Machine learning is increasingly used in security-critical applications, such as autonomous driving, face recognition and malware detection. Most learning methods, however, have not been designed with security in mind and thus are vulnerable to different types of attacks.
An attacker, for instance, can mislead a spam classifier by using synonyms or slightly modified words for writing spam emails. Similarly, an attacker may attach stickers to stop signs, such that autonomous cars will confuse the signs and do not stop.
In this seminar, we study the field of adversarial machine learning and discuss attacks against learning methods, analyze corresponding defenses and investigate their impact on real-world systems.
The seminar is organized like a real academic conference. You need to prepare a written paper (German or English) about the selected topic.
After submitting your paper at our conference system, you will write two short reviews about two of the papers submitted by your fellow students. In this way, you can give them feedback about how to improve their paper. Then, you will have time to improve your own final paper with reviews from the others.
Last but not least, you will give a 20-25 minutes talk about your paper, and we will provide pizza to enjoy the talks at our small conference.