CY 7790: Special Topics in Security and Privacy: Machine Learning Security and Privacy
Class forum: Piazza
Class policies: Academic integrity policy is strictly enforced
Class description: Machine learning is increasingly being used for automated decisions in applications such as health care, finance, autonomous vehicles, personalized recommendations, and cyber security. These critical applications require strong guarantees on both the integrity of the machine learning models and the privacy of the user data used to train these models. The area of adversarial machine learning studies the effect of adversarial attacks against machine learning models and aims to design robust defense algorithms. In this course, we will study a variety of adversarial attacks on machine learning and deep learning systems that impact the security and privacy of these systems, and we will discuss the challenges of designing robust models. The objectives of the course are the following:
· Provide an overview of several machine learning models for classification and regression, including logistic regression, SVM, decision trees, ensemble learning, and deep neural network architectures.
· Discuss generalization in machine learning, the bias-variance tradeoff, and the underlying assumptions that most algorithms rely on.
· Provide an in-depth coverage of adversarial attacks on machine learning systems, including evasion attacks at inference time, poisoning attacks at training time, and privacy attacks. Learn how to classify the attacks according to the adversarial objective, knowledge, and capability.
· Discuss adversarial attacks in real-world applications, including cyber security, autonomous vehicles, and natural language processing.
· Understand existing methods for training robust models and the challenges of achieving both robustness and accuracy.
· Discuss fairness issues in machine learning that might exacerbate existing risks of adversarial attacks.
· Read research papers from both security and machine learning conferences and discuss them in class. Students will participate in class discussions, lead discussion on selected papers in teams, and write notes about the class discussion.
· Provide students the opportunity to work on a semester-long research project on a topic of their choice, as well as complete several assignments on machine learning security and privacy.
The grade will be based on:
- Assignments – 10%
- Paper summaries– 10%
- Discussion leading – 15%
- Scribing – 15%
- Final project – 50%