Machine learning models have made many decision support systems to be faster, more accurate, and more efficient. However, applications of machine learning in network security face a more disproportionate threat of active adversarial attacks compared to other domains. This is because machine learning applications in network security such as malware detection, intrusion detection, and spam filtering are by themselves adversarial in nature. In what could be considered an arm's race between attackers and defenders, adversaries constantly probe machine learning systems with inputs that are explicitly designed to bypass the system and induce a wrong prediction. In this survey, we first provide a taxonomy of machine learning techniques, tasks, and depth. We then introduce a classification of machine learning in network security applications. Next, we examine various adversarial attacks against machine learning in network security and introduce two classification approaches for adversarial attacks in network security. First, we classify adversarial attacks in network security based on a taxonomy of network security applications. Secondly, we categorize adversarial attacks in network security into a problem space vs feature space dimensional classification model. We then analyze the various defenses against adversarial attacks on machine learning-based network security applications. We conclude by introducing an adversarial risk grid map and evaluating several existing adversarial attacks against machine learning in network security using the risk grid map. We also identify where each attack classification resides within the adversarial risk grid map.
翻译:机器学习在网络安全中遭受对抗性攻击的威胁——一项调查
The translated abstract
机器学习模型已经使得许多决策支持系统更快、更准确、更高效。然而,在网络安全中应用机器学习面临着比其他领域更加不成比例的对抗性攻击威胁。这是因为机器学习在网络安全领域的应用,如恶意软件检测、入侵检测和垃圾邮件过滤本身就具有对抗性。在攻击者和防御者之间的一场所谓的“军备竞赛”中,对手不断利用专门设计的输入来探测机器学习系统,以绕过系统并诱导错误预测。在本次调查中,我们首先提供了机器学习技术、任务和深度的分类方式。我们接着介绍了网络安全应用中的机器学习分类。接下来,我们分析了针对网络安全中的机器学习的各种对抗性攻击,并引入了两种基于分类的网络安全中的对抗性攻击方法。首先,我们根据网络安全应用程序的分类方法,将针对网络安全的对抗性攻击进行分类。其次,我们将网络安全中的对抗性攻击分类成问题空间 vs 特征空间的分类模型。然后,我们分析了针对基于机器学习的网络安全应用程序的各种防御。最后,我们引入了一个对抗性风险网格图,并使用该风险网格图评估了针对网络安全中机器学习的若干现有对抗性攻击。我们还确定每种攻击分类在对抗性风险网格图中的位置。