News
Venue Change for Lectures on June 16th and June 30thWritten on 05.06.25 by Yixin Wu Hi all, Due to unforeseen circumstances, the lectures on June 16th and June 30th will be moved online. The time will remain the same. The Zoom links: 6.16 https://cispa-de.zoom-x.de/j/68708140905 6.30 https://cispa-de.zoom-x.de/j/62743453909 We appreciate your understanding. Best, Yixin |
Zoom Link for Fake Image Detection (02.06.2025)Written on 02.06.25 (last change on 02.06.25) by Yiting Qu Hi, greetings, Today, we will provide an online lecture due to a room conflict. Zoom Link: https://cispa-de.zoom-x.de/j/63662347623?pwd=ZyRsyaaJ1mb8hnnrIbmaGXCw8KYkHI.1 Time: 12-13:30, 02.06.2025 Best, Yiting Qu |
registrationWritten on 14.04.25 by Yang Zhang Hi all, Thank you so much for choosing the lecture; we will try our best not to let you down. However, there have been more than 70 students sending us emails during the past few days regarding registration, so for those who manage to register but are not that into the lecture, please… Read more Hi all, Thank you so much for choosing the lecture; we will try our best not to let you down. However, there have been more than 70 students sending us emails during the past few days regarding registration, so for those who manage to register but are not that into the lecture, please de-register asap. Many thanks! Yang |
First Lecture TimeWritten on 07.04.25 by Yixin Wu Dear All,The first lecture will start on April 14th, 2025. Best, Yixin |
Attacks Against Machine Learning Models
Overview
This course will cover the topic of attacks against machine learning models
- Privacy
- Membership inference
- Dataset reconstruction
- Attribute inference
- Security
- Backdoor
- Model stealing
- Safety
- Hijacking
- Toxicity
Prerequisites
- Basic knowledge of machine learning and data mining
- A security background is not needed
Logistics
Location: Lecture hall, CISPA Building, E9 1
Lecturer: Yang Zhang
TAs: Yixin Wu, Xinyue Shen, Yiting Qu
Contact: yixin.wu@cispa.de
Time: Monday 12:00 - 13:30; start from April 14th.
Schedule
04.14 Membership inference (Rui); Campus E9 1 0.05
04.28 Poisoning (Yixin); Campus E9 1 0.05
05.05 Adversarial example (Mingjie); Campus E9 1 0.05
05.12 Plot + MLDoctor + SecurityNet (Boyang); Campus E9 1 0.05
05.19 Jailbreak +GPTs (Xinyue); Campus E9 1 0.05
05.26 Safety of VLM (Yiting); Campus E9 1 0.02
06.02 Deepfake detection (Yiting); Zoom (https://cispa-de.zoom-x.de/j/63662347623?pwd=ZyRsyaaJ1mb8hnnrIbmaGXCw8KYkHI.1)
06.16 Prompt injection (Yixin); Zoom (https://cispa-de.zoom-x.de/j/68708140905)
06.23 Prompt stealing (Xinyue); Campus E9 1 0.05
06.30 Agent + Simlife (Yixin); Zoom (https://cispa-de.zoom-x.de/j/62743453909)
Grading
The course will be graded by 100% via oral exam.
Note that students who have taken the advanced lectures
- Machine Learning Privacy
- Privacy Enhancing Technologies (2018-2021)
cannot take this one due to the significant overlap between them.