CS 404/504 Special Topics: Adversarial Machine Learning
Link to the course materials from previous years: Fall 2020
Course Syllabus
Course Description
The course introduces students to adversarial attacks and defenses against machine learning models. The particular focus is on adversarial examples in deep learning models, due to their prevalence in modern machine learning applications. Covered topics include evasion attacks against white-box and black-box machine learning models, data poisoning attacks, privacy attacks, defense strategies against common adversarial attacks, generative adversarial networks, and robust machine learning models. The course also provides an overview of adversarial attacks against machine learning models used in cybersecurity applications, including malware detection and classification, network intrusion detection, spam filtering, URL detection, cyber-physical systems, and biometric systems.
Course Objectives
The objective is that upon the completion of the course the students should demonstrate the ability to:
1. Outline the different categories of adversarial attacks against machine learning models.
2. Describe common defense approaches for improved robustness of machine learning models against adversarial attacks.
3. Understand the basics of adversarial data privacy attacks and privacy-preserving defense methods.
4. Identify the unique characteristics of adversarial machine learning attacks in the cybersecurity domain.
5. Implement adversarial attacks and defenses against conventional machine learning models and deep learning models for image classification.
6. Implement adversarial attacks against anomaly detection systems for network intrusion detection.
Course Materials
Textbook:
- There is no required textbook. The required readings for each week are listed in the Course Outline section of the Syllabus.
Topics
- Introduction to Adversarial Machine Learning (ppt, pdf)
- Deep Learning Overview (ppt, pdf)
- Mathematics for Machine Learning (ppt, pdf)
- Evasion Attacks against White-box Machine Learning Models (ppt, pdf)
- Evasion Attacks against Black-box Machine Learning Models (ppt, pdf)
- Generative Adversarial Networks for Adversarial ML (ppt, pdf)
- Defenses Against Evasion Attacks (ppt, pdf)
- Poisoning Attacks and Defenses (ppt, pdf)
- Adversarial ML in Cybersecurity: Malware Detection and Classification (ppt, pdf)
- Adversarial ML in Cybersecurity: Network Intrusion Detection (ppt, pdf)
- Adversarial ML in Cybersecurity: Spam Filtering and URL Detection (ppt, pdf)
- Adversarial ML in Cybersecurity: Cyber-physical and Biometric Systems (ppt, pdf)
- Privacy Attacks against Machine Learning Models (ppt, pdf)
- Defenses against Privacy Attacks (ppt, pdf)
- Adversarial Examples in Audio and Text Data (ppt, pdf)
- Explainability in Machine Learning (ppt, pdf)
Prerequisites
Instructor Permission Required
Students are expected to have basic knowledge of linear algebra, probability and statistics, and machine learning concepts. Knowledge of neural networks and deep learning is recommended, but not required. Programming in Python is required for completing the course assignments and the project. Additionally, it is preferred that the students are familiar with at least one of the following machine learning libraries: TensorFlow, Keras, or PyTorch.
Assignments
- Assignment 1 - white-box and black-box evasions attacks against deep learning-based classification models. Links to student solutions for Part 1 (TensorFlow), Part 1 (PyTorch), Part 2.
- Assignment 2 - adversarial defenses for white-box evasions attacks against deep learning-based classification models. Student solution.
- Assignment 3 - adversarial attacks against machine learning models in cybersecurity applications. Student solution.
Evaluation Procedure
Homework Assignments (3) | 60 % |
Lecture Presentation | 10 % |
Course Project | 30 % |