Week 10: Adversarial Examples and Data Poisoning
Dates: Mar 15-19 · Reading: Handout 8: Adversarial Attacks on ML Systems
Learning Objectives
- Explain adversarial examples and how they fool ML models
- Describe data poisoning and its impact on model training
- Define model evasion, model inversion, and privacy attacks
- Identify defenses against each attack type
Monday Session
How AI systems are attacked. Adversarial examples: small crafted perturbations that fool models. Data poisoning: attacking the training data. Model evasion: manipulating inputs at test time.
Wednesday Session
Model inversion: extracting sensitive training data from predictions. Privacy attacks on ML. Introduction to defenses: robustness, detection, and certified defenses.
Lab
Lab 8: Adversarial Example Explorer. Generate small perturbations that cause a pre-trained image classifier to misclassify, and see why models are vulnerable.
Quiz / This Week
Quiz 8. Adversarial examples; data poisoning; model evasion; privacy attacks; defenses.