Courses and Tutorials

• Word Vectors
• Recurrent Neural Networks
• Sequence to Sequence Models and Machine Translation
• Transformers
• Pretraining
• Post-training (RLHF, SFT)
• Efficient Adaptation (few shot, prompt learning, etc.)
• Security and Privacy
  • Prompt Injection Attacks
  • Poisoning Attacks
  • Extracting Training Data from Large Language Models
  • Quantifying Memorization Across Neural Language Models
• Code Generation
• Multimodal Language Models

This module delves into Generative AI, particularly emphasizing large language
models (LLMs) and their various applications. Foundational concepts are
explained to build a solid technical understanding. The module covers efficient
LLM adaptation techniques that make LLMs more accurate and effective for
specific tasks. Considering their high impact on user safety, the module highlights
LLMs’ vulnerabilities to adversarial attacks (e.g., adversarial examples and prompt
injection attacks) and methods for extracting training data from LLMs. Finally, it
covers practical aspects of developing LLMs and testing their robustness.

• Inference: induction, deduction, and abduction
• Statistical inference
• Machine Learning
• Deep Learning
• Model selection and error estimation
• Implementation and Applications

This module provides an introduction to machine learning security. After a brief summarization of the advantages of machine learning, it explains that these algorithms can be fooled, providing compelling examples. Then, it describes the desired properties of trustworthy AI systems.

This module will provide an overview of formal verification for neural networks, which can be used to certify that the networks are robust to adversarial perturbations. Local robustness verification focuses on deciding the presence or absence of adversarial examples within a perturbation neighborhood of an input. An alternative approach for neural network analysis is to construct the preimage abstraction of its predictions. Given a set of outputs, the preimage is defined as the set of all inputs mapped by the neural network to that output set. By characterizing the preimage symbolically in an abstract representation, e.g., polyhedra, one can perform more complex analysis for a wider class of properties beyond local robustness, such as computing the proportion of inputs satisfying a property. Finally, a probabilistic variant of neural networks, called Bayesian neural networks, will be introduced. Bayesian neural networks return a probability distribution on outputs, so their verification draws on bound propagation and involves bounding the posterior probability.

This module focuses on poisoning attacks, which alter a small percentage of the training dataset to cause subsequent misclassifications at test time. It covers the different typologies of poisoning attacks: (i) indiscriminate poisoning attacks,
whose goal is to make the system unusable by legitimate users, for example,
enforcing the system to make a high number of errors; (ii) targeted poisoning attacks, whose goal is to have specific test samples classified as the attacker
desired, without decreasing the model accuracy on the remaining samples to avoid detection; (iii) backdoor poisoning, whose goal is to have only some test samples containing a peculiar pattern misclassified as the desired class. It also presents the state-of-the-art defenses developed against them.
As poisoning can be formulated as a bi-level optimization problem, we also
provided a lecture about bi-level optimization that can help deepen its comprehension.

“Poisoning ML attack and defenses”: Slides, video, code

“Principled and Efficient Bilevel Optimization for Machine Learning”: Slides

This module focuses on evasion attacks, which slightly perturb test data to have them misclassified. It explains how evasion attacks can be computed against binary and multiclass classifiers and when the attacker has a different knowledge of the target systems. Considering the most popular evasion attack algorithms, it illustrates the differences between the different types of attack, including sparse and dense and minimum- and max-confidence. Then, it describes the most frequent problems encountered in conducting a security evaluation of a machine learning model and explains how to make it more reliable. Finally, it describes the techniques that can be employed to improve the security of machine learning systems against evasion attacks.

This module delves into Generative AI, particularly emphasizing large language models (LLMs) and their various applications. Foundational concepts are explained to build a solid technical understanding. The module covers efficient LLM adaptation techniques that make LLMs more accurate and effective for specific tasks. Considering their high impact on user safety, the module highlights LLMs’ vulnerabilities to adversarial attacks (e.g., adversarial examples and prompt injection attacks) and methods for extracting training data from LLMs. Finally, it covers practical aspects of developing LLMs and testing their robustness.

This module focuses on the root causes behind the potential vulnerabilities of machine learning algorithms and the methodology that should be followed to defend them. It explains that the first step to creating a robust system is to characterize the adversaries it can face by their goals, knowledge, and capabilities. Then, the defender should anticipate the adversary by assessing the system’s performance against the attacks it can face in the worst-case scenarios and protect it from them. Moreover, it presents an overview of the different attacks that can threaten machine learning algorithms.

This module is composed of two main sections: uncertainty quantification, classifier confidence calibration and out-of-distribution detection. First, we provide a primer on the different types of uncertainty and what they can reveal about the potential problems at hand. We will then focus on the appealing properties of Deep Ensembles and describe different recent strategies to improve the efficiency of ensembles in terms of training cost, run-time cost, number of forward passes. We will also delve into a key tool for model-based decision making: geometric probabilistic models, i.e., probabilistic models on non-Euclidean domains such as graphs or manifolds. In the following we cover the problem of confidence calibration (how well a model’s prediction confidence matches its correctness). After introducing calibration, we present two main lines of approaches for improving calibration: post-hoc calibration methods and approaches that inject calibration-aware priors in a model during training. In the final section on out-of-distribution detection we cover in-depth three aspects of this field: (i) technical challenges, (ii) methodology overview, and (iii) real-world applications.

Uncertainty estimation and next generation ensembles: slides, video

Geometric Probabilistic Models: slides, code

Calibration of Deep Neural Networks: slides

Out-of-distribution detection: slides, video

Open World: Generalize and Recognize Novelty: slides

This module focuses on the principles and techniques of maintaining privacy in machine learning. It introduces key concepts such as differential privacy, federated learning, and homomorphic encryption. Students will explore methods for training models on sensitive data without compromising individual privacy, including the use of secure multi-party computation and privacy-preserving data mining. Practical applications and case studies demonstrate how these techniques are implemented in real-world scenarios. The module emphasizes the balance between model performance and privacy, and discusses regulatory frameworks and ethical considerations.

Introduction to Privacy Preserving Machine Learning: slides, video, code

Privacy Preserving Machine Learning: video

This module delves into the concept of fairness in machine learning algorithms, exploring how biases in data and models can lead to unfair outcomes. It covers various definitions of fairness, including statistical parity, equalized odds, and disparate impact. The module discusses techniques for detecting and mitigating bias, such as pre-processing, in-processing, and post-processing methods. Real-world case studies illustrate the consequences of algorithmic bias and the importance of fairness in diverse applications.

This module explores the importance of interpretability and explainability in machine learning models, ensuring that their decisions can be understood and trusted by humans. It covers various techniques for creating interpretable models, such as decision trees, rule-based systems, and linear models, alongside methods for explaining complex models like neural networks and ensemble methods. Topics include feature importance, SHAP values, LIME, and model-agnostic interpretability techniques.

Introduction to Interpretable/Explainable Machine Learning: slides, video, code

Explainable AI (XAI): slides

This module highlights the problems of Data procurement and Transparency, interpretable AI, drawing upon the applications of big data systems to environmental science, using distributed computing, as well as safety and security and sustainability challenges.