CS6231: Adversarial Machine Learning

Course Information

Instructor: Prof. Reza Shokri
Semester: Fall 2019

Location: SR@LT19

Time: Tue. 1000-1200

Platform for the paper reviews

Template for the research papers


In this module, we discuss trustworthy machine learning, and cover various types of attacks and defences in adversarial machine learning. The topics include:

  • Information leakage and privacy
  • Data poisoning attacks and robust learning
  • Adversarial examples (evasion attacks) and defences
The students will learn this topic through reviewing and presenting state of the art research papers in this domain, and performing a mini-project. The objective of this module is to educate students to do research while learning about adversarial machine learning.

Week 1 -- Introduction

Week 2 -- Adversarial Learning

  • Adversarial Classification
  • Adversarial Learning
  • Generative Adversarial Networks

Week 3 — Privacy Attacks

  • Stealing Machine Learning Models via Prediction APIs
  • Model Reconstruction from Model Explanations
  • Membership Inference Attacks Against Machine Learning Models

Week 4 - Poisoning Attacks

  • Poisoning Attacks against Support Vector Machines
  • Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks
  • Stronger Data Poisoning Attacks Break Data Sanitization Defenses
  • Transferable Clean-Label Poisoning Attacks on Deep Neural Nets

Week 5 - Evasion Attacks (Adversarial Examples)

  • Explaining and Harnessing Adversarial Examples
  • Towards Evaluating the Robustness of Neural Networks
  • Why Do Adversarial Attacks Transfer? Explaining Transferability of Evasion and Poisoning Attacks

Week 6 - Defense against Poisoning Attacks

  • Certified Defenses for Data Poisoning Attacks
  • Co-teaching: Robust Training of Deep Neural Networks with Extremely Noisy Labels
  • Robust Logistic Regression and Classification

Week 7 - Advanced Adversarial Attacks

  • Understanding Black-box Predictions via Influence Functions
  • Machine Learning with Adversaries: Byzantine Tolerant Gradient Descent
  • Comprehensive Privacy Analysis of Deep Learning: Passive and Active White-box Inference Attacks against Centralized and Federated Learning

Week 8 - Privacy Defenses

  • Machine Learning with Membership Privacy using Adversarial Regularization
  • Privacy-preserving Prediction
  • Deep Learning with Differential Privacy

Week 9 - Defenses against Adversarial Examples

  • Towards Deep Learning Models Resistant to Adversarial Attacks
  • Certified Defenses against Adversarial Examples
  • An abstract domain for certifying neural networks

Week 10 - Advanced topics on Adversarial Examples

  • Adversarially Robust Generalization Requires More Data
  • Adversarial Examples Are Not Bugs, They Are Features
  • Theoretically Principled Trade-off between Robustness and Accuracy

On Technical Writing and Presentation (helpful links)