{"id":"https://openalex.org/W4281486913","doi":"https://doi.org/10.1145/3538707","title":"Threats to Training: A Survey of Poisoning Attacks and Defenses on Machine Learning Systems","display_name":"Threats to Training: A Survey of Poisoning Attacks and Defenses on Machine Learning Systems","publication_year":2022,"publication_date":"2022-05-25","ids":{"openalex":"https://openalex.org/W4281486913","doi":"https://doi.org/10.1145/3538707"},"language":"en","primary_location":{"id":"doi:10.1145/3538707","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3538707","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"},"type":"review","indexed_in":["crossref"],"open_access":{"is_oa":false,"oa_status":"closed","oa_url":null,"any_repository_has_fulltext":false},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5100422345","display_name":"Zhibo Wang","orcid":"https://orcid.org/0000-0002-5804-3279"},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]},{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":true,"raw_author_name":"Zhibo Wang","raw_affiliation_strings":["Wuhan University, China and Zhejiang University, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"Wuhan University, China and Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692","https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5087156104","display_name":"Jingjing Ma","orcid":"https://orcid.org/0000-0002-7238-773X"},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jingjing Ma","raw_affiliation_strings":["Wuhan University, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"Wuhan University, Wuhan, China","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5012989667","display_name":"Xue Wang","orcid":"https://orcid.org/0000-0001-9132-7348"},"institutions":[{"id":"https://openalex.org/I37461747","display_name":"Wuhan University","ror":"https://ror.org/033vjfk17","country_code":"CN","type":"education","lineage":["https://openalex.org/I37461747"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Xue Wang","raw_affiliation_strings":["Wuhan University, Wuhan, China"],"affiliations":[{"raw_affiliation_string":"Wuhan University, Wuhan, China","institution_ids":["https://openalex.org/I37461747"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5100702750","display_name":"Jiahui Hu","orcid":"https://orcid.org/0000-0001-8771-7474"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Jiahui Hu","raw_affiliation_strings":["Zhejiang University, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5043524348","display_name":"Zhan Qin","orcid":"https://orcid.org/0000-0001-7872-6969"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Zhan Qin","raw_affiliation_strings":["Zhejiang University, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5105297718","display_name":"Kui Ren","orcid":"https://orcid.org/0000-0002-1969-2591"},"institutions":[{"id":"https://openalex.org/I76130692","display_name":"Zhejiang University","ror":"https://ror.org/00a2xv884","country_code":"CN","type":"education","lineage":["https://openalex.org/I76130692"]}],"countries":["CN"],"is_corresponding":false,"raw_author_name":"Kui Ren","raw_affiliation_strings":["Zhejiang University, Hangzhou, China"],"affiliations":[{"raw_affiliation_string":"Zhejiang University, Hangzhou, China","institution_ids":["https://openalex.org/I76130692"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":6,"corresponding_author_ids":["https://openalex.org/A5100422345"],"corresponding_institution_ids":["https://openalex.org/I37461747","https://openalex.org/I76130692"],"apc_list":null,"apc_paid":null,"fwci":10.0665,"has_fulltext":false,"cited_by_count":77,"citation_normalized_percentile":{"value":0.98469132,"is_in_top_1_percent":false,"is_in_top_10_percent":true},"cited_by_percentile_year":{"min":98,"max":100},"biblio":{"volume":"55","issue":"7","first_page":"1","last_page":"36"},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11689","display_name":"Adversarial Robustness in Machine Learning","score":1.0,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.9919000267982483,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11512","display_name":"Anomaly Detection Techniques and Applications","score":0.9810000061988831,"subfield":{"id":"https://openalex.org/subfields/1702","display_name":"Artificial Intelligence"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/computer-science","display_name":"Computer science","score":0.851373553276062},{"id":"https://openalex.org/keywords/exploit","display_name":"Exploit","score":0.8345299363136292},{"id":"https://openalex.org/keywords/categorization","display_name":"Categorization","score":0.6483513116836548},{"id":"https://openalex.org/keywords/computer-security","display_name":"Computer security","score":0.6334375143051147},{"id":"https://openalex.org/keywords/task","display_name":"Task (project management)","score":0.623702347278595},{"id":"https://openalex.org/keywords/field","display_name":"Field (mathematics)","score":0.5924124121665955},{"id":"https://openalex.org/keywords/variety","display_name":"Variety (cybernetics)","score":0.5324652791023254},{"id":"https://openalex.org/keywords/artificial-intelligence","display_name":"Artificial intelligence","score":0.4913553297519684},{"id":"https://openalex.org/keywords/fuzz-testing","display_name":"Fuzz testing","score":0.48877188563346863},{"id":"https://openalex.org/keywords/machine-learning","display_name":"Machine learning","score":0.4811745584011078},{"id":"https://openalex.org/keywords/domain","display_name":"Domain (mathematical analysis)","score":0.4653753936290741}],"concepts":[{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.851373553276062},{"id":"https://openalex.org/C165696696","wikidata":"https://www.wikidata.org/wiki/Q11287","display_name":"Exploit","level":2,"score":0.8345299363136292},{"id":"https://openalex.org/C94124525","wikidata":"https://www.wikidata.org/wiki/Q912550","display_name":"Categorization","level":2,"score":0.6483513116836548},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.6334375143051147},{"id":"https://openalex.org/C2780451532","wikidata":"https://www.wikidata.org/wiki/Q759676","display_name":"Task (project management)","level":2,"score":0.623702347278595},{"id":"https://openalex.org/C9652623","wikidata":"https://www.wikidata.org/wiki/Q190109","display_name":"Field (mathematics)","level":2,"score":0.5924124121665955},{"id":"https://openalex.org/C136197465","wikidata":"https://www.wikidata.org/wiki/Q1729295","display_name":"Variety (cybernetics)","level":2,"score":0.5324652791023254},{"id":"https://openalex.org/C154945302","wikidata":"https://www.wikidata.org/wiki/Q11660","display_name":"Artificial intelligence","level":1,"score":0.4913553297519684},{"id":"https://openalex.org/C111065885","wikidata":"https://www.wikidata.org/wiki/Q1189053","display_name":"Fuzz testing","level":3,"score":0.48877188563346863},{"id":"https://openalex.org/C119857082","wikidata":"https://www.wikidata.org/wiki/Q2539","display_name":"Machine learning","level":1,"score":0.4811745584011078},{"id":"https://openalex.org/C36503486","wikidata":"https://www.wikidata.org/wiki/Q11235244","display_name":"Domain (mathematical analysis)","level":2,"score":0.4653753936290741},{"id":"https://openalex.org/C134306372","wikidata":"https://www.wikidata.org/wiki/Q7754","display_name":"Mathematical analysis","level":1,"score":0.0},{"id":"https://openalex.org/C202444582","wikidata":"https://www.wikidata.org/wiki/Q837863","display_name":"Pure mathematics","level":1,"score":0.0},{"id":"https://openalex.org/C33923547","wikidata":"https://www.wikidata.org/wiki/Q395","display_name":"Mathematics","level":0,"score":0.0},{"id":"https://openalex.org/C2777904410","wikidata":"https://www.wikidata.org/wiki/Q7397","display_name":"Software","level":2,"score":0.0},{"id":"https://openalex.org/C199360897","wikidata":"https://www.wikidata.org/wiki/Q9143","display_name":"Programming language","level":1,"score":0.0},{"id":"https://openalex.org/C187736073","wikidata":"https://www.wikidata.org/wiki/Q2920921","display_name":"Management","level":1,"score":0.0},{"id":"https://openalex.org/C162324750","wikidata":"https://www.wikidata.org/wiki/Q8134","display_name":"Economics","level":0,"score":0.0}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.1145/3538707","is_oa":false,"landing_page_url":"https://doi.org/10.1145/3538707","pdf_url":null,"source":{"id":"https://openalex.org/S157921468","display_name":"ACM Computing Surveys","issn_l":"0360-0300","issn":["0360-0300","1557-7341"],"is_oa":false,"is_in_doaj":false,"is_core":true,"host_organization":"https://openalex.org/P4310319798","host_organization_name":"Association for Computing Machinery","host_organization_lineage":["https://openalex.org/P4310319798"],"host_organization_lineage_names":["Association for Computing Machinery"],"type":"journal"},"license":null,"license_id":null,"version":"publishedVersion","is_accepted":true,"is_published":true,"raw_source_name":"ACM Computing Surveys","raw_type":"journal-article"}],"best_oa_location":null,"sustainable_development_goals":[{"score":0.44999998807907104,"display_name":"Quality Education","id":"https://metadata.un.org/sdg/4"}],"awards":[{"id":"https://openalex.org/G6737453653","display_name":null,"funder_award_id":"62122066, U20A20182, 61872274, U20A20178","funder_id":"https://openalex.org/F4320321001","funder_display_name":"National Natural Science Foundation of China"},{"id":"https://openalex.org/G8753622371","display_name":null,"funder_award_id":"2020AAA0107705","funder_id":"https://openalex.org/F4320335777","funder_display_name":"National Key Research and Development Program of China"}],"funders":[{"id":"https://openalex.org/F4320321001","display_name":"National Natural Science Foundation of China","ror":"https://ror.org/01h0zpd94"},{"id":"https://openalex.org/F4320335777","display_name":"National Key Research and Development Program of China","ror":null}],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":63,"referenced_works":["https://openalex.org/W1901616594","https://openalex.org/W2103154003","https://openalex.org/W2125908420","https://openalex.org/W2151298633","https://openalex.org/W2159294971","https://openalex.org/W2167460663","https://openalex.org/W2293844262","https://openalex.org/W2294710185","https://openalex.org/W2346933546","https://openalex.org/W2509109313","https://openalex.org/W2559840118","https://openalex.org/W2577784528","https://openalex.org/W2592335154","https://openalex.org/W2602856279","https://openalex.org/W2612448920","https://openalex.org/W2765913967","https://openalex.org/W2767023880","https://openalex.org/W2785495800","https://openalex.org/W2788963265","https://openalex.org/W2807363941","https://openalex.org/W2892160417","https://openalex.org/W2912083425","https://openalex.org/W2946124108","https://openalex.org/W2952782294","https://openalex.org/W2962763344","https://openalex.org/W2962820691","https://openalex.org/W2963178695","https://openalex.org/W2963353335","https://openalex.org/W2963461515","https://openalex.org/W2963819344","https://openalex.org/W2964043980","https://openalex.org/W2964309657","https://openalex.org/W2965721472","https://openalex.org/W2982302101","https://openalex.org/W3004155269","https://openalex.org/W3010088852","https://openalex.org/W3012794253","https://openalex.org/W3013520104","https://openalex.org/W3014775455","https://openalex.org/W3017123256","https://openalex.org/W3035367371","https://openalex.org/W3035584216","https://openalex.org/W3046527848","https://openalex.org/W3048759177","https://openalex.org/W3087391814","https://openalex.org/W3090459527","https://openalex.org/W3098757341","https://openalex.org/W3101291735","https://openalex.org/W3104537462","https://openalex.org/W3117572899","https://openalex.org/W3118782137","https://openalex.org/W3118815406","https://openalex.org/W3127696688","https://openalex.org/W3128839796","https://openalex.org/W3157966799","https://openalex.org/W3162804012","https://openalex.org/W3186732165","https://openalex.org/W4238893454","https://openalex.org/W4247200422","https://openalex.org/W4252654521","https://openalex.org/W4288349226","https://openalex.org/W4300614359","https://openalex.org/W6683272254"],"related_works":["https://openalex.org/W2511770387","https://openalex.org/W3120811337","https://openalex.org/W2766647240","https://openalex.org/W4385301282","https://openalex.org/W2990186179","https://openalex.org/W3203597304","https://openalex.org/W4248424560","https://openalex.org/W4210660460","https://openalex.org/W3119380829","https://openalex.org/W2352737138"],"abstract_inverted_index":{"Machine":[0],"learning":[1,81],"(ML)":[2],"has":[3],"been":[4,100],"universally":[5],"adopted":[6],"for":[7,58,193],"automated":[8],"decisions":[9],"in":[10,29,47,65,119],"a":[11,44,93,116,120,145,178,194],"variety":[12],"of":[13,31,79,90,96,159,183,187],"fields,":[14],"including":[15],"recognition":[16],"and":[17,25,37,128,133,180,189],"classification":[18],"applications,":[19],"recommendation":[20],"systems,":[21],"natural":[22],"language":[23],"processing,":[24],"so":[26],"on.":[27],"However,":[28],"light":[30],"high":[32],"expenses":[33],"on":[34,115],"training":[35,66,85],"data":[36,86],"computing":[38],"resources,":[39],"recent":[40],"years":[41],"have":[42,99],"witnessed":[43],"rapid":[45],"increase":[46],"outsourced":[48],"ML":[49],"training,":[50],"either":[51],"partially":[52],"or":[53,87],"completely,":[54],"which":[55],"provides":[56],"vulnerabilities":[57],"adversaries":[59,73],"to":[60,75,148,168,176,198],"exploit.":[61],"A":[62],"prime":[63],"threat":[64],"phase":[67],"is":[68,107,175],"called":[69],"poisoning":[70,84,105,150],"attack,":[71],"where":[72],"strive":[74],"subvert":[76],"the":[77,102,156,164,191],"behavior":[78],"machine":[80],"systems":[82],"by":[83],"other":[88],"means":[89],"interference.":[91],"Although":[92],"growing":[94,185],"number":[95],"relevant":[97],"studies":[98],"proposed,":[101],"research":[103,188],"among":[104],"attack":[106,131],"still":[108],"overly":[109],"scattered,":[110],"with":[111,163],"each":[112],"paper":[113],"focusing":[114],"particular":[117],"task":[118],"specific":[121],"domain.":[122],"In":[123],"this":[124,184],"survey,":[125],"we":[126,153],"summarize":[127],"categorize":[129],"existing":[130],"methods":[132],"corresponding":[134,165],"defenses,":[135],"as":[136,138],"well":[137],"demonstrate":[139],"compelling":[140],"application":[141],"scenarios,":[142],"thus":[143],"providing":[144],"unified":[146],"framework":[147],"analyze":[149],"attacks.":[151],"Besides,":[152],"also":[154],"discuss":[155],"main":[157],"limitations":[158],"current":[160],"works,":[161],"along":[162],"future":[166],"directions":[167],"facilitate":[169],"further":[170],"researches.":[171],"Our":[172],"ultimate":[173],"motivation":[174],"provide":[177],"comprehensive":[179],"self-contained":[181],"survey":[182],"field":[186],"lay":[190],"foundation":[192],"more":[195],"standardized":[196],"approach":[197],"reproducible":[199],"studies.":[200]},"counts_by_year":[{"year":2026,"cited_by_count":4},{"year":2025,"cited_by_count":37},{"year":2024,"cited_by_count":29},{"year":2023,"cited_by_count":7}],"updated_date":"2026-03-27T05:58:40.876381","created_date":"2025-10-10T00:00:00"}