No required textbook. Reading materials will be provided on the course website and/or distributed in class. If you lack the basics in machine learning (or deep learning), the following bibles can be helpful:
This course requires a basic understanding of ML:
Your final grade for this course will be based on the following scheme:
| Date | Mode | Topics | Notice | Readings |
|---|---|---|---|---|
| Part I: Overview and Motivation | ||||
| Mon. 03/30 |
In-person | Introduction [Slides] |
[HW 1 Out] | (Classic) SoK: Security and Privacy in Machine Learning |
| Wed. 04/01 |
Online | ML Overview | Team-up [Sheet] | (Book) Dive into Deep Learning |
| Part II: Adversarial Examples | ||||
| Mon. 04/06 |
In-person | Basics [Slides] |
- |
(Classic) Explaining and Harnessing Adversarial Examples (Classic) Towards Deep Learning Models Resistant to Adversarial Attacks |
| Wed. 04/08 |
Online | Black-box Attacks [Slides] |
- |
(Classic) Delving into Transferable Adversarial Examples and Black-box Attacks (Classic) Prior Convictions (Classic) Improving Black-box Adversarial Attacks with a Transfer-based Prior |
| Mon. 04/13 |
In-person | Defenses [Slides] |
[HW 1 Due] [HW 2 Out] |
(Classic) Certified Adversarial Robustness via Randomized Smoothing (Recent) (Certified!!) Adversarial Robustness for Free! |
| Wed. 04/15 |
Online |
Hands-on I Checkpoint I Prep |
Hands-on Lab: Emulating Adversarial Attacks on ML Models Topic Introduction and Team Building |
|
| Mon. 04/20 |
In-person | Group Project | - | Checkpoint Presentation 1 |
| Wed. 04/22 |
No class | - | - | Post-Checkpoint Presentation I :: HW2 Completion |
| Part III: Data Poisoning | ||||
| Mon. 04/27 |
In-person | Preliminaries [Slides] |
[HW 2 Due] [HW 3 Out] |
(Classic) Poisoning Attacks against SVMs (Classic) Manipulating ML: Poisoning Attacks and Countermeasures... |
| Wed. 04/29 |
Online | Attacks on NN [Slides] |
- |
(Classic) Poison Frogs! Targeted Clean-Label Poisoning Attacks on NNs (Classic) MetaPoison: Practical General-purpose Clean-label Data Poisoning |
| Mon. 05/04 |
In-person | Defenses [Slides] |
- |
(Classic) Certified Defenses for Data Poisoning Attacks (Classic) Data Poisoning against DP Learners: Attacks and Defenses |
| Wed. 05/06 |
Online |
Hands-on II Checkpoint II Prep |
- | Hands-on Lab: Emulating Poisoning Attack on ML Models |
| Mon. 05/11 |
In-person | Group Project | - | Checkpoint Presentation 2 |
| Wed. 05/13 |
No class | - |
[HW 3 Due] [HW 4 Out] |
Post-Checkpoint Presentation II :: HW3 Completion |
| Part IV: Privacy | ||||
| Mon. 05/18 |
Online(Async) | S&P Travel | - |
(Recorded materials on Canvas) (Classic) Privacy Risk in ML: Analyzing the Connection to Overfitting (Recent) Membership Inference Attacks From First Principles |
| Wed. 05/20 |
Online(Async) | S&P Travel | - |
(Recorded materials on Canvas) (Classic) Evaluating and Testing Unintended Memorization in NNs (Recent) Extracting Training Data from Large Language Models |
| Mon. 05/25 |
No class | - | Memorial Day | |
| Wed. 05/27 |
In-person | Defense [Slides] |
- |
(Classic) Deep Learning with Differential Privacy (Recent) Evaluating DP ML in Practice |
| Mon. 06/01 |
Online |
Hands-on III Final Presentation Prep |
- | Hands-on Lab: Emulating Membership Inference on ML Models |
| Wed. 06/03 |
In-person | Group Project | - | Final Project Presentations (Showcases) |
| Finals Week | ||||
| Mon. 06/08 |
No class | Final Exam | - | Final Exam & Submit Your Final Project Report. |
| Wed. 06/10 |
No class | Final Exam | [HW 4 Due] | Late Submissions for HW 1-4. |