Overview
Creating reliable, secure, robust, and fair machine learning models is a core challenge in artificial intelligence and one of fundamental importance. The goal of the course is to teach both the mathematical foundations of this new and emerging area as well as to introduce students to the latest and most exciting research in the space. To facilitate deeper understanding, the course includes a group project where students build a system based on the learned material.
The course is split into 4 parts:
Robustness of Machine Learning
- Adversarial attacks and defenses on deep learning models.
- Automated certification of deep learning models (major trends: convex relaxations, branch-and-bound, randomized smoothing).
- Certified training of deep neural networks (combining symbolic and continuous methods).
Privacy of Machine Learning
- Threat models (e.g., stealing data, poisoning, membership inference, etc.).
- Attacking federated machine learning (across vision, natural language and tabular data).
- Differential privacy for defending machine learning.
- AI Regulations and checking model compliance.
Fairness of Machine Learning
- Introduction to fairness (motivation, definitions).
- Enforcing individual fairness (for both vision and tabular data).
- Enforcing group fairness (e.g., demographic parity, equalized odds).
Robustness, Privacy and Fairness of Foundation Models
- We discuss all previous topics, as well as programmability, in the context of latest foundation models (e.g., LLMs).
Lectures
Use your NETHZ account to access the files.
| Date | Content | Slides | Exercises | Solutions |
|---|---|---|---|---|
| Sep 20 | Course Introduction |
|
|
|
| Sep 27 | Adversarial Attacks and Defenses |
|
|
|
| Oct 04 | Neural Network Certification: Box Relaxation, MILP |
|
|
|
| Oct 11 | DeepPoly, Branch and Bound |
|
|
|
| Oct 18 | Certified Defenses, Connecting Cert. and Adv. Training |
|
|
*
*
|
| Oct 25 | Project Introduction, Guest Lecture |
|
(Project Q&A) | |
| Nov 1 | Randomized Smoothing for Robustness |
|
|
|
| Nov 8 | Introduction to Privacy, Federated Learning Attacks |
|
|
|
| Nov 15 | Differential Privacy |
|
|
|
| Nov 22 | AI Regulations and Synthetic Data |
|
|
|
| Nov 29 | Incorporating Logic into Deep Learning |
|
|
|
| Dec 6 | Introduction to Fairness, Individual Fairness |
|
|
|
| Dec 13 | Group Fairness |
|
*
|
*
|
| Dec 20 | LLM Research: Overview, Safety, Privacy |
|
Recordings
All lecture recordings from this year will be available on the ETH video portal, in the same way as the recordings from 2022. Another useful resource is our Youtube playlist of lecture recordings from 2020. However, note that several new topics have been introduced to the course since then.
Course project
The project description is on these slides. The project release (template code, networks, test cases) is available here.
Previous Exams
Previous exams (formerly, this course was named "Reliable and Interpretable Artificial Intelligence") are available in the exam collection of the student association (VIS).
Course Organization
Lectures
- The lecture will take place physically in room HG G3, but will be recorded.
- For additional questions, we have prepared a Moodle forum.
Exercises
- Every week, we will publish an exercise sheet and its solutions on this page, by Thursday evening.
- The exercise session will consist of a discussion of selected exercises (potentially not all exercises). On demand, the teaching assistant can also discuss questions on specific exercises brought up by students.
- Some exercise sessions will also discuss prerequisites for the course. The material covered in these sessions will be available online. This will definitively be the case in the first exercise on Sep 25/27. For other exercise sessions, we will announce by mail if they discuss prerequisites.
- Attending the exercise sessions is optional. We will not cover additional material in the exercise sessions, except for prerequisites (see above). Therefore, we will also not record the exercise sessions.
- We strongly recommend to solve the exercises before next week's exercise session, and before looking at the solutions. The style of the exam will be similar to the exercises, so first-hand experience solving exercises is critical.
- For additional questions, we have prepared a Moodle forum.
- In case there is not enough material to cover the full exercise session, we will stop it early.
- There is no need to attend both exercise sessions, as their contents will be equivalent.
Communication
All communication (like special announcements) will be sent out by e-mail.
Literature
For students who would like to brush up on the basics of machine learning used in this course, we recommend
- Section 3 (Background) of the publication An Abstract Domain for Certifying Neural Networks by Gagandeep Singh, Timon Gehr, Markus Püschel, and Martin Vechev
- Neural Networks and Deep Learning by Michael Nielsen
- Deep Learning book by Ian Goodfellow, Yoshua Bengio, and Aaron Courville