194.055 Security, Privacy and Explainability in Machine Learning
This course is in all assigned curricula part of the STEOP.
This course is in at least 1 assigned curriculum part of the STEOP.

2023S, VU, 2.0h, 3.0EC


  • Semester hours: 2.0
  • Credits: 3.0
  • Type: VU Lecture and Exercise
  • Format: Presence

Learning outcomes

After successful completion of the course, students are able to...

- Identify threats to privacy of individuals in machine learning datasets

- Select fitting solutions for privacy-preserving machine learning

- Understand attack vectors on machine learning models, and how attacls can be detected and mitigated

- Select fitting concepts for explainable and interpretable machine learning

Subject of course

  • Privacy-preserving techniques to anonymize sensitive information in the input data, e.g. to facilitate data sharing, with a specific focus on the implications on the utility of the data and the models trained thereon. This includes e.g. k-anonymity and related models such as l-diversity, as well as differential privacy, etc.
  • Generation of synthetic data as privacy-preserving method
  • Privacy-preserving techniques, such as differential privacy, to prevent information leaks from trained models
  • Attack vectors on machine learning models, e.g. membership attacks, and model stealing, Adversary Input Generation and how to limit them
  • Backdoor embedding to manipulate the behaviour of seemingly benign models for malicious purposes
  • Privacy-preserving computation of machine learning models, e.g. with secure multi-party computation, and homomorphic encryption approaches
  • Explainability of machine learning models to facilitate a better understanding and trust in the models, e.g. via visualization, rule extraction, Zero-Shot Learning


Teaching methods

The course consists of lectures and exercises. Lectures will be held in-class.  Exercises include the application of privacy-preserving, secure and explainabel machine learning techniques for various data sets and implementation of thses techniques. The exercises are prepared at home and will be presented/discussed during the exercise classes.  

Mode of examination


Additional information

The SPEML Lecture will be held in class!

Preliminary talk (Vorbesprechung) & Intro: 2.3. 2023, in-class






Course dates

Thu11:00 - 13:0002.03.2023 - 29.06.2023EI 3A Hörsaal Lecture
Security, Privacy and Explainability in Machine Learning - Single appointments
Thu02.03.202311:00 - 13:00EI 3A Hörsaal Lecture
Thu09.03.202311:00 - 13:00EI 3A Hörsaal Lecture
Thu16.03.202311:00 - 13:00EI 3A Hörsaal Lecture
Thu23.03.202311:00 - 13:00EI 3A Hörsaal Lecture
Thu30.03.202311:00 - 13:00EI 3A Hörsaal Lecture
Thu20.04.202311:00 - 13:00EI 3A Hörsaal Lecture
Thu27.04.202311:00 - 13:00EI 3A Hörsaal Lecture
Thu04.05.202311:00 - 13:00EI 3A Hörsaal Lecture
Thu11.05.202311:00 - 13:00EI 3A Hörsaal Lecture
Thu25.05.202311:00 - 13:00EI 3A Hörsaal Lecture
Thu01.06.202311:00 - 13:00EI 3A Hörsaal Lecture
Thu15.06.202311:00 - 13:00EI 3A Hörsaal Lecture
Thu22.06.202311:00 - 13:00EI 3A Hörsaal Lecture
Thu29.06.202311:00 - 13:00EI 3A Hörsaal Lecture

Examination modalities

- Solving of exercises regarding experiments in secruity, privacy and explainability of machine learning, using a software toolkit of the student's choice (e.g. Python scikit-learn, Matlab, R, WEKA, ...)

- Written exam (closed book) - most likely in-class, but via TUWEL. In case of low enrollment, the exam can also be conducted orally (also, depending on the development of the pandemic situation, most likely on-line).


DayTimeDateRoomMode of examinationApplication timeApplication modeExam
Mon14:00 - 16:0010.06.2024EI 9 Hlawka HS - ETIT written01.04.2024 00:00 - 05.06.2024 23:59TISSExam 1

Course registration

Begin End Deregistration end
26.01.2023 00:00 05.04.2023 23:59 05.04.2023 23:59



No lecture notes are available.

Previous knowledge

184.702 Machine Learning, or a similar Machine Learning lecture

Preceding courses