News
registrationWritten on 14.04.25 by Yang Zhang Hi all, Thank you so much for choosing the lecture; we will try our best not to let you down. However, there have been more than 70 students sending us emails during the past few days regarding registration, so for those who manage to register but are not that into the lecture, please… Read more Hi all, Thank you so much for choosing the lecture; we will try our best not to let you down. However, there have been more than 70 students sending us emails during the past few days regarding registration, so for those who manage to register but are not that into the lecture, please de-register asap. Many thanks! Yang |
First Lecture TimeWritten on 07.04.25 by Yixin Wu Dear All,The first lecture will start on April 14th, 2025. Best, Yixin |
Attacks Against Machine Learning Models
Overview
This course will cover the topic of attacks against machine learning models
- Privacy
- Membership inference
- Dataset reconstruction
- Attribute inference
- Security
- Backdoor
- Model stealing
- Safety
- Hijacking
- Toxicity
Prerequisites
- Basic knowledge of machine learning and data mining
- A security background is not needed
Logistics
Location: Lecture hall, CISPA Building, E9 1
Lecturer: Yang Zhang
TAs: Yixin Wu, Xinyue Shen, Yiting Qu
Contact: yixin.wu@cispa.de
Time: Monday 12:00 - 13:30; start from April 14th.
Schedule
04.14 Membership inference (Rui); Campus E9 1 0.05
04.28 Poisoning (Yixin); Campus E9 1 0.05
05.05 Adversarial example (Mingjie); Campus E9 1 0.05
05.12 Plot + MLDoctor + SecurityNet (Boyang); Campus E9 1 0.05
05.19 Jailbreak +GPTs (Xinyue); Campus E9 1 0.05
05.26 Safety of VLM (Yiting); Campus E9 1 0.02
06.02 Deepfake detection (Yiting); Zoom (link will be available later)
06.16 Prompt stealing (Xinyue); Campus E9 1 0.02
06.23 Prompt injection (Yixin); Campus E9 1 0.05
06.30 Agent + Simlife (Yixin); Campus E9 1 0.05
Grading
The course will be graded by 100% via oral exam.
Note that students who have taken the advanced lectures
- Machine Learning Privacy
- Privacy Enhancing Technologies (2018-2021)
cannot take this one due to the significant overlap between them.