A Comprehensive Survey on Poisoning Attacks and Countermeasures in Machine Learning

The prosperity of machine learning has been accompanied by increasing attacks on the training process. Among them, poisoning attacks have become an emerging threat during model training. Poisoning attacks have profound impacts on the target models, e.g., making them unable to converge or manipulating their prediction results. Moreover, the rapid development of recent distributed learning frameworks, especially federated learning, has further stimulated the development of poisoning attacks. Defending against poisoning attacks is challenging and urgent. However, the systematic review from a unified perspective remains blank. This survey provides an in-depth and up-to-date overview of poisoning attacks and corresponding counter-measures in both centralized and federated learning. We firstly categorize attack methods based on their goals. Secondly, we offer detailed analysis of the differences and connections among the attack techniques. Furthermore, we present countermeasures in different learning framework and highlight their advantages and disadvantages. Finally, we discuss the reasons for the feasibility of poisoning attacks and address the potential research directions from attacks and defenses perspectives, separately.

Automated summary

The prosperity of machine learning has led to an increase in attacks on the training process, with poisoning attacks emerging as a significant threat. Defending against these attacks is challenging, and a systematic review from a unified perspective is lacking. This survey provides a comprehensive overview of poisoning attacks and countermeasures in both centralized and federated learning, categorizing attack methods based on goals and analyzing their differences and connections. Countermeasures in different learning frameworks are presented, along with a discussion of the feasibility of poisoning attacks and potential research directions.