Despite the large body of academic work on machine learning security, little is known about the occurrence of attacks on machine learning systems in the wild. In this paper, we report on a quantitative study with 139 industrial practitioners. We analyze attack occurrence and concern and evaluate statistical hypotheses on factors influencing threat perception and exposure. Our results shed light on real-world attacks on deployed machine learning. On the organizational level, while we find no predictors for threat exposure in our sample, the amount of implement defenses depends on exposure to threats or expected likelihood to become a target. We also provide a detailed analysis of practitioners' replies on the relevance of individual machine learning attacks, unveiling complex concerns like unreliable decision making, business information leakage, and bias introduction into models. Finally, we find that on the individual level, prior knowledge about machine learning security influences threat perception. Our work paves the way for more research about adversarial machine learning in practice, but yields also insights for regulation and auditing.

翻译：尽管学术界对机器学习安全开展了大量研究，但针对实际环境中机器学习系统遭受攻击的情况却知之甚少。本文针对139名工业从业者进行了一项定量研究，分析了攻击发生频率与关注程度,并评估了影响威胁感知与暴露因素的统计假设。研究结果揭示了已部署机器学习系统面临的实际攻击。在组织层面，虽然样本中未发现威胁暴露的预测因子，但所实施防御措施的数量取决于威胁暴露程度或预期成为攻击目标的可能性。本文还详细分析了从业者对各类机器学习攻击相关性的观点，揭示了不可靠决策、商业信息泄露及模型偏见引入等复杂问题。最后发现，在个体层面，关于机器学习安全的先验知识会影响威胁感知。本研究为实践中的对抗性机器学习研究铺平了道路，同时也为监管与审计提供了洞见。