| Semester | Winter 2024 |
| Course type | Lecture complemented with Exercises (VÜ) |
| Lecturer | TT.-Prof. Dr. Wressnegger |
| Audience | Informatik Master & Bachelor |
| Credits | 6 ECTS |
| Time | Mon, 11:30–13:00 (Lecture); Thu, 17:30–19:00 (Exercises) |
| Room | -101 (50.34) |
| Language | English |
| Link | TBA |
| Registration | TBA |
The lecture is about combining the fields of artificial intelligence, machine learning and computer security in practice. Many tasks in the computer security landscape are based on manual labor, such as searching for vulnerabilities or analyzing malware. Here, machine learning can be used to establish a higher degree of automation, providing more "intelligent" security solutions (AI for Security). However, also these learning-based systems can be attacked and need to be secured (Security of AI). As an example, viciously crafted inputs can be exploited by an adversary to cause devastating damage in the application area. It thus is of utmost importance to investigate, research, and know about the security properties of AI methods.
The module introduces students to theoretic and practical aspects of AI in computer security as well as security of AI. We cover basics on features and feature engineering in the security domain, discuss fundamental learning settings in security and point out "Dos and Don’ts" of using AI/ML in computer security. Moreover, we put particular focus on "Explainable AI" (XAI) and it’s use in computer security, before we introduce attacks and defense against learning-based systems as discussed in the first half of the course. We cover input-manipulation attacks (e.g., adversarial examples), model-manipulation attacks (e.g., backdooring attacks), privacy attacks (e.g., model stealing and membership inference) and attacks against XAI.
We do a regular lecture with course contents presented in-person. Additionally, we offer exercise units, where we discuss solutions to the exercises tasked that week. Participation in the exercises is optional but strongly advised.
| Date | Topic | Slides |
| Mon, 21. Oct | Introduction | |
| Bonus Material | Machine Learning 101 | |
| Thu, 24. Oct | Python 101 | |
| Mon, 28. Oct (+ Thu, 31. Oct) | From Security Data to Features | |
| Mon, 04. Nov (+ Thu, 07. Nov) | Anomaly Detection for Intrusion Detection | |
| Mon, 11. Nov (+ Thu, 14. Nov) | Malware Classification | |
| Mon, 18. Nov (+ Thu, 21. Nov) | Evaluating learning-based Systems | |
| Mon, 25. Nov (+ Thu, 28. Nov) | Explainable AI for Computer Security | |
| Mon, 02. Dez (+ Thu, 05. Dez) | Adversarial Machine Learning | |
| Bonus Material | Primer on Neural Networks | |
| Mon, 09. Dez (+ Thu, 12. Dez) | Adversarial Examples | |
| Mon, 16. Dez (+ Thu, 19. Dez) | Adversarial Training | |
| Mon, 23. Dez | No lecture | |
| Thu, 9. Jan | No exercise | |
| Mon, 13. Jan (+ Thu, 16. Jan) | Neural Backdoors | |
| Mon, 20. Jan (+ Thu, 23. Jan) | Model Stealing | |
| Mon, 27. Jan (+ Thu, 30. Feb) | Membership Inference | |
| Mon, 03. Feb (+ Thu, 06. Feb) | Security of Explainable AI | |
| Mon, 10. Feb | Summary and Outlook | |
| approx. Mon, 24. Feb | Written Exam |
News about the lecture, potential updates to the schedule, and additional material are distributed using the course's matrix room. Moreover, matrix enables students to discuss topics and solution approaches.
You find the link to the matrix room on ILIAS.