ML Attack Models: Adversarial Attacks and Data Poisoning Attacks
It tackles security threats for ML systems in safety-sensitive applications, but it is incremental as it reviews existing attack types without new results.
This chapter addresses the problem of adversarial and data poisoning attacks on ML models, highlighting that state-of-the-art image classifiers can be easily fooled by small rotations, which questions their robustness.
Many state-of-the-art ML models have outperformed humans in various tasks such as image classification. With such outstanding performance, ML models are widely used today. However, the existence of adversarial attacks and data poisoning attacks really questions the robustness of ML models. For instance, Engstrom et al. demonstrated that state-of-the-art image classifiers could be easily fooled by a small rotation on an arbitrary image. As ML systems are being increasingly integrated into safety and security-sensitive applications, adversarial attacks and data poisoning attacks pose a considerable threat. This chapter focuses on the two broad and important areas of ML security: adversarial attacks and data poisoning attacks.