Taxonomy and Recent Advance of Game Theoretical Approaches in Adversarial Machine Learning: A Survey

作     者：Lijun Gao Zheng Yan Xueqin Liang Xi Xu Jie Wang Wenxiu Ding Laurence Tianruo Yang 

作者机构：The State Key Lab of ISN School of Cyber Engineering Xidian University China School of Computer Science and Technology Xi’an Jiaotong University China Department of Computer Science St. Francis Xavier University Canada 

出 版 物：《ACM Transactions on Sensor Networks》 

年 卷 期：1000年

学科分类：08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

主　　题：game theory adversarial machine learning evasion attacks data poisoning attacks backdoor poisoning attacks 

摘      要：Carefully perturbing adversarial inputs degrades the performance of traditional machine learning (ML) models. Adversarial machine learning (AML) that takes adversaries into account during training and learning emerges as a valid technique to defend against attacks. Due to the complexity and uncertainty of adversaries’ attack strategies, researchers utilize game theory to study the interactions between an adversary and an ML system designer. By configuring different game rules and analyzing game outcomes in an adversarial game, it is possible to effectively predict attack strategies and to produce optimal defense strategies for the system designer. However, the literature still lacks a holistic review of adversarial games in AML. In this paper, we extend the scope of previous surveys and provide a thorough overview of existing game theoretical approaches in AML for adaptively defending against adversarial attacks. For evaluating these approaches, we propose a set of metrics to discuss their merits and drawbacks. Finally, based on our literature review and analysis, we raise several open problems and suggest interesting research directions worthy of special investigation.