Schedule

Paper Summaries

Due on September 21 (Tuesday) at 12pm noon

1. SoK: Security and Privacy in Machine Learning. Nicolas Papernot, Patrick McDaniel, Arunesh Sinha, and Michael P. Wellman. (pdf)

Due on September 23 (Thursday) at 12pm noon

1. Practical Black-Box Attacks against Machine Learning. Nicolas Papernot, Patrick McDaniel, Ian Goodfellow, Somesh Jha, Z. Berkay Celik, Ananthram Swami. (pdf) [Presentation by Sabrina Jain]

2. Intriguing Properties of Neural Networks. Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, Rob Fergus. (pdf) [Presentation by Uttam Rao]

Due on September 28 (Tuesday) at 12pm noon

1. Explaining and Harnessing Adversarial Examples. Ian Goodfellow, Jonathon Shlens, Christian Szegedy. (pdf) [Presentation by Rachael Williams]

2. Privacy Risks of Securing Machine Learning Models against Adversarial Examples. Liwei Song, Reza Shokri, Prateek Mittal. (pdf) [Presentation by Patrick Niccolai]

3. Enhancing Robustness of Machine Learning Systems via Data Transformations. Arjun Nitin Bhagoji, Daniel Cullina, Chawin Sitawarin, Prateek Mittal (pdf) [Presentation by Paul Lintilhac]

Due on September 30 (Thursday) at 12pm noon

1. Model Inversion Attacks that Exploit Confidence Information and Basic Countermeasures. Matt Fredrikson, Somesh Jha, Thomas Ristenpart. (pdf) [Presentation by Viney Regunath]

2. Deep Models Under the GAN: Information Leakage from Collaborative Deep Learning. Briland Hitaj, Giuseppe Ateniese, Fernando Perez-Cruz. (pdf) [Presentation by Tommy White]

Due on October 5 (Tuesday) at 12pm noon

1. The Secret Revealer. Yuheng Zhang, Ruoxi Jia, Hengzhi Pei, Wenxiao Wang, Bo Li, Dawn Song. (pdf) [Presentation by Sayantan Dibbo]

2. Updates-Leak:Data Set Inference and Reconstruction Attacks in Online Learning. Ahmed Salem, Apratim Bhattacharya, Michael Backes, Mario Fritz, Yang Zhang. (pdf) [Presentation by Ying Liu]

Due on October 7 (Thursday) at 12pm noon

1. Disparate Vulnerability: on the Unfairness of Privacy Attacks Against Machine Learning. Bogdan Kulynych, Mohammad Yaghini, Giovanni Cherubin, Michael Veale, and Carmela Troncoso. (pdf) [Presentation by Adam Vandenbussche]

2. ML-Leaks: Model and Data Independent Membership Inference Attacks and Defenses on Machine Learning Models. Ahmed Salem, Yang Zhang, Mathias Humbert, Pascal Berrang, Mario Fritz, Michael Backes. (pdf) [Presentation by Dae Lim Chung]

Due on October 12 (Tuesday) at 12pm noon

1. Membership Inference Attacks against Machine Learning Models. Reza Shokri, Marco Stronati, Congzheng Song, Vitaly Shmatikov. (pdf) [Presentation by Santiago Zamor]

2. Membership Inference Attacks and Defenses in Classification Models. Jiacheng Li, Ninghui Li, Bruno Ribeiro. (pdf) [Presentation by Connor Spencer]

Due on October 14 (Thursday) at 12pm noon

Midterm Presentation

Due on October 19 (Tuesday) at 12pm noon

1. Automatically Evading Classifiers: A Case Study on PDF Malware Classifiers. Weilin Xu, Yanjun Qi, and David Evans. (pdf) [Presentation by Ying Liu]

2. Evasion Attacks against Machine Learning at Test Time. Battista Biggio, Igino Corona, Davide Maiorca, Blaine Nelson, Nedim Srndic, Pavel Laskov, Giorgio Giacinto, Fabio Roli. (pdf) [Presentation by Rachael Williams]

Due on October 21 (Thursday) at 12pm noon

1. Poisoning Attacks against Support Vector Machines. Battista Biggio, Blaine Nelson, Pavel Laskov. (pdf) [Presentation by Dae Lim Chung]

2. Manipulating Machine Learning: Poisoning Attacks and Countermeasures for Regression Learning. Matthew Jagielski, Alina Oprea, Battista Biggio, Chang Liu, Cristina Nita-Rotaru, Bo Li. (pdf) [Presentation by Tommy White]

3. Certified Defenses for Data Poisoning Attacks. Jacob Steinhardt, Pang Wei Koh, Percy Liang. (pdf) [Presentation by Patrick Niccolai]

Due on October 26 (Tuesday) at 12pm noon

1. High Accuracy and High Fidelity Extraction of Neural Networks. Matthew Jagielski, Nicholas Carlini, David Berthelot, Alex Kurakin, Nicolas Papernot. (pdf) [Presentation by Connor Spencer]

2. Stealing Machine Learning Models via Prediction APIs. Florian Tramèr, Fan Zhang, Ari Juels, Michael K. Reiter, Thomas Ristenpart. (pdf) [Presentation by Sabrina Jain]

Due on October 28 (Thursday) at 12pm noon

1. Federated Learning with Differential Privacy: Algorithms and Performance Analysis. Kang Wei, Jun Li, Ming Ding, Chuan Ma, Howard H. Yang, Farokhi Farhad, Shi Jin, Tony Q. S. Quek, H. Vincent Poor. (pdf) [Presentation by Viney Regunath]

2. RAPPOR: Randomized Aggregatable Privacy-Preserving Ordinal Response. Úlfar Erlingsson, Vasyl Pihur, Aleksandra Korolova. (pdf) [Presentation by Uttam Rao]

Due on November 2 (Tuesday) at 12pm noon

1. Counterfactual Fairness. Matt J. Kusner, Joshua R. Loftus, Chris Russell, Ricardo Silva. (pdf) [Presentation by Adam Vandenbussche]

2. Equality of Opportunity in Supervised Learning. Moritz Hardt, Eric Price, Nathan Srebro. (pdf) [Presentation by Santiago Zamora]

Due on November 4 (Thursday) at 12pm noon

1. On the Privacy Risks of Model Explanations. Reza Shokri, Martin Strobel, Yair Zick. (pdf) [Presentation by Paul Lintilhac]

2. Model Reconstruction from Model Explanations. Smitha Milli, Ludwig Schmidt, Anca D. Dragan, Moritz Hardt. (pdf) [Presentation by Sayanton Dibbo]