Currently, no news are available

Trustworthy Machine Learning

Description: The deployment of machine learning in real-world systems necessitates methods to ensure trustworthy AI. This course explores research at the intersection of machine learning, security, and privacy. This course provides a comprehensive overview of techniques to build robust and trustworthy machine learning models, with a focus on neural networks. We will examine seminal work on defending against adversarial attacks, detecting out-of-distribution inputs, and adapting models to distribution shifts. We will analyze privacy-preserving collaborative learning methods that enable multiple parties to jointly train models without exposing private data or models. To protect intellectual property, we will study approaches for thwarting model stealing attacks and establishing ownership of models. Special attention will be given to watermarking techniques for large language models and defending against data reconstruction attacks on foundation models. Throughout the course, we will discuss outstanding challenges and future research directions to make machine learning more robust, private, and trustworthy.

In every class, we will discuss several papers. The papers for a given class will have a common theme. At the beginning of the semester, students will be assigned roles which will rotate every week. There are three roles:

1. The Presenters: These students present a paper and take the lead in answering the questions posed by The Questioners.

2. The Questioners: This group is responsible for preparing a list of 4–5 discussion questions about the papers to be discussed in class. For a given week, The Questioners must prepare their questions during the preceding week, and send them to the rest of the class by 5pm Monday. This means that The Questioners must read all the papers for their assigned week several days in advance of the actual discussion sessions. We suggest aiming to read the papers by the end of the day on Sunday, to allow at least one day to discuss possible questions.

3. The Observers: During a discussion, this group will take notes on a shared document. These notes are not meant to be a transcription of what is being said in the discussion; they should capture the major take-away points of the discussion, as well as any issues. The Observers should also search for additional resources, or answers to unresolved questions, on the Internet during the discussion itself.

These roles do not preclude anyone in the class from participating in the discussion. A member of The Observers can jump in when a question is posed, and a presenter can pose a new question on the fly.

Requirements: The course presumes a basic understanding of machine learning. This seminar is open to senior Bachelor, Masters, and Doctoral students. Through seminal and recent papers, students will survey the emerging literature across research communities investigating these issues. The class aims to inspire new research directions and applications. Lectures, slides, and research papers comprise the course materials - no textbook is required. By engaging with the latest work in this rapidly evolving field, students will be prepared to advance trustworthy machine learning. Each student will present a paper during the seminar hours in the form of an oral presentation. In addition, each student will read the relevant papers for the other students’ presentations, and hand in a seminar paper at the end of the semester.


Grading scheme: 50% as presenters (paper presentation, slide deck, and in-class discussion), 20% for the research project with a report and a poster, 20% weekly questions and comments as Questioners, 10% as Observers/Scribes, who write a report after each lecture and resolve any unsolved issues.

Class participation: Course lectures will be driven by the contents of assigned papers. However, students are going to be required to (i) turn in 3 questions (1/paper) each week as a Questioner and actively participate in the discussion, (ii) present a paper and participate in discussions of the paper content during each class as a Presenter, and (iii) prepare the notes after the class and comment on the slides as the Observer. Hence, the student's ability to exhibit comprehension of papers is essential to a passing grade.

Lateness policy: Questions submissions assigned each week and presentations will not be accepted late (students will be assigned a 0 for that week). All other assignments (i.e., class or project reports) will be assessed a 10% per-day late penalty, up to a maximum of 2 days. Students with legitimate reasons who contact the professor before the deadline may apply for an extension.

Integrity: Students have to behave ethically.



The sign-up sheet for the presentations: Sign-up Sheet




Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.