Machine learning applications span all areas of artificial intelligence, but due to storage and transmission security issues and the flaws of machine learning algorithms themselves, machine learning faces a variety of security- and privacy-oriented attacks. This survey classifies the security and privacy attacks based on the location and timing of attacks in machine learning, and analyzes the causes and attack methods of data poisoning attacks, adversary attacks, data stealing attacks, and querying attacks. Furthermore, the existing security defense mechanisms are summarized. Finally, a perspective of future work and challenges in this research area are discussed.