ISSN 1000-1239 CN 11-1777/TP

Journal of Computer Research and Development ›› 2019, Vol. 56 ›› Issue (10): 2049-2070.doi: 10.7544/issn1000-1239.2019.20190437

Special Issue: 2019密码学与智能安全研究专题

Previous Articles     Next Articles

Privacy and Security Issues in Machine Learning Systems: A Survey

He Yingzhe, Hu Xingbo, He Jinwen, Meng Guozhu, Chen Kai   

  1. (State Key Laboratory of Information Security (Institute of Information Engineering, Chinese Academy of Sciences), Beijing 100195) (Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100195) (School of Cyber Security, University of Chinese Academy of Sciences, Beijing 101408)
  • Online:2019-10-16

Abstract: Artificial intelligence has penetrated into every corners of our life and brought humans great convenience. Especially in recent years, with the vigorous development of the deep learning branch in machine learning, there are more and more related applications in our life. Unfortunately, machine learning systems are suffering from many security hazards. Even worse, the popularity of machine learning systems further magnifies these hazards. In order to unveil these security hazards and assist in implementing a robust machine learning system, we conduct a comprehensive investigation of the mainstream deep learning systems. In the beginning of the study, we devise an analytical model for dissecting deep learning systems, and define our survey scope. Our surveyed deep learning systems span across four fields-image classification, audio speech recognition, malware detection, and natural language processing. We distill four types of security hazards and manifest them in multiple dimensions such as complexity, attack success rate, and damage. Furthermore, we survey defensive techniques for deep learning systems as well as their characteristics. Finally, through the observation of these systems, we propose the practical proposals of constructing robust deep learning system.

Key words: machine learning security, deep learning security, attack and defense race, adversarial attack, membership inference attack, privacy-preserving

CLC Number: