News
Initial Report Due tomorrowWritten on 10.07.23 by Xiao Zhang Good Morning Everyone, I hope you enjoyed the sunshine over the last weekend! This is a general reminder that the initial submission of the final report is due tomorrow, so do not forget to submit the report on time. I will see you all on Wednesday!
Cheers, Xiao
|
Review FeedbackWritten on 05.06.23 by Xiao Zhang Hi everyone, I hope you are doing well! You should have received feedback on all of your previous reviews on the CMS portal. You are encouraged to incorporate the feedback into your future reviews. Also, the due date for the initial submission of the paper of your final project is finalized as… Read more Hi everyone, I hope you are doing well! You should have received feedback on all of your previous reviews on the CMS portal. You are encouraged to incorporate the feedback into your future reviews. Also, the due date for the initial submission of the paper of your final project is finalized as July 11, and you have until July 21 to revise your paper. So probably, it is time for you to start thinking about your final project and discussing it with your teammate. For more information regarding this update, check the course syllabus (https://cms.cispa.saarland/aml_seminar/). By the way, we are not going to meet this week, so I look forward to seeing you all next Wednesday.
Cheers, Xiao |
Blog Post for Class 3Written on 25.05.23 by Xiao Zhang Hi everyone, I just posted the slides and the blog for Class 3 on our course website (https://trustml-cispa.gitlab.io/seminar_aml_ss23/posts/class_3/). Also, I posted some useful information on how to write an SoK paper (an option for your final project). You can check it… Read more Hi everyone, I just posted the slides and the blog for Class 3 on our course website (https://trustml-cispa.gitlab.io/seminar_aml_ss23/posts/class_3/). Also, I posted some useful information on how to write an SoK paper (an option for your final project). You can check it here: https://trustml-cispa.gitlab.io/seminar_aml_ss23/resources/sok/. Hope all of you will have a wonderful evening!
Best regards, Xiao |
Blog of the First Class PostedWritten on 13.05.23 by Xiao Zhang Hi everyone, Hope you enjoy the sunshine today! I made a simple blog for our first class this Wednesday and posted it on our course website here: https://trustml-cispa.gitlab.io/seminar_aml_ss23/posts/class_1/. I made the blog this time because Shreyash is auditing the seminar. @Shreyash, shout… Read more Hi everyone, Hope you enjoy the sunshine today! I made a simple blog for our first class this Wednesday and posted it on our course website here: https://trustml-cispa.gitlab.io/seminar_aml_ss23/posts/class_1/. I made the blog this time because Shreyash is auditing the seminar. @Shreyash, shout out if you want to add or change anything. By the way, the submission (https://cms.cispa.saarland/aml_seminar/submissions/) is open for review for topic 2. Remember to submit your review by next Tuesday. Cheers, Xiao
|
First Class Meeting on WednesdayWritten on 08.05.23 by Xiao Zhang Hi everyone, Hope you have had a nice weekend! We are going to have our first meeting this Wednesday (14:15 - 15:45) in Conference Room 0.07, CISPA Main Building. I look forward to seeing you all! PS: The first paper review is going to be due this Tuesday. Remember to send your review to my… Read more Hi everyone, Hope you have had a nice weekend! We are going to have our first meeting this Wednesday (14:15 - 15:45) in Conference Room 0.07, CISPA Main Building. I look forward to seeing you all! PS: The first paper review is going to be due this Tuesday. Remember to send your review to my email (or submit it on the CMS portal under the submission tab: https://cms.cispa.saarland/aml_seminar/submissions/). Cheers, Xiao |
Location of class meetingsWritten on 28.04.23 by Xiao Zhang Good morning everyone, The location of our weekly class meeting is finalized. We will meet in Conference Room 0.07 at CISPA Main Building, the same room as the kick-off meeting. The first meeting will be Wednesday (10.05) from 14:15 to 15:45. Remember to register for the seminar course on the… Read more Good morning everyone, The location of our weekly class meeting is finalized. We will meet in Conference Room 0.07 at CISPA Main Building, the same room as the kick-off meeting. The first meeting will be Wednesday (10.05) from 14:15 to 15:45. Remember to register for the seminar course on the LSF portal. Also, remember to read the first two papers and write the review. I hope you all have a good weekend, and I look forward to seeing you at the first meeting! Cheers, Xiao |
Register on LSFWritten on 26.04.23 (last change on 26.04.23) by Xiao Zhang Hi everyone! Please note that you have to register yourself for this seminar course on the LSF portal by May 7th. Best regards, Xiao |
Topics Assigned and Schedule Finalized!Written on 26.04.23 (last change on 26.04.23) by Xiao Zhang Hi everyone, Thanks for submitting your topic preferences and your preferences for the weekly class meeting time! For future class meetings, we will meet from 14:15 - 15:45 each Wednesday. The meeting place will be announced later this week. The detailed course schedule can be found on the… Read more Hi everyone, Thanks for submitting your topic preferences and your preferences for the weekly class meeting time! For future class meetings, we will meet from 14:15 - 15:45 each Wednesday. The meeting place will be announced later this week. The detailed course schedule can be found on the course website here: https://trustml-cispa.gitlab.io/seminar_aml_ss23/schedule/. You can also see the topic assignment on that page or check more information (including information about team assignment) here: https://trustml-cispa.gitlab.io/seminar_aml_ss23/teams/. Feel free to send me an email if you have any questions. Otherwise, I look forward to seeing you all on the first presentation day (10.05.2023). Best regards, Xiao |
Two Online Polls (Submit by Apr. 23, 2023)Written on 19.04.23 (last change on 26.04.23) by Xiao Zhang Hi everyone, Hope you have had a great semester so far! Since the SIC assignment was finalized yesterday, the two online polls have been created, as mentioned during the seminar kick-off. The links to the polls are attached below. Follow the instructions to submit your votes at your earliest… Read more Hi everyone, Hope you have had a great semester so far! Since the SIC assignment was finalized yesterday, the two online polls have been created, as mentioned during the seminar kick-off. The links to the polls are attached below. Follow the instructions to submit your votes at your earliest convenience. The deadline for submitting your votes is Apr. 23, 2023. 1. For deciding the weekly class meeting time: https://terminplaner6.dfn.de/p/5b737418f6adcb39ce13cd72fbbf7b13-213073 2. For placing your preferences on research topics: https://terminplaner2.dfn.de/XFl5kWhz7LZUiBfn The results will be sent out early next week. By the way, because of the delayed notice of the SIC assignments, I slightly modified the seminar schedule. You can find the modified schedule in the syllabus or here: https://trustml-cispa.gitlab.io/seminar_aml_ss23/resources/schedule/. In particular, the first presentation will happen during 08.05 - 12.05 instead of the first week of May, so the first presenting team will have enough time (around two weeks) to prepare the presentation and get used to everything. Feel free to send me an email if you have any questions. Cheers, Xiao |
Kick-off Slides PostedWritten on 14.04.23 (last change on 14.04.23) by Xiao Zhang Hi everyone, The slides used for the seminar kick-off are now posted on the course website. You can access them here: https://trustml-cispa.gitlab.io/seminar_aml_ss23/posts/kickoff/. As discussed in the kick-off meeting, all the course-related materials will be posted on the course website in the… Read more Hi everyone, The slides used for the seminar kick-off are now posted on the course website. You can access them here: https://trustml-cispa.gitlab.io/seminar_aml_ss23/posts/kickoff/. As discussed in the kick-off meeting, all the course-related materials will be posted on the course website in the future. I will only use CMS for communications (e.g., sending out news). By the way, the online polls (for deciding the class meeting time and topic preference) will only be sent out after April 15th when the seminar assignments on SIC are finalized. Best regards, Xiao
|
Kick-off MeetingWritten on 28.03.23 (last change on 12.04.23) by Xiao Zhang Hey everyone, The kick-off meeting of this seminar will happen from 16:15 to 17:30 on Wednesday, April 13th, 2023. I have reserved a conference room in CISPA main building: Room 0.07, CISPA Main Building, Stuhlsatzenhaus 5. During the meeting, I will briefly introduce what will be covered in… Read more Hey everyone, The kick-off meeting of this seminar will happen from 16:15 to 17:30 on Wednesday, April 13th, 2023. I have reserved a conference room in CISPA main building: Room 0.07, CISPA Main Building, Stuhlsatzenhaus 5. During the meeting, I will briefly introduce what will be covered in this seminar and the expectations of this course. Reading through the course syllabus before attending the kick-off meeting is recommended. After the introduction, I will answer any questions you might have. I look forward to seeing you all on April 13th. Cheers, Xiao |
Course Objective: In this seminar, we will focus on understanding the security threats adversaries pose to machine learning systems (evasion and poisoning attacks) and the recent algorithmic advancements of building more robust machine learning systems to mitigate those threats. In addition, we will look into several theoretical works on understanding and characterizing the fundamental limits of adversarial machine learning. Registration for the seminar is not possible directly. Please use the CS department assignment system to indicate your interest and to register your bid.
Expected Background: Previous background in mathematics, statistics, machine learning, and security would be beneficial but optional as long as you are motivated and able to learn relevant fundamentals. Students in the seminar should have either a strong machine learning background or a strong security background, but you are not expected to have an extensive background in both areas. The seminar is open to ambitious undergraduate students (with permission of the instructor) and graduate students interested in adversarial machine learning research and other related topics in trustworthy machine learning. To self-assess whether this is the right course, you can read the following papers to check how much you can understand these papers and whether you are interested in the topics or not:
- Intriguing Properties of Neural Networks
- Explaining and Harnessing Adversarial Examples
- Poisoning Attacks against Support Vector Machines
Instructor: Xiao Zhang (xiao.zhang@cispa.de). My office is Room 3.12, CISPA Main Building, Stuhlsatzenhaus 5.
Meeting Time: 14:15 - 15:45 on each Wednesday
Meeting Location: Conference Room 0.07, CISPA Main Building, Stuhlsatzenhaus 5
Course Website: https://trustml-cispa.gitlab.io/seminar_aml_ss23/. All course materials will be posted on the course website. Students will be expected to provide materials to add to this site.
Course Expectations
Students enrolled in this seminar are expected to:
- Lead discussions on assigned topics during class meetings. Each week, a team of students will prepare and present a research topic in adversarial machine learning, then lead the discussion and answer questions from the audience. After the presentation, the team will also be responsible for writing a blog summary to document the in-class activities. You should get familiar with blogging mechanics for instructions on how to create a blog post. The presenting team should deeply understand the research papers related to the topic to deliver a well-structured presentation and lead an engaging discussion. I will discuss this in the kick-off meeting, assign topics, and form teams based on interests.
- Participate actively in class meetings. Each week, students who are not presenting will read two assigned research papers related to the presenting topic, write a short review for one of the papers, and prepare three well-thought questions that can contribute to in-class discussions. Reviews and questions will be shared among the group (in particular with the team charged with the presentation).
- Contribute fully to a team that develops a course-long project. Each team will hand in a final seminar paper, either a research project or a systematization of knowledge (SoK) project. I will explain this more in the kick-off meeting. Also, you may want to discuss your team project with the instructor at an early time.
Deliverables
Review (30%). Write a review for one weekly assigned research paper (the team charged with the presentation does not need to write the review). Throughout the semester, you should expect to write six reviews (each consisting of 5% of your final grades). The review should aim to address the following questions:
- What is the problem addressed by the paper?
- What was done before, and how does the paper improve prior works?
- What are the strengths and the weaknesses of the paper?
- What part of the paper was difficult to understand?
- What are possible improvements or further implications of the paper?
There are no requirements for the length of the review. However, you may want to go through the ICML 2023 Reviewer Tutorial for detailed instructions on how to write a good review. In addition to the weekly review, you should prepare three well-thought questions you want to ask the presenters during the class.
Presentation and Blog Post (40%). You will form a team of students and deliver a 45-min presentation followed by a 30-min Q&A session on the topics assigned to you in an early class. After each presentation, the responsible team must write a blog post summarizing the presentation and the discussions. Throughout the semester, your team should expect to take charge of two presentations and write two blog summaries (each consisting of 20% of your final grades).
Seminar Paper (30%). Develop a course-long team project and write a seminar paper on a topic in adversarial machine learning. This could be a research project or a systematization of knowledge (SoK) project. It must not be longer than eight pages, not counting references and appendices. Papers can be shorter, but generally, the provided page limit indicates how long a typical paper should be.
Bonus Report (5%). Write a report on a bonus topic in adversarial machine learning, summarizing your takeaways from relevant research papers and potential future research directions. The quality of the written report will determine how many bonus points you will receive (5% is the maximum).
Important Details
- Kick-off meeting in the first week of the semester
- Time: 16:15 - 17:30 on 13.04.2023 (Wednesday)
- Location: Conference Room 0.07, CISPA Main Building, Stuhlsatzenhaus 5
- We will use an online poll to assign topics and form teams based on interests.
- We will conduct an online poll after the kick-off meeting (19.04 - 24.04)
- Teams will then be formed based on interests
- We will use an online poll to decide the weekly meeting time that works for everyone.
- We will conduct an online poll after the kick-off meeting (19.04 - 24.04)
- Each paper review and three questions are due one day before each presentation.
- The blog summary is due one week after each presentation day and will be posted on the course website.
- We plan to have in-person meetings as long as possible and switch to fully online if needed. Attendance and contributions to discussions in all class meetings are mandatory.
- You may want to discuss your course-long project with the instructor earlier in the semester (by appointment).
- All seminar papers are due on 11.07. Based on your submission, you will receive feedback within one week and will have until 21.07 to improve your paper. Note that the first submission must already be good enough for the instructor to review. Otherwise, you will not receive full credits.
- Reports for bonus points are due on 21.07.
List of Topics and Papers
We plan to include the following research topics in adversarial machine learning:
- Adversarial Examples & Robustness Evaluation
- Robustness Certification Methods
- Robust Overfitting & Mitigation Methods
- Robust Generalization & Semi-Supervised Methods
- Intrinsic Limits on Adversarial Robustness
- Targeted Poisoning Attacks & Certification
- Indiscriminate Poisoning & Backdoor Attacks
- Adversarial ML Beyond Image Classification
Here is the Google spreadsheet of all the topics and papers (including bonus topics) planned for this course. Note that the list of research topics might be subject to change.
Presentation Schedule
The weekly class meeting time will be determined via an online poll earlier in the semester. The finalized schedule with detailed presenter information will be posted on the course website here: https://trustml-cispa.gitlab.io/seminar_aml_ss23/schedule/.
Honor and Responsibilities
We believe in the value of a community of trust and expect all students in this class to contribute to strengthening that community. The course will be better for everyone if everyone can assume everyone else is trustworthy. The course instructor starts with the assumption that all students deserve to be trusted. In this course, we will be learning about and exploring some vulnerabilities that could be used to compromise deployed systems. You are trusted to behave responsibly and ethically. You may not attack any system without the permission of its owners and may not use anything you learn in this class for evil. If you have any doubts about whether or not something you want to do is ethical and legal, you should check with the course instructor before proceeding.