1.4 Adversarial Attack Types: Capability and Intention of the Adversary.

Based on the Capability and Intention of the Adversary

Following the capability and intention of adversaries to attack the victim model, adversarial attacks on machine learning are additionally sub-categorized into two substantial types, highlighted below.

Targeted Attack

Targeted attacks on machine learning systems in adversarial settings are formulated based on certain specified goals and targets that are the objectives of that adversarial attack (Guesmi et al., 2022; Abdukhamidov et al., 2023; Feng et al., 2023). Puttagunta et al. (2023) have provided a detailed synopsis of targeted and un-targeted attacks in automated medical systems. These attacks are based on the adversary’s deep understanding of the targeted model and its vulnerabilities to exploit and are based on distinct aims to achieve. With this attack, the attacker has at least baseline knowledge of either the victim model or its dataset and can not be a black box attack.

Untargeted Attack

Unlike a targeted attack, the untargeted attack is intended to disrupt the victim model in any way without any predefined objectives (Zafar et al., 2023; Chen et al., 2023; Li et al., 2022). This type of attack is intended to identify the vulnerabilities of the victim machine learning model irrespective of achieving any significant goals. Generally, these attacks are black box in nature and do not explicitly define any particular data points to be used for attack, rather than the adversary intends to degrade the overall performance of the attacked ML model. Subpopulation data poisoning attack is one of the case studies of untargeted adversarial attacks on machine learning (Jagielski et al., 2021).

“Machine learning security and privacy: a review of threats and countermeasures” by Anum Paracha, Junaid Arshad, Mohamed Ben Farah & Khalid Ismail is licensed under a  Creative Commons Attribution 4.0 International license