Security and Machine Learning

Course

URL study guide

https://studiegids.vu.nl/en/courses/2024-2025/XM_0135

Course Objective

We will discuss various topics in the intersection of security and machine learning. The main goal of this course is to have you think critically about how and to what extent security guarantees can be given for machine learning tasks. Upon completion of this course, you will:
- have knowledge about security problems that arise in machine learning (K&U, AK&U, C)
- understand (mathematical) technique(s) towards remediating security problems (K&U, AK&U, C)
- have knowledge of example(s) about machine learning for security (K&U)
- have acquired critical thinking around machine learning and security (MJ, LS) The acronyms above refer to the Dublin Descriptors covered by each learning objective, specifically: Knowledge and Understanding (K&U), Applied Knowledge and Understanding (AK&U), Making Judgment (MJ), Learning Skills (LS), and Communication (C).

Course Content

The course touches on various topics in machine learning and security. Examples of topics that can be included are: adversarial machine learning for image classifiers; Differential Privacy for distributed Stochastic Gradient Descent; secure multi-party computation for federated learning; the use of ML in security such as intrusion detection, analysis of silicon Physical Unclonable Function designs, GAN models generating synthetic data such that collected personal data can be discarded, and the moral character of cryptography, security, and artificial intelligence.

Teaching Methods

Lectures 2x 1hr45min each of the 4 weeks. Recitation 1x 2hr30min for the first 3 weeks.

Method of Assessment

The final grade is determined as follows: 1) At the start of the course you will write a short (but at least 1/3 page) essay on your study strategy and your grade expectation: You cannot pass the course if you don't submit by the deadline. And those who don't simply get NS "No Show" as the final grade. 2) There will be multiple individually graded assignments in the form of problem sets, written surveys, and/or essays. Each assignment is assessed based on the quality, correctness, and completeness of the solution(s) or written exposition. Each assignment is graded as a Fail (F), Pass (P), or Excellent (E). (An F is also given for an assignment if you do not meet its deadline for submission.) We compute N = 2*(#P) + 3*(#E), A = # Assignments. Your final grade (if you have submitted your study strategy essay by the deadline) is equal to 14/6 + (17/6)*(N/A) rounded to the nearest integer in {1,2,3,...,10}. The grading scheme will be explained (and visualized in a table) at the start of the course. There are no re-sit opportunities for any of the assignments/essays. 3) At any moment during the course the instructor can request a student to explain one or more of his/her assignments in order for the instructor to verify whether the student understands the material presented in the assignments; if the student is not able to explain his/her understanding in an assignment, then the grade for the assignment will be downgraded to a fail.

Literature

Slide decks, papers, and reference material where needed.

Target Audience

Master Computer Security Master Computer Science Master Artificial Intelligence

Recommended background knowledge

The course tries to be self-contained and explains the necessary machine learning concepts as well as security and crypto techniques. Nevertheless, students are required to be independent and study extra where their mathematical background is limited. For example, you will want to know how to compute gradients, know about the structure of a proof, can read mathematical notation, etc.
Academic year1/09/2431/08/25
Course level6.00 EC

Language of Tuition

  • English

Study type

  • Master