Wrapping up the course:

Concerning the submission of your papers, see the formal requirements and the template in the course resources.

As we agreed, papers are due by September 30.
I created an assignment where you can upload them. If you have any questions before, or want thorough feedback, please reach out to franziska.boenisch@fu-berlin.de.

Important Information

The course will be held in an ONLINE format via Webex (link below). Course time is 2PM-4PM (=2:15PM-3:45PM) on Thursdays. See the dates of course below.

For those who are at FU Berlin, you can use SR006 in Taku Str. 9, which has been booked for our seminar. Please make sure that when you are giving your presentation, you bring an adequate microphone device, such that also remote participants can hear you well.

For requirements and grading, see Resources > 01-Introduction slide deck.

Get in contact: franziska.boenisch@fu-berlin.de

Please note that spots in this seminar are limited. Therefore, make sure that you have a CM registration: https://www.fu-berlin.de/sites/campusmanagement/N3InfoStudenten/Anmeldezeitraum/index.html

----------------------------------------------------------------------------------------------

Link to course:

Meeting-Link:

https://fu-berlin.webex.com/fu-berlin/j.php?MTID=m4841ba2e9f40a64971eeabd604d2b817

Meeting-Kennnummer:

2734 951 6756

Passwort:

gfM5Zr2iMJ6

-----------------------------------------------------------------------------------------------

Topic Assignment:

Defending model integrity at test-time:  Nicolai Wolfrom (Peer Group 1)

Model confidentiality: Jonas Schäfer (Peer Group 1)

Privacy attacks against ML models: Florian Suhre (Peer Group 2)

Differential privacy: Vishal Singh (Peer Group 2)

Fairness and ethics in ML: Tanita Daniel (Peer Group 3)

Federated learning and trustworthiness: Karim Ismail (Peer Group 3)

-----------------------------------------------------------------------------------------------

Topics and Dates

Reading List per Topic

Every student is supposed to read all the papers ahead of the respective presentations to be able to actively participate in the discussions.

Attacking and defending model integrity during training-time

• Nelson et al., Exploiting Machine Learning to Subvert Your Spam Filter.
• Jagielski et al., Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning.
• Shafahi et al., Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks.
• Wang et al., Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks.

Attacking model integrity at test-time

• Szegedy et al., Intriguing properties of neural networks.
• Papernot et al., Practical Black-Box Attacks against Machine Learning.
• Explaining and harnessing adversarial examples.
• Towards Evaluating the Robustness of Neural Networks.

Defending model integrity at test-time

• Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples.
• Towards Deep Learning Models Resistant to Adversarial Attacks.
• Provable defenses against adversarial examples via the convex outer adversarial polytope

Model confidentiality

• Tramer et al., Stealing Machine Learning Models via Prediction APIs.
• Batina et al., CSI NN: Reverse Engineering of Neural Network Architectures Through Electromagnetic Side Channel.
• Jagielski et al., High-Fidelity Extraction of Neural Network Models.
• A Systematic Review on Model Watermarking for Neural Networks.

Privacy attacks against ML models

• Narayanan and Shmatikov, Robust De-anonymization of Large Sparse Datasets.
• Shokri et al., Membership Inference Attacks against Machine Learning Models.
• Carlini et al., The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks.
• Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures.

Differential privacy

• Dwork et al., Calibrating Noise to Sensitivity in Private Dat Analysis.
• Abadi et al., Deep Learning with Differential Privacy.
• Papernot et al., Semi-supervised Knowledge Transfer for Deep Learning from Private Training Data.

Fairness and ethics in ML

• Dwork et al., Fairness Through Awareness.
• On Formalizing Fairness in Prediction with Machine Learning
• Gender Shades: Intersectional Accuracy Disparities in Commercial Gender Classification
• A Survey on Bias and Fairness in Machine Learning

Federated learning and trustworthiness

• When the Curious Abandon Honesty: Federated Learning Is Not Private
• Advances and Open Problems in Federated Learning (Chapter 4 to Chapter 6 - Preserving the Privacy of User Data; Defending Against Attacks and Failures; Ensuring Fairness and Addressing Sources of Bias)

-----------------------------------------------------------------------------------------------

Course Description

Machine learning found its way in a broad variety of sensitive applications, such as health care, hiring processes, and autonomous service. Thereby, it has a direct impact on our daily lives and potential malfunctioning could cause severe damages for the individual and society as a whole.

In this seminary, we will therefore set out to study what it means for machine learning to be trustworthy. We will include several different aspects of trustworthiness, such as security, privacy, and fairness. We will study recent work from all the respective communities to gain an understanding of new research directions in the field.

This includes but is not limited to studying:

• Training and test time attacks against the integrity of ML models, such as data poisoning and adversarial machine learning
• Privacy attacks against machine learning models and their training data, such as membership inference attacks, model inversion attacks, and property inference attacks
• Algorithmic fairness in machine learning
• Confidentiality of machine learning models and their training data

The seminary requires students to exhibit a basic understanding of machine learning. Additionally, the students are required to familiarize themselves with the scientific papers listed in the pre-course reading list below.

Literatur

Pre-course reading list:

• Papernot, Nicolas, Patrick McDaniel, Arunesh Sinha, and Michael P. Wellman. "Sok: Security and privacy in machine learning." In 2018 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 399414. IEEE, 2018.
• Szegedy, Christian, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. "Intriguing properties of neural networks." arXiv preprint arXiv:1312.6199 (2013).
• Mehrabi, Ninareh, Fred Morstatter, Nripsuta Saxena, Kristina Lerman, and Aram Galstyan. "A survey on bias and fairness in machine learning." ACM Computing Surveys (CSUR) 54, no. 6 (2021): 1-35.

Zusätzliche Informationen

Teilnahmevoraussetzung: Erfolgreich abgeschlossener Kurs “Mustererkennung / Machine Learning” oder vergleichbares.