Overview
Creating robust, fair and trustworthy machine learning models is a fundamental challenge to solving the artificial intelligence problem, one of fundamental and increasing importance in our society. This course covers some of the latest and most exciting research advances that bring us closer to constructing such models. Upon completion of the course, the students should have mastered the underlying methods, be able to apply them to a variety of problems, and be able to conduct research in the space. To facilitate deeper understanding, an important part of the course will be a group hands-on programming project where students will build a system based on the learned material.
The course covers some of the latest research (over the last 3 years) underlying the creation of robust, fair and trustworthy AI:
- Adversarial Attacks on Deep Learning (noise-based, geometry attacks, sound attacks, physical attacks, autonomous driving, out-of-distribution)
- Defenses against attacks
- Combining gradient-based optimization with logic for encoding background knowledge
- Complete Certification of deep neural networks via automated reasoning (e.g., via numerical abstractions, mixed-integer solvers)
- Probabilistic certification of deep neural networks
- Training deep neural networks to be provably robust
- Creating provably fair and unbiased deep models
Lectures
Use your NETHZ account to access the files.
| Date | Content | Recording | Slides | Exercises | Solutions |
|---|---|---|---|---|---|
| Sept 22 | Introduction |  |
 |
|
- |
| Sept 29 | Attacks and Defenses | |
|
|
updated Nov 8
|
| Oct 6 | Certification of Neural Networks | * |
|
|
|
| Oct 13 | Certification with Complete Methods | * |
|
|
|
| Oct 20 | The Zonotope convex relaxation | * |
|
|
|
| Oct 27 | DeepPoly relaxation + abstract interpretation | * |
|
|
|
| Nov 03 | Guest Lecture (Dr. Pavol Bielik) and Project Introduction | |
|
(Project Q&A) | - |
| Nov 10 | Certified Defenses | * |
|
|
|
| Nov 17 | Combining Logic and Deep Learning | * |
|
|
|
| Nov 24 | Randomized Smoothing for Robustness | * |
|
|
|
| Dec 1 | Geometric Robustness | * |
|
|
|
| Dec 8 | Individual and Group Fairness |
|
|
|
|
| Dec 15 | Federated Learning: Attacks and Defenses |
|
|
|
|
| Dec 22 | Wrap up |
|
All lectures (except for the introduction lecture) from this year are collected in a Youtube playlist (2021). All lecture recordings from the previous year are in another Youtube playlist (2020). Note that some topics changed since 2020.
* This recording is reused from 2020, as its content remains the same. Note that the title and the first slide of the recording are outdated, but everything else is correct.
Course project
Details on the course project will be added here.
Project introduction
The project was presented on November 3, in a live zoom session. Recording of the presentation is here, and password can be found in a post on Moodle. The project description is uploaded here. Code, networks and example test cases are available here.Previous Exams
Previous exams (formerly, this course was named "Reliable and Interpretable Artificial Intelligence") are available in the exam collection of the student association (VIS).
Course Organization
Lectures
- All lectures except for the first will be pre-recorded and uploaded to a YouTube playlist (the private link can be obtained here), typically by Tuesday evening. We recommend to watch the lectures during normal lecture hours (Wednesday 14-16).
- The first lecture (September 22) will take place live via Zoom (Zoom link to join the lecture, you must be logged in with a *.ethz.ch account which you can create here). This lecture will also be recorded (the private link can be obtained here).
- Every Wednesday at 3.40pm, there will be a virtual Q&A with Prof. Martin Vechev, on the topics of that week's lecture (Zoom link to join the Q&A, you must be logged in with a *.ethz.ch account which you can create here). This Q&A will not be recorded.
- For additional questions, we have prepared a Moodle forum.
Exercises
- All exercise sessions will be virtual (Zoom link to join the exercise session, you must be logged in with a *.ethz.ch account which you can create here). Attending the exercise sessions is optional.
- The first exercise sessions (September 27 and September 29) will be a general introduction to some prerequisites for the course, and will not involve an exercise sheet. The covered material should be familiar to most students, and the slides discussed in the session will be available online.
- Every week, we will publish an exercise sheet and its solutions here, by Thursday evening.
- We strongly recommend to solve the exercises before next week's exercise session, and before looking at the solutions. The style of the exam will be similar to the exercises, so first-hand experience solving exercises is critical.
- The exercise sessions will be in a Q&A format, where you can ask questions about the exercise sheet (and its solutions) from the previous week.
- We will not cover additional material in the exercise sessions. Therefore, we will also not record the exercise sessions (we believe this will encourage students to ask more questions).
- For additional questions, we have prepared a Moodle forum.
- In case there are not enough questions for the full exercise session, we will stop it early.
- There is no need to attend both exercise sessions, as their contents will equivalent.
Communication
All communication (like special announcements) will be sent out by e-mail.
Literature
For students who would like to brush up on the basics of machine learning used in this course, we recommend
- Section 3 (Background) of the publication An Abstract Domain for Certifying Neural Networks by Gagandeep Singh, Timon Gehr, Markus Püschel, and Martin Vechev
- Neural Networks and Deep Learning by Michael Nielsen
- Deep Learning book by Ian Goodfellow, Yoshua Bengio, and Aaron Courville