Cyber-physical systems (CPS) are increasingly relying on machine learning (ML) techniques to reduce labor costs and improve efficiency. However, the adoption of ML also exposes CPS to potential adversarial ML attacks witnessed in the literature. Specifically, the increased Internet connectivity in CPS has resulted in a surge in the volume of data generation and communication frequency among devices, thereby expanding the attack surface and attack opportunities for ML adversaries. Among various adversarial ML attacks, evasion attacks are one of the most well-known ones. Therefore, this survey focuses on summarizing the latest research on evasion attack and defense techniques, to understand state-of-the-art ML model security in CPS. To assess the attack effectiveness, this survey proposes an attack taxonomy by introducing quantitative measures such as perturbation level and the number of modified features. Similarly, a defense taxonomy is introduced based on four perspectives demonstrating the defensive techniques from models’ inputs to their outputs. Furthermore, the survey identifies gaps and promising directions that researchers and practitioners can explore to address potential challenges and threats caused by evasion attacks and lays the groundwork for understanding and mitigating the attacks in CPS.

中文翻译：

---

网络物理系统中机器学习模型的规避攻击和防御：调查


网络物理系统 (CPS) 越来越依赖机器学习 (ML) 技术来降低劳动力成本并提高效率。然而，ML 的采用也使 CPS 面临文献中所见的潜在对抗性 ML 攻击。具体来说，CPS 中互联网连接的增加导致设备之间的数据生成量和通信频率激增，从而扩大了 ML 对手的攻击面和攻击机会。在各种对抗性机器学习攻击中，规避攻击是最著名的攻击之一。因此，本次调查的重点是总结逃避攻击和防御技术的最新研究，以了解 CPS 中最先进的 ML 模型安全性。为了评估攻击的有效性，本次调查通过引入扰动级别和修改特征的数量等定量措施，提出了一种攻击分类法。同样，基于四个角度引入了防御分类法，展示了从模型输入到输出的防御技术。此外，该调查还确定了研究人员和从业人员可以探索的差距和有希望的方向，以解决逃避攻击造成的潜在挑战和威胁，并为理解和减轻 CPS 中的攻击奠定基础。