-
Notifications
You must be signed in to change notification settings - Fork 28
Expand file tree
/
Copy pathindex.xml
More file actions
263 lines (214 loc) · 17.2 KB
/
index.xml
File metadata and controls
263 lines (214 loc) · 17.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
<?xml version="1.0" encoding="utf-8" standalone="yes"?>
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>secML</title>
<link>https://secml.github.io/</link>
<description>Recent content on secML</description>
<generator>Hugo -- gohugo.io</generator>
<language>en-us</language>
<lastBuildDate>Sun, 06 May 2018 00:00:00 +0000</lastBuildDate>
<atom:link href="https://secml.github.io/index.xml" rel="self" type="application/rss+xml" />
<item>
<title>Wrap Up</title>
<link>https://secml.github.io/wrapup/</link>
<pubDate>Sun, 06 May 2018 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/wrapup/</guid>
<description>Thanks for a great semester!
Here&rsquo;s the topics we covered:
Class 1: Intro to Adversarial Machine Learning
Class 2: Privacy in Machine Learning
Class 3: Adversarial Machine Learning
Class 4: Differential Privacy In Action
Class 5: Adversarial Machine Learning in Non-Image Domains
Class 6: Measuring Robustness of ML Models
Class 7: Biases in ML, Discriminatory Advertising
Class 8: Testing of Deep Networks
Class 9: Adversarial Malware Detection
Class 10: Formal Verification Methods</description>
</item>
<item>
<title>Class 11: Poisoning</title>
<link>https://secml.github.io/class11/</link>
<pubDate>Wed, 18 Apr 2018 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/class11/</guid>
<description>This week we discussed poisoning attacks, which differ from previously-discussed attacks in a key way. Instead of finding test instances that the target model misclassifies, a poisoning attack adds &ldquo;poisoned&rdquo; instances to the training set, introducing new errors into the model. Below are three papers which discuss interesting work happening in this field.
Poison Frogs! Ali Shafahi, W. Ronny Huang, Mahyar Najibi, Octavian Suciu, Christoph Studer, Tudor Dumitras, and Tom Goldstein.</description>
</item>
<item>
<title>Class 10: Formal Verification Methods</title>
<link>https://secml.github.io/class10/</link>
<pubDate>Fri, 06 Apr 2018 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/class10/</guid>
<description>Motivation Similar to what we saw in Class 6, we would like to have formal bounds on how robust a machine learning model under attack. The following two papers aim at achieving this robustness by means of proving properties about the underlying neural networks. This strategy aims to end the arms race of attacks and defenses commonly seen in literature, and to provide formal guarantees of defenses with respect to any type of adversary.</description>
</item>
<item>
<title>Class 9: Adversarial Malware Detection</title>
<link>https://secml.github.io/class9/</link>
<pubDate>Fri, 30 Mar 2018 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/class9/</guid>
<description>Evolution of the Malware Arms Race Babak Bashari Rad, Maslin Masrom, and Suhaimi Ibrahim. Evolution of Computer Virus Concealment and Anti-Virus Techniques: A Short Survey. University Technology Malaysia. 6 April 2011. [PDF]
Since the first appearances of early malware, advances in both combating and creating viruses have analogously mirrored the general patterns of the medical battle against evolving biological virus outbreaks — as anti-virus software continually develops innovative techniques for detecting existing viruses, virus writers seek out new methods to cheat those detection systems.</description>
</item>
<item>
<title>Class 8: Testing of Deep Networks</title>
<link>https://secml.github.io/class8/</link>
<pubDate>Fri, 23 Mar 2018 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/class8/</guid>
<description>DeepXplore: Automated Whitebox Testing of Deep Learning Systems Kexin Pei, Yinzhi Cao, Junfeng Yang, Suman Jana. 2017. DeepXplore: Automated Whitebox Testing of Deep Learning Systems. In Proceedings of ACM Symposium on Operating Systems Principles (SOSP ’17). ACM, New York, NY, USA, 18 pages. [PDF]
As deep learning is increasingly applied to security-critical domains, having high confidence in the accuracy of a model&rsquo;s predictions is vital. Just as in traditional software development, confidence in the correctness of a model&rsquo;s behavior stems from rigorous testing across a wide variety of possible scenarios.</description>
</item>
<item>
<title>Class 7: Biases in ML, Discriminatory Advertising</title>
<link>https://secml.github.io/class7/</link>
<pubDate>Tue, 20 Mar 2018 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/class7/</guid>
<description>Motivation Machine learning algorithms are playing increasingly important roles in many critical decision making tasks. However, studies reveal that machine learning models are subject to biases, some of which stem from historical biases in human world that are captured in training data. Understanding potential bias, identifying and fixing existing bias can help people design more objective and reliable decision making systems based on machine learning models.
Ad Transparency Athanasios Andreou, Giridhari Venkatadri, Oana Goga, Krishna P.</description>
</item>
<item>
<title>Class 6: Measuring Robustness of ML Models</title>
<link>https://secml.github.io/class6/</link>
<pubDate>Fri, 02 Mar 2018 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/class6/</guid>
<description>Motivation In what seems to be an endless back-and-forth between new adversarial attacks and new defenses against those attacks, we would like a means of formally verifying the robustness of machine learning algorithms to adversarial attacks. In the privacy domain, there is the idea of a differential privacy budget, which quantifies privacy over all possible attacks. In the following three papers, we see attempts at deriving an equivalent benchmark for security, one that will allow the evaluation of defenses against all possible attacks instead of just a specific one.</description>
</item>
<item>
<title>Class 5: Adversarial Machine Learning in Non-Image Domains</title>
<link>https://secml.github.io/class5/</link>
<pubDate>Fri, 23 Feb 2018 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/class5/</guid>
<description>Beyond Images While the bulk of adversarial machine learning work has focused on image classification, ML is being used for a vartiety of tasks in the real world and attacks (and defenses) for different domains need to be tailored to the purpose of the ML process. Among the most significant uses of ML are natural language processing and voice recognition. Within these fields, attacks look very different from those on images.</description>
</item>
<item>
<title>Class 4: Differential Privacy In Action</title>
<link>https://secml.github.io/class4/</link>
<pubDate>Thu, 22 Feb 2018 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/class4/</guid>
<description>Two weeks ago we took a look at privacy in machine learning and introduced differential privacy as one possible approach to perform statistical analysis on data while maintaining user privacy. Today we explore three applications of differential privacy: Google&rsquo;s RAPPOR for obtaining user data from client-side software, the FLEX system to enforce differential privacy for SQL queries, and an algorithm for training deep neural networks that can provide differential privacy guarantees.</description>
</item>
<item>
<title>Topic Suggestions</title>
<link>https://secml.github.io/topic-suggestions/</link>
<pubDate>Tue, 20 Feb 2018 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/topic-suggestions/</guid>
<description>To help with topics for future classes, I&rsquo;ve created a Topics page with some possible ideas and links to papers. This is not meant to be exhaustive by any stretch; any topics loosely connected to machine learning security and privacy is within scope, and there are lots of great papers on these topics not included on this page. But, hopefully it will be a useful starting point for teams looking for ideas for topics for future classes.</description>
</item>
<item>
<title>Class 3: Adversarial Machine Learning</title>
<link>https://secml.github.io/class3/</link>
<pubDate>Fri, 09 Feb 2018 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/class3/</guid>
<description>This week’s topic covered some proposed adversarial example attacks and defenses. The underlying problem is that machine learning techniques assume that training and testing data are generated from the same distribution. Therefore, adversaries can choose inputs to exploit the algorithms by manipulating data. We began class by discussing common distance metrics, \(L_0, L_2\), and \(L\infty\), popular benchmarking datasets, and the history of adversarial ML. However, the main theme was defense techniques can be used safely to prevent adversarial attacks.</description>
</item>
<item>
<title>Class 2: Privacy in Machine Learning</title>
<link>https://secml.github.io/class2/</link>
<pubDate>Fri, 02 Feb 2018 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/class2/</guid>
<description>In today’s post we introduce some key concepts crucial to understanding the current state of privacy in machine learning. In a time where novel machine learning applications are seemingly announced weekly, privacy is becoming more relevant as learning algorithms play varied and sometimes critical roles in our lives. We introduce differential privacy and common ‘solutions’ that fail to protect individual privacy, explore membership inference attacks on blackbox machine learning models, and discuss a case study involving privacy in the field of pharmacogenetics, where machine learning models are used to guide patient treatment.</description>
</item>
<item>
<title>Class 1: Intro to Adversarial Machine Learning</title>
<link>https://secml.github.io/class1/</link>
<pubDate>Fri, 26 Jan 2018 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/class1/</guid>
<description>Machine Learning Background In supervised Machine Learning, we train models with training data along with the label associated with it. We extract features from each sample, and use an algorithm to train a model where the inputs are those features and the output is the label.
For classifying the testing data, the classifier uses decision boundary to separate points of the data belonging to each class. In a statistical-classification problem with two classes, a decision boundary partitions all the underlying vector space into two separate classes.</description>
</item>
<item>
<title>First Week</title>
<link>https://secml.github.io/first-week/</link>
<pubDate>Sat, 20 Jan 2018 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/first-week/</guid>
<description>This message was also sent out by email.
Since not everyone has joined the slack yet, I&rsquo;m sending this out by email, but please make sure to join https://secprivml.slack.com soon. I will use that for future communications.
I have grouped the 18 full participants in the class into three teams of six:
Team Bus:
Anant Kharkar
Ashley Gao
Atallah Hezbor
Joshua Holtzman
Mainuddin Ahmad Jonas
Weilin Xu
Team Gibbon:
Aditi Narvekar</description>
</item>
<item>
<title>Starting Seminar</title>
<link>https://secml.github.io/starting-seminar/</link>
<pubDate>Mon, 15 Jan 2018 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/starting-seminar/</guid>
<description>Our first seminar meeting will be Friday, January 26 (not this Friday, which would normally be the first class day, since I will be getting back from California too late to meet this week). Meetings will be Fridays in Rice 032, 9:30am-noon.
Since we&rsquo;re missing the normal first meeting, I want to do as much of the organizational stuff this week to be able to have a substantive first meeting next week.</description>
</item>
<item>
<title>Syllabus Posted</title>
<link>https://secml.github.io/syllabusposted/</link>
<pubDate>Sun, 31 Dec 2017 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/syllabusposted/</guid>
<description>The Syllabus is now posted.</description>
</item>
<item>
<title>Welcome</title>
<link>https://secml.github.io/welcome/</link>
<pubDate>Sun, 31 Dec 2017 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/welcome/</guid>
<description>This graduate-level special topics course will be offered in Spring 2018. Meetings will be Fridays, 9:30-noon in Rice Hall 032. More information will be posted here soon, but the seminar format will be roughly similar to what we used to TLSeminarlast Spring.
This seminar will focus on understanding the risks adversaries pose to machine learning systems, and how to design more robust machine learning systems to mitigate those risks.
The seminar is open to ambitious undergraduate students (with instructor permission), and to graduate students interested in research in adversarial machine learning, privacy-preserving machine learning, fairness and transparency in machine learning, and other related topics.</description>
</item>
<item>
<title></title>
<link>https://secml.github.io/resources/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/resources/</guid>
<description>Resources for Adversarial Machine Learning Research Adversarial Machine Learning Toolkits EvadeML-Zoo
cleverhans
Machine Learning Systems Detectron - Facebook&rsquo;s research platform for object detection research (including RetinaNet)</description>
</item>
<item>
<title></title>
<link>https://secml.github.io/schedule/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/schedule/</guid>
<description>See Teams for the class teams and responsibilities.</description>
</item>
<item>
<title></title>
<link>https://secml.github.io/syllabus/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/syllabus/</guid>
<description>Syllabus cs6501: Security and Privacy of Machine Learning University of Virginia, Spring 2018
Meetings: Fridays, 9:30AM - noon, Rice Hall 032
Course Objective. This seminar will focus on understanding the risks adversaries pose to machine learning systems, and how to design more robust machine learning systems to mitigate those risks.
Expected Background: Previous background in machine learning and security is beneficial, but not required so long as you are willing and able to learn some foundational materials on your own.</description>
</item>
<item>
<title></title>
<link>https://secml.github.io/teams/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/teams/</guid>
<description>Teams Responsibilities For each week (except for project proposal and presentation weeks), one team will be responsible for Leading the class, one team for writing a Blog post on the class topic, and one team for arranging food. See the Schedule for team responsibilities.
Leading Team. The team responsible for leading a class should:
Two weeks before the scheduled class, meet briefly with me (Dave) to discuss plan for the class.</description>
</item>
<item>
<title></title>
<link>https://secml.github.io/topics/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/topics/</guid>
<description>This page collects some topic ideas and papers for future classes. These are just suggestions, not meant to be an exhaustive list or limit the scope of future topics or papers.
Certified Defenses, Formal Methods Aditi Raghunathan, Jacob Steinhardt, Percy Liang. Certified Defenses against Adversarial Examples. PDF
Guy Katz, Clark Barrett, David Dill, Kyle Julian and Mykel Kochenderfer. Reluplex: An Efficient SMT Solver for Verifying Deep Neural Networks. PDF
Nicholas Carlini, Guy Katz, Clark Barrett, and David L.</description>
</item>
<item>
<title>Blogging Mechanics</title>
<link>https://secml.github.io/blogging/</link>
<pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate>
<guid>https://secml.github.io/blogging/</guid>
<description>Here are some suggestions for how to create the class blog posts for your assigned classes. I believe each team has at least a few members with enough experience using git and web contruction tools that following these instructions won&rsquo;t be a big burden, but if you have other ways you want to build your blog page for a topic let me know and we can discuss alternative options.
Install Hugo.</description>
</item>
</channel>
</rss>