Home Blog Learn

All Courses

Advanced Adversarial Machine Learning

Chapter 1: Foundations of Adversarial ML Security

Review of Machine Learning Security Vulnerabilities

Threat Models in Machine Learning

Attack Surfaces: Training vs. Inference

Mathematical Formulation of Adversarial Examples

Taxonomy of Adversarial Attacks

Overview of Defense Strategies

Chapter 2: Advanced Evasion Attacks

Gradient-Based Attacks: FGSM, BIM, PGD Analysis

Optimization-Based Attacks: Carlini & Wagner Methods

Score-Based Attack Techniques

Decision-Based Attack Techniques

Transferability of Adversarial Examples

Attacking Ensemble Models

Implementing Evasion Attacks: Hands-on Practical

Chapter 3: Data Poisoning and Backdoor Attacks

Poisoning Attack Strategies: Availability vs Integrity

Targeted Data Poisoning Techniques

Backdoor Attack Mechanisms and Trigger Design

Clean-Label Poisoning Attacks

Analyzing Poisoning Impact on Model Training

Crafting Data Poisoning Attacks: Hands-on Practical

Chapter 4: Model Inference and Privacy Attacks

Membership Inference Attacks: Theory and Methods

Attribute Inference Techniques

Model Inversion and Reconstruction Attacks

Model Stealing: Functionality Extraction Methods

Relationship to Differential Privacy

Implementing Membership Inference: Hands-on Practical

Chapter 5: Robust Defense Mechanisms

Adversarial Training: Principles and Variations

Certified Defenses: Randomized Smoothing

Input Transformation Defenses

Gradient Masking and Obfuscation Issues

Defending Against Poisoning and Backdoors

Implementing Adversarial Training: Hands-on Practical

Chapter 6: Evaluating Model Robustness

Metrics for Adversarial Robustness

Benchmarking Tools and Frameworks

Adaptive Attacks: Evaluating Defenses Properly

Security Evaluations under Different Threat Models

Interpreting Robustness Evaluation Results

Setting up Robustness Benchmarks: Hands-on Practical

Chapter 7: Adversarial Examples in Specific Domains

Adversarial Attacks on Computer Vision Models

Generating Adversarial Text for NLP Models

Attacks on Reinforcement Learning Agents

Physical Adversarial Attacks

Domain-Specific Attack Considerations

Generating Adversarial Text: Practice

Model Inference and Privacy Attacks

Having examined attacks that manipulate model inputs (evasion) or the training process (poisoning), we now turn to methods that extract information from or about a trained model. This chapter addresses attacks targeting the confidentiality of the model itself and the data used to train it, often requiring only standard query access.

You will study several inference techniques:

Membership Inference: Determining whether a specific data sample $x$ was included in the training dataset $D_{train}$ .
Attribute Inference: Inferring sensitive features or attributes of training data records based on model outputs or behavior.
Model Inversion: Reconstructing average or representative examples of the data used for training specific classes.
Model Stealing (Functionality Extraction): Creating a surrogate model that mimics the behavior of a target black-box model by observing its input-output pairs $(x, f(x))$ .

These attacks directly relate to data privacy. Understanding them is necessary for evaluating the potential information leakage from deployed models. We will also consider how these attacks connect to formal privacy concepts like Differential Privacy. By the end of this chapter, you will grasp the principles behind these inference methods and their security implications.

Sections

4.1 Membership Inference Attacks: Theory and Methods
4.2 Attribute Inference Techniques
4.3 Model Inversion and Reconstruction Attacks
4.4 Model Stealing: Functionality Extraction Methods
4.5 Relationship to Differential Privacy
4.6 Implementing Membership Inference: Hands-on Practical

© 2025 ApX Machine Learning

;