Machine Learning Security Lea Schönherr


Currently, no news are available

Seminar Description

The intersection between security and machine learning can be viewed from two perspectives: The security of machine learning algorithms and systems, e.g., adversarial examples and poisoning attacks. Second is the use machine learning methods to improve and analyze the security of a system, e.g., malware detection or decompilation. In this seminar, we will cover recent publications from both sides by reading and summarizing the state-of-the-art on these two topics and performing an artefact evaluation of their code to verify and comprehend the practical implementations of the latest scientific publications.


The seminar is structured into two parts. In both parts, you will work in groups of two:

  • You will write a short survey paper on the main topic of your assigned paper.
  • You will evaluate the code of the paper during an artefact evaluation.


Your group will be assigned a topic (related to your assigned paper) for which you will read and summarize the current research in a survey paper. The resulting survey papers will undergo a peer review process similar to academic conferences. This includes review, rebuttal, and revision phases in which everyone must participate.

This includes:

  • Writing a short survey paper on the main topic of the group's papers (max. 6 pages)
  • Reviewing two works from other groups to provide feedback
  • Improving the original survey paper based on the feedback

Artefact Evaluation

Artefacts such as code and datasets are an essential part of today's research to be able to reproduce results and foster future research. Top computer science and security conferences conduct artefact evaluations performed by independent reviewers to ensure that the quality of provided artefacts meets certain criteria. These criteria include reproducibility, consistency with the paper, and the quality of the documentation.

In this seminar, we will review the artefacts of research papers. During the assessment, you will check and run the code and verify that you can reproduce the results reported in the paper. At the end of the semester, your group will submit a report that covers the above criteria.

Important Dates

  • Kick-off meeting in the first week of the semester: TBA
  • Group and paper assignments: TBA
  • Submission of first version of survey paper: TBA
  • Submission of reviews: TBA
  • Submission of final version of survey paper: TBA
  • Submission of artefact evaluation report: TBA

List of Papers

Chong Xiang, Saeed Mahloujifar, and Prateek Mittal, "PatchCleanser: Certifiably Robust Defense against Adversarial Patches for Any Image Classifier," USENIX Security Symposium, 2022 [paper]

Pratik Vaishnavi, Kevin Eykholt, and Amir Rahmati, "Transferring Adversarial Robustness Through Robust Representation Matching," USENIX Security Symposium, 2022 [paper]

Giulio Lovisotto, Henry Turner, Ivo Sluganovic, Martin Strohmeier, and Ivan Martinovic, "SLAP: Improving Physical Adversarial Examples with Short-Lived Adversarial Perturbations," USENIX Security Symposium, 2021 [paper]

Eugene Bagdasaryan and Vitaly Shmatikov, "Blind Backdoors in Deep Learning Models," USENIX Security Symposium, 2021[paper]

Xiaoyong Yuan and Lan Zhang, "Membership Inference Attacks and Defenses in Neural Network Pruning," USENIX Security Symposium, 2022 [paper]

Limin Yang, Wenbo Guo, Qingying Hao, Arridhana Ciptadi, Ali Ahmadzadeh, and Xinyu Xing, The Pennsylvania State University; Gang Wang, "CADE: Detecting and Explaining Concept Drift Samples for Security Applications," USENIX Security Symposium, 2021[paper]


  • Final survey paper (50 % of your final grade)
  • Reviews (10 % of your final grade)
  • Artefact evaluation report (40 % of your final grade)

Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators