> While deep learning has shown a great potential to build security applications...
Not in my experience. Essentially all attempts to apply deep learning to security that I am aware of have either been 1) toys, 2) abandoned as ineffective, or 3) snake oil.
Indeed. Anyone interested in this might want to read "Outside the Closed World: On Using Machine Learning For Network Intrusion Detection" which goes into some of the reasons why all these ML security tools have remained toys. https://www.icir.org/robin/papers/oakland10-ml.pdf
Abstract: In network intrusion detection research, one popular strategy for finding attacks is monitoring a network’s activity for anomalies: deviations from profiles of normality previously learned from benign traffic, typically identified using tools borrowed from the machine learning community. However, despite extensive academic research one finds a striking gap in terms of actual deployments of such systems: compared with other intrusion detection approaches, machine learning is rarely employed in operational “real world” settings. We examine the differences between the network intrusion detection problem and other areas where machine learning regularly finds much more success. Our main claim is that the task of finding attacks is fundamentally different from these other applications, making it significantly harder for the intrusion detection community to employ machine learning effectively. We support this claim by identifying challenges particular to network intrusion detection, and provide a set of guidelines meant to strengthen future research on anomaly
detection.
But in general, I don't think there's a requirement to share code alongside a paper submission. There are arguments for [1] doing so, but it's definitely not a universal practice.
IMHO this has to become a universal practice. If you don’t wanna share code with your publication, how are other researchers going to corroborate your findings?
Publishing your research and not the code is only like taking a step behind. Even Yoshua Bengio is a staunch proponent of code sharing with publication.
Not in my experience. Essentially all attempts to apply deep learning to security that I am aware of have either been 1) toys, 2) abandoned as ineffective, or 3) snake oil.