Taxonomy of Contemporary Attacks on Machine Learning Models
1
Akademia Sztuki Wojennej, Poland
Submission date: 2025-11-25
Acceptance date: 2025-12-13
Publication date: 2025-12-23
Cybersecurity and Law 2025;14(2):173-184
KEYWORDS
TOPICS
ABSTRACT
Objectives:
This paper analyzes security threats to artificial intelligence (AI) systems, focusing on the classification of technical attacks that target confidentiality, integrity, and availability of machine learning (ML) models.
Methods:
The study is based on a systematic review of scientific literature and an examination of established taxonomies, including those by NIST, ENISA, and MITRE ATLAS, enabling the integration of attack types across stages of the ML lifecycle and attacker knowledge levels.
Results:
The work identifies major threat vectors such as adversarial examples, data poisoning, backdoor insertion, model theft, membership inference, model overloading, and prompt manipulation. The results show that white-box attacks allow highly precise and covert manipulations of model behavior, while black-box attacks dominate production environments, leveraging transferability and prediction-based analysis.
Conclusions:
The proposed taxonomy demonstrates that securing ML systems requires a multilayered defensive approach, encompassing protection of training data, strengthening model robustness, and securing API interfaces using techniques such as differential privacy, adversarial training, and rate limiting. The findings highlight the need for close collaboration between machine learning engineers and cybersecurity practitioners to ensure resilient and trustworthy AI systems.
This paper analyzes security threats to artificial intelligence (AI) systems, focusing on the classification of technical attacks that target confidentiality, integrity, and availability of machine learning (ML) models.
Methods:
The study is based on a systematic review of scientific literature and an examination of established taxonomies, including those by NIST, ENISA, and MITRE ATLAS, enabling the integration of attack types across stages of the ML lifecycle and attacker knowledge levels.
Results:
The work identifies major threat vectors such as adversarial examples, data poisoning, backdoor insertion, model theft, membership inference, model overloading, and prompt manipulation. The results show that white-box attacks allow highly precise and covert manipulations of model behavior, while black-box attacks dominate production environments, leveraging transferability and prediction-based analysis.
Conclusions:
The proposed taxonomy demonstrates that securing ML systems requires a multilayered defensive approach, encompassing protection of training data, strengthening model robustness, and securing API interfaces using techniques such as differential privacy, adversarial training, and rate limiting. The findings highlight the need for close collaboration between machine learning engineers and cybersecurity practitioners to ensure resilient and trustworthy AI systems.
Share
RELATED ARTICLE
| ISSN: | 2658-1493 |
We process personal data collected when visiting the website. The function of obtaining information about users and their behavior is carried out by voluntarily entered information in forms and saving cookies in end devices. Data, including cookies, are used to provide services, improve the user experience and to analyze the traffic in accordance with the Privacy policy. Data are also collected and processed by Google Analytics tool (more).
You can change cookies settings in your browser. Restricted use of cookies in the browser configuration may affect some functionalities of the website.
You can change cookies settings in your browser. Restricted use of cookies in the browser configuration may affect some functionalities of the website.
