The goal with this class is to introduce participants to adversarial machine learning, including research areas related with security, privacy, and machine learning. This is a field that requires some mathematical maturity to understand and value the contributions of the papers. The course will provide some basic background information to the participants as well as in-depth discussion about the state of the art research.
* For the presenter: For each presented paper, please provide an overview of the paper and in-depth discussion, including: What problem the paper tries to address and how? How does it fit into the broader context (e.g., related work)? What are the positive and negative aspects of the paper/approach? What new research questions does it raise?
* For the audience: Please read the paper before each class and put your questions in the collected googledoc so that the presenter can try to answer it, or we can discuss the questions in the class as well.
Evasion Attacks Against Machine Learning Models (Against Classifiers)
Evasion Attacks Against Machine Learning Models (Other Methods)
Evasion Attacks Against Machine Learning Models (Against Detectors/Generative Models/RL)
Evasion Attacks Against Machine Learning Models (Blackbox Attacks)
Defenses Against Adversarial Attacks (Empirical)
9/19 Techniques For Adaptive Attacks
Adversarial Networks (Empirical)
Defenses Against Adversarial Attacks (Theoretic)
Robustness of Graphical Neural Networks
Poisoning Attacks Against Machine Learning Models
Adversarial Networks (Theoretic)
Beyond Images: Adversarial Attacks on NLP/Audio/Video
Differentially Private Machine Learning Models
Game Theoretic Analysis for Adversarial Learning
Improve learning robustness with unlabeled data