Instructor Gang Wang (
TA Hadjer Benkraouda (
Time/Location Tuesday/Thursday 03:30 - 04:45 PM. 1310 Digital Computer Laboratory
Office Hour By Appointment

8/2/2023: [First week of class] Enrolled students will be added/invited to CS 562 Campuswire before the first week of the class. If you registered during/after the first week and did not get the Campuswire invitation, please email the instructor ( for the invitation code.

Class Description

Advanced topics in security and privacy problems in machine learning systems, selected from areas of current research such as: This section will primarily focus on using machine learning for system, networking, and security applications. Example topics include using ML to build novel security defenses (e.g., detecting network intrusions, cybercrime, and disinformation, and performing user authentication and vulnerability analysis), launch novel attacks (e.g., privacy attacks, password guessing, deepfake-based social engineering), and support system optimizations. We will explore new research directions and seek to understand the limitations and potential risks of ML-based approaches. Students will read, present, and discuss research papers, and work on an original research project. The goal of the project is to extend machine learning techniques to new problems and produce publishable results.

Expected Work

Reading: students will be reading and reviewing all the required papers, and participating in paper discussions during the class and over the online discussion board.

Participation: students are required to attend all the lectures. Please inform the instructor via email if you cannot make it to the class due to travel or sickness.

Team Project: 3-4 students will form a team to work on a single research project throughout the semester. The project should aim to solve a real problem in the intersection area of machine learning and security/system. Each team will write a project proposal, perform literature surveys, give a short talk in the midterm, and give a final presentation at the end of the semester. Each team is also expected to write up a final project report.

Paper Presentation: students will present papers during the class to lead the discussion.

All deadlines are 11:59 PM (CT) of the specific date (not including paper reviews).

Class Schedule

Week / Date Papers Deadline
Week 1:
Aug 22
Class overview and background introduction.
Week 1:
Aug 24
Attacking ML: evasion and poisoning Claim paper slot
Week 2:
Aug 29
Attacking ML: backdoor
Week 2:
Aug 31
Attacking ML: problem-space constraints
Week 3:
Sep 5
ML for security: e-crime
Week 3:
Sep 7
ML for security: phishing
Week 4:
Sep 12
ML for security: binary code analysis Project proposal
Week 4:
Sep 14
ML for security: code and authorship
Week 5:
Sep 19
ML for security: network intrusion
Week 5:
Sep 21
ML for security: evaluation and biases
Week 6:
Sep 26
ML for security: concept drift
Week 6:
Sep 28
ML for attack: password guessing
Week 7:
Oct 3
Midterm project presentation
Week 7:
Oct 5
ML explanation Midterm report due
Week 8:
Oct 10
ML explanation (cont.)
Week 8:
Oct 12
ML explanation: limitations
Week 9:
Oct 17
Explanation vs. malware backdoor
Week 9:
Oct 19
ML for security: deepfake
Week 10:
Oct 24
LLM absue
Week 10:
Oct 26
LLM and code
Week 11:
Oct 31
Attacking ML: privacy/copyright
Week 11:
Nov 2
Attacking ML: perceptions Progress update slides
Week 12:
Nov 7
ML and networks: Tor
Week 12:
Nov 9
ML and networks: data generation
Week 13:
Nov 14
ML explanation for networks
Week 13:
Nov 16
Human + ML for security
Week 14:
Nov 21
Fall Break
Week 14:
Nov 23
Fall Break
Week 15:
Nov 28
ML vs. authentication
Week 15:
Nov 30
ML for security: binary code (advanced)
Week 16:
Dec 5
Work on your final project, no class meeting
Week 16:
Dec 7
Reading day, no class meeting
Week 17:
Dec 11-15
Final exam week: project presentation in class + final report due


Class attendance and participation5%
Paper reviews 25%
Paper presentation in class15%
Project: proposal 10%
Project: midterm presentation 10%
Project: final presentation 15%
Project: midterm report + progress update slides 10%
Project: final report 10%

To calculate final grades, I simply sum up the points obtained by each student (the points will sum up to some number x out of 100) and then use the following scale to determine the letter grade: [0-60] F, [60-62] D-, [63-66] D, [67-69] D+, [70-72] C-, [73-76] C, [77-79] C+, [80-82] B-, [83-86] B, [87-89] B+, [90-92] A-, [93-100] A.

Paper Review

We read two papers before each class meeting. Before each class, students are expected to read both papers and submit a short review via Campuswire. The deadline for the review is 2:30 PM (CT) on the day of class.

The review should contain sufficient content (about 200-500 words; it can be longer if needed). The review can focus on the key contributions of the paper, the strengths and weaknesses, or potential issues with the experiment methodologies and results. You can also discuss the practical implications of the paper and suggest new ideas. The review should reflect your own thoughts. All the students will post the reviews under the given paper's Campuswire thread. If you are the first to review the paper, you get to summarize the paper and comment on the key contributions. Other students who come later should avoid repeating the same arguments/comments that the previous reviews have already covered. Each review needs to have some original comments that are different from others.


Late Policy: All the deadlines are hard deadlines. Any late submissions will be subject to point reduction. For paper reviews, and project-related assignments: submitting within 3 days (72 hours) after the deadline = 60% of the points. This policy does not apply to the final project report, for which a late submission is not allowed.

Academic Integrity:

Students must follow the university's guidelines on academic conduct (quick link). This course will have a zero-tolerance policy regarding plagiarism. You (or your team) should complete all the assignments and project tasks on your own. When you use the code or tools developed by other people, please acknowledge the source. If an idea or a concept used in your project has been proposed by others, please make the proper citations. All electronic work submitted for this course will be archived and subjected to automatic plagiarism detection. Whenever in doubt, please seek clarifications from the instructor. Students who violate Academic Integrity policies will be immediately reported to the department and the college.

When presenting research papers in the class, you may NOT use the authors' slides directly. Please make your own slides.

Special Accommodations: If you need special accommodations because of a disability, please contact the instructor in the first week of classes.

Diminished mental health, including significant stress, mood changes, excessive worry, substance/alcohol abuse, or problems with eating and/or sleeping can interfere with optimal academic performance, social development, and emotional wellbeing. The University of Illinois offers a variety of confidential services including individual and group counseling, crisis intervention, psychiatric services, and specialized screenings at no additional cost. If you or someone you know experiences any of the above mental health concerns, it is strongly encouraged to contact or visit any of the University’s resources provided below. Getting help is a smart and courageous thing to do -- for yourself and for those who care about you.
Counseling Center: 217-333-3704, 610 East John Street Champaign, IL 61820
McKinley Health Center:217-333-2700, 1109 South Lincoln Avenue, Urbana, Illinois 61801