of ML-Based Security Tools and Explanations (Supplementary Materials)","author":"Mink","year":"2023"},{"year":"2023","article-title":"General data protection regulation (gdpr)","key":"ref63"},{"year":"2021","article-title":"Personal information protection law (pipl) of the people\u2019s republic of china","key":"ref64"},{"volume-title":"Proc. of ICLR","author":"Chang","article-title":"Explaining image classifiers by counterfactual generation","key":"ref65"},{"doi-asserted-by":"publisher","key":"ref66","DOI":"10.1145\/3133956.3134018"},{"volume-title":"Proc. of USENIX Security","author":"Marcelli","article-title":"How machine learning is solving the binary function similarity problem","key":"ref67"},{"volume-title":"Proc. of SOUPS","author":"Rader","article-title":"\"I Have a Narrow Thought Process\u201d: Constraints on Explanations Connecting Inferences and Self-Perceptions","key":"ref68"},{"doi-asserted-by":"publisher","key":"ref69","DOI":"10.4135\/9781452230153"},{"doi-asserted-by":"publisher","key":"ref71","DOI":"10.1177\/001316446002000104"},{"doi-asserted-by":"publisher","key":"ref72","DOI":"10.1109\/SP46215.2023.10179478"},{"doi-asserted-by":"publisher","key":"ref73","DOI":"10.1109\/SP.2018.00003"},{"volume-title":"Proc. of USENIX Security","author":"Akgul","article-title":"Bug hunters\u2019 perspectives on the challenges and benefits of the bug bounty ecosystem","key":"ref74"},{"volume-title":"Proc. of USENIX Security","author":"Votipka","article-title":"An observational investigation of reverse engineers\u2019 processes","key":"ref75"},{"volume-title":"(ICS2)2, Tech. Rep.","year":"2022","article-title":"Cybersecurity workforce study","key":"ref76"},{"key":"ref77","article-title":"How to solve the data science skills shortage","volume-title":"SAS Institute, Tech. Rep.","author":"Crawford","year":"2022"},{"doi-asserted-by":"publisher","key":"ref78","DOI":"10.1145\/3491102.3517559"},{"volume-title":"Designing the user interface: strategies for effective human-computer interaction.","year":"2016","author":"Shneiderman","key":"ref79"},{"doi-asserted-by":"publisher","key":"ref80","DOI":"10.1145\/142750.143054"},{"doi-asserted-by":"publisher","key":"ref81","DOI":"10.1016\/B978-155860915-0\/50046-9"},{"doi-asserted-by":"publisher","key":"ref82","DOI":"10.1145\/2939672.2939874"},{"doi-asserted-by":"publisher","key":"ref83","DOI":"10.1007\/978-3-030-93733-1_10"},{"doi-asserted-by":"publisher","key":"ref84","DOI":"10.1007\/978-3-030-72016-2_23"},{"doi-asserted-by":"publisher","key":"ref85","DOI":"10.1145\/3180155.3180189"},{"doi-asserted-by":"publisher","key":"ref86","DOI":"10.1145\/3472749.3474740"},{"volume-title":"Proc. of USENIX Security","author":"Man","article-title":"That person moves like a car: Misclassification attack detection for autonomous systems using spatiotemporal consistency","key":"ref87"},{"volume-title":"Proc. of NeurIPS","author":"Yang","article-title":"Improving certified robustness via statistical learning with logical reasoning","key":"ref88"},{"doi-asserted-by":"publisher","key":"ref89","DOI":"10.1145\/3379337.3415900"},{"year":"2009","author":"Settles","article-title":"Active learning literature survey","key":"ref90"},{"doi-asserted-by":"publisher","key":"ref91","DOI":"10.1109\/tkde.2019.2946162"},{"volume-title":"Proc. of USENIX Security","author":"Jordaney","article-title":"Transcend: Detecting concept drift in malware classification models","key":"ref92"},{"doi-asserted-by":"publisher","key":"ref93","DOI":"10.1111\/cgf.13678"},{"doi-asserted-by":"publisher","key":"ref94","DOI":"10.1145\/2133806.2133821"},{"doi-asserted-by":"publisher","key":"ref95","DOI":"10.1145\/1378773.1378788"},{"doi-asserted-by":"publisher","key":"ref96","DOI":"10.1145\/2588555.2610523"},{"volume-title":"Research Methods in Human-Computer Interaction.","year":"2017","author":"Lazar","key":"ref97"}],"event":{"name":"2023 IEEE Symposium on Security and Privacy (SP)","start":{"date-parts":[[2023,5,21]]},"location":"San Francisco, CA, USA","end":{"date-parts":[[2023,5,25]]}},"container-title":["2023 IEEE Symposium on Security and Privacy (SP)"],"original-title":[],"link":[{"URL":"http:\/\/xplorestaging.ieee.org\/ielx7\/10179215\/10179280\/10179321.pdf?arnumber=10179321","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,7,20]],"date-time":"2024-07-20T05:12:06Z","timestamp":1721452326000},"score":1,"resource":{"primary":{"URL":"https:\/\/ieeexplore.ieee.org\/document\/10179321\/"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2023,5]]},"references-count":96,"URL":"https:\/\/doi.org\/10.1109\/sp46215.2023.10179321","relation":{},"subject":[],"published":{"date-parts":[[2023,5]]}}}