Home Blog Learn

All Courses

Advanced Adversarial Machine Learning

Chapter 1: Foundations of Adversarial ML Security

Review of Machine Learning Security Vulnerabilities

Threat Models in Machine Learning

Attack Surfaces: Training vs. Inference

Mathematical Formulation of Adversarial Examples

Taxonomy of Adversarial Attacks

Overview of Defense Strategies

Chapter 2: Advanced Evasion Attacks

Gradient-Based Attacks: FGSM, BIM, PGD Analysis

Optimization-Based Attacks: Carlini & Wagner Methods

Score-Based Attack Techniques

Decision-Based Attack Techniques

Transferability of Adversarial Examples

Attacking Ensemble Models

Implementing Evasion Attacks: Hands-on Practical

Chapter 3: Data Poisoning and Backdoor Attacks

Poisoning Attack Strategies: Availability vs Integrity

Targeted Data Poisoning Techniques

Backdoor Attack Mechanisms and Trigger Design

Clean-Label Poisoning Attacks

Analyzing Poisoning Impact on Model Training

Crafting Data Poisoning Attacks: Hands-on Practical

Chapter 4: Model Inference and Privacy Attacks

Membership Inference Attacks: Theory and Methods

Attribute Inference Techniques

Model Inversion and Reconstruction Attacks

Model Stealing: Functionality Extraction Methods

Relationship to Differential Privacy

Implementing Membership Inference: Hands-on Practical

Chapter 5: Robust Defense Mechanisms

Adversarial Training: Principles and Variations

Certified Defenses: Randomized Smoothing

Input Transformation Defenses

Gradient Masking and Obfuscation Issues

Defending Against Poisoning and Backdoors

Implementing Adversarial Training: Hands-on Practical

Chapter 6: Evaluating Model Robustness

Metrics for Adversarial Robustness

Benchmarking Tools and Frameworks

Adaptive Attacks: Evaluating Defenses Properly

Security Evaluations under Different Threat Models

Interpreting Robustness Evaluation Results

Setting up Robustness Benchmarks: Hands-on Practical

Chapter 7: Adversarial Examples in Specific Domains

Adversarial Attacks on Computer Vision Models

Generating Adversarial Text for NLP Models

Attacks on Reinforcement Learning Agents

Physical Adversarial Attacks

Domain-Specific Attack Considerations

Generating Adversarial Text: Practice

Robust Defense Mechanisms

Having detailed how attackers exploit vulnerabilities in machine learning systems through methods like evasion, poisoning, and inference attacks, we now shift focus to constructing models capable of withstanding such manipulations. This chapter introduces practical techniques for enhancing model security.

You will study adversarial training, a prominent method that incorporates adversarial examples, such as those generated via Projected Gradient Descent (PGD), directly into the training process. This is often formulated as a minimax optimization problem like $\min_{\theta} \mathbb{E}_{(x,y) \sim \mathcal{D}} \left[ \max_{\delta \in S} L(\theta, x+\delta, y) \right]$ . We will examine certified defenses, such as randomized smoothing, which provide mathematical guarantees on model resilience within a defined perturbation radius $r$ . Additionally, you'll analyze input transformation techniques, understand the issue of obfuscated gradients which can give a false sense of security, and explore strategies specifically designed to counter data poisoning and backdoor threats. Hands-on sections will guide you through implementing key defense mechanisms like adversarial training.

Sections

5.1 Adversarial Training: Principles and Variations
5.2 Certified Defenses: Randomized Smoothing
5.3 Input Transformation Defenses
5.4 Gradient Masking and Obfuscation Issues
5.5 Defending Against Poisoning and Backdoors
5.6 Implementing Adversarial Training: Hands-on Practical

© 2025 ApX Machine Learning

;