After successful completion of the course, students are able to...

- Identify threats to privacy of individuals in machine learning datasets

- Select fitting solutions for privacy-preserving machine learning

- Understand attack vectors on machine learning models, and how attacls can be detected and mitigated

- Select fitting concepts for explainable and interpretable machine learning

• Privacy-preserving techniques to anonymize sensitive information in the input data, e.g. to facilitate data sharing, with a specific focus on the implications on the utility of the data and the models trained thereon. This includes e.g. k-anonymity and related models such as l-diversity, as well as differential privacy, etc.
• Privacy-preserving techniques, such as differential privacy, to prevent information leaks from trained models
• Attack vectors on machine learning models, e.g. membership attacks, and model stealing, Adversary Input Generation and how to limit them
• Backdoor embedding to manipulate the behaviour of seemingly benign models for malicious purposes
• Privacy-preserving computation of machine learning models, e.g. with secure multi-party computation, and homomorphic encryption approaches
• Explainability of machine learning models to facilitate a better understanding and trust in the models, e.g. via visualization, rule extraction, Zero-Shot Learning

The course consists of lectures and exercises. Lectures will be live-streamed via Zoom as long as the current restrictions on presence-teaching persist. Links to the Zoom sessions are provided in TUWEL.  Exercises include the application of privacy-preserving, secure and explainabel machine learning techniques for various data sets and implementation of thses techniques. The exercises are prepared at home and will be presented/discussed during the exercise classes.  

The SPEML Lecture will be held on-line!

Note: The lecture has to be held on-line for the time being. The lectures will be streamed live via a Zoom Session, the link and access information will be posted in the TUWEL course. There will be no recorded videos of the lectures. The time slots for the lectures remain unchanged as announced in the lecture room reservation. It is currently not permitted to attend any lectures physically. If the TU regulations should change and physical presence should be come possible we will announce this.

- Solving of exercises regarding experiments in secruity, privacy and explainability of machine learning, using a software toolkit of the student's choice (e.g. Python scikit-learn, Matlab, R, WEKA, ...)

- Written exam (closed book) - most likely on-line via TUWEL. If the pandemic situation allows face-to-face exams at the scheduled time, we would switch to a face-to-face exam. In case of low enrollment, the exam can also be conducted orally (also, depending on the development of the pandemic situation, most likely on-line).

184.702 Machine Learning