The Threat of Adversarial Attacks on Machine Learning in Network Security -- A Survey

TL;DR

This survey reviews the vulnerabilities of machine learning models in network security to adversarial attacks, classifies these attacks, and evaluates defense strategies using a novel risk grid map.

Contribution

It provides a comprehensive taxonomy of adversarial attacks and defenses in network security machine learning applications, introducing a risk grid map for evaluation.

Findings

Adversarial attacks pose significant threats to network security ML systems.

A new adversarial risk grid map helps evaluate attack severity and defense effectiveness.

Classification frameworks improve understanding of attack types and defense strategies.

Abstract

Machine learning models have made many decision support systems to be faster, more accurate, and more efficient. However, applications of machine learning in network security face a more disproportionate threat of active adversarial attacks compared to other domains. This is because machine learning applications in network security such as malware detection, intrusion detection, and spam filtering are by themselves adversarial in nature. In what could be considered an arm's race between attackers and defenders, adversaries constantly probe machine learning systems with inputs that are explicitly designed to bypass the system and induce a wrong prediction. In this survey, we first provide a taxonomy of machine learning techniques, tasks, and depth. We then introduce a classification of machine learning in network security applications. Next, we examine various adversarial attacks against machine learning in network security and introduce two classification approaches for adversarial attacks in network security. First, we classify adversarial attacks in network security based on a taxonomy of network security applications. Secondly, we categorize adversarial attacks in network security into a problem space vs feature space dimensional classification model. We then analyze the various defenses against adversarial attacks on machine learning-based network security applications. We conclude by introducing an adversarial risk grid map and evaluating several existing adversarial attacks against machine learning in network security using the risk grid map. We also identify where each attack classification resides within the adversarial risk grid map.