Machine learning has been pervasively used in a wide range of applications due to its technical breakthroughs in recent years. It has demonstrated significant success in dealing with various complex problems, and shows capabilities close to humans or even beyond humans. However, recent studies show that machine learning models are vulnerable to various attacks, which will compromise the security of the models themselves and the application systems. Moreover, such attacks are stealthy due to the unexplained nature of the deep learning models. In this survey, we systematically analyze the security issues of machine learning, focusing on existing attacks on machine learning systems, corresponding defenses or secure learning techniques, and security evaluation methods. Instead of focusing on one stage or one type of attack, this paper covers all the aspects of machine learning security from the training phase to the test phase. First, the machine learning model in the presence of adversaries is presented, and the reasons why machine learning can be attacked are analyzed. Then, the machine learning security-related issues are classified into five categories: training set poisoning; backdoors in the training set; adversarial example attacks; model theft; recovery of sensitive training data. The threat models, attack approaches, and defense techniques are analyzed systematically. To demonstrate that these threats are real concerns in the physical world, we also reviewed the attacks in real-world conditions. Several suggestions on security evaluations of machine learning systems are also provided. Last, future directions for machine learning security are also presented. INDEX TERMS Artificial intelligence security, poisoning attacks, backdoor attacks, adversarial examples, privacy-preserving machine learning.
Due to the globalization of the design and fabrication process of integrated circuits (ICs), ICs are becoming vulnerable to hardware Trojans. Most of the existing hardware Trojan detection works assume that the testing stage is trustworthy. However, testing parties may collude with malicious attackers and modify the results of hardware Trojan detection. In this paper, two attack models for untrustworthy testing parties are formulated. We further propose an adversarial data generation method for untrustworthy testing parties to modify the collected test data. Then, we propose a novel hybrid clustering ensemble method to build a trusted hardware Trojan detection method (clustering ensemble-based hardware Trojan detection method) against untrustworthy testing parties. To alleviate the impact of process variations and noises on hardware Trojan detection in the actual measurement, the unsupervised correlation-based feature selection method is exploited to process the raw test data of ICs for feature selection. The proposed method can eliminate the need of the fabricated golden chips and the simulated golden models. It can also resist the malicious modifications on Trojan detection results introduced by untrustworthy testing parties. Besides, the following problems and questions are also theoretically analyzed and answered: 1) the number of necessary testing parties; 2) the time overhead and the computational overhead of the proposed method; 3) how to choose the basic clustering algorithms (by using a proposed diversity analysis algorithm); and 4) the reason why the proposed clustering ensemble method is superior to the majority voting method. Both the EDA evaluation on ISCAS89 benchmarks and field-programmable gate array evaluation on Trust-HUB benchmarks are performed to evaluate the performance of the proposed method. Experimental results demonstrate that the proposed method can resist malicious modifications robustly and can detect hardware Trojans with high accuracy (up to 93.75%). Meanwhile, the introduced time overhead is small. INDEX TERMS Hardware security, hardware Trojan detection, untrustworthy testing parties, unsupervised learning, clustering ensemble.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.