Part I: Overview and Motivation |
Tue. 01/07 |
Introduction [Slides] |
[HW 1 Out] |
(Classic) SoK: Security and Privacy in Machine Learning
|
Part II: Adversarial Examples |
Thu. 01/09 |
Attacks [Slides] |
|
(Classic) Explaining and Harnessing Adversarial Examples
(Classic) Towards Evaluating the Robustness of Neural Networks
(Classic) Towards Deep Learning Models Resistant to Adversarial Attacks
|
Tue. 01/14 |
Attacks [Slides] |
[HW 1 Due]
[HW 2 Out]
[Team-up!]
|
(Classic) Delving into Transferable Adversarial Examples and Black-box Attacks
(Classic) The Space of Transferable Adversarial Examples
(Recent) Why Do Adversarial Attacks Transfer?
|
Thu. 01/16 |
Attacks [Slides] |
|
(Classic) Prior Convictions: Black-Box Adversarial Attacks with Bandits and Priors
(Recent) Improving Black-box Adversarial Attacks with a Transfer-based Prior
|
Tue. 01/21 |
(Certified) Defenses [Slides] |
on Zoom
|
[Digital Learning Day]
(Classic) Certified Adversarial Robustness via Randomized Smoothing
(Recent) (Certified!!) Adversarial Robustness for Free!
|
Thu. 01/23 |
Practice [Slides] |
|
(Classic) Adversarial Examples in the Physical World
(Recent) Dirty Road Can Attack: ...(cropped the title due to the space limit)
(Recent) Universal and Transferable Adversarial Attacks on Aligned Language Models
|
Tue. 01/28 |
|
[No lecture]
|
Checkpoint I Presentation Prep.
|
Thu. 01/30 |
Group Project |
[HW 2 Due]
|
Checkpoint Presentation 1 |
Part III: Data Poisoning |
Tue. 02/04 |
Preliminaries [Slides] |
[HW 3 Out]
|
(Recent) Poisoning the Unlabeled Dataset of Semi-Supervised Learning
(Recent) You Autocomplete Me: Poisoning Vulnerabilities in Neural Code Completion
|
Thu. 02/06 |
Attacks [Slides] |
|
(Classic) Poisoning Attacks against Support Vector Machines
(Classic) Manipulating Machine Learning: Poisoning Attacks and Countermeasures...
|
Tue. 02/11 |
Attacks [Slides] |
|
(Classic) Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks
(Classic) MetaPoison: Practical General-purpose Clean-label Data Poisoning
|
Thu. 02/13 |
Defenses [Slides] |
on Zoom
|
[Guest Lecturer: Dr. Minkyu Kim @ UBC]
(Classic) Certified Defenses for Data Poisoning Attacks
(Classic) Data Poisoning against Differentially-Private Learners: Attacks and Defenses
|
Part IV: Privacy |
Tue. 02/18 |
Attack [Slides] |
|
(Classic) Membership Inference Attacks against Machine Learning Models
(Classic) Privacy Risk in Machine Learning: Analyzing the Connection to Overfitting
(Recent) Membership Inference Attacks From First Principles
|
Thu. 02/20 |
|
[No lecture]
[HW 3 Due]
|
Checkpoint II Presentation Prep.
|
Tue. 02/25 |
Group Project |
[HW 4 Out]
|
Checkpoint Presentation 2 |
Thu. 02/27 |
Attack [Slides] |
|
(Classic) Model Inversion that Exploit Confidence Information and Basic Countermeasures
(Recent) The Secret Sharer: Evaluating and Testing Unintended Memorization in NNs
(Recent) Extracting Training Data from Large Language Models
|
Tue. 03/04 |
Attack [Slides] |
|
(Classic) Stealing Machine Learning Models via Prediction APIs
(Recent) High Accuracy and High Fidelity Extraction of Neural Networks
(Recent) Stealing Part of a Production Language Model
|
Thu. 03/06 |
(Certified) Defense [Slides] |
|
(Classic) Deep Learning with Differential Privacy
(Recent) Evaluating Differentially Private Machine Learning in Practice
(Recent) Red Teaming LMs with LMs
|
Tue. 03/11 |
|
[No lecture]
|
Final Presentation Prep.
|
Thu. 03/13 |
Group Project |
[HW 4 Due]
|
Final Presentations (Showcases) |
Finals Week (03/17 - 03/21) |
Tue. 03/18 |
- |
[No Lecture]
[Final Exam]
|
Final Exam & Submit your final project report.
|
Thu. 03/20 |
- |
[No Lecture]
|
Late submissions for HW 1-4. |