The commercial use of Machine Learning (ML) is spreading; at the same time, ML models are becoming more complex and more expensive to train, which makes Intellectual Property Protection (IPP) of trained models a pressing issue. Unlike other domains that can build on a solid understanding of the threats, attacks and defenses available to protect their IP, the ML-related research in this regard is still very fragmented. This is also due to a missing unified view as well as a common taxonomy of these aspects. In this paper, we systematize our findings on IPP in ML, while focusing on threats and attacks identified and defenses proposed at the time of writing. We develop a comprehensive threat model for IP in ML, categorizing attacks and defenses within a unified and consolidated taxonomy, thus bridging research from both the ML and security communities.

翻译：机器学习（ML）的商业应用日益广泛；与此同时，ML模型正变得愈发复杂且训练成本高昂，这使得训练后模型的知识产权保护（IPP）成为亟待解决的问题。不同于其他能够基于对威胁、攻击及防御措施的深刻理解来保护知识产权的领域，ML在此方面的研究仍较为零散。这在一定程度上归因于缺乏统一视角和通用分类体系。本文系统梳理了机器学习领域知识产权保护的研究成果，重点聚焦于当前已识别的威胁与攻击以及提出的防御方案。我们构建了面向机器学习知识产权的综合性威胁模型，在统一的分类体系中对攻击与防御措施进行归类，从而连通机器学习与安全社区的研究进展。