As machine learning becomes more widely used, the need to study its implications in security and privacy becomes more urgent. Although the body of work in privacy has been steadily growing over the past few years, research on the privacy aspects of machine learning has received less focus than the security aspects. Our contribution in this research is an analysis of more than 40 papers related to privacy attacks against machine learning that have been published during the past seven years. We propose an attack taxonomy, together with a threat model that allows the categorization of different attacks based on the adversarial knowledge, and the assets under attack. An initial exploration of the causes of privacy leaks is presented, as well as a detailed analysis of the different attacks. Finally, we present an overview of the most commonly proposed defenses and a discussion of the open problems and future directions identified during our analysis.

翻译：随着机器学习应用的日益广泛，研究其安全与隐私影响的需求愈发迫切。尽管过去几年隐私领域的研究逐步增长，但机器学习隐私方面的关注仍少于安全方面。本研究的贡献在于对过去七年发表的40余篇涉及机器学习隐私攻击的论文进行了分析。我们提出了一种攻击分类体系，并构建了一个基于敌手知识与攻击目标的威胁模型，用于对不同类型的攻击进行归类。本文初步探讨了隐私泄露的成因，并对不同攻击方式进行了详细剖析。最后，我们概述了当前最常用的防御措施，并讨论了在分析过程中发现的开放性问题与未来研究方向。