Machine learning techniques used in network intrusion detection are susceptible to 'model poisoning' by attackers. We dissect this attack and analyze some proposals for how to circumvent these attacks, then consider specific use cases of how machine learning and anomaly detection can be used in the web security context.