CIS 482/582: Trustworthy Artificial Intelligence

University of Michigan, Dearborn

Course Information:

Current Offering Term: Winter 2024, University of Michigan, Dearborn
Instructor: Prof. Birhanu Eshete: birhanu@umich.edu; Office: CIS 229
Teaching Assistant(s): Abe Amich: aamich@umich.edu
Time: Mondays 6pm - 8:45pm
Venue: HPEC 1181
Office hours: Monday: 3pm - 4:30pm or by (virtual/in-person) appointment
Canvas: If you are a UMICH-Dearborn student enrolled in this course, access specifics here with umich.edu credentials

Course Description: This course introduces students to the broad and emerging notion of trustworthy artificial intelligence (AI). Beginning with a hands-on introduction to the basics of Deep Neural Networks (DNNs) and modeling, it will cover three broad areas of trustworthiness in AI. In the first area of robustness, the course will introduce students to the AI threat landscape focusing on training data poisoning, model evasion, privacy-sensitive data inference, model stealing/extraction, and threats to safe deployment of AI. In the second area of transparency, students will be introduced to frameworks used to interpret/explain AI model’s decisions. In the third area of accountability, students will learn methods and tools for reducing bias and ethical pitfalls when AI models are deployed in high-stakes application domains. The course concludes with a broader take on AI trustworthiness by studying the dynamics among the three broad AI trustworthiness desirables. The course will be taught in a predominantly project-based setting to allow students gain hands-on experience beyond conceptual understanding.

On Prerequisites: While prior knowledge of machine learning is not required, it will be a plus. To level the ground for everyone, the course will kick-off with a ML crash course just enough to understand subsequent material. Students are expected to have proficiency in at least one programming language (e.g., Python, C/C++, Java). Knowledge of data structures such as trees and graphs would be a plus.

Reference Materials: This course doesn’t have a dedicated textbook. However, we will use the following three books as our main references. In addition to these books, the course will heavily rely on influential papers for each topic discussed.

Trustworthy Machine Learning by Kush R. Varshney, Independently Published, 2022: here
Adversarial Machine Learning by Joseph, Nelson, Rubinstein, and Tygar: here
Fairness in Machine Learning: Limitations and Opportunities by Solon Barocas, Moritz Hardt, Arvind Narayanan: here

On Scope: While this course is about AI/ML, it does not cover formalisms or technical details of ML or Deep Neural Networks. Deep learning fundamentals just enough to grasp subsequent topics are introduced at the beginning of the course. This course is intentionally broad so as to reason about ML trustworthiness beyond ML in the presence of adversaries. It is organized in a manner that expands the focus beyond ML security and privacy to safety, transparency, fairness, and ethical implications of AI/ML deployed in high-stakes application domains. Given the natural focus on breadth instead of depth, emphasis is more on representative trustworthiness risks/pitfalls and remedies/best practices, and the dynamics thereof. The AI/ML trustworthiness field is work-in-progress as it pertains to: techniques, tools, and regulatory provisions. In light of this ongoing evolution, I plan to update the material to keep up with collective progress made by academia, industry, government, and public interest technology/policy initiatives.

Schedule and Materials

Take the below schedule as tentative, depending on progress it will be updated as the semester advances.

Week	Topic	Slides/Demos	Resources/Suggested Reading
1	Motivation and Intro	Slides Video	Birhanu Eshete, Making Machine Learning Trustworthy Kush R. Varshney, Trustworthy Machine Learning and Artificial Intelligence
2	A Crash Course on Deep Neural Networks	Slides Video Demo	François Fleuret. The Little Book of Deep Learning
	Machine Learning Attack Surface	No separate lecture for this: it is covered within adversarial examples, training data poisoning, membership inference, and model stealing	Papernot et al., SoK: Security and Privacy in Machine Learning Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations
3	Adversarial Examples	Slides Video Demo	Szegedy et al., Intriguing properties of neural networks Papernot et al., Practical Black-Box Attacks against Machine Learning Eykholt et al., Robust Physical-World Attacks on Deep Learning Visual Classification Goodfellow et al., Explaining and Harnessing Adversarial Examples Amich and Eshete, Morphence: Moving Target Defense Against Adversarial Examples
4	Training Data Poisoning	Slides Video Demo	Gu et al., BadNets: Identifying Vulnerabilities in the Machine Learning Model Supply Chain Chen et al., Targeted Backdoor Attacks on Deep Learning Systems Using Data Poisoning Shan et al., Poison Forensics: Traceback of Data Poisoning Attacks in Neural Networks
5	Membership Inference	Slides Video Demo	Shokri et al., Membership Inference Attacks against Machine Learning Models Papernot et al., Semi-supervised Knowledge Transfer for Deep Learning from Private Training Data Abadi et al., Deep Learning with Differential Privacy Jarin and Eshete, MIAShield: Defending Membership Inference Attacks via Preemptive Exclusion of Members
6	Model Extraction	Slides Video	Tramer et al., Stealing Machine Learning Models via Prediction APIs Ali and Eshete,Best-Effort Adversarial Approximation of Black-Box Malware Classifier Jia et al., Entangled Watermarks as a Defense against Model Extraction
7	Transparency and Interpretability	Slides Video Demo	Rudin Cynthia. Stop Explaining Black Box Machine Learning Models for High Stakes Decisions and Use Interpretable Models Instead Ribeiro et al., “Why Should I Trust You?” Explaining the Predictions of Any Classifier Scott Lundberg, Su-In Lee. A Unified Approach to Interpreting Model Predictions
8	Fairness	Slides Video Demo	Dwork et al., Fairness Through Awareness Zemel et al., Learning Fair Representations Hardt et al., Equality of Opportunity in Supervised Learning Buolamwini and Gebru, Gender Shades: Intersectional Accuracy Disparities in Commercial Gender Classification
9	Ethics and Governance	Slides Video	NIST: AI Risk Management Framework (AI RMF 1.0) Weidinger et. al., Taxonomy of Risks posed by Language Models
10	Holistic Trustworthiness Considerations and Open Issues	Slides

Similar Courses: Below are similar courses on the topic of trustworty AI/ML. Depending on who teaches a course and the institution, depth and breadth of topics may vary.