Attacks in Adversarial Machine Learning: A Systematic Survey from the Lifecycle Perspective
摘要
Adversarial machine learning (AML) examines vulnerabilities that cause learning systems to produce predictions deviating from human expectations. Emerging paradigms–including backdoor attacks (at pre-training, training, and inference stages), weight attacks (at post-training, deployment, and inference stages), and adversarial example attacks (at the inference stage)–exploit such vulnerabilities across the machine learning lifecycle. Despite their shared adversarial objectives, current research remains fragmented and lacks a unified perspective to support systematic understanding. This work addresses this gap through three key contributions: (1) a lifecycle-aware mathematical framework that unifies the definitions of AML threats; (2) a hierarchical taxonomy that categorizes attack methodologies and clarifies inter-paradigm relationships; and (3) an extended analysis of AML in generative models and beneficial applications. We also introduce https://adversarial-ml.github.io/ as a continuously updated platform for taxonomies and literature. Our findings highlight the urgent need for robust security mechanisms, as adversarial capabilities increasingly threaten safety-critical systems. By revealing connections among attacks spanning different development stages, we demonstrate that isolated defenses are insufficient against coordinated multi-stage attacks. The research community must therefore prioritize holistic defense strategies incorporating lifecycle-aware monitoring, adaptive hardening techniques, and unified threat models. This survey provides both theoretical foundations and practical guidelines to advance secure machine learning ecosystems.