Administrative Information
| Title | Trustworthy Machine Learning |
| Duration | 60 min |
| Module | B |
| Lesson Type | Lecture |
| Focus | Ethical - Trustworthy AI |
| Topic | Confidentiality, Integrity and Availability Problems in Machine Learning |
Keywords
Confidentiality,Integrity,Availability,Poisoning,Evasion,Adversarial examples,Sponge examples,Backdoors,Explainability evasion,Robustness,Trade-off,
Learning Goals
- Gain a general overview of the main security problems of machine learning
- Understanding the main confidentiality, integrity, and availability issues of machine learning
- Distinguishing evasion, poisoning and backdoors attacks
- Understanding clean-label poisoning attacks
- Obtain the the intuition of adversarial examples and its practical impact through real-life examples
- Demonstrating the availability attacks by artificially constructed sponge examples
- Understanding the threat of explainability evasion
- Understanding the trade-off between robustness and model quality
- Learn the principles of AI (robustness) auditing
Expected Preparation
Learning Events to be Completed Before
Obligatory for Students
- Basics in Machine Learning
Optional for Students
None.
References and background for students
- HCAIM Webinar on the European Approach Towards Reliable, Safe, and Trustworthy AI (Available on YouTube)
- Adversarial Examples and Adversarial Training
- Adversarial Robustness - Theory and Practice
- Poisoning Attacks against Support Vector Machines
- Practical Black-Box Attacks against Machine Learning
- Towards evaluating the robustness of neural networks
- Certified Adversarial Robustness via Randomized Smoothing
- Sponge Examples: Energy-Latency Attacks on Neural Networks
- Explanations can be manipulated and geometry is to blame
- Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks
- Comprehensive Privacy Analysis of Deep Learning
- Data Privacy and Trustworthy Machine Learning
Recommended for Teachers
Lesson materials
Instructions for Teachers
This course provides an overview of the security of machine learning systems. It focuses on attacks that are useful for auditing the robustness machine learning models. Teachers are recommended to use real-life examples to demonstrate the practical relevance of these vulnerabilities especially for privacy-related issues whose practical relevance is often debated and considered as an obstacle to human development. Students must understand that privacy risks can also slow down progress (parties facing confidentiality risks may be reluctant to share their data). Students can gain understanding of the different security and privacy risks of ML models and can further develop more practical skills to audit ML models in the related practical learning events, which are:
- Practical: Enhancing ML security and robustness
- Practical: Apply auditing frameworks
- Practical: Applying and evaluating privacy-preserving techniques
- Practical: Auditing frameworks of privacy and data protection
Outline
| Duration (min) | Description | Concepts |
|---|---|---|
| 5 | CIA triad | CIA (confidentiality, intergrity, availability) in Machine Learning |
| 15 | Confidentiality | Membership attack, training data extraction. Model stealing. |
| 20 | Integrity | Evasion, Poisoning (targeted, untargeted), Evading explainability, Backdoors. |
| 15 | Availability | Generating sponge examples. |
| 5 | Conclusions |
Acknowledgements
The Human-Centered AI Masters programme was Co-Financed by the Connecting Europe Facility of the European Union Under Grant №CEF-TC-2020-1 Digital Skills 2020-EU-IA-0068.