ABSTRACT
Adversarial attacks against ML systems aim to reduce the systems’ learning ability, produce faults in model behaviors, and acquire sensitive information from the system. For this chapter, a few types of threats and various countermeasures to those threats are surveyed. First, a honeypot defense network is presented to distract a potential adversarial attacker from engaging with real systems. Next, the concept of poisoned data is demonstrated along with a general approach to combating poisoned data during the prediction and adjustment phase of a model. After that, the principle of mixup inference is covered to improve the defensive parameters of mixup-trained models and their global linearities. In the section following that, the techniques for defending cyber-physical systems against data-oriented attacks and the applicability of such techniques for IoT devices are discussed. From there, the concept of information fusion is approached along with the applications of data fusion for network-level defensive mechanisms, specifically those that model internet-oriented and CPS-oriented networks. After these overviews of various machine learning defensive techniques, some broader conclusions and potential future directions on ML defense are presented.
