The deployment of machine learning in real-world systems calls for a set of complementary technologies that will ensure that machine learning is trustworthy. Here, the notion of trust is used in its broad meaning: the course covers different topics in emerging research areas related to the broader study of security and privacy in machine learning. Students will learn about attacks against computer systems leveraging machine learning, as well as defense techniques to mitigate such attacks.
The course assumes students already have a basic understanding of machine learning. Students will familiarize themselves with the emerging body of literature from different research communities investigating these questions. The class is designed to help students explore new research directions and applications. Most of the course readings will come from both seminal and recent papers in the field. No textbooks are required for this class. Notes and slides, as well as research papers, will make up the material used in this course. Links to these will be provided in the schedule below.
Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. I will attempt to announce any change to the class, but this webpage should be viewed as authoritative. If you have any questions, please contact me.
|Reading / Assignment
|Overview & motivation
|Training-time integrity (attacks & defenses)
|Test-time integrity (attacks)
|Test-time integrity (defenses)
|Confidentiality (of the model)
|Confidentiality (of the data)
|Fairness & Ethics
LaTeX template for assignments: you can find an example template for writing the reading summaries and class notes on Overleaf. You can also use that service to write up your assignments if you don't want to install latex on your own machine.
Reading summary: A 1 page summary of reading assigned is due each class (starting from week 2 and onwards). A physical copy should be turned in before the beginning of class. The summary should cover the following: (a) what did the papers do well?, (b) where did the papers fall short?, (c) what did you learn from these papers?, and (d) what questions do you have about the papers?
Paper presentation: starting from week 2, a team of students will present the papers assigned for reading each week. The team may choose an appropriate format (e.g., slides, interactive demos or code tutorials, ...) for this presentation with the only requirements being that the presentation should (a) involve the class in active discussions, (b) cover all papers assigned for reading, and (c) last no more than 1h30mn including discussions.
Class notes: Another team of students will be charged with writing notes synthesizing the content of the presentation and class discussion.
Research projects: Students will work on a course-long research project. Each project will be presented in the form of a poster on Dec 02.
Grading scheme: 15% exam, 25% paper presentation, 10% paper summaries, 15% class notes, 35% research project.
Class participation: Course lectures will be driven by the contents of assigned papers. However, students are going to be required to (i) turn in a 1 page summary of reading assigned each week, (ii) participate in discussions of the paper content during each class, and (iii) write notes synthesizing the content of class for one class. Hence, the students' ability to exhibit comprehension of papers is essential to a passing grade.
Lateness policy: 1 page summaries of reading assigned each week will not be accepted late (students will be assigned a 0 for that week). All other assignments (i.e., presentation slides, notes synthesizing the content of class, and project reports) will be assessed a 10% per-day late penalty, up to a maximum of 4 days (2 days for presentation slides). Students with legitimate reasons who contact the professor before the deadline may apply for an extension.
Integrity: Any instance of sharing or plagiarism, copying, cheating, or other disallowed behavior will constitute a breach of ethics. Students are responsible for reporting any violation of these rules by other students, and failure to constitutes an ethical violation that carries with it similar penalties.
This course covers topics in personal and public privacy and security. As part of this investigation we will explore technologies whose abuse may infringe on the rights of others. As an instructor, I rely on the ethical use of these technologies. Unethical use may include circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through public and authoritative channels. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class. When in doubt, please contact the course professor for advice. Do not undertake any action which could be perceived as technology misuse anywhere and/or under any circumstances unless you have received explicit permission from the instructor.