IST 597: Adversarial Machine Learning
Overview
Machine learning techniques are prevalent in solving real-world problems, however, they are also found to be vulnerable to malicious adversaries. This has raised serious security concerns and trustworthy issues in the current machine learning systems. In this course, students will learn about understanding the risks posed by adversaries to the current machine learning systems, as well as designing more advanced defense techniques to mitigate those risks.
This course is focused on helping students explore new research directions and applications in Adversarial Machine Learning. As part of this focus, students will understand the vulnerabilities of different machine learning algorithms or improve the current machine learning model robustness through a series of readings and projects.
Prerequisites
This course requires the knowledge of an undergrad level machine learning course, basic background on linear algebra and calculus.
Logistics
- Time: Wednesday 2:30PM - 5:30PM
- Location: Borland Bldg 242
-
Instructor: Jinghui Chen (Email: jzc5917 at psu dot edu)
- Office hours:
- Tuesday 2-3pm at Westgate E380
- Course Website: https://jinghuichen.github.io/AdvML22Fall/
- Canvas: https://psu.instructure.com/courses/2211835
Grading Policy
Grades will be computed based on the following factors:
- Final Project 50%
- Paper Presentation 30%
- Paper Reviews 15%
- Class Participation 5%
Final grade cutoff:
- A [93%, 100%]
- A- [90%, 93%)
- B+ [87%, 90%)
- B [83%, 87%)
- B- [80%, 83%)
- C+ [77%, 80%)
- C [70%, 77%)
- D [60%, 70%)
- F [0%, 60%)
Schedule
| # | Date | Topics | Paper Presentation | Assignment Due |
|---|---|---|---|---|
| 1 | 08/24 | Course Introduction (Adversarial ML) | ||
| 2 | 08/31 | Basic Adversarial Attacks in Deep Learning | Reading SignUp Due | |
| 3 | 09/07 | Adversarial Attacks in Practical Settings | ✔️ | |
| 4 | 09/14 | Proposal Presentation (SignUp) | Final Proj Proposal Due | |
| 5 | 09/21 | Defenses Strategies for Adversarial Attacks | ✔️ | |
| 6 | 09/28 | Understanding Adversarial Training & Certified Defenses | ✔️ | |
| 7 | 10/05 | Poisoning Attacks in Deep Learning | ✔️ | |
| 8 | 10/12 | Backdoor Attacks and Defenses | ✔️ | |
| 9 | 10/19 | Learnability Attacks in Deep Learning | ✔️ | |
| 10 | 10/26 | Project Midterm Presenetation | Proj Midterm Report Due | |
| 11 | 11/02 | Security Problems in Federated Machine Learning | ✔️ | |
| 12 | 11/09 | Privacy Attacks and Defenses | ✔️ | |
| 13 | 11/16 | Adversarial Machine Learning beyond Image Classification | ✔️ | |
| 14 | 11/23 | No Class (Thanksgiving Holiday) | ||
| 15 | 11/30 | |||
| 16 | 12/07 | Final Project Presentation | ||
| NA | 12/12 | NA | Paper Review Report Due Final Project Report Due |
The instructor reserves the rights to make any changes.
Paper Presentation
- Each student will present 2 papers for a specific topic. Students need to sign up here for the presentation before Week 2.
- Students are expected to prepare the slides by themselves, but the original authors’ slides are allowed to be used with proper citation.
- Students need to upload the slides at least one day before the presentation.
- The presentation quality will take 30% of your grade (contains 5% peer review).
Paper Reviews
- Each student will review 2 papers from the piles that other students presented (different from the papers you presented).
- Each review should contain a basic introduction to the background, drawbacks of prior solutions (if any), proposed problem formulations/analysis and your understanding towards the advantages and disadvantages of the proposed method/analysis as well as the possible future directions.
- The review quality will take 15% of your grade.
Final Project
- Group is allowed for the final project (with a maximum of 2 people per group). The expectation for a 2-people group will be relatively higher.
- The goal of the course project is to provide the students an opportunity to explore research directions in adversarial machine learning. Therefore, the project should be related to the course content. An expected project include but not limited to
- A novel and sound solution to an interesting problem
- Solving an interesting new real-world problem with adversarial machine learning
- Thorough theoretical analysis of existing approaches
- The best outcome of the project is a manuscript that is publishable in major machine learning/AI/Security conferences (ICML, NeurIPS, ICLR, CVPR, KDD, ACL, CCS, etc.).
- Incentives: outstanding projects that are publishable on top tier venues (determined by the instructor) can waive the paper reviews. Contact the instructor before the project final presentation if you feel qualified.
- The final project quality will take 50% of your grade.
- Students cannot use their own published work as the course project.
Late Submission Policy
- All reports are due on Thursday at 11:59 pm (EST).
- Students can submit late with the penalty of 25% deduction for every 24 hours late (up to 3 days).
- After 3 days, no more late submission is allowed.
- Extensions can be granted for special cases (email the instructor)
Mask Policy
Penn State University highly recommend everyone to wear a face mask in all university buildings, including classrooms, regardless of vaccination status. We highly recommend all students to wear a mask appropriately (i.e., covering both your mouth and nose) while you are indoors on campus. This is to protect your health and safety as well as the health and safety of your classmates, instructor, and the university community.
ACADEMIC INTEGRITY STATEMENT
Academic integrity is the pursuit of scholarly activity in an open, honest and responsible manner. Academic integrity is a basic guiding principle for all academic activity at The Pennsylvania State University, and all members of the University community are expected to act in accordance with this principle. Consistent with this expectation, the University’s Code of Conduct states that all students should act with personal integrity, respect other students’ dignity, rights and property, and help create and maintain an environment in which all can succeed through the fruits of their efforts.
Academic integrity includes a commitment by all members of the University community not to engage in or tolerate acts of falsification, misrepresentation or deception. Such acts of dishonesty violate the fundamental ethical principles of the University community and compromise the worth of work completed by others.
DISABILITY ACCOMMODATION STATEMENT
Penn State welcomes students with disabilities into the University’s educational programs. Every Penn State campus has an office for students with disabilities. Student Disability Resources (SDR) website provides contact information for every Penn State campus (http://equity.psu.edu/sdr/disability-coordinator). For further information, please visit Student Disability Resources website (http://equity.psu.edu/sdr/).
In order to receive consideration for reasonable accommodations, you must contact the appropriate disability services office at the campus where you are officially enrolled, participate in an intake interview, and provide documentation: See documentation guidelines (http://equity.psu.edu/sdr/guidelines). If the documentation supports your request for reasonable accommodations, your campus disability services office will provide you with an accommodation letter. Please share this letter with your instructors and discuss the accommodations with them as early as possible. You must follow this process for every semester that you request accommodations.
COUNSELING AND PSYCHOLOGICAL SERVICES STATEMENT
Many students at Penn State face personal challenges or have psychological needs that may interfere with their academic progress, social development, or emotional wellbeing. The university offers a variety of confidential services to help you through difficult times, including individual and group counseling, crisis intervention, consultations, online chats, and mental health screenings. These services are provided by staff who welcome all students and embrace a philosophy respectful of clients’ cultural and religious backgrounds, and sensitive to differences in race, ability, gender identity and sexual orientation.
Counseling and Psychological Services at University Park (CAPS) (http://studentaffairs.psu.edu/counseling/): 814-863-0395
Counseling and Psychological Services at Commonwealth Campuses (https://senate.psu.edu/faculty/counseling-services-at-commonwealth-campuses/)
Penn State Crisis Line (24 hours/7 days/week): 877-229-6400 Crisis Text Line (24 hours/7 days/week): Text LIONS to 741741
EDUCATIONAL EQUITY/REPORT BIAS STATEMENTS
Consistent with University Policy AD29, students who believe they have experienced or observed a hate crime, an act of intolerance, discrimination, or harassment that occurs at Penn State are urged to report these incidents as outlined on the University’s Report Bias webpage (http://equity.psu.edu/reportbias/)