Abstract
Machine learning is the powerful techniques in computing and Linguistics Science. It is broadly applied in various domains such as computer vision, pattern recognition, image processing, network security and Natural language processing. Machine learning (ML) techniques have generated huge social impacts in a variety of applications such as malware detection, spam detection and health care. It is also more sensitive towards security attack. In supervised learning algorithm Machine Learning Models mainly depend upon the large input datasets, called training data and testing data. The slight modifications in the input data will affect the model performance to a greater extent. Many research works have been carried out by analysing various security threats against ML algorithms such as Naïve Bayes Algorithm, Decision tree, Support Vector Machine and Artificial Deep Neural Networks. In this paper, we have explained taxonomy of security threats happened in training and testing stage of learning. Finally we have presented various defending techniques, counter measures which are used in training and testing phases, few security policies to prevent adversarial attacks and make a robust Machine Learning model.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
Zhou, L., Pan, S., Wang, J., Vasilakos, A.V.: Machine learning on big data: opportunities and challenges. Neurocomputing 237, 350–361 (2017)
Yu, S.: Big privacy: challenges and opportunities of privacy study in the age of big data. IEEE Access 4, 2751–2763 (2016)
Al-Jarrah, O.Y., Yoo, P.D., Muhaidat, S., Karagiannidis, G.K., Taha, K.: Efficient machine learniing for big data: a review. Big Data Res. 2(3), 87–93 (2015)
Wittel, G.L., Wu, S.F.: On attacking statistical spam filters. In: Proceedings of 1st Conference on Email Anti-Spam, Mountain View, CA, USA, pp. 1–7 (2004)
Sharif, M., Bhagavatula, S., Bauer, L., Reiter, M.K.: Accessorize to a crime: real and stealthy attacks on state-of-the-art face recognition. In: Proceedings of ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, pp. 1528–1540 (2016)
Dalvi, N., Domingos, P., Mausam, Sanghai, S., Verma, D.: Adversarial classification. In: Proceedings of 10th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, Seattle, WA, USA, pp. 99–108 (2004). https://homes.cs.washington.edu/~pedrod/papers/kdd04.pdf
Lowd, D., Meek, C.: Adversarial learning. In: Proceedings of 11th ACM SIGKDD International Conference on Knowledge Discovery in Data Mining, Chicago, IL, USA, pp. 641–647 (2005)
Barreno, M., Nelson, B., Sears, R., Joseph, A.D., Tygar, J.D.: Can machine learning be secure? In: Proceedings of ACM Symposium on Information, Computer and Communications Security, pp. 16–25 (2006)
Amodei, D., Olah, C., Steinhardt, J., Christiano, P., Schulman, J., Mané, D.: Concrete problems in AI safety, July 2016. https://arxiv.org/abs/1606.06565
Qiu, J., Wu, Q., Ding, G., Xu, Y., Feng, S.: A survey of machine learning for big data processing. EURASIP J. Adv. Signal Process. 2016, Article no. 67 (2016)
Meenakshi, K., Safa, M., Karthick, T., Sivaranjani, N.: A novel study of machine learning algorithms for classifying health care data. Res. J. Pharmacy Technol. 10(5), 1429–1432 (2017)
Barreno, M., Nelson, B., Joseph, A.D., Tygar, J.D.: The security of machine learning. Mach. Learn. 81(2), 121–148 (2010)
Biggio, B., Fumera, G., Roli, F.: Security evaluation of pattern classifiers under attack. IEEE Trans. Knowl. Data Eng. 36(4), 984–996 (2014)
Fredrikson, M., Jha, S., Ristenpart, T.: Model inversion attacks that exploit confidence information and basic countermeasures. In: Proceedings of 22nd ACM SIGSAC Conference on Computer and Communications Security, Denver, CO, USA, pp. 1322–1333 (2015)
Corona, I., Giacinto, G., Roli, F.: Adversarial attacks against intrusion detection systems: taxonomy, solutions and open issues. Inf. Sci. 239, 201–225 (2013)
Yu, S., Gu, G., Barnawi, A., Guo, S., Stojmenovic, I.: Malware propagation in large-scale networks. IEEE Trans. Knowl. Data Eng. 27(1), 170–179 (2015)
Šrndić, N., Laskov, P.: Detection of malicious PDF files based on hierarchical document structure. In: Proceedings of 20th Annual Network and Distributed System Security Symposium, San Diego, CA, USA, pp. 1–16 (2013)
Biggio, B., et al.: Poisoning complete-linkage hierarchical clustering. In: Structural, Syntactic, and Statistical Pattern Recognition. Lecture Notes in Computer Science, vol. 8621, pp. 42–52. Springer, Berlin (2014)
Szegedy, C., et al.: Intriguing properties of neural networks, February 2014. https://arxiv.org/abs/1312.6199
Biggio, B., Fumera, G., Roli, F., Didaci, L.: Poisoning adaptive biometric systems. In: Structural, Syntactic, and Statistical Pattern Recognition, pp. 417–425. Springer, Berlin (2012)
Kloft, M., Laskov, P.: Security analysis of online centroid anomaly detection. J. Mach. Learn. Res. 13, 3681–3724 (2012)
Biggio, B., Nelson, B., Laskov, P.: Poisoning attacks against support vector machines. In: Proceedings of 29th International Conference on Machine Learning (ICML), Edinburgh, Scotland, pp. 1467–1474 (2012)
Xiao, H., Biggio, B., Brown, G., Fumera, G., Eckert, C., Roli, F.: Is feature selection secure against training data poisoning? In: Proceedings of 32nd International Conference on Machine Learning (ICML), Lille, France, pp. 1689–1698 (2015)
Mozaffari-Kermani, M., Sur-Kolay, S., Raghunathan, A., Jha, N.K.: Systematic poisoning attacks on and defenses for machine learning in healthcare. IEEE J. Biomed. Health Informat. 19(6), 1893–1905 (2015)
Hu, W., Tan, Y.: Generating adversarial malware examples for black-box attacks based on GAN, February 2017. https://arxiv.org/abs/1702.05983
Zhao, M., An, B., Gao, W., Zhang, T.: Efficient label contamination attacks against black-box learning models. In: Proceedings of 26th International Joint Conference on Artificial Intelligence (IJCAI), Melbourne, VIC, Australia, pp. 3945–3951 (2017)
Xiao, H., Biggio, B., Nelson, B., Xiao, H., Eckert, C., Roli, F.: Support vector machines under adversarial label contamination. Neurocomputing 160, 53–62 (2015)
Zhang, F., Chan, P.P.K., Biggio, B., Yeung, D.S., Roli, F.: Adversarial feature selection against evasion attacks. IEEE Trans. Cybern. 46(3), 766–777 (2016)
Mopuri, K.R., Garg, U., Babu, R.V.: Fast feature fool: a data independent approach to universal adversarial perturbations, July 2017. https://arxiv.org/abs/1707.05572
Moosavi-Dezfooli, S.-M., Fawzi, A., Fawzi, O., Frossard, P.: Universal adversarial perturbations. In: Proceedings of IEEE Conference on Computer Vision and Pattern Recognition (CVPR), Honolulu, HI, USA, pp. 86–94, July 2017
Fredrikson, M., Lantz, E., Jha, S., Lin, S., Page, D., Ristenpart, T.: Privacy in pharmacogenetics: an end-to-end case study of personalized warfarin dosing. In: Proceedings of USENIX Security Symposium, San Diego, CA, USA, pp. 17–32, August 2014
Laskov, P., Kloft, M.: A framework for quantitative security analysis of machine learning. In: Proceedings of 2nd ACM Workshop on Security and Artificial Intelligence, Chicago, IL, USA, pp. 1–4 (2009)
Huang, L., Joseph, A. D., Nelson, B., Rubinstein, B.I.P., Tygar, J.D.: Adversarial machine learning. In: Proceedings 4th ACM Workshop Security and Artificial Intelligence, Chicago, IL, USA, pp. 43–58 (2011)
Rubinstein, B.I.P., et al.: ANTIDOTE: understanding and defending against poisoning of anomaly detectors. In: Proceedings of 9th ACM SIGCOMM Conference on Internet Measurement, Chicago, IL, USA, pp. 1–14 (2009)
Biggio, B., Fumera, G., Roli, F.: Multiple classifier systems for robust classifier design in adversarial environments. Int. J. Mach. Learn. Cybern. 1(1–4), 27–41 (2010)
Biggio, B., Corona, I., Fumera, G., Giacinto, G., Roli, F.: Bagging classifiers for fighting poisoning attacks in adversarial classification tasks. In: Proceedings of 10th International Conference on Multiple Classifier System (MCS), Naples, Italy, pp. 350–359 (2011)
Demontis, A., et al.: Yes, machine learning can be more secure! A case study on android malware detection. IEEE Trans. Dependable Secure Comput., to be published
Brückner, M., Kanzow, C., Scheffer, T.: Static prediction games for adversarial learning problems. J. Mach. Learn. Res. 13, 2617–2654 (2012)
Xu, W., Evans, D., Qi, Y.: Feature squeezing: Detecting adversarial examples in deep neural networks, December 2017. https://arxiv.org/abs/1704.01155
Papernot, N., McDaniel, P., Wu, X., Jha, S., Swami, A.: Distillation as a defense to adversarial perturbations against deep neural networks. In: Proceedings of IEEE Symposium on Security and Privacy, San Jose, CA, USA, pp. 582–597, May 2016
Bhagoji, A.N., Cullina, D., Sitawarin, C., Mittal, P.: Enhancing robustness of machine learning systems via data transformations, November 2017. https://arxiv.org/abs/1704.02654
Grosse, K., Manoharan, P., Papernot, N., Backes, M., McDaniel, P.: On the (statistical) detection of adversarial examples, October 2017. https://arxiv.org/abs/1702.06280
Sengupta, S., Chakraborti, T., Kambhampati, S.: MTDeep: boosting the security of deep neural nets against adversarial attacks with moving target defense, September 2017. https://arxiv.org/abs/1705.07213
Dwork, C.: Differential privacy. In: Proceedings of 33rd International Colloquium on Automata, Languages and Programming (ICALP), Venice, Italy, pp. 1–12 (2006)
Wang, Q., Zeng, W., Tian, J.: Compressive sensing based secure multiparty privacy preserving framework for collaborative data-mining and signal processing. In: Proceedings of IEEE International Conference on Multimedia and Expo (ICME), Chengdu, China, pp. 1–6, July 2014
Yao, Y.-C., Song, L., Chi, E.: Investigation on distributed K-means clustering algorithm of homomorphic encryption. Comput. Technol. Develop. 2, 81–85 (2017)
Dowlin, N., Gilad-Bachrach, R., Laine, K., Lauter, K., Naehrig, M., Wernsing, J.: CryptoNets: applying neural networks to encrypted data with high throughput and accuracy. In: Proceedings of 33rd International Conference on Machine Learning, New York, NY, USA, pp. 201–210 (2016)
Liu, Q., Li, P., Zhao, W., Leung, V.C.M.: A survey on security threats and defensive techniques of machine learning: a data driven view. IEEE Access 6, 12103–12117 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Meenakshi, K., Maragatham, G. (2020). A Review on Security Attacks and Protective Strategies of Machine Learning. In: Hemanth, D.J., Kumar, V.D.A., Malathi, S., Castillo, O., Patrut, B. (eds) Emerging Trends in Computing and Expert Technology. COMET 2019. Lecture Notes on Data Engineering and Communications Technologies, vol 35. Springer, Cham. https://doi.org/10.1007/978-3-030-32150-5_109
Download citation
DOI: https://doi.org/10.1007/978-3-030-32150-5_109
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-32149-9
Online ISBN: 978-3-030-32150-5
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)