Machine Learning Security

A short course on adversarial machine learning.

Academic Year 2022-2023

Instructor: Dr. Ambra Demontis

Modality: Online

PhD programme in Electronic and Computer Engineering (Univ. Cagliari)

GitHub repository for course material: https://github.com/unica-mlsec/mlsec-phd

Course objectives and outcome

Objectives

The objective of this course is to provide students with the fundamental elements of machine learning security in the context of different application domains. The main concepts and methods of adversarial machine learning are presented, from threat modeling to attacks and defenses, as well as basic methods to properly evaluate adversarial robustness of a machine learning model against different attacks.

Outcome

An understanding of fundamental concepts and methods of machine learning security and its applications. An ability to analyse and evaluate attacks and defenses in the context of application-specific domains. An ability to design and evaluate robust machine learning models with Python and test them on benchmark data sets.

Class schedule/Course Outline (20 hours, 2 CFU)

1. Introduction to Machine Learning Security: Threat Models and Attacks (3h)
2. Evasion attacks and countermeasures (8h)
3. Poisoning attacks and countermeasures (6h)
4. Backdoor poisoning, privacy-related threats, and defenses (3h)