Attacking Machine Learning models as part of a cyber kill chain

Considering the gaining popularity of "defense in depth" strategy, plus increasing amounts of money invested in information security layers, and considering adversaries' perspective while carrying out a long-term advanced-persistent attack campaign; avoiding (short term) detections may not be as beneficial as having a deeper knowledge about targeted "defense in depth" system. Probing and stealing information security machine learning models for organized cyber attack campaigns should not focus only on obvious results (a yes/no classification of attacks) but also on other factors.