CS-E400101 - Research Seminar in Computer Science D: Research Seminar on Security and Privacy of Machine Learning, Lectures, 1.3.2022-27.5.2022
This course space end date is set to 27.05.2022 Search Courses: CS-E400101
Topic outline
-
Assignments during the course consist of 5 tasks
- Reading 3 scientific papers before each discussion session: once a week.
- Write takeaways and questions about each paper read (details here).
- Participate to every discussion session: once a week.
- Presenting and leading the discussion on a scientific paper: twice over the course (details here).
- Completing two programming assignments: 1) crafting adversarial examples; 2) watermarking a model (details here).
Grading takes 4 components into account
1. Presentation and leading paper discussion (40% of the grade)- Completeness and relevance of the objective paper presentation
- Quality of the oral speech and of the support for presentation (slides)
- Quality of the critical synthesis
- Quantity and quality of discussion topics
- Ability to engage the audience in the discussion
2. Participation in discussions (15% of the grade)- Reply to questions/topics launched by discussion leader
- Extend the discussion
- Launch new topics of discussion
3. Writing personal paper takeaways (15% of the grade)- Submit 1-2 pages summarizing the paper's takeaways in your opinion: what did you learn from this paper? How your perception of ML security changed?
- Submit a few question/discussion topics based on paper reading before each discussion.
- Submissions are evaluated in a coarse manner. The criticality and sensibility of the takeaways are the main evaluation criteria.
- Submit your assignment before each discussion session (Deadline: 11:55 on discussion day)
4. Completing programming assignments (30% of the grade)Assignment 1: crafting adversarial examples- Choose a black-box adversarial example crafting method.
- Introduce its main concepts.
- Implement it.
- Perform the evaluation and the analysis. Describe your findings.
Assignment 2: watermarking a model- Choose a watermarking method (black-box or white-box).
- Introduce its main concepts.
- Implement it.
- Perform the evaluation and the analysis. Describe your findings.