Recent research efforts on adversarial ML have investigated problem-space attacks,
focusing on the generation of real evasive objects in domains where, unlike images, there is
no clear inverse mapping to the feature space (eg, software). However, the design,
comparison, and real-world implications of problem-space attacks remain underexplored.
This paper makes two major contributions. First, we propose a novel formalization for
adversarial ML evasion attacks in the problem-space, which includes the definition of a …

Recent research efforts on adversarial machine learning (ML) have investigated problem-
space attacks, focusing on the generation of real evasive objects in domains where, unlike
images, there is no clear inverse mapping to the feature space (eg, software). However, the
design, comparison, and real-world implications of problem-space attacks remain
underexplored. This article makes three major contributions. Firstly, we propose a general
formalization for adversarial ML evasion attacks in the problem-space, which includes the …