Deep learning, represented by large language models, is revolutionizing human lives. However, trustworthiness threats in deep learning widely exist, posing great challenges to AI safety, security, and reliability. This course introduces state-of-the-art frontiers on deep learning research for a wide range of trustworthiness issues, including threat discovery, mitigation, and certification methods through seminar-style presentations and hands-on projects.

This is a seminar-style course for trustworthy deep learning. The first half of the course is an overview of deep learning and preliminaries for trustworthy AI methods, including training of neural networks, common neural network architectures, large language models, the definition of AI attacks, defences, and certification and verification in the context of AI. The second half of the course visits representative and recent research papers in the field through student presentations, covering topics like evasion attacks and defences, robustness certification, differential privacy, membership inference attacks, watermarks, detection of AI-generated contents, machine unlearning, prompt injection attacks, model stealing, and finetuning attacks.

Prerequisites #

There is no formal pre-requisite. Background in algorithms, calculus, linear algebra (e.g., MATH 151, MATH 152, MATH 232, CMPT 225), CMPT 410/726 Machine Learning strongly recommended. It is also recommended to have a background in CMPT 412/762 Computer Vision and CMPT 713 NLP.

Textbook and Reading Materials #

There is no primary reference material. We will read an assortment of research papers during lectures.

• Deep Learning Book
  • By Ian Goodfellow, Yoshua Bengio, and Aaron Courville
  • Recommended for students to gain background in deep learning before taking the course.
• Online course Intro to ML Safety
  • By Dan Hendrycks at the Center for AI Safety
  • Optional, advanced reading for interested students
  • A well-developed course recommended for those who want to learn general machine learning safety from a systematic and interdisciplinary perspective.

Grading #

10% Homework 0 (raw score) + 40% course project (1.1 × raw score with no cap) + 30% paper presentation + 20% notes of peer evaluation and summary

Schedule and Syllabus #

Syllabus

Slides will be updated as the term progresses. All slides are available in this OneDrive folder. The slides are password encrypted - password posted on Canvas.

Extended Topics #

Trustworthy deep learning is a broad area. Some important topics are not covered in lectures and presentations due to the limited time frame. Some of them are listed below.

• LLM Hallucination
• Risks of LLM agents
• Reward hacking and goal misspecification in RL and RLHF
• Social-economic Impact with Generative AI
• …

Assignments and Project #

• Homework 0
  • Deadline: 23:59, Jan 18, 2025
  • Score released (Jan 28, 2025)
• Presentation:
  • Signing-up spreadsheet
  • Signing-up deadline: Feb 8, 2025
  • Presentation date: see the signed slot
• Course Project:
  • Deadline: Apr 5, 2025
• Note Submission:
  • Submission links dynamically released on Canvas
  • Only for student presentation dates
  • Due 7 days after each presentation date
  • Submit on Canvas
  • Up to 3 exemptions

Information Platform #

• Course website (here)
• Canvas
• Piazza
• Syllabus

Ethics Statement #

This course will include topics related computer security and privacy. As part of this investigation we may cover technologies whose abuse could infringe on the rights of others. As computer scientists, we rely on the ethical use of these technologies. Unethical use includes circumvention of an existing security or privacy mechanisms for any purpose, or the dissemination, promotion, or exploitation of vulnerabilities of these services. Any activity outside the letter or spirit of these guidelines will be reported to the proper authorities and may result in dismissal from the class and possibly more severe academic and legal sanctions.

Academic Integrity Policy #

• Some examples of unacceptable behaviour in homeworks and course projects:
  • Handing in assignments that are not 100% your own work (in design, implementation, wording, etc.), without proper citation. There must be a README file in your submission with citations to any external code used.
  • Sharing code fragments with others in class (for group project, with others who are not in the same group) is not allowed.
  • Keep discussions to high level information rather than specific code hints.
  • Copying and then obfuscating code is a serious academic honesty violation.
  • Submitting work that has been submitted before, for any course at any institution.
• If you are unclear on what academic honesty is, see Simon Fraser University’s Policy S10-01.
• All instances of academic dishonesty will be dealt with very severely.
• In general, minimum requested penalties will be as follows:
  • For assignments and course projcets: a mark of -50% on the assignment. So, academic dishonesty on an assignment worth 10% of your final mark will result in a zero on the assignment, and a penalty of 5% from your final grade.
• Please note that these are minimum penalties. At the instructor’s option, more severe penalties may be given/requested. All instances of academic dishonesty will be noted on your University record.
• The instructor may use an automated service that will check for plagiarism.

Acknowledgement #

The course is developed from CS562 and CS598GS at UIUC. Part of the content is adapted from Intro to ML Safety. Some course policies are developed from CMPT 413 Natural Language Processing.