In this module, we discuss trustworthy machine learning, and cover various types of attacks and defences in adversarial machine learning. The topics include:
- Information leakage and privacy
- Data poisoning attacks and robust learning
- Adversarial examples (evasion attacks) and defences
The students will learn this topic through reviewing and presenting state of the art research papers in this domain, and performing a mini-project. The objective of this module is to educate students to do research while learning about adversarial machine learning.
Week 1 -- Introduction
Week 2 -- Adversarial Learning
- Adversarial Classification
- Adversarial Learning
- Generative Adversarial Networks
Week 3 — Privacy Attacks
- Stealing Machine Learning Models via Prediction APIs
- Model Reconstruction from Model Explanations
- Membership Inference Attacks Against Machine Learning Models
Week 4 - Poisoning Attacks
- Poisoning Attacks against Support Vector Machines
- Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks
- Stronger Data Poisoning Attacks Break Data Sanitization Defenses
- Transferable Clean-Label Poisoning Attacks on Deep Neural Nets
Week 5 - Evasion Attacks (Adversarial Examples)
- Explaining and Harnessing Adversarial Examples
- Towards Evaluating the Robustness of Neural Networks
- Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks
Week 6 - Defense against Poisoning Attacks
- Certified Defenses for Data Poisoning Attacks
- Co-teaching: Robust Training of Deep Neural Networks with Extremely Noisy Labels
- Robust Logistic Regression and Classification
Week 7 - Advanced Adversarial Attacks
- Understanding Black-box Predictions via Influence Functions
- Machine Learning with Adversaries: Byzantine Tolerant Gradient Descent
- Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning
Week 8 - Privacy Defenses
- Machine Learning with Membership Privacy using Adversarial Regularization
- Privacy-preserving Prediction
- Deep Learning with Differential Privacy
Week 9 - Defenses against Adversarial Examples
- Towards Deep Learning Models Resistant to Adversarial Attacks
- Certified Defenses against Adversarial Examples
- An abstract domain for certifying neural networks
Week 10 - Advanced topics on Adversarial Examples
- Adversarially Robust Generalization Requires More Data
- Adversarial Examples Are Not Bugs, They Are Features
- Theoretically Principled Trade-off between Robustness and Accuracy