Nowadays, machine learning is widely used in various applications. However, machine learning models are vulnerable to various membership inference attacks (MIAs) that leak information on the individual records trained by these models. Although many studies focus on finding new attack methods or improving attack performance, how to characterize MIAs is not well studied. This paper focuses on MIAs and the defense mechanisms against them by analyzing a framework that allows the general decomposition of existing MIAs against machine learning systems. We investigate MIAs by multiple key elements related to the victim model, including the adversary's observation, the prior knowledge of attacks, the classification of the target model, and the learning frame of the target model. Then, we classify the adversary's prior knowledge into seven sub-classes to further analyze the existing attacks. After that, we survey defense mechanisms employed by existing models. Our work contributes to understanding: 1) What is the working mechanism of MIAs; 2) Which components should be considered during the design of an MIA.