News

Proposal Feedback

Written on 24.06.24 by Xiao Zhang

Good Morning Everyone,

Well done with the proposal. Each submitted proposal should have received my feedback. You can check them on CMS and are encouraged to integrate them into your final paper.

Cheers,

Xiao

Course Evaluation

Written on 19.06.24 by Xiao Zhang

Good Morning Everyone,

Here is the link to the course evaluation: https://qualis.uni-saarland.de/eva/?l=150490&p=ssohot. It will take you about 5 minutes to complete the evaluation form. I would appreciate it if you could fill out and submit the evaluation form by 17.07.2024. 

PS: Tomorrow's… Read more

Good Morning Everyone,

Here is the link to the course evaluation: https://qualis.uni-saarland.de/eva/?l=150490&p=ssohot. It will take you about 5 minutes to complete the evaluation form. I would appreciate it if you could fill out and submit the evaluation form by 17.07.2024. 

PS: Tomorrow's class will be led by Minxing Zhang - a student of mine - since I am out of the city. 

Best regards,

Xiao

Reminder - LSF Registration

Written on 23.05.24 by Xiao Zhang

Good Morning,

This is a reminder to register for the course on LSF. The deadline for LSF registration is May 30th. If you miss this deadline, you will not be able to receive CPs and grades for this course.

Cheers,

Xiao

Review & Proposal

Written on 18.05.24 (last change on 18.05.24) by Xiao Zhang

Hi everyone,

The list of papers for review have been finalized. Please check the correponding CMS page: https://cms.cispa.saarland/aml_24/4/Paper_Review.

Note that the proposal for the seminar paper will be due in approximately a month. You can now start to think about the topic of your seminar… Read more

Hi everyone,

The list of papers for review have been finalized. Please check the correponding CMS page: https://cms.cispa.saarland/aml_24/4/Paper_Review.

Note that the proposal for the seminar paper will be due in approximately a month. You can now start to think about the topic of your seminar paper. Instructions can be found on this CMS page: https://cms.cispa.saarland/aml_24/5/Seminar_Paper.

Cheers,

Xiao

LSF Registration

Written on 07.05.24 (last change on 07.05.24) by Xiao Zhang

Hi everyone,

This is a reminder to register for the course on LSF. Be aware that the deadline for LSF registration is May 30.

By the way, I've created the groups for each presenting/challenging team on CMS so that you can find the contact information of your team members. Also, I have enabled… Read more

Hi everyone,

This is a reminder to register for the course on LSF. Be aware that the deadline for LSF registration is May 30.

By the way, I've created the groups for each presenting/challenging team on CMS so that you can find the contact information of your team members. Also, I have enabled the forum on CMS. Feel free to post any questions there.

Cheers,

Xiao

Topic & Team Assignments Finalized

Written on 06.05.24 by Xiao Zhang

Good Morning,

According to the indicated topic preferences, the team and topic assignments have been finalized. Detailed information can be found on the Google spreadsheet (link). Please check the assignment. Each team consists of three students, a team leader, and two student members. The team… Read more

Good Morning,

According to the indicated topic preferences, the team and topic assignments have been finalized. Detailed information can be found on the Google spreadsheet (link). Please check the assignment. Each team consists of three students, a team leader, and two student members. The team leader is responsible for distributing tasks among team members. Everyone on the team should be responsible and cooperative. 

The first presenting/challenging team should now start preparing the presentation/questions. Send me an email if you have any questions. Otherwise, I look forward to your presentations.

Best regards,

Xiao

Seminar Kickoff

Written on 30.04.24 by Xiao Zhang

Hi everyone,

Our seminar kickoff will be 12:15 - 13:45 this Thursday, 02.05.2024. The meeting location is Room 0.02, CISPA Main Building.

I will give an overview of the course during the seminar kickoff. You can also check the Seminar Schedule Page for the planned course schedule. Look forward… Read more

Hi everyone,

Our seminar kickoff will be 12:15 - 13:45 this Thursday, 02.05.2024. The meeting location is Room 0.02, CISPA Main Building.

I will give an overview of the course during the seminar kickoff. You can also check the Seminar Schedule Page for the planned course schedule. Look forward to seeing you all!

Cheers,

Xiao

Show all

(Pro-)Seminar: Topics in Adversarial Machine Learning

Course Objective: In this hybrid seminar, we will focus on understanding the security threats adversaries pose to machine learning systems and the recent algorithmic advancements in building more robust machine learning systems to mitigate those threats. We will particularly look into several theoretical works on understanding and characterizing the fundamental limits of adversarial machine learning. Registration for the seminar is not possible directly. Please use the CS department assignment system to indicate your interest and to register your bid.

Expected Background: Previous background in statistics and machine learning would be beneficial but optional as long as you are motivated and able to learn relevant fundamentals. To self-assess whether this is the right course, you can read the following papers to check how much you can understand these papers and whether you are interested in the topics or not:

Instructor: Xiao Zhang (xiao.zhang@cispa.de). 

Meeting Time: from 12:15 to 13:45 on each Thursday

Meeting Location: Room 0.02, CISPA Main Building, Stuhlsatzenhaus 5


Course Expectations

Students enrolled in this seminar are expected to:

  • Lead discussions on assigned topics. Students will be assigned to teams of 3-4 students. Each week, a team of students will prepare and present two assigned papers on a research topic in adversarial machine learning, then lead the discussion and answer questions from the audience. A different team of students will be responsible for preparing challenging questions for the presenting team and writing a one-page summary to document the in-class activities. The presenting team should deeply understand the research papers to deliver a well-structured presentation.
  • Participate actively in class meetings. All other students should also read the assigned papers on the presenting topic each week and contribute to Q&A sessions. Each student is expected to write reviews on two of the assigned research papers during the semester.
  • Seminar paper. Each team will hand in a survey paper (for seminar students) or a systematization of knowledge (SoK) paper (for proseminar students). I will explain this in the kick-off meeting. Also, you may want to discuss your team project with the instructor early in the semester.

Deliverables

Review (20%). Write reviews for assigned research papers. Throughout the semester, you should expect to write two reviews (each consisting of 10% of your final grades). The review should aim to address the following questions:

  • What is the problem addressed by the paper?
  • What was done before, and how does the paper improve prior works?
  • What are the strengths and the weaknesses of the paper?
  • What part of the paper was difficult to understand?
  • What are possible improvements or further implications of the paper?

The review should be, at most, two pages long, using the NeurIPS LaTeX template. You may want to read the ICML 2023 Reviewer Tutorial for instructions on how to write a good review.

Presentation and Summary (40%). You will form a team of 3-4 students and deliver a 40-minute presentation followed by a 20-minute Q&A session on the topics assigned to you in an early class. A different team of students is responsible for preparing (at least three) challenging questions and summarizing the in-class activities (presentation and Q&A sessions).

Seminar Paper (40%). Write a seminar paper on a research topic of adversarial machine learning that is aligned with your interest. For seminar students, you are supposed to write a survey paper. For proseminar students, you are supposed to write a systematization of knowledge (SoK) paper. Each sudent will submit a proposal and a seminar paper, both using the NeurIPS LaTeX template. The proposal should not be over two pages and the seminar paper should not be over six pages, not counting references and appendices. Papers can be shorter, but generally, the provided page limit indicates how long a typical paper should be.


Important Details

  1. Kick-off meeting in the first week of the semester
    • Time: from 12:15 to 13:45 on Thursday, 02.05.2024
    • Location: Room 0.02, CISPA Main Building, Stuhlsatzenhaus 5
  2. We will assign topics and form teams based on interests. 
  3. The summary of in-class activities is due one week after each presentation day.
  4. We plan to have in-person meetings as long as possible and switch to online if needed. Attendance and contributions to discussions in all class meetings are mandatory.
  5. You may want to discuss the topic of your seminar paper with the instructor earlier in the semester (by appointment).
  6. For the seminar papers, the initial proposal is due on 20.06.2024. You will receive feedback on your proposal within a week. The final submission deadline is 25.07.2024

List of Topics

We plan to include the following research topics in adversarial machine learning:

  1. Adversarial Examples & Robustness Evaluation
  2. Adversarial Training & Robust Generalization
  3. Robustness Certification Methods
  4. Intrinsic Limits on Adversarial Robustness
  5. Data Poisoning Attacks
  6. Backdoor Attacks
  7. ML Privacy
  8. Adversarial ML in Generative AI

Note that the above list of topics may be subject to change.


Honor and Responsibilities

We believe in the value of a community of trust and expect all students in this class to contribute to strengthening that community. The course will be better for everyone if everyone can assume everyone else is trustworthy. The course instructor starts with the assumption that all students deserve to be trusted. In this course, we will be learning about and exploring some vulnerabilities that could be used to compromise deployed systems. You are trusted to behave responsibly and ethically. You may not attack any system without the permission of its owners and may not use anything you learn in this class for evil. If you have any doubts about whether or not something you want to do is ethical and legal, you should check with the course instructor before proceeding.

Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.