Security and Privacy of Machine Learning - CIS 700 / Spring 2020

Overview

Instructor: Ferdinando Fioretto [email]
Location: Life Science Building 300
Time: Mon and Wed: 5:15-6:35pm
Office hours: Fridays 12:30-1:30pm
Office location: 4-125 CST
Initial Project Report Deadline: January 31
Project Progress Report: February 28

Teams

Team Alderaan: Mu Bai
Team Coruscant: David Castello; Zuhal Altundal
Team Kamino: Joel Yuhas; Vedhas Sandeep Patkar
Team Mandalore: Amin Fallahi; Jindi Wu
Team Naboo: Ankit Khare; James Kotari
Team Onderon: Mengyu Liu; Lin Zhang
Team Tatooine: Pratik Ashok Paranjape; Raman Srivastava
Team Yavin: Cuong Tran; Hanyi Li

Schedule and material

Below is the calendar for this semester course. This is the preliminary schedule, which will be altered as the semester progresses. I will attempt to announce any change to the class, but this webpage should be viewed as authoritative. If you have any questions, please contact me.

Module 1: Evasion Attacks

Date	Topic	Reading / Assignment	Present	Report
Jan 13	Overview & motivation	slides
Jan 15	Attacks	Mandatory Reading: D Lowd, C. Meek. "Good Word Attacks on Statistical Spam Filters" N Dalvi et al.. "Adversarial classification". C. Szegedy et al."Intriguing properties of neural networks". Optional Reading: A. Kurakin, I. Goodfellow, S. Bengio. "Adversarial examples in the physical world". N. Papernot, P. McDaniel, I. Goodfellow "Transferability in Machine Learning: from Phenomena to Black-Box Attacks using Adversarial Samples".	Team Alderaan	Team Naboo
Jan 20	No Class (Martin Luther Kind day)
Jan 22	Attacks and Adversarial Training	Mandatory Reading: I Goodfellow et al.. "Explaining and harnessing adversarial examples" N Papernot, P McDaniel, S Jha, N Fredrikson, ZB Celik ZB, A Swami. "The Limitations of Deep Learning in Adversarial Settings" Strongly suggested optional Reading: F Tramèr, A Kurakin, N Papernot, I Goodfellow, D Boneh, P McDanie. "Ensemble Adversarial Training: Attacks and Defenses" Optional Reading: B. Biggio et al.. "Evasion Attacks against Machine Learning at Test Time". Tutorial software: Cleverhans mnist tutorial (Pytorch)	Team Coruscant	Team Naboo
Jan 27	Defensive Distillation	Mandatory Reading: N Papernot et al.. "Distillation as a Defense to Adversarial Perturbations against Deep Neural Networks" N Papernot, P McDaniel. "On the effectiveness of defensive distillation" Strongly suggested Optional Reading: A Athalye, N Carlini, D Wagner. "Obfuscated Gradients Give a False Sense of Security: Circumventing Defenses to Adversarial Examples" Optional Reading: G Hinton, O Vinyals, J Dean. "Distilling the knowledge in a neural networks" Siyue Wang et al. "Defensive Dropout for Hardening Deep Neural Networks under Adversarial Attacks"	Team Kamino	Team Naboo
Jan 29	Other Defensive Mechanisms	Mandatory Reading: N Papernot et al. "Practical Black-Box Attacks against Deep Learning Systems using Adversarial Examples" J Jo, Y Bengio "Measuring the tendency of CNNs to Learn Surface Statistical Regularities" Optional Reading: C Guo et al. "Countering Adversarial Images using Input Transformations"	Team Mandalore	Team Naboo

Module 2: Poisoning Attacks

Date	Topic	Reading / Assignment	Present	Report
Feb 3	Introduction	Mandatory Reading: B Nelson et al. "Exploiting Machine Learning to Subvert Your Spam Filter." A Shafahi et al. "Poison Frogs! Targeted Clean-Label Poisoning Attacks on Neural Networks." Optional Reading: X. Huang et al. " Is feature selection secure against training data poisoning? ".	Team Onderon	Team Coruscant
Feb 5	Attacks on ML systems	Mandatory Reading: B Biggio, B Nelson, P Laskov. "Poisoning attacks against support vector machines". M Jagielski et al. "Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning". Optimal Reading: C Yudong, C Caramanis, S Mannor. "Robust sparse regression under adversarial corruption".	Team Tatooine	Team Coruscant
Feb 10	No Class (AAAI)
Feb 12	No Class (AAAI)
Feb 17	Defense Mechanisms	Mandatory Reading: B Rubinstein et al. "ANTIDOTE: Understanding and Defending against Poisoning of Anomaly Detectors". J Steinhardt, PW Koh, P Liang. "Certified Defenses for Data Poisoning Attack". Optional Reading: B Wang et al. "Neural Cleanse: Identifying and Mitigating Backdoor Attacks in Neural Networks".	Team Yavin	Team Coruscant

Module 3: Privacy Attacks

Date	Topic	Reading / Assignment	Present	Report
Feb 19	Data Exposure	Mandatory Reading: A Narayanan, V Shmatikov. "Robust de-anonymization of large sparse datasets.". F. Tramèr et al. "Stealing Machine Learning Models via Prediction APIs". Optional but Highly Encouraged Reading: C Dwork et al. "Exposed! A Survey of Attacks on Private Data". Optional Reading: JA Calandrino et al. "‘You Might Also Like’: Privacy Risks of Collaborative Filtering". M Fredrikson et al. "Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing".	Team Naboo	Team Alderaan
Feb 24	Privacy Attacks in Deep Learning	Mandatory Reading: R Shokri et al. "Membership Inference Attacks against Machine Learning Models". N Carlini et al. "The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks. ". C Song, V Shmatikov. "Overlearning Reveals Sensitive Attributes.". Optional but Encouraged Reading: M Nasr, R Shokri, A Houmansadr. "Comprehensive Privacy Analysis of Deep Learning".	Team Coruscant	Team Alderaan
Feb 26	No Class (CRA)

Date

Topic

Reading / Assignment

Present

Report

Feb 19

Data Exposure

Mandatory Reading:

A Narayanan, V Shmatikov. "Robust de-anonymization of large sparse datasets.".
F. Tramèr et al. "Stealing Machine Learning Models via Prediction APIs".

Optional but Highly Encouraged Reading:

C Dwork et al. "Exposed! A Survey of Attacks on Private Data".

Optional Reading:

JA Calandrino et al. "‘You Might Also Like’: Privacy Risks of Collaborative Filtering".
M Fredrikson et al. "Privacy in Pharmacogenetics: An End-to-End Case Study of Personalized Warfarin Dosing".

Team Naboo

Team Alderaan

Feb 24

Privacy Attacks in Deep Learning

Mandatory Reading:

R Shokri et al. "Membership Inference Attacks against Machine Learning Models".
N Carlini et al. "The Secret Sharer: Evaluating and Testing Unintended Memorization in Neural Networks. ".
C Song, V Shmatikov. "Overlearning Reveals Sensitive Attributes.".

Optional but Encouraged Reading:

M Nasr, R Shokri, A Houmansadr. "Comprehensive Privacy Analysis of Deep Learning".

Team Coruscant

Team Alderaan

Feb 26

No Class (CRA)

Module 4: Differential Privacy

Date	Topic	Reading / Assignment	Present	Report
Mar 2	Preliminaries	Mandatory Reading: C Dwork, A Roth. "The Algorithmic Foundations of Differential Privacy". Chapters 2 and 3 C Dwork et al. "Calibrating noise to sensitivity in private data analysis". Optional Reading: F McSherry, I Mironov. "Differentially Private Recommender Systems: Building Privacy into the Netflix Prize Contenders". I Mironov. Renyi differential privacy".	Guest Lecture: Nando	Team Kamino
Mar 4	Data Generation	Mandatory Reading: J Zhang et al. " PrivBayes: Private Data Release via Bayesian Networks ". G. Cormode et al. " Differentially private spatial decompositions ". Optional Reading: C Liand, G Miklau. " An adaptive mechanism for accurate query answering under differential privacy ".	Team Mandalore	Team Kamino
Mar 9	Optimization	Mandatory Reading: H Rastogi, M Suciu.: " Boosting the Accuracy of Differentially Private Histograms Through Consistency ". B Ding et al.: " Differentially private data cubes: optimizing noise sources and consistency ". Optional Reading: C Li et al.: " A Data- and Workload-Aware Algorithm for Range Queries Under Differential Privacy ". F Fioretto P Van Hentenryck.: " Differential Privacy of Hierarchical Census Data: An Optimization Approach ". T Mak, F Fioretto, P Van Hentenryck.: " Privacy-Preserving Obfuscation for Distributed Power Systems ".	Team Tatooine	Team Kamino

Date

Topic

Reading / Assignment

Present

Report

Mar 2

Preliminaries

Mandatory Reading:

C Dwork, A Roth. "The Algorithmic Foundations of Differential Privacy". Chapters 2 and 3
C Dwork et al. "Calibrating noise to sensitivity in private data analysis".

Optional Reading:

F McSherry, I Mironov. "Differentially Private Recommender Systems: Building Privacy into the Netflix Prize Contenders".
I Mironov. Renyi differential privacy".

Guest Lecture: Nando

Team Kamino

Mar 4

Data Generation

Mandatory Reading:

J Zhang et al. " PrivBayes: Private Data Release via Bayesian Networks ".
G. Cormode et al. " Differentially private spatial decompositions ".

Optional Reading:

C Liand, G Miklau. " An adaptive mechanism for accurate query answering under differential privacy ".

Team Mandalore

Team Kamino

Mar 9

Optimization

Mandatory Reading:

H Rastogi, M Suciu.: " Boosting the Accuracy of Differentially Private Histograms Through Consistency ".
B Ding et al.: " Differentially private data cubes: optimizing noise sources and consistency ".

Optional Reading:

C Li et al.: " A Data- and Workload-Aware Algorithm for Range Queries Under Differential Privacy ".
F Fioretto P Van Hentenryck.: " Differential Privacy of Hierarchical Census Data: An Optimization Approach ".
T Mak, F Fioretto, P Van Hentenryck.: " Privacy-Preserving Obfuscation for Distributed Power Systems ".

Team Tatooine

Team Kamino

Module 5: Differential Privacy and Machine Learning

Date	Topic	Reading / Assignment	Present	Report
Mar 11	Machine Learning	Mandatory Reading: + A Friedman, A Schuster: " Data Mining with Differential Privacy ". + K Chaudhuri, C Monteleoni, AD Sarwate. : " Differentially private empirical risk minimization ". Optional Reading: + G Jagannathan, K Pillaipakkamnatt, RN Wright: " A Practical Differentially Private Random Decision Tree Classifier ". + D Kifer, AD Smith, A Thakurta. : " Private convex optimization for empirical risk minimization with applications to high-dimensional regression ". + B Rubinstein et al.: " Learning in a large function space: Privacy-preserving mechanisms for SVM learning ".	Team Yavin	Team Mandalore
Mar 16	No Class (Spring Break)
Mar 18	No Class (Spring Break)
Mar 23	Deep Learning	Mandatory Reading: M Abadi et al. " Deep learning with differential privacy ". N Papernot et al. " Semi-supervised Knowledge Transfer for Deep Learning from Private Training Data ". Optional Reading: N Papernot et al. " Scalable Private Learning with PATE ". N Phan et al. " Differential Privacy Preservation for Deep Auto-Encoders: An Application of Human Behavior Prediction ". Software: cleverhans TensorFlow privacy	Team Alderaan + Nando	Team Mandalore
Mar 25	Generative Adversarial Networks	Mandatory Reading: Gergely Acs et al.: " Differentially Private Mixture of Generative Neural Networks ". L Xie et al.: " https://arxiv.org/abs/1802.06739 ". Optional Reading: X Zhang, S Ji, T Wang.: " Differentially Private Releasing via Deep Generative Model (Technical Report) ". C Arnold, M Neunhoeffer, S Sternberg: " An Empirical Evaluation of Differentially Private Generative Adversarial Networks for Science ".	Team Onderon	Team Mandalore

Project Review Session

Date	Topic	Reading / Assignment	Present	Report
Mar 30	Project Review		All

Module 6: Differential Privacy Model Extensions

Date	Topic	Reading / Assignment	Present	Report
Apr 1	Local DP	Mandatory Reading: G Cormode et al.: " Privacy at Scale: Local Differential Privacy in Practice ". U Erlingsson, V Pihur, A Korolova.: " RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response ". Optional Reading: B Ding, J Kulkarni, S Yekhanin: " Collecting telemetry data privately ". P Kairouz, S Oh, P Viswanath.: " Extremal Mechanisms for Local Differential Privacy ". B Bebensee.: " Local Differential Privacy: a tutorial ".	Team Kamino	Team Tatooine
Apr 6	Temporal DP	Mandatory Reading: V Rastogi, S Nath. : " Differentially private aggregation of distributed time-series with transformation and encryption ". F Fioretto, P Van Hentenryck.: " OptStream: Releasing Time Series Privately ". Optional Reading: Y Cao et al: " Quantifying Differential Privacy in ContinuousData Release under Temporal Correlations ".	Team Naboo	Team Tatooine

Date

Topic

Reading / Assignment

Present

Report

Apr 1

Local DP

Mandatory Reading:

G Cormode et al.: " Privacy at Scale: Local Differential Privacy in Practice ".
U Erlingsson, V Pihur, A Korolova.: " RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response ".

Optional Reading:

B Ding, J Kulkarni, S Yekhanin: " Collecting telemetry data privately ".
P Kairouz, S Oh, P Viswanath.: " Extremal Mechanisms for Local Differential Privacy ".
B Bebensee.: " Local Differential Privacy: a tutorial ".

Team Kamino

Team Tatooine

Apr 6

Temporal DP

Mandatory Reading:

V Rastogi, S Nath. : " Differentially private aggregation of distributed time-series with transformation and encryption ".
F Fioretto, P Van Hentenryck.: " OptStream: Releasing Time Series Privately ".

Optional Reading:

Y Cao et al: " Quantifying Differential Privacy in ContinuousData Release under Temporal Correlations ".

Team Naboo

Team Tatooine

Module 7: Model Robustness

Date	Topic	Reading / Assignment	Present	Report
Apr 8	Robustness in ML	Mandatory Reading: N Carlini, D Wagner : " Towards evaluating the robustness of neural networks. " Lecuyer et al., : " Certified Robustness to Adversarial Examples with Differential Privacy. " Diakonikolas et al., " Sever: A Robust Meta-Algorithm for Stochastic Optimization. " Optional Reading: M Hein, M Andriushchenko: " Formal guarantees on the robustness of a classifier against adversarial manipulation” ". N Carlini et al.: " Provably Minimally-Distorted Adversarial Examples ".	Team Coruscant	No Notes

Date

Topic

Reading / Assignment

Present

Report

Apr 8

Robustness in ML

Mandatory Reading:

N Carlini, D Wagner : " Towards evaluating the robustness of neural networks. "
Lecuyer et al., : " Certified Robustness to Adversarial Examples with Differential Privacy. "
Diakonikolas et al., " Sever: A Robust Meta-Algorithm for Stochastic Optimization. "

Optional Reading:

M Hein, M Andriushchenko: " Formal guarantees on the robustness of a classifier against adversarial manipulation” ".
N Carlini et al.: " Provably Minimally-Distorted Adversarial Examples ".

Team Coruscant

No Notes

Module 8: Federated Learning

Date	Topic	Reading / Assignment	Present	Report
Apr 13	Preliminaries	Mandatory Reading: Kairouz et al.: " Advances and Open Problems in Federated Learning "	Guest Lecture: Pranay	Team Onderon
Apr 15	Seminal papers	Mandatory Reading: McMahan et al.Communication-Efficient Learning of Deep Networks from Decentralized Data Bagdasaryan, et al. How To Backdoor Federated Learning Optional Reading: Li, et al.: Federated Optimization in Heterogeneous Networks. UnkownFederated learning with matched averaging	Team Tatooine	Team Onderon
Apr 20	Privacy	Mandatory Reading: Geyer et al.Differentially private federated learning: a client level perspective McMahanLearning differentially private recurrent language models Optional Reading: Liang et al.: Think Locally, Act Globally: Federated Learning with Local and Global Representations.	Team Yavin	Team Onderon

Date

Topic

Reading / Assignment

Present

Report

Apr 13

Preliminaries

Mandatory Reading:

Kairouz et al.: " Advances and Open Problems in Federated Learning "

Guest Lecture: Pranay

Team Onderon

Apr 15

Seminal papers

Mandatory Reading:

McMahan et al.Communication-Efficient Learning of Deep Networks from Decentralized Data
Bagdasaryan, et al. How To Backdoor Federated Learning

Optional Reading:

Li, et al.: Federated Optimization in Heterogeneous Networks.
UnkownFederated learning with matched averaging

Team Tatooine

Team Onderon

Apr 20

Privacy

Mandatory Reading:

Geyer et al.Differentially private federated learning: a client level perspective
McMahanLearning differentially private recurrent language models

Optional Reading:

Liang et al.: Think Locally, Act Globally: Federated Learning with Local and Global Representations.

Team Yavin

Team Onderon

Module 9: Fairness and Bias

Date	Topic	Reading / Assignment	Present	Report
Apr 22	Preliminaries	Mandatory Reading: Dwork et al. Fairness Through Awareness Goh et al. Satisfying Real-world Goals with Dataset Constraints Optional Reading: M. Feldman et al. Certifying and removing disparate impact	Team Mandalore	Team Yavin
Apr 27	Applications	Mandatory Reading: Zafar et al.Fairness Constraints: Mechanisms for Fair Classification Liu et al. Delayed Impact of Fair Machine Learning Optional Reading: Y. Bechavod, K. LigettPenalizing Unfairness in Binary Classification Hardt et al. Equality of Opportunity in Supervised Learning	Team Kamino	Team Yavin

Date

Topic

Reading / Assignment

Present

Report

Apr 22

Preliminaries

Mandatory Reading:

Dwork et al. Fairness Through Awareness
Goh et al. Satisfying Real-world Goals with Dataset Constraints

Optional Reading:

M. Feldman et al. Certifying and removing disparate impact

Team Mandalore

Team Yavin

Apr 27

Applications

Mandatory Reading:

Zafar et al.Fairness Constraints: Mechanisms for Fair Classification

Liu et al. Delayed Impact of Fair Machine Learning

Optional Reading:

Y. Bechavod, K. LigettPenalizing Unfairness in Binary Classification
Hardt et al. Equality of Opportunity in Supervised Learning

Team Kamino

Team Yavin

Final Presentation

Date	Topic	Reading / Assignment	Present	Report
May 4	Poster Session

Assignments

LaTeX template for assignments

All class notes should be submitted using the AAAI Template.

Paper presentation

In each class, a team of students will present the assigned papers. Different types of presentation are allowed (e.g., slides, interactive demos or code tutorials). The only requirements is that the presentation should (a) involve the class in active discussions, (b) cover all papers assigned for reading, and (c) last no more than 1:15h including discussions.

Class notes

Another team of students will be charged with writing notes synthesizing the content of the presentation and class discussion.

Research projects

Students will work on a course-long research project. Each project will be presented in the form of a poster on May 4 (tentative).

Grading

Grading scheme

30% paper presentation, 20% class notes, 10% class participation, 40% research project.

Class participation

Course lectures will be driven by the contents of assigned papers. All students are asked to participate in an active discussions of the paper content during each class.

Lateness policy

The presentation material should be presented two days prior the day of presentation. A 10% per-day late-penalty will be applied for delays. If the presentation is not ready for the day in which the team is supposed to present all students in the team will be assigned 0 points.

Integrity

Any instance of sharing or plagiarism, copying, cheating, or other disallowed behavior will constitute a breach of ethics. Students are responsible for reporting any violation of these rules by other students, and failure to constitutes an ethical violation that carries with it similar penalties.

Ethics statement

In this course, you will be learning about and exploring some vulnerabilities that could be exploited to compromise deployed systems. You are trusted to behave responsibility and ethically. You may not attack any system without permission of its owners, and may not use anything you learn in this class for evil. If you have doubts about ethical and legal aspects of what you want to do, you should check with the course instructor before proceeding. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class.

Final Projects Summary

Automotive Anomaly Detection with Resistence to Adversarial Samples

Members: Mengyu Liu, Lin Zhang
Summary: Cyber-Physical system is a field integrate communication, controlling and computing with multiple sensors and actuators connected to the physical world. Attacks from invader and complex environment could lead to abnormal state of the system. Many previous works designed various anomaly detection algorithms to handle this problem. Recently, machine learning methods has been applied in many works but anomaly samples are extreme rare which makes the performance not good. An efficiency way is data augmentation, a few works applied Generative neural networks to achieve better performance, but none of them explain how the process related to physical world and did interpret it from a knowledge-based view. Our work proposed a novel perspective on how to understand how Generative Neural Network helped exploiting the knowledge of our collected data with different anomaly detection algorithm. Additionally, we built testbeds to simulate autonomous vehicles to see how the augmented data related to physical world.
Presentation

Comparing Model Accuracy for Differential Privacy and Machine Unlearning on Sensitive Data

Members: Vedhas S. Patkar and Joel W. Yuhas
Summary: Machine Learning models, particularly those that employ neural networks, generally need large datasets for identification. Our aim is to employ existing models that use differential privacy and machine unlearning to determine the best possible outcomes for sensitive and identifiable data, both in terms of privacy and model accuracy. We will set out to find the limitations and advantages of existing architectures, and figure out the possible changes that can be made to them to provide better outcomes
Presentation

Asynchronous Federated Learning - Literature Review

Members: David Castello
Summary: Federated learning is an emergent field of research that seeks to train performant machine learning models across a heterogeneous collection of mobile devices, each with access to private data. Despite the fact that such devices have uneven hardware capabilities and quantities of training data, and that network constraints and hardware failures can occur at any time, state of the art algorithms to conduct federated learning operate in synchronous rounds of communication. This work is a literature review of recent efforts to address this contradiction via novel protocols that relax the need to synchronize local training. Following a background study of the influences behind federated learning, six new research papers are surveyed to assess the progress of this new field towards developing robust and effective asynchronous federated learning algorithms.
Presentation

Learning a Fair Model under Privacy Constraints

Members: Cuong Tran
Summary: In this class project we study binary classification problems under three angles: accuracy, privacy and fairness. We explore how to maximize model’s accuracy given the constraints that the models’ prediction should not be discriminative towards certain protected groups. At the same time, we aim the model should be secured in term of protecting training data.
Presentation

Improved StarGAN for Generating Adversarial Samples

Members: Jindi Wu, Mu Bai
Summary: We propose a solution of adversarial samples generation based on the StarGAN, which is an image-to-image translation model and can smoothly generate a set of new images from source images. The images generated by StarGAN could be adversarial samples for attacking deep neural network classifier. Our main aim is to attack the targeted model with specific output label and pass the corresponding smooth detection simultaneously.
Presentation

Constrained Deep Learning for Fast Approximation of Scheduling Problems

Members: James Kotary
Summary: Combinatorial optimization problems in planning and scheduling are known to lack efficient solution methods,while demand for the frequent and accurate solution of such problems is ever increasing across several engineering fields. Recent developments in machine learning promise new approaches for the fast approximation of constrained optimization problems at significantly reduced time-scales. This project will explore the application of constrained deep learning to build a system that predicts accurate solutions to challenging scheduling problems, with favorable properties not reflected in the original problem structures.
Presentation

Privacy Preserving with Preference Elicitation Process

Members: Pratik Ashok Paranjape and Raman Srivastava
Summary: Preference elicitation is the process of developing a decision support system to generate recommendations for a user. Privacy preserving refers to the system of publicly sharing information about a dataset by describing the patterns of groups within the dataset without dis-closing the information about individuals in the dataset. The idea of this project is to implement differential privacy in a recommendation system.
Presentation

Links to Related Courses

Ferdinando Fioretto

Security and Privacy of Machine Learning - CIS 700 / Spring 2020

Overview

Teams

Schedule and material

Module 1: Evasion Attacks

Module 2: Poisoning Attacks

Module 3: Privacy Attacks

Module 4: Differential Privacy

Module 5: Differential Privacy and Machine Learning

Project Review Session

Module 6: Differential Privacy Model Extensions

Module 7: Model Robustness

Module 8: Federated Learning

Module 9: Fairness and Bias

Final Presentation

Assignments

LaTeX template for assignments

Paper presentation

Class notes

Research projects

Grading

Grading scheme

Class participation

Lateness policy

Integrity

Ethics statement

Final Projects Summary

Automotive Anomaly Detection with Resistence to Adversarial Samples

Comparing Model Accuracy for Differential Privacy and Machine Unlearning on Sensitive Data

Asynchronous Federated Learning - Literature Review

Learning a Fair Model under Privacy Constraints

Improved StarGAN for Generating Adversarial Samples

Constrained Deep Learning for Fast Approximation of Scheduling Problems

Privacy Preserving with Preference Elicitation Process