Course Syllabus
Syllabus
CS 6958 / CS 4960 - Machine Learning Security
| Instructor: | Guanhong Tao | Credit Hours: | 3.0 | |
| Department: | Kahlert School of Computing | Semester: | Fall 2024 | |
| Office: | MEB 3470 | Type: | In Person | |
| Days / Times: | TuTh / 03:40PM - 05:00PM | Location: | JWB 333 Links to an external site. | |
| Pre-requisites: | 'C-' or better in CS 3190 Found. of Data Analysis AND CS 3500 Software Practice | |||
| Communication & Office Hours: | Review the "Communication" section below for more information. | |||
Course Description
Overview
| Course | CS 6958 / CS 4960 - Machine Learning Security |
| Department | Kahlert School of Computing |
| Pre-Requisites | 'C-' or better in CS 3190 Found. of Data Analysis AND CS 3500 Software Practice |
| Credit Hours | 3.0 |
| Semester | Fall 2024 |
| Days / Times | TuTh / 03:40PM - 05:00PM |
| Location: | JWB 333 Links to an external site. |
| Description | Machine learning (ML) has been widely integrated into various real-world systems, such as facial recognition, object detection, and autonomous driving. However, the security and safety of these ML-based systems are still of great concern, as adversaries can easily manipulate their behaviors. This course will provide an introduction to the intersection of two ubiquitous concepts: security and machine learning. It will cover key learning algorithms and techniques, the security problems of modern ML models (i.e., adversarial attacks and backdoor threats), practical defense solutions against various attacks, and more. |
Goals & Objectives
This course covers the principles and practices of the interactions between machine learning and security, including examining the security properties of modern ML models and applying ML to address software and system security problems. The course begins with an introduction to the foundations of ML and modern deep learning models, such as transformers, and their applications in solving security problems. The later modules focus on crucial security properties of ML models, specifically adversarial robustness and backdoor threats. Hands-on coding assignments using popular ML libraries like PyTorch are included to provide students with practical experience. Additionally, the course aims to inspire the exploration of advanced challenges in the field by reviewing recent papers from top-tier conferences. By the end of the course, students will be equipped to evaluate ML systems in academic and commercial security contexts and will have foundational skills in security and ML research.
At the end of this course, students will be able to:
- Understand modern ML algorithms
- Gain knowledge in applying ML to security and exploring the security of ML
- Obtain foundational skills in security and ML research
Materials
There is no official textbook for the class. Slides will be provided and reading materials for each topic will be assigned from the following references:
Recommended Texts
- Pattern Recognition and Machine Learning, Christopher Bishop, Springer (2006)
- Machine Learning: A Probabilistic Perspective, Kevin P Murphy, MIT Press (2012)
- Deep Learning, Ian Goodfellow, Yoshua Bengio, and Aaron Courville, MIT press (2016)
Communication
Preferred Contact Methods
The easiest way to contact your instructor directly is to use the Inbox, located in the far left Canvas menu.
You can also contact your instructor in the following way:
Office Hours
The instructor will hold office hours according to the following schedule:
Day: Tuesday
Time: 5PM - 6PM
Evaluation
Your performance in this course will be evaluated by:
- 10% Attendance & In-class Quizzes
- 30% Homework (3 coding assignments)
- 20% Paper Review
- 20% Midterm Exam
- 20% Final Exam
Schedule
| Background: The Basics of Machine Learning | ||
| Week 1 (Aug 19 - Aug 23) | Tue - Course Overview, Logistics, and Introduction to ML | Reading: Chapter 5 of Deep Learning |
| Thu - Introduction to ML (Cont.) | ||
| Part 1: Machine Learning Algorithms for Security | ||
| Week 2 (Aug 26 - Aug 30) | Tue - Linear Regression | Reading: Chapter 7 of Machine Learning: A Probabilistic Perspective |
|
Thu - Linear Regression (Cont.) Homework #1 (Due 9/15/2024 11:59 PM) |
||
| Week 3 (Sep 2 - Sep 6) | Tue - Regularization | Reading: Chapter 8 of Machine Learning: A Probabilistic Perspective |
|
Thu - Logistic Regressions Paper Review #1 (Due 9/19/2024, 11:59 PM) |
||
| Week 4 (Sep 9 - Sep 13) | Tue - Nearest Neighbors | A Course in Machine Learning Chapter 3 (except Section 3.4). |
| Thu - Clustering | ||
| Week 5 (Sep 16 - Sep 20) | Tue - Artificial Neural Networks | Reading: Chapter 6-8 of Deep Learning |
|
Thu - Multi-layer Perceptron Homework #2 (Due 10/6/2024 11:59 PM) |
||
| Week 6 (Sep 23 - Sep 27) | Tue - Recurrent Neural Networks | Reading: Chapter 10 of Deep Learning |
| Thu - Invited Talk (Prof. Wenbo Guo, UCSB Links to an external site.) | ||
| Week 7 (Sep 30 - Oct 4) | Tue - Convolutional Neural Networks |
Reading: Chapter 9 of Deep Learning |
|
Thu - Attention-based Transformers Paper Review #2 (Due 10/27/2024, 11:59 PM) |
||
| Week 8 (Oct 7 - Oct 12) | Fall Break | |
| Week 9 (Oct 14 - Oct 18) | Tue - Review Part 1 | Covers all topics in Part 1 |
| Thu - Midterm Exam | ||
| Part 2: Security of Machine Learning Systems | ||
| Week 10 (Oct 21 - Oct 25) | Tue - Overview of Key Concepts |
Saltzer’s and Schroeder’s Design Principles Links to an external site. BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Links to an external site. |
|
Thu - Backdoor Attacks Homework #3 (Due 11/24/2024 11:59 PM) |
||
| Week 11 (Oct 28 - Nov 1) | Tue - Invited Talk (Prof. Eugene Bagdasaryan, UMass Amherst Links to an external site.) | Trojaning Attack on Neural Networks Links to an external site. |
| Thu - Backdoor Attacks (Cont.) | ||
| Week 12 (Nov 4 - Nov 8) | Tue - Invited Talk (Guangyu Shen, Purdue Links to an external site.) | Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks Links to an external site. |
| Thu - Backdoor Defenses | ||
| Week 13 (Nov 11 - Nov 15) | Tue - Adversarial Attacks | Adversarial Robustness - Theory and Practice Links to an external site. |
| Thu - Black-Box Attacks | ||
| Week 14 (Nov 18 - Nov 22) | Tue - Defenses Against Adversarial Attacks | Towards Deep Learning Models Resistant to Adversarial Attacks Links to an external site. |
| Thu - Paper Review | ||
| Week 15 (Nov 25 - Nov 29) | Tue - Security of Generative AI | |
| Thu - Thanksgiving Break | ||
| Week 16 (Dec 3 - Dec 7) | Tue - Review Part 2 | |
| Thu - No Class | ||
| Final Exam | Covers all topics | |
Course Policies
Submitting Assignments
Formating
Each homework write-up must be neatly typeset as a PDF document. You can use LaTeX or any other system that produces typesetting of equal quality and legibility (especially for mathematical symbols and expressions). Please write your solutions as succinctly as possible while including all the necessary details. Ensure that the following appear at the top of the first page of the write-up: your name, your UID, and the ID’s of any students with whom you discussed the assignment. Submit your write-up as a single PDF file and corresponding code implementations (if any) on Canvas by 11:59 PM of the due date. It is your responsibility to ensure that the submission is successfully received by Canvas.
All assignments, unless otherwise announced, must be submitted to the designated area of
Canvas. Do not submit assignments via email.
Due Date Time
Assignments will be accepted up until 11:59 PM on the due date. The score for late homework is 0. Exceptions will be made in case of serious illness or bereavement. If a student has a planned absence from a class when an exam will be given, the student should make arrangements before the planned absence to take the exam early or take a makeup exam after returning to campus.
Grade Disputes
Feedback on graded material will be posted on Canvas in as timely a manner as possible. Once feedback for a graded assignment is posted, you will have 1 week from the posting date to dispute a grade. No re-grade requests will be honored after 1 week from posting feedback. Grade changes will not be made at the end of the semester.
Collaboration Policy
You are encouraged to discuss course materials and reading assignments, and homework assignments with each other in small groups (two to three people). You must list all discussants in your homework write-up. Discussion about homework assignments may include brainstorming and verbally discussing possible solution approaches, but must not go as far as one person telling others how to solve a problem. In addition, you must write-up your solutions by yourself, and you may not look at another student’s homework write-up/solutions (whether partial or complete).
Late Assignments
There is a total of 3 days of grace period available for late submissions across all assignments. You may use this grace period for any assignment. However, please note that the grace period is cumulative. Once the 3-day grace period has been fully used, any further late submissions will receive a score of 0, in accordance with the assignment policy.
Grading
Grades will be determined based on correctness and relevance to the assignments and questions. Pay close attention to the instructions and rubrics provided for each assignment/task.
Extra credit opportunities may be available throughout the course. These will be clearly communicated and typically involve additional research, attending relevant events, or completing supplementary assignments. Extra credit can contribute up to 5% additional points to the final grade.
Grading scale
| Letter | Scoring |
|---|---|
| A | 100% - 94% |
| A- | 93.9% - 90% |
| B+ | 89.9% - 87% |
| B | 86.9% - 84% |
| B- | 83.9% - 80% |
| C+ | 79.9% - 77% |
| C | 76.9% - 74% |
| C- | 73.9% - 70% |
| D | 69.9% - 60% |
| E | 59.9% - 0% |
Accommodations
Disclaimer
Accommodations will be considered on an individual basis and may require documentation.
Please contact your instructor as soon as possible (preferably shortly before the semester begins) to request accommodations of any kind.
Content Warnings
Please be aware that some materials and discussions within this course may contain challenging content. Your instructor may choose to notify students of potentially difficult content (e.g. explicit language, graphic images, violent themes, etc.) throughout the course.
If there are specific subjects that you need advanced notice for, please contact your instructor at the beginning of the semester.
Extreme personal circumstances
Please contact your instructor as soon as possible if an extreme personal circumstance
(hospitalization, death of a close relative, natural disaster, etc.) is interfering with your ability to
complete your work.
Religious Practice
To request an accommodation for religious practices, contact your instructor at the beginning of the semester.
Active Duty Military
If you are a student on active duty with the military and experience issues that prevent you from participating in the course because of deployment or service responsibilities, contact your instructor as soon as possible to discuss appropriate accommodations.
Disability Access
All written information in this course can be made available in an alternative format with prior notification to the Center for Disability Services (CDS). CDS will work with you and the instructor to make arrangements for accommodations. Prior notice is appreciated. To read the full accommodations policy for the University of Utah, please see Section Q of the Instruction & Evaluation regulations Links to an external site..
If you will need accommodations in this class, contact:
Center for Disability Services
801-581-5020
disability.utah.edu
Links to an external site.
162 Union Building
200 S. Central Campus Dr.
Salt Lake City, UT 84112
Changes to the Syllabus
This syllabus is not a contract. It is meant to serve as an outline and guide for your course. Please note that your instructor may modify it to accommodate the needs of your class.
You will be notified of any changes to the Syllabus.
University Policies
Americans with Disabilities Act (ADA)
The University of Utah seeks to provide equal access to its programs, services, and activities for people with disabilities.
All written information in this course can be made available in an alternative format with prior notification to the Center for Disability & Access Links to an external site. (CDA). CDA will work with you and the instructor to make arrangements for accommodations. Prior notice is appreciated. To read the full accommodations policy for the University of Utah, please see Section Q of the Instruction & Evaluation regulations.
In compliance with ADA requirements, some students may need to record course content. Any recordings of course content are for personal use only, should not be shared, and should never be made publicly available. In addition, recordings must be destroyed at the conclusion of the course.
If you will need accommodations in this class, or for more information about what support they provide, contact:
Center for Disability & Access
801-581-5020
disability.utah.eduLinks to an external site.
162 Union Building
200 S. Central Campus Dr.
Salt Lake City, UT 84112
Safety at the U
The University of Utah values the safety of all campus community members. You will receive important emergency alerts and safety messages regarding campus safety via text message. For more safety information and to view available training resources, including helpful videos, visit safeu.utah.edu.
To report suspicious activity or to request a courtesy escort, contact:
Campus Police & Department of Public Safety
801-585-COPS (801-585-2677)
dps.utah.edu
1735 E. S. Campus Dr.
Salt Lake City, UT 84112
Addressing Sexual Misconduct
Title IX makes it clear that violence and harassment based on sex and gender (which includes sexual orientation and gender identity/expression) is a civil rights offense subject to the same kinds of accountability and the same kinds of support applied to offenses against other protected categories such as race, national origin, color, religion, age, status as a person with a disability, veteran’s status, or genetic information.
If you or someone you know has been harassed or assaulted, you are encouraged to report it to university officials:
Title IX Coordinator & Office of Equal Opportunity and Affirmative Action
801-581-8365
oeo.utah.edu
135 Park Building
201 Presidents' Cir.
Salt Lake City, UT 84112
Office of the Dean of Students
801-581-7066
deanofstudents.utah.edu
270 Union Building
200 S. Central Campus Dr.
Salt Lake City, UT 84112
To file a police report, contact:
Campus Police & Department of Public Safety
801-585-COPS (801-585-2677)
dps.utah.edu
1735 E. S. Campus Dr.
Salt Lake City, UT 84112
If you do not feel comfortable reporting to authorities, the U's Victim-Survivor Advocates provide free, confidential, and trauma-informed support services to students, faculty, and staff who have experienced interpersonal violence.
To privately explore options and resources available to you with an advocate, contact:
Center for Student Wellness
801-581-7776
wellness.utah.edu
328 Student Services Building
201 S. 1460 E.
Salt Lake City, UT 84112
Academic Misconduct
It is expected that students comply with University of Utah policies regarding academic honesty, including but not limited to refraining from cheating, plagiarizing, misrepresenting one’s work, and/or inappropriately collaborating. This includes the use of generative artificial intelligence (AI) tools without citation, documentation, or authorization. Students are expected to adhere to the prescribed professional and ethical standards of the profession/discipline for which they are preparing. Any student who engages in academic dishonesty or who violates the professional and ethical standards for their profession/discipline may be subject to academic sanctions as per the University of Utah’s Student Code: Policy 6-410: Student Academic Performance, Academic Conduct, and Professional and Ethical Conduct.
Plagiarism and cheating are serious offenses and may be punished by failure on an individual assignment, and/or failure in the course. Academic misconduct, according to the University of Utah Student Code:
“...Includes, but is not limited to, cheating, misrepresenting one’s work, inappropriately collaborating, plagiarism, and fabrication or falsification of information…It also includes facilitating academic misconduct by intentionally helping or attempting to help another to commit an act of academic misconduct.”
For details on plagiarism and other important course conduct issues, see the U's Code of Student Rights and Responsibilities.
The syllabus page shows a table-oriented view of the course schedule, and the basics of course grading. You can add any other comments, notes, or thoughts you have about the course structure, course policies or anything else.
To add some comments, click the "Edit" link at the top.