TUM Logo

Adversarial and Secure Machine Learning

Adversarial and Secure Machine Learning  

Seminare 2 SWS / 5 ECTS
Veranstalter: Ching-Yu Kao
Zeit und Ort:

Kickoff 16.07.19 11:00 ~ 11:30  Seminarraum 01.08.033

Zeit und Ort:    16 - 18 Uhr / Seminarraum 01.08.033
21.Oct.2019 - Kick-off meeting,
4.Nov.2019, 5.Nov.2019, 6.Nov.2019 - Discussion sessions,
13.Jan.2020, 14.Jan.2020, 15.Jan.2020 - Final presentations.
Max. Studenten/ Studentinnen: 8, 2 students forms a team
Beginn: 2019-10-21

The lecture is given in english
The slides are available in english
The exam will be in english


1. The introductory meeting is completed on 16.07.2019.
2. Please write me an email (ching-yu.kao@aisec.fraunhofer.de) with your strong motivation, I can give you preference.
3. Seminar topics are suggested on the bottom of this page. 
4. Preliminary meeting
Tuesday, July 16, 2019 at 11:00 in the room 01.08.033, if you missed it, here(
) is the updated slide
5. Kick-off meeting: 21.Oct. 2019

Preliminary meeting

Tuesday, July 16, 2019 at 11:00 in the room 01.08.033, if you missed it, here are the slides



Researchers and engineers of information security have successfully deployed systems with machine learning and data mining techniques for detecting suspicious activities, filtering spam, recognizing threats, etc. These systems typically contain a classifier that flags certain instances as malicious based on a set of features.

Unfortunately, there is evidence showing that adversaries have investigated
several approaches to deceive a classifier by disguising a malicious instance as innocent. For example, some spammers may add unrelated words or sentences to a junk mail for avoiding detection of a spam filter. Furthermore, some adversaries may be capable to design training data that will mislead the learning algorithm.

The ongoing war between adversaries and classifiers pressures us to reconsider the vulnerabilities of learning algorithms, forming a research field known as adversarial learning. The goal is to develop highly robust learning algorithms in the adversarial environment.

In this seminar, several hot topics in this line of research will be discussed in detail.The intention was to provide students with an inside of state-of-the-art
machine learning algorithms on security domain, so as to encourage them continuing the exploration of this field. 

After studying the papers, students are required to make a 40 minute presentation about their understanding of the papers, a implemented demo and new findings will be a plus.  

In this seminar, we take max. 8 students, two students will form a team. If you have strong will to participate this seminar, please write me a motivation. 

A final written report (8-10 pages) is needed.   

Seminar Topics
1. Certification of deep learning
2. Explainable AI
3. GAN4. Domain learning
5. Anomaly detection
6. Deep reinforcement learning
7. Life Long Learning (LLL)