Adversarial Machine Learning (AML) is a recently introduced technique, aiming to deceive Machine Learning (ML) models by providing falsified inputs to render those models ineffective. Consequently, most researchers focus on detecting new AML attacks that can undermine existing ML infrastructures, overlooking at the same time the significance of defense strategies. This article constitutes a survey of the existing literature on AML attacks and defenses with a special focus on a taxonomy of recent works on AML defense techniques for different application domains, such as audio, cyber-security, NLP, and computer vision. The proposed survey also explores the methodology of the defense solutions and compares them using several criteria, such as whether they are attack- and/or domain-agnostic, deploy appropriate AML evaluation metrics, and whether they share their source code and/or their evaluation datasets. To the best of our knowledge, this article constitutes the first survey that seeks to systematize the existing knowledge focusing solely on the defense solutions against AML and providing innovative directions for future research on tackling the increasing threat of AML.

对抗性机器学习 (AML) 是最近推出的一项技术，旨在通过提供伪造的输入来欺骗机器学习 (ML) 模型，使这些模型无效。因此，大多数研究人员专注于检测可能破坏现有机器学习基础设施的新的 AML 攻击，同时忽视了防御策略的重要性。本文对有关 AML 攻击和防御的现有文献进行了调查，特别关注针对不同应用领域（例如音频、网络安全、NLP 和计算机视觉）的 AML 防御技术的最新研究成果的分类。拟议的调查还探讨了防御解决方案的方法，并使用几个标准对它们进行比较，例如它们是否与攻击和/或领域无关，部署适当的 AML 评估指标，以及他们是否共享源代码和/或评估数据集。据我们所知，本文是第一份调查，旨在将现有知识系统化，仅关注反洗钱的防御解决方案，并为未来研究应对日益严重的反洗钱威胁提供创新方向。