Stealing attack against controlled information, along with the increasing number of information leakage incidents, has become an emerging cyber security threat in recent years. Due to the booming development and deployment of advanced analytics solutions, novel stealing attacks utilize machine learning (ML) algorithms to achieve high success rate and cause a lot of damage. Detecting and defending against such attacks is challenging and urgent so that governments, organizations, and individuals should attach great importance to the ML-based stealing attacks. This survey presents the recent advances in this new type of attack and corresponding countermeasures. The ML-based stealing attack is reviewed in perspectives of three categories of targeted controlled information, including controlled user activities, controlled ML model-related information, and controlled authentication information. Recent publications are summarized to generalize an overarching attack methodology and to derive the limitations and future directions of ML-based stealing attacks. Furthermore, countermeasures are proposed towards developing effective protections from three aspects -- detection, disruption, and isolation.

翻译：由于先进分析解决方案的发展和部署迅速,新式偷盗袭击利用机器学习算法实现高成功率并造成巨大损害。发现和防范这类袭击具有挑战性和紧迫性,因此政府、组织和个人应高度重视以ML为基础的盗窃袭击。本调查介绍了这种新型袭击和相应应对措施的最新进展。基于ML的盗窃袭击从三类定向控制信息的角度进行审查,包括受控用户活动、受控ML模型相关信息和受控认证信息。最近的出版物总结了一种总体袭击方法,并提出了基于ML的盗窃袭击的局限性和未来方向。此外,还提出了针对检测、干扰和隔离等三个方面制定有效保护措施的建议。