Overview
Creating reliable, secure, robust, and fair machine learning models is a core challenge in artificial intelligence and one of fundamental importance. The goal of the course is to teach both the mathematical foundations of this new and emerging area as well as to introduce students to the latest and most exciting research in the space. To facilitate deeper understanding, the course includes a group project where students build a system based on the learned material.
The course is split into 3 parts:
Robustness in Deep Learning
- Adversarial attacks and defenses on deep learning models.
- Automated certification of deep learning models (covering the major trends: convex relaxations and branch-and-bound methods as well as randomized smoothing).
- Certified training of deep neural networks to satisfy given properties (combining symbolic and continuous methods).
Privacy of Machine Learning
- Threat models (e.g., stealing data, poisoning, membership inference, etc.).
- Attacking federated machine learning (across modalities such as vision, natural language and tabular).
- Differential privacy for defending machine learning.
- Enforcing regulations with guarantees (e.g., via provable data minimization).
Fairness of Machine Learning
- Introduction to fairness (motivation, definitions).
- Enforcing individual fairness with guarantees (e.g., for both vision or tabular data).
- Enforcing group fairness with guarantees.
Lectures
Use your NETHZ account to access the files.
| Date | Content | Slides | Exercises | Solutions |
|---|---|---|---|---|
| Sep 21 | Course Introduction, Adversarial Attacks and Defenses |  |
|
|
| Sep 28 | Adversarial Attacks and Defenses (Cont), General Verification, Box Relaxations |
|
|
|
| Oct 05 | MILP and DeepPoly for Certification |
|
|
|
| Oct 12 | Differentiable refinement of DeepPoly |
|
|
|
| Oct 19 | Certified Training |
|
|
|
| Oct 26 | Project Introduction | (Project Q&A) | ||
| Nov 2 | Randomized Smoothing for Robustness |
|
|
|
| Nov 9 | Introduction to Privacy, Federated Learning and Attacks |
|
|
|
| Nov 16 | Differential Privacy |
|
|
|
| Nov 23 | AI Regulations and Synthetic Data |
|
(No Exercise) | |
| Nov 30 | Introduction to Fairness, Incorporating Logic into Deep Learning |
|
|
|
| Dec 7 | Individual Fairness |
|
|
|
| Dec 14 | Group Fairness |
|
|
|
| Dec 21 | Wrap up |
|
(No exercise) | (No exercise) |
Recordings
All lecture recordings from this year will be available on the ETH video portal or on Polybox. While we do not provide recordings from 2021, all lecture recordings from 2020 are in a Youtube playlist (2020). Note that this 2022 version of the course contains several new topics not found in the 2020 and 2021 versions.
Course project
The project description is uploaded here. Code, networks and example test cases are available here. Other project details will be added here.
Previous Exams
Previous exams (formerly, this course was named "Reliable and Interpretable Artificial Intelligence") are available in the exam collection of the student association (VIS).
Course Organization
Lectures
- The lecture will take place physically in room HG G3, but will be recorded.
- For additional questions, we have prepared a Moodle forum.
Exercises
- The exercise sessions will take place via Zoom on Monday and physically on Wednesday.
- This mode was decided based on a student poll available here. You will be able to change your vote throughout the semester, but we may not strictly follow the majority opinion.
- Every week, we will publish an exercise sheet and its solutions on this page, by Thursday evening.
- The exercise session will consist of a discussion of selected exercises (typically not all exercises). On demand, the teaching assistant can also discuss questions on specific exercises brought up by students.
- Some exercise sessions will also discuss prerequisites for the course. The material covered in these sessions will be available online. This will definitively be the case in the first exercise on Sep 26/28. For other exercise sessions, we will announce by mail if they discuss prerequisites.
- Attending the exercise sessions is optional. We will not cover additional material in the exercise sessions, except for prerequisites (see above). Therefore, we will also not record the exercise sessions.
- We strongly recommend to solve the exercises before next week's exercise session, and before looking at the solutions. The style of the exam will be similar to the exercises, so first-hand experience solving exercises is critical.
- For additional questions, we have prepared a Moodle forum.
- In case there is not enough material to cover the full exercise session, we will stop it early.
- There is no need to attend both exercise sessions, as their contents will be equivalent.
Communication
All communication (like special announcements) will be sent out by e-mail.
Literature
For students who would like to brush up on the basics of machine learning used in this course, we recommend
- Section 3 (Background) of the publication An Abstract Domain for Certifying Neural Networks by Gagandeep Singh, Timon Gehr, Markus Püschel, and Martin Vechev
- Neural Networks and Deep Learning by Michael Nielsen
- Deep Learning book by Ian Goodfellow, Yoshua Bengio, and Aaron Courville