Trustworthy Machine Learning
Semester: Summer 2024
Added: Apr 24, 2024
Summer 2024
Instructor: Adam Dziedzic and Franziska Boenisch
Contact: adam.dziedzic@cispa.de, franziska.boenisch@cispa.de
Lectures: Wednesday 16:00-18:00, CISPA Building C0, Lecture Hall Ground Floor
Description
The deployment of machine learning applications in real-world systems necessitates methods to ensure their trustworthiness. This course explores the different aspects of trustworthy machine learning, including Privacy, Collaborative Learning, Model Confidentiality, Robustness, Fairness, Explainability, and Governance.
- Privacy: We will analyze the landscape of privacy attacks against machine learning models and study the means to prevent these attacks.
- Collaborative Learning: We will analyze the risks to trustworthy machine learning that arise in collaborative machine learning setups and look into their mitigations.
- Model Confidentiality: We will see that machine learning models can be easily stolen through different methods, such as simple copies of the models, or the private training data, or the extraction of the model exposed via a public or private API. We will analyze different attack strategies to steal the models and the state-of-the-art defense methods.
- Robustness: We will learn about different facets of robustness, such as robustness to out-of-distribution samples, natural noise present in the input data, or adversarial examples, where attackers incur imperceptible changes to the input to ML models to fool their predictions.
- Fairness and Bias: We will scrutinize the behavior of ML models on different subgroups of the training data. We will assess the models’ responses to inputs with different attributes and will uncover the potential causes of unfair or biased model responses and current mitigations.
- Explainability: We will address the challenges that arise from machine learning models’ black-box behavior and look into techniques to explain predictive behavior.
- Security and Governance: Machine learning applications are usually not isolated but integrated in some systems in a given society with their respective norms and values. We will study the security risks that can arise from the deployment of machine learning applications and how to use governance approaches to mitigate these risks.
Throughout the course, we will discuss outstanding challenges and future research directions to make machine learning more robust, private, and trustworthy.
Assignments
The course entails 4 practical graded assignments based on implementing the concepts studied during the lecture. Assignments need to be handed in groups of two.
- Assignment 1: Membership Inference – due Wednesday, May 6 2024
- Assignment 2: Model Extraction – due Tuesday, May 26 2024
- Assignment 3: Robustness – due Wednesday, Jun 17 2024
- Assignment 4: Fairness – due Wednesday, Jul 8 2024
Schedule
| Date | Topic | Format / Location | Notes |
|---|---|---|---|
| 17.04. | Overview, Administration & Intro | In-Person | |
| 24.04. | Privacy Part I | In-Person | |
| 08.05. | Privacy Part II | Remote (Zoom Link) | Only this session is remote |
| 15.05. | Model stealing and defenses (Supervised Learning - SL) | In-Person | |
| 22.05. | Model stealing and defenses (Self-Supervised Learning - SSL) | In-Person | |
| 29.05. | Adversarial Machine Learning / Robustness | In-Person | |
| 05.06. | Midterm-Exam & Collaborative learning Part I | In-Person | Dual schedule day |
| 12.06. | Collaborative learning Part II | In-Person | |
| 19.06. | Fairness and bias | In-Person | |
| 10.07. | Explainability | In-Person | |
| 17.07. | Security and Governance | In-Person | |
| 24.07. | Summary & Open Questions | Remote (Zoom Link) | |
| 31.07. | Final Exam | Lecture Hall 002, Building E1 3 (UdS Campus) | Time: 16:00 - 18:00 |
Feedback
You can ask your questions in the respective thread in the Forum on CMS.
Course Staff
- Adam Dziedzic (Instructor)
- Franziska Boenisch (Instructor)