Short PhD seminar on Machine Learning Security (Adversarial Machine Learning)

Machine Learning Security

A short course on adversarial machine learning.

Academic Year 2021-2022

Instructors: Dr. Battista Biggio

Teaching Assistants: Dr. Ambra Demontis, Dr. Luca Demetrio, Dr. Kathrin Grosse, Maura Pintor

PhD programme in Information Engineering and Science (Univ. Siena)

PhD programme in Electronic and Computer Engineering (Univ. Cagliari)

MSc in Computer Engineering, Cybersecurity and Artificial Intelligence (Univ. Cagliari)

GitHub repository for course material: https://github.com/unica-mlsec/mlsec

Course objectives and outcome

Objectives

The objective of this course is to provide students with the fundamental elements of machine learning security in the context of different application domains. The main concepts and methods of adversarial machine learning are presented, from threat modeling to attacks and defenses, as well as basic methods to properly evaluate adversarial robustness of a machine learning model against different attacks.

Outcome

An understanding of fundamental concepts and methods of machine learning security and its applications. An ability to analyse and evaluate attacks and defenses in the context of application-specific domains. An ability to design and evaluate robust machine learning models with Python and test them on benchmark data sets.

Class schedule/Course Outline (20 hours, 2 CFU)

1. Introduction to Machine Learning Security: Threat Models and Attacks (Video01) - Sept. 14, 9-12; Sept. 15, 15-16.
2. Evasion attacks and countermeasures - Sept. 15, 16-18; Sept. 16, 15-18; Sept. 17, 9-10.
3. Poisoning attacks and countermeasures - Sept. 17, 10-12.
4. Backdoor poisoning, privacy-related threats, and defenses - Sept. 22, 15-18.
5. Practical session with Python - Sept. 23, 15-18.