This course introduces students to the understanding about machine learning, security, privacy, adversarial machine learning, and basic game theory. Students will understand the different machine learning algorithms and analyze their implementation and security vulnerabilities through a series of homeworks and projects.
Please contact the instructor if you have questions regarding the material or concerns about whether your background is suitable for the course.
The following table outlines the schedule for the course. We will update it as the quarter progresses.
|1/22||Course Intro||Survey, Slides|
|1/24||Supervised Learning I||Regression, classification, Gradient||Readings 1, 2, 3, Slides|
|1/29||Supervised Learning II||PAC Learnability, supervised learning in Adversarial Settings||Readings 1, 2, Slides||Homework 1|
|1/31||Unsupervised Learning I||Clustering, PCA, Matrix completion||Slides|
|2/5||Unsupervised Learning II||Unsupervised learning in Adversarial Settings||Readings 1, 2, Slides|
|2/7||Reinforcement Learning||Reinforcement Learning in Adversarial Settings||Readings 1, Slides|
|2/12||Homework 1 Walkthrough, Q&A|
|2/14||Categories of Attacks on Machine Learning||Slides|
|2/19||Attacks at Decision Time||Evasion Attacks, Anomaly Detection||Slides|
|2/21||Modeling Decision-time Attacks||Homework 2|
|2/26||White-box/black-box Decision-time Attacks and Physical attacks||Readings 1, Slides|
|2/28||Defending against decision-time attacks I||Optimal evasion-robust classification||Readings 1, Slides|
|3/4||Homework 2 Walkthrough, Q&A||Materials|
|3/6||Defending against decision-time attacks II||Feature level protection, randomized smoothing||Readings 1, Slides|
|3/13||Knowledge enriched robust learning models|
|3/25||Defending against decision-time attacks III||Adversarial retraining|
|4/1||Data Poisoning attacks||Binary classification, SVM, unsupervised learning, Matrix factorization, general framework||Zoom, Slides, Readings 1, 2, 3|
|4/3||Defending against poisoning attacks I||Data sub-sampling, outlier removal||Zoom, Readings 1, 2, Slides||Homework 3|
|4/8||Defending against poisoning attacks II||Trimmed optimization||Zoom, Slides, Readings 1, 2|
|4/10||Homework 3 Walkthrough, Q&A||Zoom||Materials|
|4/15||Guest lecture - Learning of 3D Deep Shape Descriptor for 3D Object Recognition and Registration||Zoom, Readings 1|
|4/17||Connection between information theory with differential privacy I||Zoom, Slides, Readings 1, 2|
|4/22||Connection between information theory with differential privacy II||Zoom, Readings 1, 2, Slides|
|4/24||Privacy and model stability||Zoom, Slides|
|4/29||Guest lecture - Conservative ML robustness||Zoom, Slides, Readings 1|
|5/1||Final Review, final project presentation||Zoom, Notes|
|5/8||Final Exam Analysis||Zoom, Solution|
The course will involve 4 programming homeworks, a midterm, and a final. Unless otherwise noted by the instructor, all work in this course is to be completed independently. If you are ever uncertain of how to complete an assignment, you can go to office hours or engage in high-level discussions about the problem with your classmates on the Piazza boards.
Grades will be assigned as follows:
The expectations for the course are that students will attend every class, do any readings assigned for class, and actively and constructively participate in class discussions. Class participation will be a measure of contributing to the discourse both in class, through discussion and questions, and outside of class through contributing and responding to the Piazza forum.
Out of respect for your classmates, I ask that you turn off all laptops, tablets, and phone screens for the duration of each class!
More information about course requirements will be made available leading up to the start of classes
This course will include topics related computer security and privacy. As part of this investigation we may cover technologies whose abuse could infringe on the rights of others. As computer scientists, we rely on the ethical use of these technologies. Unethical use includes circumvention of an existing security or privacy mechanisms for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class and possibly more severe academic and legal sanctions.
The University of Illinois at Urbana-Champaign Student Code should also be considered as a part of this syllabus. Students should pay particular attention to Article 1, Part 4: Academic Integrity. Read the Code at the following URL: http://studentcode.illinois.edu/.
Academic dishonesty may result in a failing grade. Every student is expected to review and abide by the Academic Integrity Policy: http://studentcode.illinois.edu/. Ignorance is not an excuse for any academic dishonesty. It is your responsibility to read this policy to avoid any misunderstanding. Do not hesitate to ask the instructor(s) if you are ever in doubt about what constitutes plagiarism, cheating, or any other breach of academic integrity.
To obtain disability-related academic adjustments and/or auxiliary aids, students with disabilities must contact the course instructor and the as soon as possible. To insure that disability-related concerns are properly addressed from the beginning, students with disabilities who require assistance to participate in this class should contact Disability Resources and Educational Services (DRES) and see the instructor as soon as possible. If you need accommodations for any sort of disability, please speak to me after class, or make an appointment to see me, or see me during my office hours. DRES provides students with academic accommodations, access, and support services. To contact DRES you may visit 1207 S. Oak St., Champaign, call 333-4603 (V/TDD), or e-mail a message to email@example.com. Please refer to http://www.disability.illinois.edu/.
Emergency response recommendations can be found at the following website: http://police.illinois.edu/emergency-preparedness/. I encourage you to review this website and the campus building floor plans website within the first 10 days of class: http://police.illinois.edu/emergency-preparedness/building-emergency-action-plans/.
Any student who has suppressed their directory information pursuant to Family Educational Rights and Privacy Act (FERPA) should self-identify to the instructor to ensure protection of the privacy of their attendance in this course. See http://registrar.illinois.edu/ferpa for more information on FERPA.