CSCI 4962/6962 Security and Privacy of Machine Learning (2024 Spring, RPI)

Published:

Tentative Syllabus

Office: MRC 330B
Office Hour: Scheduled by email

This syllabus should be considered a “living document” in that it is subject to change. You will be notified of any changes made.

1. Course Description:

Machine learning (ML) has demonstrated superior performance in many areas and has increasingly been deployed in real-world critical applications. However, ML models’ vulnerabilities and privacy risks could put public safety and user privacy in danger. Existing studies have shown that ML applications such as financial analytics and autonomous vehicles are vulnerable to attacks that can manipulate the models to their malicious ends.

This course will introduce potential vulnerabilities of ML models, state-of-the-art research, and future research directions of the security and privacy of ML. The objectives of the course are the following:

  • Understand the fundamental techniques for the security and privacy of machine learning, including differential privacy, federated learning, and secure multiparty computation.
  • Provide a comprehensive overview of various types of adversarial attacks on computer systems leveraging ML, as well as an examination of defense techniques against these threats.
  • Provide a comprehensive overview of privacy threats of ML models and privacy-preserving machine learning.
  • Understand ML security and privacy issues in large language models and real-world applications including cyber security and autonomous vehicles, etc.
  • Students will familiarize themselves with the emerging body of literature on each topic, gain insights into various algorithms, assess security vulnerabilities, and develop the ability to conduct research projects on related topics.

2. Prerequisites:

The courses CSCI 4150 - Introduction to Artificial Intelligence or CSCI 4100 - Machine Learning from Data are recommended prerequisites. Or, you have taken security-related courses such as ITWS 4370 - Information System Security and are willing to learn some foundational machine learning materials on your own. But note, machine learning courses are not hard prerequisites if you have already learned about foundational knowledge of machine learning, such as gradient descent, linear regression neural network etc.

3. Course Format(Tentative):

Each student is expected to present and lead the discussion on 3-4 papers related to a specific topic related to this course. Topics and related papers will be announced shortly. Note: the exact number of papers assigned per student may vary depending on the class size and total number of papers available to review. Every “week”(two consecutive classes), each student will choose a paper from the reading list (excluding those in their presentation pile) and write a 1-page summary of papers that will be presented in the next class session.

The summary should cover the paper’s motivation, research problem, and key contribution and list the strengths and weaknesses of the work. The student presenters do not need to write the summary for their presentation week. The summary should be submitted before the class begins.

For the final projects, the students work in groups of 1 or 2 sizes on a topic related to this course. Example topics for the final projects can be but are not limited to : 1. Implement attacks against real-world ML systems or general/novel ML models; 2. Improve attacks/defense algorithms in papers with your own methods; 3. Benchmark the robustness of existing ML models and conduct a comparative study 4. Literature survey on ML security and privacy topics not covered in the course.

Participation will be evaluated in this course. The students are encouraged to engage with the presenters by asking questions, taking short notes for the Q&A, and submitting them on submitty.

4. Grading Policy:

Paper summaries: 15%
Paper presentation: 20%
Project: 60% (5% proposal + 40% final deliverable + 15%presentation)
Attendance: 5%

5. Academic Integrity:

The Rensselaer Handbook of Student Rights and Responsibilities defines various forms of Academic Dishonesty, and you should familiarize yourself with these.
Paper summaries should be done individually. Don’t directly copy code from the internet.