pith. sign in

arxiv: 1907.07291 · v1 · pith:354YQASWnew · submitted 2019-07-17 · 💻 cs.LG · cs.CR· stat.ML

Adversarial Security Attacks and Perturbations on Machine Learning and Deep Learning Methods

Arif Siddiqi This is my paper

Pith reviewed 2026-05-24 20:33 UTC · model grok-4.3

classification 💻 cs.LG cs.CRstat.ML
keywords adversarial attacksmachine learningdeep learningcybersecurityperturbationssecurity attacksreview paper
0
0 comments X

The pith

This review consolidates literature on adversarial attacks and perturbations targeting machine learning and deep learning methods for new cybersecurity researchers.

A machine-rendered reading of the paper's core claim, the machinery that carries it, and where it could break.

The paper identifies the growing use of ML and DL in cybersecurity alongside their vulnerability to security attacks that exploit training data, test data, or model workings. It responds to a stated demand from research communities for a consolidated overview of these attacks and the underlying models. A sympathetic reader would care because the topic is recent, with literature scattered across different styles, leaving new entrants without an accessible entry point. The authors specifically direct the review at cybersecurity newcomers seeking basic knowledge rather than experts.

Core claim

The paper claims that a review is needed to comprehend the increasingly focused topic of adversarial security attacks and perturbations on ML and DL methods, and that this paper meets that demand by targeting new researchers with coverage of the models, algorithms, and relevant attacks along with their presentation styles and merits.

What carries the argument

The survey structure that selects and presents existing literature on ML/DL models together with adversarial attacks and perturbations.

If this is right

  • New researchers gain basic knowledge on ML and DL methods applied to cybersecurity.
  • Readers understand how adversaries exploit training and testing data of learning models.
  • The review highlights the workings of models that can be explored for advanced attacks.
  • Practitioners receive a starting point for navigating the scattered literature on this topic.

Where Pith is reading between the lines

These are editorial extensions of the paper, not claims the author makes directly.

  • Such a consolidated review could serve as a base for later papers that propose unified taxonomies of attacks.
  • The emphasis on accessibility may encourage more cross-disciplinary work between cybersecurity and machine learning communities.
  • If widely read, the review might reduce duplication of effort when new researchers begin studying model vulnerabilities.

Load-bearing premise

The paper assumes its selection and presentation of the literature on ML/DL models and attacks is representative, accurate, and accessible enough to meet the needs of new cybersecurity researchers.

What would settle it

A new cybersecurity researcher reports that after reading the review they still cannot identify or describe the main categories of adversarial attacks without consulting additional sources.

read the original abstract

The ever-growing big data and emerging artificial intelligence (AI) demand the use of machine learning (ML) and deep learning (DL) methods. Cybersecurity also benefits from ML and DL methods for various types of applications. These methods however are susceptible to security attacks. The adversaries can exploit the training and testing data of the learning models or can explore the workings of those models for launching advanced future attacks. The topic of adversarial security attacks and perturbations within the ML and DL domains is a recent exploration and a great interest is expressed by the security researchers and practitioners. The literature covers different adversarial security attacks and perturbations on ML and DL methods and those have their own presentation styles and merits. A need to review and consolidate knowledge that is comprehending of this increasingly focused and growing topic of research; however, is the current demand of the research communities. In this review paper, we specifically aim to target new researchers in the cybersecurity domain who may seek to acquire some basic knowledge on the machine learning and deep learning models and algorithms, as well as some of the relevant adversarial security attacks and perturbations.

Editorial analysis

A structured set of objections, weighed in public.

Desk editor's note, referee report, simulated authors' rebuttal, and a circularity audit. Tearing a paper down is the easy half of reading it; the pith above is the substance, this is the friction.

Referee Report

1 major / 0 minor

Summary. The manuscript is a literature review on the application of machine learning and deep learning methods in cybersecurity, with emphasis on adversarial security attacks and perturbations. It states that these methods are susceptible to attacks on training/testing data or model workings, notes growing interest in the topic, and positions the paper as a consolidation of existing literature aimed specifically at new cybersecurity researchers seeking basic knowledge on the models, algorithms, and relevant attacks.

Significance. If executed with transparent selection criteria and accurate coverage, the review could address a stated community demand by providing an accessible entry point for newcomers at the intersection of ML/DL and adversarial cybersecurity. However, the absence of any described methodology for literature selection or verification limits its potential utility as a reliable consolidation.

major comments (1)
  1. [Abstract] Abstract: The central claim that the paper meets 'the current demand of the research communities' by reviewing and consolidating knowledge rests on an unstated assumption that the selected literature is representative and accurate. No selection criteria, search strategy, inclusion/exclusion rules, or verification steps are described, which is load-bearing for any review paper's credibility and directly undermines the weakest assumption identified in the reader's report.

Simulated Author's Rebuttal

1 responses · 0 unresolved

We thank the referee for the constructive feedback on our literature consolidation paper. We address the single major comment below and will incorporate changes to improve transparency.

read point-by-point responses

  1. Referee: [Abstract] Abstract: The central claim that the paper meets 'the current demand of the research communities' by reviewing and consolidating knowledge rests on an unstated assumption that the selected literature is representative and accurate. No selection criteria, search strategy, inclusion/exclusion rules, or verification steps are described, which is load-bearing for any review paper's credibility and directly undermines the weakest assumption identified in the reader's report.

    Authors: We agree that the absence of an explicit description of literature selection limits the paper's credibility as a consolidation. The manuscript is positioned as an accessible entry point for new cybersecurity researchers rather than a formal systematic review. In revision we will add a dedicated subsection (likely in the introduction or a new 'Scope and Methodology' section) that states the primary sources consulted (key venues such as IEEE S&P, USENIX Security, NeurIPS, ICML, and arXiv), the approximate time window of coverage, and the inclusion focus on papers addressing adversarial attacks/perturbations on ML/DL models. This will make the representative nature of the selected works transparent without altering the paper's introductory intent. revision: yes

Circularity Check

0 steps flagged

No significant circularity

full rationale

The paper is a literature review whose central claim is the existence of demand for consolidated coverage of ML/DL models plus adversarial attacks/perturbations, aimed at new cybersecurity researchers. The abstract states this purpose directly and without internal contradiction. No equation, theorem, or empirical result is asserted that could be falsified; the argument reduces to a statement of scope and motivation. No derivations, fitted parameters, or self-citation chains are present that reduce any claim to its own inputs by construction.

Axiom & Free-Parameter Ledger

0 free parameters · 0 axioms · 0 invented entities

As a review paper, the central claim rests on the accuracy and representativeness of the literature summary rather than new derivations, parameters, or entities.

pith-pipeline@v0.9.0 · 5718 in / 948 out tokens · 21446 ms · 2026-05-24T20:33:30.552573+00:00 · methodology

discussion (0)

Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.