COSC 89.40 Topics in Adversarial Machine Learning

This seminar surveys the security and privacy of machine learning systems, with a focus on classical (non-generative) ML and deep learning models deployed in adversarial environments. Students will read and discuss foundational and recent research on evasion attacks (adversarial examples), data poisoning and backdoors, model extraction and stealing, membership-inference and privacy leakage, certified and empirical defenses, and the security of federated learning. The course emphasizes how attackers reason about ML pipelines end-to-end—from training data and model internals to deployment APIs and physical-world sensors—and how defenders can build models that are robust, private, and accountable.

The class operates as a student-led research seminar. Weekly meetings center on reading and discussing recent papers from the top security venues (IEEE S&P / Oakland, USENIX Security, CCS, NDSS) and the top machine learning venues (NeurIPS, ICML, ICLR). Short instructor lectures provide methodological context (threat models, optimization-based attacks, robust optimization, differential privacy). Evaluation is based on discussion leadership and participation, weekly reflections, and a semester project with defined milestones that extends, critiques, or applies one of the covered research areas.