Security of Machine Learning

Overview

SemesterWinter 2021
Course typeLecture
LecturerJun.-Prof. Dr. Wressnegger
AudienceInformatik Master & Bachelor
Credits3 ECTS
Time10:00–11:30
RoomOnline
LanguageEnglish
Linkhttps://ilias.studium.kit.edu/goto_produktiv_crs_1600114.html
RegistrationTBA (registration is only necessary for the final exam)

Remote Lecture

Due to the COVID-19 pandemic, this course is going to be held remotely. For this, we are recording the lecture and additionally meet for a short live session once a week.

To receive all the necessary information, please subscribe to the mailing list here.

Description

This lecture explicitly focuses on the security of machine learning algorithms. In learning-based systems, often only average-case performances are considered to show the effectiveness of AI methods. Worse-case scenarios triggered by viciously crafted inputs, however, can be exploited by an adversary to cause devastating damage in the application area. It thus is of utmost importance to investigate, research, and know about the security properties of machine learning methods.

The module introduces students to theoretic and practical aspects of security of machine learning algorithms and methods. In the first part, we cover offensive aspects of the topic. We will learn about different attack types such as adversarial examples (both white-box and black-box) or data poisoning and explicitly address problem-space constraints. In the second part, we explicitly focus on defensive mechanisms, such as adversarial training and network pruning. Finally, we will also cover methods for explaining learning-based algorithms to assist analysis and securing of machine learning methods.

Schedule

DateTopicSlidesRecording
20. OctIntroductionLIVE!
27. OctPrimer on Neural Networks, ,
03. NovWhite-box Adversarial Examples, ,
10. NovAdversarial Training, ,
17. NovBackdoor Attacks, ,
24. NovNo lecture
01. DecBlack-box Adversarial Examples, ,
08. DecModel Stealing 1, ,
15. DecModel Stealing 2, ,
22. DecNo lecture (XMas)
12. JanRelevance-based Explanations, ,
19. JanConcept-based Explanations, ,
26. JanAttacks against Explanations, ,
2. FebSummary and OutlookLIVE!
16. FebruaryWritten Exam

Mailing List

News about the lecture, potential updates of the schedule, and additional material are distributed using a separate mailing list. Moreover, the list enables students to discuss topics of the lecture.

You can subscribe here.