Machine learning models have made many decision support systems to be faster, more accurate, and more efficient. However, applications of machine learning in network security face a more disproportionate threat of active adversarial attacks compared to other domains. This is because machine learning applications in network security such as malware detection, intrusion detection, and spam filtering are by themselves adversarial in nature. In what could be considered an arm's race between attackers and defenders, adversaries constantly probe machine learning systems with inputs that are explicitly designed to bypass the system and induce a wrong prediction. In this survey, we first provide a taxonomy of machine learning techniques, tasks, and depth. We then introduce a classification of machine learning in network security applications. Next, we examine various adversarial attacks against machine learning in network security and introduce two classification approaches for adversarial attacks in network security. First, we classify adversarial attacks in network security based on a taxonomy of network security applications. Secondly, we categorize adversarial attacks in network security into a problem space vs feature space dimensional classification model. We then analyze the various defenses against adversarial attacks on machine learning-based network security applications. We conclude by introducing an adversarial risk grid map and evaluating several existing adversarial attacks against machine learning in network security using the risk grid map. We also identify where each attack classification resides within the adversarial risk grid map.

翻译：机器学习模型使许多决策支持系统变得更快、更准确、更高效。然而，相较于其他领域，机器学习在网络安全性中的应用面临着更为不成比例的主动对抗攻击威胁。这是因为机器学习在网络安全性中的应用（如恶意软件检测、入侵检测和垃圾邮件过滤）本质上是具有对抗性的。在可被视为攻击者与防御者之间的"军备竞赛"中，攻击者不断向机器学习系统输入明确设计用于绕过系统并诱导错误预测的样本。本综述首先提出了机器学习技术、任务和深度的分类体系，然后介绍了机器学习在网络安全性应用中的分类方法。接着，我们考察了针对网络安全性中机器学习的各种对抗攻击，并引入了两种对抗攻击的分类方法：第一种基于网络安全性应用的分类体系对对抗攻击进行分类；第二种将对抗攻击划分为问题空间与特征空间的二维分类模型。随后，我们分析了针对基于机器学习的网络安全性应用的各种防御措施。最后，我们引入对抗风险网格图，并利用该图对现有针对网络安全性中机器学习的对抗攻击进行评估，同时确定每种攻击分类在对抗风险网格图中的位置。