DS603: Robust Machine Learning
Elective, IIT Bombay, C-MInDS, 2025
Course Title: Robust Machine Learning
Instructor: Arjun Bhagoji
TA: Mohamad Hassan N C (mohamad.hassan@iitb.ac.in)
Time: Wednesday, Friday 9.30-11.00am
Room: LT103
Office Hours: 5-6pm on Wednesdays, CC120
Course Description
Progress in machine learning is often measured under controlled, well understood conditions. However, safety-critical workflows in realistic settings require ML systems to be reliable even when faced with new and unexpected conditions. Sufficiently adverse conditions may violate the statistical assumptions underlying common ML models, causing undesirable behavior. This undesirable behavior manifest along the following three dimensions:
- Robustness: Lack of robustness to unseen and adversarial inputs
- Privacy: Leakage of private data or model parameters, and
- Fairness: Uneven performance across subpopulations.
This course will equip students to, on the theoretical front, rigorously reason about conditions under which unreliable behavior occurs, and on the practical side, use these insights to build reliable ML systems. While the course will cover all three aspects, the focus will largely be on robustness, with lighter treatment of the other two aspects.
Intended Audience: The intended audience for this class is graduate students working in machine learning and data science, who are interested in doing research in this area. However, interested undergraduates (3rd year and higher) are welcome to attend as well.
Pre-requisites: Mathematical maturity will be assumed as will the basics of algorithms, probability, linear algebra, and optimization. An introductory course in machine learning should have been taken. For the project component, familiarity with scientific programming in Python and the use of libraries such as Numpy and Pytorch will be beneficial.
Course Schedule
| Week | Date (Day) | Topic | References | Notes | Comments |
|---|---|---|---|---|---|
| 1 | 30/07 (Wed) | Course Outline, Supervised Learning Recap | Podcast on Note-taking, Section 3 of Percy Liang’s Lecture Notes on SLT, Selected Material from Chapters 2,3,4,5,12 of Understanding Machine Learning, 3.1 from Convex Optimization: Algorithms and Complexity | ||
| 1 | 01/08 (Fri) | Unsupervised learning for anomaly detection | A unifying review of deep and shallow anomaly detection, Chapter 8 of Learning with Kernels | Start of Module 1 on Robustness | |
| 2 | 06/08 (Wed) | Modern approaches to out-of-distribution detection | A Unified Survey on Anomaly, Novelty, Open-Set, and Out-of-Distribution Detection: Solutions and Future Challenges | ||
| 2 | 08/08 (Fri) | Formalizing distributionally robust optimization and robust statistics | Distributionally Robust Optimization and Robust Statistics | ||
| 3 | 13/08 (Wed) | Robust mean estimation | Project Milestone 0: Project groups due | ||
| 3 | 15/08 (Fri) | Independence Day | |||
| 4 | 20/08 (Wed) | Learning with label noise | |||
| 4 | 22/08 (Fri) | Poisoning attacks | |||
| 5 | 27/08 (Wed) | Defenses against poisoning attacks | Ganesh Chaturthi (Makeup TBD) | ||
| 5 | 29/08 (Fri) | Adversarial examples | |||
| 6 | 03/09 (Wed) | Jailbreaking or adversarial examples by any other name | Quiz (Tentative) | ||
| 6 | 05/09 (Fri) | (Empirical) Defenses against adversarial examples | id-E-Milad (Makeup TBD) | ||
| 7 | 10/09 (Wed) | Learning with adversarial examples: Optimal robust loss | |||
| 7 | 12/09 (Fri) | Learning with adversarial examples: Generalization bounds | Project Milestone 1: Idea pitch to instructor | ||
| 8 | 17/09 (Wed) | Mid-Semester Week | |||
| 8 | 19/09 (Fri) | Mid-Semester Week | |||
| 9 | 24/09 (Wed) | Verified robust training: Exact certification | |||
| 9 | 26/09 (Fri) | Verified robust training: Convex relaxations | End of Module 1 on Robustness | ||
| 10 | 01/10 (Wed) | Privacy attacks on ML Models | Start of Module 2 on Privacy | ||
| 10 | 03/10 (Fri) | Differential privacy | |||
| 11 | 08/10 (Wed) | Private training of ML models | |||
| 11 | 10/10 (Fri) | Decentralized learning [Guest Lecture: Prof. Pranay Sharma (C-MInDS, IITB)] | Project Milestone 2: Progress update | ||
| 12 | 15/10 (Wed) | Secure multiparty computation | |||
| 12 | 17/10 (Fri) | Privacy-robustness tradeoffs: Attacks on decentralized learning | End of Module 2 on Privacy | ||
| 13 | 22/10 (Wed) | Bias in ML Models | Start of Module 3 on Fairness and Explainability | ||
| 13 | 24/10 (Fri) | Fairness Definitions | |||
| 14 | 29/10 (Wed) | Fair training of ML models | |||
| 14 | 31/10 (Fri) | Interpretability techniques: classical and modern | |||
| 15 | 05/11 (Wed) | Challenges with interpretability | End of Module 3 on Fairness and Explainability, Guru Nanak’s Birthday (Makeup TBD) | ||
| 15 | 07/11 (Fri) | Towards responsible AI models |
Resources
Supplementary Books
- Understanding Machine Learning: From Theory to Algorithms
- All of Statistics
- Mathematics for Machine Learning
- Convex Optimization: Algorithms and Complexity
Similar Courses
Formats
Other references mentioned in class
- Lecture 1: Feldman 2012, Agnostic Learning of Halfspaces is Hard, Bartlett et al., Convexity, Classification, and Risk Bounds
Grading (Tentative)
Best 2 out of 3 exams: 40%
Final project: 40% (Project presentations will be held at mutually convenient times between 10/11/2025 and 26/11/2025)
Scribing: 10% (Scribes are due in one week after the lecture, sign up here)
Class participation: 10%
Attendance Policy
4 unexplained absences are allowed. Any absences beyond that require instructor permission.
Accommodations
Students with disabilities and health issues should approach the instructor at any point during the semester to discuss accommodations. The course aim is to learn together and legitimate bottlenecks will be resolved collaboratively.