In recent years, machine learning algorithms, and more specifically deep learning algorithms, have been widely used in many fields, including cyber security. However, machine learning systems are vulnerable to adversarial attacks, and this limits the application of machine learning, especially in non-stationary, adversarial environments, such as the cyber security domain, where actual adversaries (e.g., malware developers) exist. This article comprehensively summarizes the latest research on adversarial attacks against security solutions based on machine learning techniques and illuminates the risks they pose. First, the adversarial attack methods are characterized based on their stage of occurrence, and the attacker’ s goals and capabilities. Then, we categorize the applications of adversarial attack and defense methods in the cyber security domain. Finally, we highlight some characteristics identified in recent research and discuss the impact of recent advancements in other adversarial learning domains on future research directions in the cyber security domain. To the best of our knowledge, this work is the first to discuss the unique challenges of implementing end-to-end adversarial attacks in the cyber security domain, map them in a unified taxonomy, and use the taxonomy to highlight future research directions.

中文翻译：

---

网络安全领域的对抗性机器学习攻击和防御方法

近年来，机器学习算法，尤其是深度学习算法，已广泛应用于包括网络安全在内的许多领域。然而，机器学习系统容易受到对抗性攻击，这限制了机器学习的应用，特别是在非平稳的对抗性环境中，例如存在实际对手（例如恶意软件开发人员）的网络安全领域。本文全面总结了针对基于机器学习技术的安全解决方案的对抗性攻击的最新研究，并阐明了它们带来的风险。首先，对抗性攻击方法的特点是基于它们的发生阶段，以及攻击者的目标和能力。然后，我们将对抗性攻击和防御方法在网络安全领域的应用进行分类。最后，我们强调了最近研究中确定的一些特征，并讨论了其他对抗性学习领域的最新进展对网络安全领域未来研究方向的影响。据我们所知，这项工作是第一个讨论在网络安全领域实施端到端对抗性攻击的独特挑战，将它们映射到统一的分类法中，并使用分类法突出未来的研究方向。