CS499/579 | AI539 :: W25 :: Trustworthy Machine Learning



Textbooks

No required textbook. Reading materials will be provided on the course website and/or distributed in class. If you lack the basics in machine learning (or deep learning), the following bibles can be helpful:

  • [FOD'20] Mathematics for Machine Learning [PDF]
  • [B'06] Pattern Recognition and Machine Learning [PDF]
  • [GBC'16] Deep Learning [PDF]

Prerequisites

This course requires a basic understanding of ML. Please consider taking CS 434 :: Machine Learning and Data Mining first.

Grading

Your final grade for this course will be based on the following scheme:

  • 30%: Written paper critiques [Details]
  • 10%: In-class paper presentation [Details]
  • 20%: Homeworks (HW 1-4) [Details]
  • 30%: Group project [Details]
  • 10%: Final exam

  • Up to 20%: Extra point opportunities

Latest Announcements [Full List]


Schedule

[Note]
- This is a tentative schedule; subject to change depending on the progress.
Date Topics Notice Readings
Part I: Overview and Motivation
Tue.
01/07
Introduction
[Slides]
[HW 1 Out] (Classic) SoK: Security and Privacy in Machine Learning
Part II: Adversarial Examples
Thu.
01/09
Attacks
[Slides]
(Classic) Explaining and Harnessing Adversarial Examples
(Classic) Towards Evaluating the Robustness of Neural Networks
(Classic) Towards Deep Learning Models Resistant to Adversarial Attacks
Tue.
01/14
Attacks
[Slides]
[HW 1 Due]
[HW 2 Out]
[Team-up!]
(Classic) Delving into Transferable Adversarial Examples and Black-box Attacks
(Classic) The Space of Transferable Adversarial Examples
(Recent) Why Do Adversarial Attacks Transfer?
Thu.
01/16
Attacks
[Slides]
(Classic) Prior Convictions: Black-Box Adversarial Attacks with Bandits and Priors
(Recent) Improving Black-box Adversarial Attacks with a Transfer-based Prior
Tue.
01/21
(Certified) Defenses
[Slides]
on Zoom
[Digital Learning Day]
(Classic) Certified Adversarial Robustness via Randomized Smoothing
(Recent) (Certified!!) Adversarial Robustness for Free!
Thu.
01/23
Practice
[Slides]
(Classic) Adversarial Examples in the Physical World
(Recent) Dirty Road Can Attack: ...(cropped the title due to the space limit)
(Recent) Universal and Transferable Adversarial Attacks on Aligned Language Models
Tue.
01/28
[No lecture]
Checkpoint I Presentation Prep.
Thu.
01/30
Group Project [HW 2 Due] Checkpoint Presentation 1
Part III: Data Poisoning
Tue.
02/04
Preliminaries
[Slides]
[HW 3 Out] (Recent) Poisoning the Unlabeled Dataset of Semi-Supervised Learning
(Recent) You Autocomplete Me: Poisoning Vulnerabilities in Neural Code Completion
Thu.
02/06
Attacks
[Slides]
(Classic) Poisoning Attacks against Support Vector Machines
(Classic) Manipulating Machine Learning: Poisoning Attacks and Countermeasures...
Tue.
02/11
Attacks
[Slides]
(Classic) Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks
(Classic) MetaPoison: Practical General-purpose Clean-label Data Poisoning
Thu.
02/13
Defenses
[Slides]
on Zoom
[Guest Lecturer: Dr. Minkyu Kim @ UBC]
(Classic) Certified Defenses for Data Poisoning Attacks
(Classic) Data Poisoning against Differentially-Private Learners: Attacks and Defenses
Part IV: Privacy
Tue.
02/18
Attack
[Slides]
(Classic) Membership Inference Attacks against Machine Learning Models
(Classic) Privacy Risk in Machine Learning: Analyzing the Connection to Overfitting
(Recent) Membership Inference Attacks From First Principles
Thu.
02/20
[No lecture]
[HW 3 Due]
Checkpoint II Presentation Prep.
Tue.
02/25
Group Project [HW 4 Out] Checkpoint Presentation 2
Thu.
02/27
Attack
[Slides]
(Classic) Model Inversion that Exploit Confidence Information and Basic Countermeasures
(Recent) The Secret Sharer: Evaluating and Testing Unintended Memorization in NNs
(Recent) Extracting Training Data from Large Language Models
Tue.
03/04
Attack
[Slides]
(Classic) Stealing Machine Learning Models via Prediction APIs
(Recent) High Accuracy and High Fidelity Extraction of Neural Networks
(Recent) Stealing Part of a Production Language Model
Thu.
03/06
(Certified) Defense
[Slides]
(Classic) Deep Learning with Differential Privacy
(Recent) Evaluating Differentially Private Machine Learning in Practice
(Recent) Red Teaming LMs with LMs
Tue.
03/11
[No lecture]
Final Presentation Prep.
Thu.
03/13
Group Project [HW 4 Due] Final Presentations (Showcases)
Finals Week (03/17 - 03/21)
Tue.
03/18
- [No Lecture]
[Final Exam]
Final Exam & Submit your final project report.
Thu.
03/20
- [No Lecture] Late submissions for HW 1-4.