Summer 2023

Instructor: Adam Dziedzic

Contact: adam.dziedzic@cispa.de

Lectures: Course lectures driven by the content of assigned research papers.

Exercise Sessions: Roles rotate weekly: Presenters, Questioners, Observers.

CMS

Description

The deployment of machine learning in real-world systems necessitates methods to ensure trustworthy AI. This course explores research at the intersection of machine learning, security, and privacy. This course provides a comprehensive overview of techniques to build robust and trustworthy machine learning models, with a focus on neural networks. We will examine seminal work on defending against adversarial attacks, detecting out-of-distribution inputs, and adapting models to distribution shifts. We will analyze privacy-preserving collaborative learning methods that enable multiple parties to jointly train models without exposing private data or models. To protect intellectual property, we will study approaches for thwarting model stealing attacks and establishing ownership of models. Special attention will be given to watermarking techniques for large language models and defending against data reconstruction attacks on foundation models. Throughout the course, we will discuss outstanding challenges and future research directions to make machine learning more robust, private, and trustworthy.

Assignments

• Presenters (50%): Paper presentation, slide deck, and leading discussions.
• Research Project (20%): A terminal project report and a poster layout.
• Questioners (20%): Turn in 3 questions (1/paper) each week by 5pm Monday.
• Observers (10%): Maintain notes on a shared document to capture takeaways.

Course Staff

• Adam Dziedzic (Instructor)