For a list of lectures, readings, assignments, and other important information, please refer to the E-learning platform. The schedule will be updated throughout the semester.
Machine learning is increasingly being deployed in many application domains such as autonomous driving and facial recognition. At the same time, machine learning techniques are easy to misuse and abuse which highlights the potential danger of relying on this technology. Complex models routinely fail to be robust to tiny perturbations of their inputs; they unintentionally memorize their training data; and they make decisions that are largely inexplicable.
This graduate-level course will explore recent academic research at the intersection of machine learning with privacy. Students will read, analyze, and discuss research papers and undertake a semester-long research project. Topics covered include: privacy metrics & differential privacy, attacks and vulnerabilities of machine learning models, overfitting and privacy, membership inference attacks, attacks using machine learning techniques, and other timely topics (as time permits).
Note: this list may be (slightly) adjusted based on time restrictions and student interests.
Familiarity with security and/or privacy concepts is a plus but not required.
Note: this course is primarily aimed at graduate students. But highly motivated undergraduates who seek exposure to research in this space are welcomed!
By the end of the semester, students will have solid knowledge of foundational concepts at the intersection of machine learning with data privacy and will have a firm grasp on recent academic research in this area. Moreover, students will be able to critically analyze published research and will have enhanced their ability to execute academic research.
Instruction format will be a blend of traditional lecture-style instruction and student-led seminar-style learning through paper reading and discussion. Students will be expected to read several research articles every week and discuss them in class. The research project will require that students execute research alone or in a small group.
Students will be evaluated based on the following breakdown:
To encourage interaction, participation will be assessed and count for 10% of the grade. Students will be expected to have done the reading before class and actively participate during lectures and discussions (e.g., by asking questions). This is important to do well in this course.
Students will be assigned written, hands-on assignments and homeworks related to course topics and the course research project. Assignments will be announced in class and will be handled through the E-learning platform (elearning.ufl.edu).
Assignments turned in late will incur a lateness penalty of 15% per day, up to a maximum of 3 days (after which the grade will be 0). If an extension is required for a legitimate reason (e.g., medical or travel), students must contact the instructor and provide justification a few days ahead of the assignment due date.
Students are required to follow the university guidelines on academic conduct and the student honor code at all times. Students failing to meet these standards will be reported to the Dean of Students, which can result in the student receiving an 'E' for the semester. In particular, students are explicitly forbidden from copying anything off of the Internet (e.g., source code, text, slides) without proper attribution or citation. Students are also forbidden from copying code/answers from each other for the purposes of completing any assignment or a course project.
This course covers topics concerning the security of many systems that are widely deployed and potentially critical. As part of this course, we will investigate methods, tools and techniques whose use may negatively impact the rights, property and lives of others. As security professionals, we rely upon the ethical use of the above technologies to perform research. However, it is easy to use such tools in an unethical manner. Unethical use includes the circumvention of existing security or privacy measurements for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services.
This is NOT a class on hacking. Any activity outside of the spirit of these guidelines will be reported to the proper authorities both within and outside of UF and may result in dismissal from the class and the University. Exceptions to these guidelines may occur in the process of reporting vulnerabilities through the proper channels; however, students with any doubt should consult Professor Bindschaedler for advice. DO NOT conduct any action which could be perceived as technology misuse anywhere or under any circumstances unless you have received explicit permission from Professor Bindschaedler.