A Comprehensive Survey on Poisoning Attacks and Countermeasures in Machine Learning

Tian, Z; Cui, L; Liang, J; Yu, S

A Comprehensive Survey on Poisoning Attacks and Countermeasures in Machine Learning

Tian, Z

Cui, L Liang, J

Yu, S

Permalink

Publisher:: ASSOC COMPUTING MACHINERY
Publication Type:: Journal Article
Citation:: ACM Computing Surveys, 2022, 55, (8)
Issue Date:: 2022-12-23

Closed Access

	Filename	Description	Size
	A Comprehensive Survey on Poisoning Attacks and Countermeasures in Machine Learning.pdf	Published version	1.23 MB	Adobe PDF	View/Open

Copyright Clearance Process

Recently Added
In Progress
Closed Access

This item is closed access and not available.

Full metadata record

Field	Value	Language
dc.contributor.author	Tian, Z https://orcid.org/0000-0001-8905-0941
dc.contributor.author	Cui, L
dc.contributor.author	Liang, J https://orcid.org/0000-0001-7179-5208
dc.contributor.author	Yu, S https://orcid.org/0000-0003-4485-6743
dc.date.accessioned	2024-03-11T23:21:14Z
dc.date.available	2024-03-11T23:21:14Z
dc.date.issued	2022-12-23
dc.identifier.citation	ACM Computing Surveys, 2022, 55, (8)
dc.identifier.issn	0360-0300
dc.identifier.issn	1557-7341
dc.identifier.uri	http://hdl.handle.net/10453/176503
dc.description.abstract	The prosperity of machine learning has been accompanied by increasing attacks on the training process. Among them, poisoning attacks have become an emerging threat during model training. Poisoning attacks have profound impacts on the target models, e.g., making them unable to converge or manipulating their prediction results. Moreover, the rapid development of recent distributed learning frameworks, especially federated learning, has further stimulated the development of poisoning attacks. Defending against poisoning attacks is challenging and urgent. However, the systematic review from a unified perspective remains blank. This survey provides an in-depth and up-to-date overview of poisoning attacks and corresponding countermeasures in both centralized and federated learning. We firstly categorize attack methods based on their goals. Secondly, we offer detailed analysis of the differences and connections among the attack techniques. Furthermore, we present countermeasures in different learning framework and highlight their advantages and disadvantages. Finally, we discuss the reasons for the feasibility of poisoning attacks and address the potential research directions from attacks and defenses perspectives, separately.
dc.language	English
dc.publisher	ASSOC COMPUTING MACHINERY
dc.relation	http://purl.org/au-research/grants/arc/DP200101374
dc.relation	http://purl.org/au-research/grants/arc/LP190100676
dc.relation.ispartof	ACM Computing Surveys
dc.relation.isbasedon	10.1145/3551636
dc.rights	info:eu-repo/semantics/closedAccess
dc.subject	08 Information and Computing Sciences
dc.subject.classification	Information Systems
dc.subject.classification	46 Information and computing sciences
dc.title	A Comprehensive Survey on Poisoning Attacks and Countermeasures in Machine Learning
dc.type	Journal Article
utslib.citation.volume	55
utslib.for	08 Information and Computing Sciences
pubs.organisational-group	University of Technology Sydney
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology
pubs.organisational-group	University of Technology Sydney/Faculty of Engineering and Information Technology/School of Computer Science
pubs.organisational-group	University of Technology Sydney/Strength - CCSP - Centre for Cyber Security and Privacy
pubs.organisational-group	University of Technology Sydney/Strength - VI - Visualisation Institute
utslib.copyright.status	closed_access	*
dc.date.updated	2024-03-11T23:21:13Z
pubs.issue	8
pubs.publication-status	Published
pubs.volume	55
utslib.citation.issue	8

Abstract:

The prosperity of machine learning has been accompanied by increasing attacks on the training process. Among them, poisoning attacks have become an emerging threat during model training. Poisoning attacks have profound impacts on the target models, e.g., making them unable to converge or manipulating their prediction results. Moreover, the rapid development of recent distributed learning frameworks, especially federated learning, has further stimulated the development of poisoning attacks. Defending against poisoning attacks is challenging and urgent. However, the systematic review from a unified perspective remains blank. This survey provides an in-depth and up-to-date overview of poisoning attacks and corresponding countermeasures in both centralized and federated learning. We firstly categorize attack methods based on their goals. Secondly, we offer detailed analysis of the differences and connections among the attack techniques. Furthermore, we present countermeasures in different learning framework and highlight their advantages and disadvantages. Finally, we discuss the reasons for the feasibility of poisoning attacks and address the potential research directions from attacks and defenses perspectives, separately.

Please use this identifier to cite or link to this item:

http://hdl.handle.net/10453/176503