A hands-on practicum for adversarial machine learning, privacy attacks, and secure AI systems.
- Instructor: Prof. Lendák Imre
- Teaching Assistant: Ahmed F. Lagha
This course provides a comprehensive, hands-on introduction to the security and privacy of machine learning systems. Students will learn to attack, defend, and audit AI models through 15 practical labs organized into 9 thematic modules.
| Module | Lab | Topic | Link |
|---|---|---|---|
| 1. Foundations | 1 | DNN Training & Robust Model Baselines | Notebook |
| 2. Input Manipulation | 2 | Evasion Attacks (FGSM, PGD) | Notebook |
| 3. Data Poisoning | 3a | Label Flipping Attacks | Notebook |
| 3b | Backdoor & Trigger Injection | Notebook | |
| 4. Model Poisoning | 4a | Model Trojans & Supply Chain Attacks | Notebook |
| 4b | Trojan Detection & Certified Defenses | Notebook | |
| 5. Availability | 5a | Sponge Attacks & Resource Exhaustion | Notebook |
| 5b | Sponge Attack Defenses | Notebook | |
| 6. Confidentiality | 6a | Membership Inference Attacks | Notebook |
| 6b | Model Inversion & Feature Reconstruction | Notebook | |
| 7. Synthetic Data | 7 | Tabular Synthetic Data (VAE, GAN) | Notebook |
| 8. Defenses | 8a | Differential Privacy & DP-SGD | Notebook |
| 8b | Federated Learning & Adversarial Training | Notebook | |
| 9. Capstone | 9 | End-to-End Secure ML Pipeline | Notebook |
By the end of this course, students will be able to:
| # | Skill | Description |
|---|---|---|
| 1 | Understand | Fundamental concepts of machine-learning security and privacy |
| 2 | Implement | State-of-the-art attacks (Evasion, Poisoning, Inversion) in PyTorch |
| 3 | Evaluate | Model robustness using quantitative metrics and certified bounds |
| 4 | Design | Multi-layered defense strategies (DP, FL, Robust Training) for production |
| 5 | Generate | Privacy-preserving synthetic data for sensitive domains (healthcare, finance) |
This course is built upon foundational materials from:
- unica-mlsec/mlsec — Prof. Battista Biggio (University of Cagliari)
- Practical Data Privacy — Katharine Jarmul (O'Reilly, 2023)
- Adversarial Machine Learning — Goodfellow, Biggio et al. (Cambridge University Press)
This project is licensed under the MIT License — see the LICENSE file for details.
© 2026 ELTE Department of Data Science and Engineering