Aleksandar (Alex) Vakanski


CS 487/587 Adversarial Machine Learning

Semester: Spring 2024 (January 10 – May 10, 2024)

Credits Hours: 3

Instructor: Alex Vakanski

Office Hours: Friday 12 p.m. – 1 p.m. PT (Zoom link on Canvas)


Course Materials From Previous Years

Links: Fall 2020, Fall 2021, Spring 2023

Course Syllabus


Course Description

The course introduces students to adversarial attacks on machine learning models and defenses against the attacks. The particular focus is on adversarial examples in deep learning models, due to their prevalence in modern machine learning applications. Covered topics include evasion attacks against white-box and black-box machine learning models, data poisoning attacks, privacy attacks, defense strategies against common adversarial attacks, and robust machine learning models. The course also provides an overview of adversarial attacks against machine learning models used in cybersecurity applications, including malware detection and classification, network intrusion detection, spam filtering, URL detection, cyber-physical systems, and biometric systems.

Course Objectives

The objective is that upon the completion of the course the students should demonstrate the ability to:

1.  Outline the different categories of adversarial attacks against machine learning models.

2.  Describe common defense against adversarial attacks approaches for improved robustness of machine learning models.

3.  Understand the basics of adversarial privacy attacks and privacy-preserving defense methods.

4.  Identify the unique characteristics of adversarial machine learning attacks in the cybersecurity domain.

5.  Implement adversarial attacks and defenses against conventional machine learning models and deep learning models.

6.  Implement adversarial attacks against anomaly detection systems for network intrusion detection, malware classifiers, and anti-spam filtering methods.

Course Materials




CS 212 Practical Python, or CS 477 Python for Machine Learning, or Instructor Permission

Students are expected to have basic knowledge of linear algebra, probability and statistics, and machine learning concepts. Knowledge of neural networks and deep learning is recommended, but not required. Programming in Python is required for completing the course assignments and the project. Additionally, it is preferred that the students are familiar with at least one of the following machine learning libraries: TensorFlow, Keras, or PyTorch.

Evaluation Procedure

Homework Assignments (4)

40 %

Quizzes (3)

30 %

Lecture Presentation

10 %

Course Project

10 %

Attendance and Participation

10 %