CS 499/579 :: Spring 2023 :: Trustworthy Machine Learning



Textbooks

No required textbook. Reading materials will be provided on the course website and/or distributed in class. If you lack the basics in machine learning (or deep learning), the following bibles can be helpful:

  • [FOD'20] Mathematics for Machine Learning [PDF]
  • [B'06] Pattern Recognition and Machine Learning [PDF]
  • [GBC'16] Deep Learning [PDF]

Prerequisites

This course requires a basic understanding of machine learning. Please consider taking CS 434 :: Machine Learning and Data Mining first.

Grading

Your final grade for this course will be based on the following scheme:

  • 30%: Written paper critiques [Details]
  • 10%: In-class paper presentation [Details]
  • 20%: Homeworks (HW 1-4) [Details]
  • 30%: Group project [Details]
  • 10%: Final exam

  • [Bonus] ~35%: Extra point opportunities
    • +5%: Outstanding project work
    • +5%: Writing a critique with ChatGPT
    • +10%: Submitting the final report to workshops
    • +10%: Evading Sanghyun's backdoor detection

Latest Announcements [Full List]


Schedule

This is a tentative schedule; subject to change depending on the progress.
Date Topics Notice Readings
Part I: Overview and Motivation
Tue.
04/04
Introduction
[Slides]
[HW 1 Out] SoK: Security and Privacy in Machine Learning
[Bonus] The Security of Machine Learning
Part II: Adversarial Examples
Thu.
04/06
Preliminaries
[Slides]
Explaining and Harnessing Adversarial Examples
Adversarial Examples in the Physical World
Dirty Road Can Attack: ...(cropped the title due to the space limit)
Tue.
04/11
Attacks
[Slides]
[Recording]
[Team-up!]
SH's business travel, but SH will provide the recording for this lecture.
Towards Evaluating the Robustness of Neural Networks
Towards Deep Learning Models Resistant to Adversarial Attacks
[Bonus] The Space of Transferable Adversarial Examples
Thu.
04/13
[No lecture]
[HW 1 Due]
[HW 2 Out]
SH's business travel.
Tue.
04/18
Attacks
[Slides]
Delving into Transferable Adversarial Examples and Black-box Attacks
Prior Convictions: Black-Box Adversarial Attacks with Bandits and Priors
Thu.
04/20
Defenses
[Slides]
Feature Squeezing: Detecting Adversarial Examples in Deep Neural Networks
[Revisit'ed] Towards Deep Learning Models Resistant to Adversarial Attacks
Tue.
04/25
Group Project Checkpoint Presentation 1
Thu.
04/27
(Certified) Defenses
[Slides]
[HW 2 Due] Certified Adversarial Robustness via Randomized Smoothing
(Certified!!) Adversarial Robustness for Free!
Part III: Data Poisoning
Tue.
05/02
Preliminaries
[Slides]
[HW 3 Out] Poisoning the Unlabeled Dataset of Semi-Supervised Learning
You Autocomplete Me: Poisoning Vulnerabilities in Neural Code Completion
Thu.
05/04
[No lecture] SH's business travel.
Tue.
05/09
Attacks
[Slides]
Poisoning Attacks against Support Vector Machines
Manipulating Machine Learning: Poisoning Attacks and Countermeasures...
Thu.
05/11
Attacks
[Slides]
Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks
MetaPoison: Practical General-purpose Clean-label Data Poisoning
Tue.
05/16
Group Project Checkpoint Presentation 2
Thu.
05/18
Defenses
[Slides]
[HW 3 Due] Certified Defenses for Data Poisoning Attacks
Data Poisoning against Differentially-Private Learners: Attacks and Defenses
Part IV: Privacy
Tue.
05/23
[No lecture]
[HW 4 Out]
SH's business travel.
Thu.
05/25
Preliminaries [No lecture]
SH's business travel.
Exposed! A Survey of Attacks on Private Data
Robust De-anonymization of Large Sparse Datasets
Tue.
05/30
Attack
[Slides]
Membership Inference Attacks against Machine Learning Models
Privacy Risk in Machine Learning: Analyzing the Connection to Overfitting
Thu.
06/01
Attack
[Slides]
Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures
The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks
Thu.
06/06
(Certified) Defense
[Slides]
Deep Learning with Differential Privacy
Evaluating Differentially Private Machine Learning in Practice
Thu.
06/08
Group Project [HW 4 Due] Final Presentations (Showcases)
Finals Week (06/19 - 06/23)
Tue.
06/13
- [No Lecture]
[Final Exam]
Final Exam & Submit your final project report.
Thu.
06/15
- [No Lecture] Late submissions for HW 1-4.