A Survey of Privacy Attacks in Machine Learning
This is a survey paper that synthesizes existing research on privacy attacks in ML, which is incremental as it organizes and reviews prior work rather than introducing new methods.
The paper tackles the problem of privacy attacks in machine learning by analyzing over 40 papers from the past seven years, proposing a taxonomy and threat model to categorize attacks based on adversarial knowledge and assets.
As machine learning becomes more widely used, the need to study its implications in security and privacy becomes more urgent. Although the body of work in privacy has been steadily growing over the past few years, research on the privacy aspects of machine learning has received less focus than the security aspects. Our contribution in this research is an analysis of more than 40 papers related to privacy attacks against machine learning that have been published during the past seven years. We propose an attack taxonomy, together with a threat model that allows the categorization of different attacks based on the adversarial knowledge, and the assets under attack. An initial exploration of the causes of privacy leaks is presented, as well as a detailed analysis of the different attacks. Finally, we present an overview of the most commonly proposed defenses and a discussion of the open problems and future directions identified during our analysis.