A Survey on Security Threats and Defensive Techniques of Machine Learning: A Data Driven View

Machine learning is one of the most prevailing techniques in computer science, and it has been widely applied in image processing, natural language processing, pattern recognition, cybersecurity, and other fields. Regardless of successful applications of machine learning algorithms in many scenarios...

Full description

Saved in:
Bibliographic Details
Published in:IEEE access Vol. 6; pp. 12103 - 12117
Main Authors: Liu, Qiang, Li, Pan, Zhao, Wentao, Cai, Wei, Yu, Shui, Leung, Victor C. M.
Format: Journal Article
Language:English
Published: Piscataway IEEE 01.01.2018
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Subjects:
adversarial samples
Algorithms
Artificial neural networks
Clustering
Cybersecurity
Decision analysis
Decision trees
defensive techniques
Face recognition
Image processing
Machine learning
Machine learning algorithms
Malware
Natural language processing
Object recognition
Pattern recognition
Principal components analysis
Regression analysis
Security
security threats
Support vector machines
Taxonomy
Testing
Training
Training data
ISSN:2169-3536, 2169-3536
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Abstract Machine learning is one of the most prevailing techniques in computer science, and it has been widely applied in image processing, natural language processing, pattern recognition, cybersecurity, and other fields. Regardless of successful applications of machine learning algorithms in many scenarios, e.g., facial recognition, malware detection, automatic driving, and intrusion detection, these algorithms and corresponding training data are vulnerable to a variety of security threats, inducing a significant performance decrease. Hence, it is vital to call for further attention regarding security threats and corresponding defensive techniques of machine learning, which motivates a comprehensive survey in this paper. Until now, researchers from academia and industry have found out many security threats against a variety of learning algorithms, including naive Bayes, logistic regression, decision tree, support vector machine (SVM), principle component analysis, clustering, and prevailing deep neural networks. Thus, we revisit existing security threats and give a systematic survey on them from two aspects, the training phase and the testing/inferring phase. After that, we categorize current defensive techniques of machine learning into four groups: security assessment mechanisms, countermeasures in the training phase, those in the testing or inferring phase, data security, and privacy. Finally, we provide five notable trends in the research on security threats and defensive techniques of machine learning, which are worth doing in-depth studies in future.
AbstractList Machine learning is one of the most prevailing techniques in computer science, and it has been widely applied in image processing, natural language processing, pattern recognition, cybersecurity, and other fields. Regardless of successful applications of machine learning algorithms in many scenarios, e.g., facial recognition, malware detection, automatic driving, and intrusion detection, these algorithms and corresponding training data are vulnerable to a variety of security threats, inducing a significant performance decrease. Hence, it is vital to call for further attention regarding security threats and corresponding defensive techniques of machine learning, which motivates a comprehensive survey in this paper. Until now, researchers from academia and industry have found out many security threats against a variety of learning algorithms, including naive Bayes, logistic regression, decision tree, support vector machine (SVM), principle component analysis, clustering, and prevailing deep neural networks. Thus, we revisit existing security threats and give a systematic survey on them from two aspects, the training phase and the testing/inferring phase. After that, we categorize current defensive techniques of machine learning into four groups: security assessment mechanisms, countermeasures in the training phase, those in the testing or inferring phase, data security, and privacy. Finally, we provide five notable trends in the research on security threats and defensive techniques of machine learning, which are worth doing in-depth studies in future.
Author Yu, Shui
Leung, Victor C. M.
Zhao, Wentao
Liu, Qiang
Li, Pan
Cai, Wei
Author_xml – sequence: 1
  givenname: Qiang
  orcidid: 0000-0003-2922-3518
  surname: Liu
  fullname: Liu, Qiang
  email: qiangliu06@nudt.edu.cn
  organization: College of Computer, National University of Defense Technology, Changsha, China
– sequence: 2
  givenname: Pan
  surname: Li
  fullname: Li, Pan
  organization: College of Computer, National University of Defense Technology, Changsha, China
– sequence: 3
  givenname: Wentao
  surname: Zhao
  fullname: Zhao, Wentao
  organization: College of Computer, National University of Defense Technology, Changsha, China
– sequence: 4
  givenname: Wei
  surname: Cai
  fullname: Cai, Wei
  organization: Department of Electrical and Computer Engineering, The University of British Columbia, Vancouver, BC, Canada
– sequence: 5
  givenname: Shui
  orcidid: 0000-0003-4485-6743
  surname: Yu
  fullname: Yu, Shui
  organization: School of Information Technology, Deakin University Melbourne Burwood Campus, Burwood, VIC, Australia
– sequence: 6
  givenname: Victor C. M.
  surname: Leung
  fullname: Leung, Victor C. M.
  organization: Department of Electrical and Computer Engineering, The University of British Columbia, Vancouver, BC, Canada
BookMark eNp9kUFrGzEQhUVJoWmaX5CLIGe7I-1qV-rN2EkbcOnBbm9FaKVRLONIqVZ28L_vupuWkEPnomF43-OJ956cxRSRkCsGU8ZAfZzN5zer1ZQDk1MuQTQS3pBzzho1qUTVnL3Y35HLvt_CMHI4ifac_JzR1T4f8EhTpCu0-xzKka43GU3pqYmOLtBj7MMB6RrtJoZfe-xp8vSrsZsQkS7R5Bji_Sc6owtTDF3kQRzpj4BPH8hbb3Y9Xj6_F-T77c16_mWy_Pb5bj5bTmwNskzQMq6kdS048EJB1TqGXHLRMWaUNNLYTiJ2TWu5a1rgtXW-Eg2qlje1xOqC3I2-LpmtfszhweSjTiboP4eU77XJJdgdauvBdt6pDoSva2iMUg5b0YKspa8BBq_r0esxp9Nfi96mfY5DfM1rIVQFCtSgUqPK5tT3Gb22oZgSUizZhJ1moE_l6LEcfSpHP5czsNUr9m_i_1NXIxUQ8R8h-ZCGi-o3jpObWg
CODEN IAECCG
CitedBy_id crossref_primary_10_1109_TKDE_2021_3117608
crossref_primary_10_1109_ACCESS_2020_2987435
crossref_primary_10_3389_fdata_2024_1381163
crossref_primary_10_32604_cmc_2022_019709
crossref_primary_10_1016_j_cose_2024_103988
crossref_primary_10_1186_s13673_019_0190_9
crossref_primary_10_1016_j_jisa_2022_103121
crossref_primary_10_1145_3542818
crossref_primary_10_1016_j_cose_2023_103627
crossref_primary_10_1109_ACCESS_2024_3395118
crossref_primary_10_1109_ACCESS_2020_3036074
crossref_primary_10_1145_3427376
crossref_primary_10_1016_j_cose_2021_102376
crossref_primary_10_1016_j_eswa_2021_115782
crossref_primary_10_1016_j_phycom_2023_102002
crossref_primary_10_1016_j_smhl_2021_100262
crossref_primary_10_1109_ACCESS_2020_2974752
crossref_primary_10_3390_computers8030059
crossref_primary_10_1007_s00521_022_07178_5
crossref_primary_10_1587_transinf_2019EDP7188
crossref_primary_10_1109_TSE_2020_3034721
crossref_primary_10_3390_jsan9030037
crossref_primary_10_1109_ACCESS_2021_3084841
crossref_primary_10_1109_ACCESS_2024_3519524
crossref_primary_10_1109_TNSE_2025_3528831
crossref_primary_10_1016_j_cose_2023_103297
crossref_primary_10_1145_3636551
crossref_primary_10_1007_s10207_024_00813_3
crossref_primary_10_1007_s10916_020_01646_y
crossref_primary_10_1109_ACCESS_2019_2942390
crossref_primary_10_1007_s11036_019_01397_2
crossref_primary_10_1007_s10489_020_02086_4
crossref_primary_10_1145_3417987
crossref_primary_10_1145_3485133
crossref_primary_10_1145_3627536
crossref_primary_10_1016_j_future_2022_03_001
crossref_primary_10_1109_COMST_2024_3353265
crossref_primary_10_1109_MSEC_2019_2907097
crossref_primary_10_1145_3398394
crossref_primary_10_1002_sres_2865
crossref_primary_10_1109_ACCESS_2020_3011107
crossref_primary_10_3390_app11104471
crossref_primary_10_1109_ACCESS_2019_2894819
crossref_primary_10_1186_s13635_021_00124_3
crossref_primary_10_1109_ACCESS_2020_3029280
crossref_primary_10_1007_s11277_021_08284_8
crossref_primary_10_1002_ett_4085
crossref_primary_10_1109_TETCI_2020_2968933
crossref_primary_10_1108_ICS_10_2022_0165
crossref_primary_10_1007_s11036_019_01401_9
crossref_primary_10_1007_s10115_023_01906_6
crossref_primary_10_1145_3613244
crossref_primary_10_1007_s11042_023_16126_x
crossref_primary_10_1109_ACCESS_2025_3547642
crossref_primary_10_3390_info14110600
crossref_primary_10_1002_ett_3947
crossref_primary_10_1016_j_fss_2018_11_004
crossref_primary_10_1177_1548512920951275
crossref_primary_10_1177_2053951720908892
crossref_primary_10_3390_s21124237
crossref_primary_10_1016_j_comcom_2023_12_015
crossref_primary_10_1016_j_epsr_2022_108975
crossref_primary_10_1109_ACCESS_2020_3033494
crossref_primary_10_1109_MNET_011_1900450
crossref_primary_10_3390_su13168885
crossref_primary_10_1002_ett_4011
crossref_primary_10_3390_app10020724
crossref_primary_10_1016_j_adhoc_2023_103385
crossref_primary_10_1007_s11623_021_1471_9
crossref_primary_10_3389_fdata_2020_00023
crossref_primary_10_1016_j_sysarc_2020_101940
crossref_primary_10_1109_ACCESS_2020_2969276
crossref_primary_10_57197_JDR_2024_0101
crossref_primary_10_1109_ACCESS_2019_2962525
crossref_primary_10_3390_s18061699
crossref_primary_10_1109_COMST_2023_3329027
crossref_primary_10_1016_j_jisa_2021_102949
crossref_primary_10_1016_j_iot_2021_100462
crossref_primary_10_1109_ACCESS_2020_3045078
crossref_primary_10_1016_j_cose_2024_103929
crossref_primary_10_1109_TNSE_2021_3055835
crossref_primary_10_4018_JOEUC_371412
crossref_primary_10_1016_j_comcom_2022_06_012
crossref_primary_10_3103_S0146411622080211
crossref_primary_10_1007_s40031_021_00563_z
crossref_primary_10_1002_ett_4400
crossref_primary_10_1145_3628446
crossref_primary_10_4271_01_16_03_0019
crossref_primary_10_1002_asmb_70029
crossref_primary_10_3390_technologies11040107
crossref_primary_10_1016_j_ress_2024_110682
crossref_primary_10_1109_COMST_2022_3205184
crossref_primary_10_1145_3469659
crossref_primary_10_1007_s11036_019_01402_8
crossref_primary_10_1109_COMST_2023_3319492
crossref_primary_10_1145_3484491
crossref_primary_10_1109_TCE_2022_3232478
crossref_primary_10_1109_JIOT_2024_3349381
crossref_primary_10_1016_j_cose_2023_103268
crossref_primary_10_1109_ACCESS_2020_3018170
crossref_primary_10_1016_j_neucom_2020_07_126
crossref_primary_10_1109_TCCN_2022_3186331
crossref_primary_10_1051_e3sconf_202122901004
crossref_primary_10_1007_s11277_022_09960_z
crossref_primary_10_1109_TII_2022_3197190
crossref_primary_10_1186_s42400_021_00092_8
crossref_primary_10_1109_ACCESS_2020_2996226
crossref_primary_10_1109_TCSS_2019_2960824
crossref_primary_10_1109_TNNLS_2019_2933524
crossref_primary_10_1016_j_cose_2020_102061
crossref_primary_10_1109_ACCESS_2019_2941021
crossref_primary_10_1002_cpe_6561
crossref_primary_10_1109_JIOT_2021_3126811
crossref_primary_10_1080_08982112_2024_2403606
crossref_primary_10_1007_s11036_019_01399_0
crossref_primary_10_1016_j_artmed_2023_102722
crossref_primary_10_1016_j_cose_2023_103250
crossref_primary_10_1109_ACCESS_2023_3306333
crossref_primary_10_1109_COMST_2020_2988293
crossref_primary_10_3390_ani10091690
crossref_primary_10_1145_3439729
crossref_primary_10_1109_ACCESS_2019_2908033
crossref_primary_10_1016_j_ress_2023_109299
crossref_primary_10_1016_j_ins_2020_03_036
crossref_primary_10_1016_j_compeleceng_2025_110146
crossref_primary_10_1109_JIOT_2022_3181990
crossref_primary_10_1088_1742_6596_2303_1_012008
crossref_primary_10_1016_j_heliyon_2024_e37571
crossref_primary_10_1007_s11036_019_01403_7
crossref_primary_10_1016_j_sysarc_2022_102644
crossref_primary_10_1016_j_comcom_2023_09_030
crossref_primary_10_1109_JLT_2018_2864676
crossref_primary_10_1145_3374217
crossref_primary_10_3390_jcp5030041
crossref_primary_10_1109_ACCESS_2018_2871131
crossref_primary_10_1109_ACCESS_2020_3041765
crossref_primary_10_1016_j_procs_2022_07_083
crossref_primary_10_1109_ACCESS_2021_3136889
crossref_primary_10_1109_COMST_2022_3171465
crossref_primary_10_1109_TCYB_2019_2940940
crossref_primary_10_1109_ACCESS_2020_3031966
crossref_primary_10_1145_3568020
crossref_primary_10_1109_ACCESS_2021_3058278
crossref_primary_10_1007_s11276_019_02125_0
crossref_primary_10_1016_j_cose_2024_103853
crossref_primary_10_1109_ACCESS_2021_3084545
crossref_primary_10_1109_ACCESS_2023_3294840
crossref_primary_10_3390_s22062194
crossref_primary_10_1109_MNET_011_2000245
crossref_primary_10_1016_j_comnet_2019_06_015
crossref_primary_10_1016_j_comnet_2021_107871
crossref_primary_10_1109_ACCESS_2021_3078265
crossref_primary_10_56294_dm2025739
crossref_primary_10_4102_sajbm_v56i1_4766
crossref_primary_10_1109_COMST_2023_3317242
crossref_primary_10_1007_s10462_023_10415_5
crossref_primary_10_1093_comjnl_bxae023
crossref_primary_10_1145_3436755
crossref_primary_10_1088_1757_899X_1022_1_012037
crossref_primary_10_1109_OJCOMS_2024_3356076
crossref_primary_10_3390_systems11040211
crossref_primary_10_1016_j_jisa_2025_104010
crossref_primary_10_1109_JIOT_2020_2991693
crossref_primary_10_1109_TMC_2024_3382776
crossref_primary_10_1145_3736753
crossref_primary_10_3390_electronics9091379
crossref_primary_10_1109_COMST_2020_2986444
Cites_doi 10.1109/ACCESS.2017.2696365
10.1145/1654988.1654990
10.1007/11787006_1
10.1016/j.bdr.2015.04.001
10.1109/ICB.2013.6613006
10.1145/1143844.1143889
10.1145/2909827.2930784
10.1109/EuroSP.2016.36
10.1007/s10994-010-5188-5
10.1145/2517312.2517321
10.1109/SP.2017.41
10.1109/ACCESS.2014.2325029
10.1007/978-3-642-21557-5_37
10.1109/SP.2014.20
10.1142/S0218001414600027
10.1145/2046684.2046692
10.1109/TKDE.2013.57
10.1145/1081870.1081950
10.1109/TDSC.2017.2700270
10.1145/1014052.1014066
10.1145/3133956.3134083
10.1109/TNNLS.2016.2593488
10.1109/ACCESS.2016.2577036
10.1109/SP.2016.41
10.24963/ijcai.2017/551
10.1007/978-3-642-34620-0_21
10.1007/978-3-642-40994-3_25
10.1109/SP.2017.49
10.1109/CVPR.2017.17
10.1145/2020408.2020495
10.1016/j.ins.2013.03.022
10.1145/1644893.1644895
10.1145/2810103.2813677
10.29012/jpc.v4i1.612
10.1109/TKDE.2014.2320725
10.1145/2976749.2978318
10.1109/TKDE.2016.2606428
10.1007/978-3-319-02300-7_4
10.1145/2666652.2666666
10.1109/CISDA.2007.368148
10.1007/s10994-017-5663-3
10.1145/1128817.1128824
10.1109/JBHI.2014.2344095
10.1016/j.neucom.2017.01.026
10.1007/s13042-010-0007-7
10.1109/CVPR.2016.282
10.1145/2976749.2978392
10.1016/j.patrec.2012.11.006
10.1007/978-0-387-88735-7_2
10.1007/978-3-642-34166-3_46
10.1109/ICME.2014.6890141
10.1016/j.neucom.2014.08.081
10.1109/CVPRW.2017.172
10.1109/TCYB.2015.2415032
10.14722/ndss.2016.23115
10.1007/978-3-662-44415-3_5
10.1145/2484313.2484327
10.1145/3052973.3053009
10.1007/978-0-387-39940-9_466
10.1109/CSF.2016.32
10.1145/1989323.1989345
10.1145/3041008.3041012
ContentType Journal Article
Copyright Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2018
Copyright_xml – notice: Copyright The Institute of Electrical and Electronics Engineers, Inc. (IEEE) 2018
DBID 97E
ESBDL
RIA
RIE
AAYXX
CITATION
7SC
7SP
7SR
8BQ
8FD
JG9
JQ2
L7M
L~C
L~D
DOA
DOI 10.1109/ACCESS.2018.2805680
DatabaseName IEEE All-Society Periodicals Package (ASPP) 2005–Present
IEEE Xplore Open Access Journals
IEEE All-Society Periodicals Package (ASPP) 1998–Present
IEEE Electronic Library (IEL)
CrossRef
Computer and Information Systems Abstracts
Electronics & Communications Abstracts
Engineered Materials Abstracts
METADEX
Technology Research Database
Materials Research Database
ProQuest Computer Science Collection
Advanced Technologies Database with Aerospace
Computer and Information Systems Abstracts – Academic
Computer and Information Systems Abstracts Professional
DOAJ Directory of Open Access Journals
DatabaseTitle CrossRef
Materials Research Database
Engineered Materials Abstracts
Technology Research Database
Computer and Information Systems Abstracts – Academic
Electronics & Communications Abstracts
ProQuest Computer Science Collection
Computer and Information Systems Abstracts
Advanced Technologies Database with Aerospace
METADEX
Computer and Information Systems Abstracts Professional
DatabaseTitleList

Materials Research Database
Database_xml – sequence: 1
  dbid: DOA
  name: DOAJ Directory of Open Access Journals
  url: https://www.doaj.org/
  sourceTypes: Open Website
– sequence: 2
  dbid: RIE
  name: IEEE Electronic Library (IEL)
  url: https://ieeexplore.ieee.org/
  sourceTypes: Publisher
DeliveryMethod fulltext_linktorsrc
Discipline Engineering
EISSN 2169-3536
EndPage 12117
ExternalDocumentID oai_doaj_org_article_cf0cbfd9b05f4406a99de7570848f400
10_1109_ACCESS_2018_2805680
8290925
Genre orig-research
GrantInformation_xml – fundername: National Natural Science Foundation of China
  grantid: 61702539; 61728201
  funderid: 10.13039/501100001809
GroupedDBID 0R~
4.4
5VS
6IK
97E
AAJGR
ABAZT
ABVLG
ACGFS
ADBBV
AGSQL
ALMA_UNASSIGNED_HOLDINGS
BCNDV
BEFXN
BFFAM
BGNUA
BKEBE
BPEOZ
EBS
EJD
ESBDL
GROUPED_DOAJ
IPLJI
JAVBF
KQ8
M43
M~E
O9-
OCL
OK1
RIA
RIE
RNS
AAYXX
CITATION
7SC
7SP
7SR
8BQ
8FD
JG9
JQ2
L7M
L~C
L~D
RIG
ID FETCH-LOGICAL-c408t-ec1298cd70d0f59037d1e2825b11a98a8acb8eeb67c2d67024cdf356e972648e3
IEDL.DBID RIE
ISICitedReferencesCount 250
ISICitedReferencesURI http://www.webofscience.com/api/gateway?GWVersion=2&SrcApp=Summon&SrcAuth=ProQuest&DestLinkType=CitingArticles&DestApp=WOS_CPL&KeyUT=000428582200001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
ISSN 2169-3536
IngestDate Fri Oct 03 12:50:37 EDT 2025
Sun Jun 29 15:41:45 EDT 2025
Tue Nov 18 21:24:07 EST 2025
Sat Nov 29 03:33:04 EST 2025
Wed Aug 27 02:51:58 EDT 2025
IsDoiOpenAccess true
IsOpenAccess true
IsPeerReviewed true
IsScholarly true
Language English
License https://ieeexplore.ieee.org/Xplorehelp/downloads/license-information/OAPA.html
LinkModel DirectLink
MergedId FETCHMERGED-LOGICAL-c408t-ec1298cd70d0f59037d1e2825b11a98a8acb8eeb67c2d67024cdf356e972648e3
Notes ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ORCID 0000-0003-2922-3518
0000-0003-4485-6743
OpenAccessLink https://ieeexplore.ieee.org/document/8290925
PQID 2455930909
PQPubID 4845423
PageCount 15
ParticipantIDs crossref_citationtrail_10_1109_ACCESS_2018_2805680
ieee_primary_8290925
crossref_primary_10_1109_ACCESS_2018_2805680
proquest_journals_2455930909
doaj_primary_oai_doaj_org_article_cf0cbfd9b05f4406a99de7570848f400
PublicationCentury 2000
PublicationDate 2018-01-01
PublicationDateYYYYMMDD 2018-01-01
PublicationDate_xml – month: 01
  year: 2018
  text: 2018-01-01
  day: 01
PublicationDecade 2010
PublicationPlace Piscataway
PublicationPlace_xml – name: Piscataway
PublicationTitle IEEE access
PublicationTitleAbbrev Access
PublicationYear 2018
Publisher IEEE
The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
Publisher_xml – name: IEEE
– name: The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
References ref56
ref55
masha (ref59) 2016
dowlin (ref109) 2016
tramèr (ref71) 2016
ref51
ref50
wittel (ref6) 2004
grosse (ref96) 2017
ref48
brückner (ref86) 2012; 13
ref42
yang (ref45) 2017
ref44
mei (ref46) 2015
ref8
sengupta (ref97) 2017
ref9
ref4
li (ref36) 2016
ref3
xiao (ref47) 2015
ref5
ref100
ref40
kloft (ref41) 2012; 13
šrndi? (ref24) 2013
metzen (ref90) 2017
ref30
ref33
ref32
amodei (ref15) 2016
kusner (ref104) 2015
ref39
nguyen (ref31) 2015
ref38
bhagoji (ref95) 2017
hu (ref49) 2017
carlini (ref94) 2016
goodfellow (ref91) 2015
ref23
ref26
alfeld (ref37) 2016
ref25
ref20
ref22
mopuri (ref66) 2017
ref21
teo (ref84) 2007
rizzi (ref74) 2009
ref28
papernot (ref53) 2016
ref27
li (ref57) 2014
lowd (ref7) 2005
biggio (ref43) 2012
ref13
liu (ref34) 2017
ref12
ref14
ref19
ref18
kurakin (ref35) 2017
ref93
grosse (ref58) 2016
aslett (ref107) 2015
ref85
yao (ref108) 2017; 2
ref87
fredrikson (ref70) 2014
ref82
ref83
ref80
ref79
ref78
ref75
ref105
ref77
ref102
ref76
ref103
ref2
ref1
damgård (ref106) 2012
carlini (ref11) 2016
ref111
ref73
ref72
ref110
abbasi (ref99) 2017
ref68
laishram (ref81) 2016
ref67
ref69
ref64
papernot (ref10) 2016
rosenberg (ref54) 2017
ref63
qiu (ref17) 2016; 2016
ref65
gu (ref92) 2015
pihur (ref101) 2014
szegedy (ref29) 2014
tramèr (ref52) 2017
feinman (ref89) 2017
xu (ref88) 2017
ref60
ref62
tramèr (ref98) 2018
ref61
papernot (ref16) 2016
References_xml – ident: ref5
  doi: 10.1109/ACCESS.2017.2696365
– ident: ref75
  doi: 10.1145/1654988.1654990
– year: 2015
  ident: ref92
  publication-title: Towards deep neural network architectures robust to adversarial examples
– ident: ref100
  doi: 10.1007/11787006_1
– ident: ref3
  doi: 10.1016/j.bdr.2015.04.001
– ident: ref9
  doi: 10.1109/ICB.2013.6613006
– ident: ref83
  doi: 10.1145/1143844.1143889
– start-page: 601
  year: 2016
  ident: ref71
  article-title: Stealing machine learning models via prediction APIs
  publication-title: Proc 25th Usenix Security Symp
– ident: ref21
  doi: 10.1145/2909827.2930784
– ident: ref33
  doi: 10.1109/EuroSP.2016.36
– start-page: 17
  year: 2014
  ident: ref70
  article-title: Privacy in pharmacogenetics: An end-to-end case study of personalized warfarin dosing
  publication-title: Proc Usenix Secur Symp
– ident: ref18
  doi: 10.1007/s10994-010-5188-5
– start-page: 1
  year: 2004
  ident: ref6
  article-title: On attacking statistical spam filters
  publication-title: Proc 1st Conf Email and Anti-Spam
– ident: ref28
  doi: 10.1145/2517312.2517321
– ident: ref68
  doi: 10.1109/SP.2017.41
– year: 2017
  ident: ref49
  publication-title: Generating Adversarial Malware Examples for Black-Box Attacks Based on GAN
– ident: ref4
  doi: 10.1109/ACCESS.2014.2325029
– start-page: 1489
  year: 2007
  ident: ref84
  article-title: Convex learning with invariances
  publication-title: Proc 20th Int Conf Neural Inf Process Syst (NIPS)
– year: 2016
  ident: ref10
  publication-title: Practical black-box attacks against machine learning
– ident: ref79
  doi: 10.1007/978-3-642-21557-5_37
– year: 2016
  ident: ref15
  publication-title: Concrete problems in ai safety
– ident: ref63
  doi: 10.1109/SP.2014.20
– year: 2014
  ident: ref29
  publication-title: Intriguing properties of neural networks
– ident: ref39
  doi: 10.1142/S0218001414600027
– start-page: 2087
  year: 2014
  ident: ref57
  article-title: Feature cross-substitution in adversarial classification
  publication-title: Proc 27th Int Conf Neural Inf Process Syst (NIPS)
– year: 2017
  ident: ref90
  publication-title: On detecting adversarial perturbations
– ident: ref76
  doi: 10.1145/2046684.2046692
– start-page: 681
  year: 2015
  ident: ref46
  article-title: The security of latent Dirichlet allocation
  publication-title: Proc Int Conf Artif Intell Statist
– ident: ref19
  doi: 10.1109/TKDE.2013.57
– year: 2017
  ident: ref89
  publication-title: Detecting adversarial samples from artifacts
– ident: ref13
  doi: 10.1145/1081870.1081950
– ident: ref82
  doi: 10.1109/TDSC.2017.2700270
– ident: ref12
  doi: 10.1145/1014052.1014066
– year: 2017
  ident: ref35
  publication-title: Adversarial examples in the physical world
– ident: ref42
  doi: 10.1145/3133956.3134083
– start-page: 1689
  year: 2015
  ident: ref47
  article-title: Is feature selection secure against training data poisoning?
  publication-title: Proc Int Conf Int Conf Mach Learn (ICML)
– year: 2017
  ident: ref96
  publication-title: On the (statistical) detection of adversarial examples
– start-page: 201
  year: 2016
  ident: ref109
  article-title: CryptoNets: Applying neural networks to encrypted data with high throughput and accuracy
  publication-title: Proc 33rd Int Conf Mach Learn
– volume: 2016
  year: 2016
  ident: ref17
  article-title: A survey of machine learning for big data processing
  publication-title: EURASIP J Adv Signal Process
– year: 2017
  ident: ref34
  publication-title: Delving into transferable adversarial examples and black-box attacks
– ident: ref87
  doi: 10.1109/TNNLS.2016.2593488
– ident: ref2
  doi: 10.1109/ACCESS.2016.2577036
– start-page: 1467
  year: 2012
  ident: ref43
  article-title: Poisoning attacks against support vector machines
  publication-title: Proc 29th Int Conf Int Conf Mach Learn (ICML)
– ident: ref93
  doi: 10.1109/SP.2016.41
– start-page: 513
  year: 2016
  ident: ref11
  article-title: Hidden voice commands
  publication-title: Proc 25th Usenix Security Symp
– year: 2016
  ident: ref58
  publication-title: Adversarial perturbations against deep neural networks for malware classification
– ident: ref50
  doi: 10.24963/ijcai.2017/551
– year: 2017
  ident: ref95
  publication-title: Enhancing robustness of machine learning systems via data transformations
– start-page: 427
  year: 2015
  ident: ref31
  article-title: Deep neural networks are easily fooled: High confidence predictions for unrecognizable images
  publication-title: Proc IEEE Conf Comput Vis Pattern Recognit (CVPR)
– ident: ref27
  doi: 10.1007/978-3-642-34620-0_21
– ident: ref55
  doi: 10.1007/978-3-642-40994-3_25
– year: 2017
  ident: ref88
  publication-title: Feature squeezing Detecting adversarial examples in deep neural networks
– year: 2016
  ident: ref53
  publication-title: Transferability in machine learning from phenomena to black-box attacks using adversarial samples
– year: 2018
  ident: ref98
  publication-title: Ensemble adversarial training Attacks and defenses
– ident: ref65
  doi: 10.1109/SP.2017.49
– year: 2016
  ident: ref59
  publication-title: Adversarial Attacks on Image Recognition
– ident: ref67
  doi: 10.1109/CVPR.2017.17
– ident: ref85
  doi: 10.1145/2020408.2020495
– ident: ref22
  doi: 10.1016/j.ins.2013.03.022
– ident: ref77
  doi: 10.1145/1644893.1644895
– ident: ref20
  doi: 10.1145/2810103.2813677
– ident: ref102
  doi: 10.29012/jpc.v4i1.612
– ident: ref23
  doi: 10.1109/TKDE.2014.2320725
– ident: ref103
  doi: 10.1145/2976749.2978318
– start-page: 1885
  year: 2016
  ident: ref36
  article-title: Data poisoning attacks on factorization-based collaborative filtering
  publication-title: Proc Adv Neural Inf Process Syst
– ident: ref110
  doi: 10.1109/TKDE.2016.2606428
– year: 2016
  ident: ref94
  publication-title: Defensive distillation is not robust to adversarial examples
– year: 2017
  ident: ref45
  publication-title: Generative poisoning attack method against neural networks
– ident: ref73
  doi: 10.1007/978-3-319-02300-7_4
– year: 2017
  ident: ref66
  publication-title: Fast feature fool A data independent approach to universal adversarial perturbations
– ident: ref26
  doi: 10.1145/2666652.2666666
– start-page: 1
  year: 2013
  ident: ref24
  article-title: Detection of malicious PDF files based on hierarchical document structure
  publication-title: Proc 20th Annu Netw Distrib Syst Security Symp
– volume: 2
  start-page: 81
  year: 2017
  ident: ref108
  article-title: Investigation on distributed K-means clustering algorithm of homomorphic encryption
  publication-title: Computer Technology and Development
– year: 2016
  ident: ref81
  publication-title: Curie A method for protecting SVM classifier from poisoning attack
– ident: ref62
  doi: 10.1109/CISDA.2007.368148
– year: 2017
  ident: ref97
  publication-title: MTDeep Boosting the security of deep neural nets against adversarial attacks with moving target defense
– year: 2016
  ident: ref16
  publication-title: Towards the science of security and privacy in machine learning
– year: 2017
  ident: ref99
  publication-title: Robustness to adversarial examples through an ensemble of specialists
– ident: ref72
  doi: 10.1007/s10994-017-5663-3
– ident: ref14
  doi: 10.1145/1128817.1128824
– volume: 13
  start-page: 3681
  year: 2012
  ident: ref41
  article-title: Security analysis of online centroid anomaly detection
  publication-title: J Mach Learn Res
– start-page: 1
  year: 2005
  ident: ref7
  article-title: Good word attacks on statistical spam filters
  publication-title: Proc 2nd Conf Email Anti-Spam
– ident: ref48
  doi: 10.1109/JBHI.2014.2344095
– ident: ref1
  doi: 10.1016/j.neucom.2017.01.026
– start-page: 1452
  year: 2016
  ident: ref37
  article-title: Data poisoning attacks against autoregressive models
  publication-title: Proc AAAI Conf Artif Intell (AAAI)
– ident: ref78
  doi: 10.1007/s13042-010-0007-7
– ident: ref32
  doi: 10.1109/CVPR.2016.282
– start-page: 918
  year: 2015
  ident: ref104
  article-title: Differentially private Bayesian optimization
  publication-title: Proc Int Conf Mach Learn (ICML)
– volume: 13
  start-page: 2617
  year: 2012
  ident: ref86
  article-title: Static prediction games for adversarial learning problems
  publication-title: J Mach Learn Res
– year: 2017
  ident: ref52
  publication-title: The space of transferable adversarial examples
– ident: ref8
  doi: 10.1145/2976749.2978392
– ident: ref40
  doi: 10.1016/j.patrec.2012.11.006
– ident: ref80
  doi: 10.1007/978-0-387-88735-7_2
– ident: ref38
  doi: 10.1007/978-3-642-34166-3_46
– start-page: 643
  year: 2012
  ident: ref106
  article-title: Multiparty Computation from Somewhat Homomorphic Encryption
  publication-title: Proc 32nd Annu Cryptol Conf Adv Cryptol (CRYPTO)
– ident: ref105
  doi: 10.1109/ICME.2014.6890141
– year: 2015
  ident: ref91
  publication-title: Explaining and Harnessing Adversarial Examples
– ident: ref51
  doi: 10.1016/j.neucom.2014.08.081
– ident: ref30
  doi: 10.1109/CVPRW.2017.172
– start-page: 1054
  year: 2014
  ident: ref101
  article-title: RAPPOR: Randomized aggregatable privacy-preserving ordinal response
  publication-title: Proc ACM SIGSAC Conf Comput Commun Secur
– year: 2015
  ident: ref107
  publication-title: Encrypted statistical machine learning New privacy preserving methods
– ident: ref56
  doi: 10.1109/TCYB.2015.2415032
– ident: ref61
  doi: 10.14722/ndss.2016.23115
– year: 2017
  ident: ref54
  publication-title: Generic black-box end-to-end attack against state of the art API call based malware classifiers
– ident: ref25
  doi: 10.1007/978-3-662-44415-3_5
– ident: ref60
  doi: 10.1145/2484313.2484327
– ident: ref64
  doi: 10.1145/3052973.3053009
– start-page: 3525
  year: 2009
  ident: ref74
  article-title: What-if analysis
  publication-title: Encyclopedia of Database Systems
  doi: 10.1007/978-0-387-39940-9_466
– ident: ref69
  doi: 10.1109/CSF.2016.32
– ident: ref111
  doi: 10.1145/1989323.1989345
– ident: ref44
  doi: 10.1145/3041008.3041012
SSID ssj0000816957
Score 2.5906048
SecondaryResourceType review_article
Snippet Machine learning is one of the most prevailing techniques in computer science, and it has been widely applied in image processing, natural language processing,...
SourceID doaj
proquest
crossref
ieee
SourceType Open Website
Aggregation Database
Enrichment Source
Index Database
Publisher
StartPage 12103
SubjectTerms adversarial samples
Algorithms
Artificial neural networks
Clustering
Cybersecurity
Decision analysis
Decision trees
defensive techniques
Face recognition
Image processing
Machine learning
Machine learning algorithms
Malware
Natural language processing
Object recognition
Pattern recognition
Principal components analysis
Regression analysis
Security
security threats
Support vector machines
Taxonomy
Testing
Training
Training data
SummonAdditionalLinks – databaseName: DOAJ Directory of Open Access Journals
  dbid: DOA
  link: http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwrV1LT8MwDI4Q4gAHxFMMBsqBI4X0mZjb2EAcACExEBcUpYkDSKhD2xji35O02TQJCS5cK6dtbNef3bqfCTl0xVpuUECUF5hGGag4UgKcQVJTZCXjltmaZ_aK39yIx0e4nRv15XvCGnrgRnEn2jJdWgMly23m0EcBGOQ59zzw1jmgj76Mw1wxVcdgEReQ80AzFDM46XS7bke-l0scJ8LBvieCnIOimrE_jFj5EZdrsLlYI6shS6Sd5u7WyQJWG2Rljjtwkzx16N3HcIJfdFDRuzCFjvZffBI4oqoytIe26U6n_SlR64gOLL2u-yeRBmrV51PaoT01VrQ39KGPPrzi5xa5vzjvdy-jMCsh0hkT4wi1A26hDWeG2RxYyk2M_r_UMo4VCCWULgViWXCdmII7ZNbGps5AwH2PG6bbZLEaVLhDqC5yAOQILlPJjFuKOlHKoksO0BWQRYskU7VJHYjE_TyLN1kXFAxko2vpdS2DrlvkaLboveHR-F38zNtjJupJsOsDzjVkcA35l2u0yKa35uwk_psxJHmLtKfWleGBHckkc6VVypzA7n9ceo8s--0072raZHE8_MB9sqQn49fR8KD21W-BMOlA
  priority: 102
  providerName: Directory of Open Access Journals
Title A Survey on Security Threats and Defensive Techniques of Machine Learning: A Data Driven View
URI https://ieeexplore.ieee.org/document/8290925
https://www.proquest.com/docview/2455930909
https://doaj.org/article/cf0cbfd9b05f4406a99de7570848f400
Volume 6
WOSCitedRecordID wos000428582200001&url=https%3A%2F%2Fcvtisr.summon.serialssolutions.com%2F%23%21%2Fsearch%3Fho%3Df%26include.ft.matches%3Dt%26l%3Dnull%26q%3D
hasFullText 1
inHoldings 1
isFullTextHit
isPrint
journalDatabaseRights – providerCode: PRVAON
  databaseName: DOAJ Directory of Open Access Journals
  customDbUrl:
  eissn: 2169-3536
  dateEnd: 99991231
  omitProxy: false
  ssIdentifier: ssj0000816957
  issn: 2169-3536
  databaseCode: DOA
  dateStart: 20130101
  isFulltext: true
  titleUrlDefault: https://www.doaj.org/
  providerName: Directory of Open Access Journals
– providerCode: PRVHPJ
  databaseName: ROAD: Directory of Open Access Scholarly Resources
  customDbUrl:
  eissn: 2169-3536
  dateEnd: 99991231
  omitProxy: false
  ssIdentifier: ssj0000816957
  issn: 2169-3536
  databaseCode: M~E
  dateStart: 20130101
  isFulltext: true
  titleUrlDefault: https://road.issn.org
  providerName: ISSN International Centre
link http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1La9wwEB6S0EN76Cst3TYNOvQYJ_JTUm_b3YQemlDItuRShCyNkkDwln2k9JLfnpGsNYGWQi_GGI2R_UmaGWnmG4AP5KzVDqXK6gbLrFImz4xUBEjpmqrlwnMfeWa_iLMzeXGhvm7BwZALg4gx-AwPw208y3dzuw5bZUfh0E8V9TZsC9H0uVrDfkooIKFqkYiFcq6OxpMJfUOI3pKHhSRFH6gfHyifyNGfiqr8sRJH9XLy7P869hyeJjOSjXvcX8AWdi_hyQNywV34MWbn68Ut_mbzjp2nMnVsdhWsxCUznWNT9H34OpttmFyXbO7ZaQywRJa4Vy8_sjGbmpVh00VYG9n3a_z1Cr6dHM8mn7NUTCGzFZerDC1pdmmd4I77WvFSuBxD4mqb50ZJI41tJWLbCFu4RpDqts6XhKASIQgOy9ew0807fAPMNrVSKFCRKVM5EkVbGOORrAckD7MZQbH5y9ompvFQ8OJGR4-DK91DowM0OkEzgoNB6GdPtPHv5p8CfEPTwJIdHxAuOk06bT23rXeq5bWvyHIxSjkUtQg1BDwtXiPYDVgOL0kwjmBvMxh0mtFLXVTke5WcGrz9u9Q7eBw62G_P7MHOarHG9_DI3q6ul4v96OvT9fTueD8O3Hs7puhd
linkProvider IEEE
linkToHtml http://cvtisr.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwlV1baxQxFD7UKtg-eKvF1ap58LHTZi6ZJL6tu5aK20XoKn2RkElObKHMyl5a_PcmmexQUATfhiEZMvmSc0nO-Q7AO--sMYtCZqzGMqukzjMtpAektHXVUO6oizyzEz6diosL-WULDvtcGESMwWd4FB7jXb6dm3U4KjsOl36yYPfgPquqgnbZWv2JSighIRlP1EI5lcfD0cj_RYjfEkeF8Ko-kD_eUT-RpT-VVflDFkcFc_L4_4b2BB4lQ5IMO-Sfwha2z2D3Dr3gHnwfkvP14gZ_kXlLzlOhOjK7DHbikujWkjG6LoCdzDZcrksyd-QshlgiSeyrP96TIRnrlSbjRZCO5NsV3j6HrycfZ6PTLJVTyExFxSpD43W7MJZTSx2TtOQ2x5C62uS5lkILbRqB2NTcFLbmXnkb60qPoeQhDA7Lfdhu5y2-AGJqJiVylN6YqazviqbQ2qG3H9D7mPUAis0sK5O4xkPJi2sVfQ4qVQeNCtCoBM0ADvtOPzuqjX83_xDg65sGnuz4wuOi0rZTxlHTOCsbylzlbRctpUXOeKgi4Lz4GsBewLL_SIJxAAebxaDSnl6qovLeV0l9g5d_7_UWHp7OziZq8mn6-RXshMF2hzUHsL1arPE1PDA3q6vl4k1cuL8Bgq_pfg
openUrl ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+Survey+on+Security+Threats+and+Defensive+Techniques+of+Machine+Learning%3A+A+Data+Driven+View&rft.jtitle=IEEE+access&rft.au=Liu%2C+Qiang&rft.au=Li%2C+Pan&rft.au=Zhao%2C+Wentao&rft.au=Cai%2C+Wei&rft.date=2018-01-01&rft.issn=2169-3536&rft.eissn=2169-3536&rft.volume=6&rft.spage=12103&rft.epage=12117&rft_id=info:doi/10.1109%2FACCESS.2018.2805680&rft.externalDBID=n%2Fa&rft.externalDocID=10_1109_ACCESS_2018_2805680
thumbnail_l http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2169-3536&client=summon
thumbnail_m http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2169-3536&client=summon
thumbnail_s http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2169-3536&client=summon