Attacks on ML Systems: From Security Analysis to Attack Mitigation

Qingtian Zou, Lan Zhang, Anoop Singhal, Xiaoyan Sun, Peng Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution


The past several years have witnessed rapidly increasing use of machine learning (ML) systems in multiple industry sectors. Since security analysis is one of the most essential parts of the real-world ML system protection practice, there is an urgent need to conduct systematic security analysis of ML systems. However, it is widely recognized that the existing security analysis approaches and techniques, which were developed to analyze enterprise (software) systems and networks, are no longer very suitable for analyzing ML systems. In this paper, we seek to present a vision on how to address two unique ML security analysis challenges through ML-system-specific security analysis. This paper intends to take the initial step to bridge the gap between the existing computer security analysis approaches and an ‘ideal’ ML system security analysis approach.

Original languageEnglish (US)
Title of host publicationInformation Systems Security - 18th International Conference, ICISS 2022, Proceedings
EditorsVenkata Ramana Badarla, Surya Nepal, Rudrapatna K. Shyamasundar
PublisherSpringer Science and Business Media Deutschland GmbH
Number of pages20
ISBN (Print)9783031236891
StatePublished - 2022
Event18th International Conference on Information Systems Security, ICISS 2022 - Tirupati, India
Duration: Dec 16 2022Dec 20 2022

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume13784 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference18th International Conference on Information Systems Security, ICISS 2022

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Attacks on ML Systems: From Security Analysis to Attack Mitigation'. Together they form a unique fingerprint.

Cite this