CS 498: Trustworthy Machine Learning

Spring 2020

Bo Li
4310 Siebel Center

Wed/Fri 3:30-4:45pm
1304 Siebel Center

Teaching Assistant
Zhuolin Yang, zhuolin5@illinois.edu

Office Hours
Bo Li: After class for one hour Zhuolin Yang: Tuesday/Thursday 2:30-3:30pm, 3333 Siebel Center


Course Overview

This course introduces students to the understanding about machine learning, security, privacy, adversarial machine learning, and basic game theory. Students will understand the different machine learning algorithms and analyze their implementation and security vulnerabilities through a series of homeworks and projects.

Please contact the instructor if you have questions regarding the material or concerns about whether your background is suitable for the course.

Course Schedule

The following table outlines the schedule for the course. We will update it as the quarter progresses.

Date Lecture Contents Materials Homework
1/22 Course Intro Survey, Slides
1/24 Supervised Learning I Regression, classification, Gradient Readings 1, 2, 3, Slides
1/29 Supervised Learning II PAC Learnability, supervised learning in Adversarial Settings Readings 1, 2, Slides Homework 1
1/31 Unsupervised Learning I Clustering, PCA, Matrix completion Slides
2/5 Unsupervised Learning II Unsupervised learning in Adversarial Settings Readings 1, 2, Slides
2/7 Reinforcement Learning Reinforcement Learning in Adversarial Settings Readings 1, Slides
2/12 Homework 1 Walkthrough, Q&A
2/14 Categories of Attacks on Machine Learning Slides
2/19 Attacks at Decision Time Evasion Attacks, Anomaly Detection Slides
2/21 Modeling Decision-time Attacks Homework 2
2/26 White-box/black-box Decision-time Attacks and Physical attacks Readings 1, Slides
2/28 Defending against decision-time attacks I Optimal evasion-robust classification Readings 1, Slides
3/4 Homework 2 Walkthrough, Q&A Materials
3/6 Defending against decision-time attacks II Feature level protection, randomized smoothing Readings 1, Slides
3/11 Midterm Exam
3/13 Knowledge enriched robust learning models
Spring Break
3/25 Defending against decision-time attacks III Adversarial retraining
3/27 Guest lecture Zoom
4/1 Data Poisoning attacks Binary classification, SVM, unsupervised learning, Matrix factorization, general framework Zoom, Slides, Readings 1, 2, 3
4/3 Defending against poisoning attacks I Data sub-sampling, outlier removal Zoom, Readings 1, 2, Slides Homework 3
4/8 Defending against poisoning attacks II Trimmed optimization Zoom, Slides, Readings 1, 2
4/10 Homework 3 Walkthrough, Q&A Zoom Materials
4/15 Guest lecture - Learning of 3D Deep Shape Descriptor for 3D Object Recognition and Registration Zoom, Readings 1
4/17 Connection between information theory with differential privacy I Zoom, Slides, Readings 1, 2
4/22 Connection between information theory with differential privacy II Zoom, Readings 1, 2, Slides
4/24 Privacy and model stability Zoom, Slides
4/29 Guest lecture - Conservative ML robustness Zoom, Slides, Readings 1
5/1 Final Review, final project presentation Zoom, Notes
5/6 Final Exam
5/8 Final Exam Analysis Zoom, Solution


The course will involve 4 programming homeworks, a midterm, and a final. Unless otherwise noted by the instructor, all work in this course is to be completed independently. If you are ever uncertain of how to complete an assignment, you can go to office hours or engage in high-level discussions about the problem with your classmates on the Piazza boards.

Grades will be assigned as follows:

Course Expectations

The expectations for the course are that students will attend every class, do any readings assigned for class, and actively and constructively participate in class discussions. Class participation will be a measure of contributing to the discourse both in class, through discussion and questions, and outside of class through contributing and responding to the Piazza forum.

Out of respect for your classmates, I ask that you turn off all laptops, tablets, and phone screens for the duration of each class!

More information about course requirements will be made available leading up to the start of classes

Ethics Statement

This course will include topics related computer security and privacy. As part of this investigation we may cover technologies whose abuse could infringe on the rights of others. As computer scientists, we rely on the ethical use of these technologies. Unethical use includes circumvention of an existing security or privacy mechanisms for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class and possibly more severe academic and legal sanctions.

Academic Integrity Policy

The University of Illinois at Urbana-Champaign Student Code should also be considered as a part of this syllabus. Students should pay particular attention to Article 1, Part 4: Academic Integrity. Read the Code at the following URL: http://studentcode.illinois.edu/.

Academic dishonesty may result in a failing grade. Every student is expected to review and abide by the Academic Integrity Policy: http://studentcode.illinois.edu/. Ignorance is not an excuse for any academic dishonesty. It is your responsibility to read this policy to avoid any misunderstanding. Do not hesitate to ask the instructor(s) if you are ever in doubt about what constitutes plagiarism, cheating, or any other breach of academic integrity.

Students with Disabilities

To obtain disability-related academic adjustments and/or auxiliary aids, students with disabilities must contact the course instructor and the as soon as possible. To insure that disability-related concerns are properly addressed from the beginning, students with disabilities who require assistance to participate in this class should contact Disability Resources and Educational Services (DRES) and see the instructor as soon as possible. If you need accommodations for any sort of disability, please speak to me after class, or make an appointment to see me, or see me during my office hours. DRES provides students with academic accommodations, access, and support services. To contact DRES you may visit 1207 S. Oak St., Champaign, call 333-4603 (V/TDD), or e-mail a message to disability@uiuc.edu. Please refer to http://www.disability.illinois.edu/.

Emergency Response Recommendations

Emergency response recommendations can be found at the following website: http://police.illinois.edu/emergency-preparedness/. I encourage you to review this website and the campus building floor plans website within the first 10 days of class: http://police.illinois.edu/emergency-preparedness/building-emergency-action-plans/.

Family Educational Rights and Privacy Act (FERPA)

Any student who has suppressed their directory information pursuant to Family Educational Rights and Privacy Act (FERPA) should self-identify to the instructor to ensure protection of the privacy of their attendance in this course. See http://registrar.illinois.edu/ferpa for more information on FERPA.