| Part I: Overview and Motivation |
Tue.
04/04 |
Introduction
[Slides] |
[HW 1 Out] |
SoK: Security and Privacy in Machine Learning
[Bonus] The Security of Machine Learning
|
| Part II: Adversarial Examples |
Thu.
04/06 |
Preliminaries
[Slides] |
|
Explaining and Harnessing Adversarial Examples
Adversarial Examples in the Physical World
Dirty Road Can Attack: ...(cropped the title due to the space limit)
|
Tue.
04/11 |
Attacks
[Slides] |
[Recording]
[Team-up!]
|
SH's business travel, but SH will provide the recording for this lecture.
Towards Evaluating the Robustness of Neural Networks
Towards Deep Learning Models Resistant to Adversarial Attacks
[Bonus] The Space of Transferable Adversarial Examples
|
Thu.
04/13 |
|
[No lecture]
[HW 1 Due]
[HW 2 Out]
|
SH's business travel.
|
Tue.
04/18 |
Attacks
[Slides] |
|
Delving into Transferable Adversarial Examples and Black-box Attacks
Prior Convictions: Black-Box Adversarial Attacks with Bandits and Priors
|
Thu.
04/20 |
Defenses
[Slides] |
|
Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks
[Revisit'ed] Towards Deep Learning Models Resistant to Adversarial Attacks
|
Tue.
04/25 |
Group Project |
|
Checkpoint Presentation 1 |
Thu.
04/27 |
(Certified) Defenses
[Slides] |
[HW 2 Due] |
Certified Adversarial Robustness via Randomized Smoothing
(Certified!!) Adversarial Robustness for Free!
|
| Part III: Data Poisoning |
Tue.
05/02 |
Preliminaries
[Slides] |
[HW 3 Out] |
Poisoning the Unlabeled Dataset of Semi-Supervised Learning
You Autocomplete Me: Poisoning Vulnerabilities in Neural Code Completion
|
Thu.
05/04 |
|
[No lecture] |
SH's business travel.
|
Tue.
05/09 |
Attacks
[Slides] |
|
Poisoning Attacks against Support Vector Machines
Manipulating Machine Learning: Poisoning Attacks and Countermeasures...
|
Thu.
05/11 |
Attacks
[Slides] |
|
Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks
MetaPoison: Practical General-purpose Clean-label Data Poisoning
|
Tue.
05/16 |
Group Project |
|
Checkpoint Presentation 2 |
Thu.
05/18 |
Defenses
[Slides] |
[HW 3 Due] |
Certified Defenses for Data Poisoning Attacks
Data Poisoning against Differentially-Private Learners: Attacks and Defenses
|
| Part IV: Privacy |
Tue.
05/23 |
|
[No lecture]
[HW 4 Out]
|
SH's business travel.
|
Thu.
05/25 |
Preliminaries |
[No lecture]
|
SH's business travel.
Exposed! A Survey of Attacks on Private Data
Robust De-anonymization of Large Sparse Datasets
|
Tue.
05/30 |
Attack
[Slides] |
|
Membership Inference Attacks against Machine Learning Models
Privacy Risk in Machine Learning: Analyzing the Connection to Overfitting
|
Thu.
06/01 |
Attack
[Slides] |
|
Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures
The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks
|
Thu.
06/06 |
(Certified) Defense
[Slides] |
|
Deep Learning with Differential Privacy
Evaluating Differentially Private Machine Learning in Practice
|
Thu.
06/08 |
Group Project |
[HW 4 Due] |
Final Presentations (Showcases) |
| Finals Week (06/19 - 06/23) |
Tue.
06/13 |
- |
[No Lecture]
[Final Exam]
|
Final Exam & Submit your final project report.
|
Thu.
06/15 |
- |
[No Lecture]
|
Late submissions for HW 1-4. |