
Currently, no news are available

Trustworthy Machine Learning

If you want to register for the seminar, you should do so via the central seminar assignment system.

Time and place: The course will take place on Wednesdays from 2 pm to 4 pm in the CISPA C0 building (on campus).

Description: Deploying machine learning in real-world systems necessitates methods to ensure trustworthy AI. This course explores research at the intersection of machine learning, privacy, and security. This course provides a comprehensive overview of techniques to build robust and trustworthy machine learning models, focusing on neural networks. We will examine seminal work on privacy-preserving machine learning methods. Our primary focus will be on Large Language Models (LLMs) and Diffusion Models (DMs). Throughout the course, we will discuss outstanding challenges and future research directions to make machine learning more robust, private, and trustworthy.

Class structure: In every class, we will discuss two papers. At the beginning of the semester, students will be assigned roles that will rotate every week. There are three roles:

1. The Presenters: Two students. Each of them presents a paper and takes the lead in answering the questions posed by the Questioners.

2. The Questioners: This group is responsible for preparing a list of 4–5 questions about the papers to be discussed in class. For a given week, The Questioners must prepare their questions during the preceding week, and send them to the rest of the class by 5 pm Monday. This means that the Questioners must read the papers for their assigned week several days in advance of the actual discussion sessions. We suggest aiming to read the papers by the end of the day on Sunday, to allow at least one day to discuss possible questions.

3. The Observers: This group will take notes on a shared document during a discussion. These notes are not meant to be a transcription of what is being said in the discussion; they should capture the major take-away points of the discussion, as well as any issues. The Observers should also search for additional resources or answers to unresolved questions.

These roles do not preclude anyone in the class from participating in the discussion. A member of The Observers can jump in when a question is posed, and a presenter can pose a new question on the fly.

Project: The seminars also incorporate project work to foster research skills and creativity. Students begin by selecting papers from the field of trustworthy machine learning that align with their interests. They present these papers and design a project with the potential to evolve into a scientific publication. We encourage you to think critically, identifying weak assumptions in prior work, exploring ways to improve existing methods, combining ideas from multiple sources, or integrating your own experiences and insights from the seminar discussions. Each student writes a comprehensive report detailing their findings and includes code to validate their results. At the end of the semester, you present your projects to the entire class, showcasing the progress and innovations.

Requirements: The course presumes a good understanding of machine learning. The students should have taken and passed a machine learning course and obtained a good grade (<2.0). This seminar is open to senior Bachelor, Master, and Doctoral students. Through seminal and recent papers, students will survey the emerging literature across research communities investigating these issues. The class aims to inspire new research directions and applications. Lectures, slides, and research papers comprise the course materials - no textbook is required. By engaging with the latest work in this rapidly evolving field, students will be prepared to advance trustworthy machine learning. Each student will present one or two papers during the seminar hours in the form of an oral presentation. In addition, each student will read the relevant papers for the other students’ presentations, and hand in a seminar paper summarizing their project at the end of the semester. There will be two sessions when each student presents their project for 10 minutes.


Grading scheme: 50% as presenters (paper presentation, slide deck, and in-class discussion), 25% for the research project with a report and a poster, 15% weekly questions and comments as Questioners, 10% as Observers/Scribes, who write a report after each lecture and resolve any unsolved issues.

Class participation: Course lectures will be driven by the contents of assigned papers. However, students are going to be required to (i) turn in 3 questions (1/paper) each week as a Questioner and actively participate in the discussion, (ii) present a paper and participate in discussions of the paper content during each class as a Presenter, and (iii) prepare the notes after the class and comment on the slides as the Observer. Hence, the student's ability to exhibit comprehension of papers is essential to a passing grade.

Lateness policy: Questions submissions are assigned each week and presentations will not be accepted late (students will be assigned a 0 for that week). All other assignments (i.e., class or project reports) will be assessed a 10% per day late penalty, up to a maximum of 2 days. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.

Integrity: Students have to behave ethically.


Detailed list of rooms and papers for the seminar:

16.10.24 zoom: (1) "Tight Auditing of Differentially Private Machine Learning" USENIX 2023, (2) “Stealing Part of a Production Language Model” ICML 2024
23.10.24 room 0.02 (on the right from the entrance to C0) Papers: (1) dp-promise: Differentially Private Diffusion Probabilistic Models for Image Synthesis USENIX 2023, (2) Auditing Private Prediction ICML 2024
30.10.24 room 0.05 (lecture hall) (1) VLATTACK: Multimodal Adversarial Attacks on Vision-Language Tasks via Pre-trained Models (2) Robust Reinforcement Learning from Corrupted Human Feedback
13.11.24 room 0.02 (1) CLIP2Protect: Protecting Facial Privacy Using Text-Guided Makeup via Adversarial Latent Search (2) Localizing Memorization in SSL Vision Encoders
20.11.24 room 0.02 Presentations of projects (each student 10 min)

Work on projects.

18.12.24 room 0.02
08.01.25 room 0.02 (1) ViP: A Differentially Private Foundation Model for Computer Vision (ICML 2024)
15.01.25 room 0.02
22.01.25 room 0.02
29.01.25 room 0.02
05.02.25 room 0.02 Presentations of the projects (each person 10 min); Deadline to hand in the reports.

Online Communication: vis Discord (ask me for the link to the server via email).



The sign-up sheet for the presentations: Sign-up Sheet



Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.