Topics in Adversarial Machine Learning

Blog Posts

1 minute

The course syllabus, course-relevant information and all blogs of in-class presentation and discussions will be posted here.

January 0001

Class 8: Adversarial ML Beyond Image Classification

A blog post for class 8 (created by Baoshuang Zhang on 21 July,23).

Here are the PPT slides for the presentation. The slides were also made by Baoshuang. In this section, we talked about adversarial machine learning beyond image classification. In the first paper, there is a framework to help us understand the basic idea of adversarial attacks in the NLP field. And in the second paper, We analyze an advanced ad-blocking technique and how adversarial examples can attack it from different aspects. Then we conclude that this technique is still quite vulnerable to adversarial attacks.

6 minutes

Class 7: Intrinsic Limits on Adversarial Robustness

A blog post for class 7 (created by Somrita Ghosh on 5 July,23).

Here are the PPT slides for the presentation. The slides were also made by Somrita. We discussed the following two papers that demonstrates the limits to attaining adversarial robustness namely: Theoretically Principled Trade-off between Robustness and Accuracy - Zhang et al.[ Links] Empirically Measuring Concentration: Fundamental Limits on Intrinsic Robustness - Mahloujifar et al, Zhang et al.[ Links] Theoretically Principled Trade-off between Robustness and Accuracy - Main contributions of this paper: There exists an intrinsic tradeoff between robustness and accuracy.

3 minutes

Class 6: Targeted Poisoning Attacks & Certification

A blog post for class 6 (created by Gopal Bhattrai on 23 June, 23).

Here are the PPT slides for the presentation. The slides were also made by Gopal. In the recent years, machine and deep learning has done significant wonders in various fields of engineering and medicine. Today many big tech firm are using these algorithm to power their products. Applications like self driving cars, object detection etc, uses these deep learning algorithms in background. But recently, it was discovered that these machine learning models can easily be fooled.

10 minutes

Class 5: Indiscriminate Poisoning & Backdoor Attacks

A blog post for class 5 (created by Baoshuang Zhang on 25 June,23).

Here are the PPT slides for the presentation. The slides were also made by Baoshuang. First, there is an example presented to go through the basic ideas of the paper. In this example, we know that there are two things the paper wants to discuss. The first is how to develop a defense for indiscriminate poisoning and the second is how to give a certification for these defenses. However, before going further about these ideas, we give definitions of what is poisoning attack and what is indiscriminate poisoning.

6 minutes

Class 4: Robust Generalization & Semi-Supervised Methods

A blog post for class 4 (created by Somrita Ghosh on 8 June, 23).

Here are the PPT slides for the presentation. The slides were made by Somrita and Shreyash. We first discuss the motivation for studying robust generalization and semi-supervised methods for adversarially robust learning.In particular, the key findings of the paper Adversarially Robust Generalization Requires More Data can be summerized as follows: Adversarial perturbations can mislead highly accurate classifiers with small changes in inputs. Robust learning requires significantly more training data compared to standard learning.

5 minutes

Class 3: Robust Overfitting & Mitigation Methods

A blog post for class 3 (created by Xiao Zhang on 25 May, 23).

Here are the PPT slides for the presentation. We first did a recap on what we have learnt so far in the first two class meetings. Then we briefly summarize the problem task of robust learning against small adversarial perturbations. Given a data distribution \( \mathcal{D} \) and \( \epsilon>0 \) representing the perturbation strenght measured by some distance metric such \( \ell_p \)-norm , the goal of adversarially robust learning is to learn some classification model \( f \) such that \( f \) has both small standard risk and small adversarial risk.

3 minutes

Class 2: Robustness Certification Methods

A blog post for class 2 (created by Gopal Bhattrai on 17 May, 23).

Here are the PPT slides for the presentation. The slides were also made by Gopal Bhattrai. In the recent years, machine and deep learning has done significant wonders in various fields of engineering and medicine. Today many big tech firm are using these algorithm to power their products. Applications like self driving cars, object detection etc, uses these deep learning algorithms in background. But recently, it was discovered that these machine learning models can easily be fooled.

8 minutes

Class 1: Adversarial Examples & Robustness Evaluation

A blog post for class 1 (created by Xiao Zhang on 13 May, 23).

Here are the PPT slides of the presentation. The slides were made by Shreyash Arya. In the first class, Shreyash presented the following two reseach papers related to the topic of the week: Towards Deep Learning Models Resistant to Adversarial Attacks Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples After the presentation, Shreyash led an engaging discussion, where we mainly discussed some technical details about adversarial training and obfuscated gradients, the connection between the two papers and why the robustness evaluation is important for adversarial machine learning research.

1 minute

Course Schedule & Topic Assignment Posted

Course schedule and topic assignment are finalized (created by Xiao Zhang on 26 Apr, 23).

The page for course schedule and the page for topic & team assignment are now posted.

1 minute

Kick-off Slides Posted

A link to the slides for seminar kick-off (created by Xiao Zhang on 14 Apr, 23).

The PPT slides used during the seminar kick-off on Apr. 13 are now posted.

1 minute

Blogging Mechanics Posted

A simple guide for creating class blog posts (created by Xiao Zhang on 12 Apr, 23).

The page for Blogging Mechanics is now posted.

1 minute

Syllabus Posted

A link to the course syllabus (created by Xiao Zhang on 6 Apr, 23).

The course syllabus is now posted.

1 minute