Lecture 5 - Differential Privacy for Adversarial Robustness


In this lecture we take a look at possible countermeasures against adversarial examples in deep learning models. In particular, we focus on the area of certified robustness, which gives theoretical guarantees of resistance, under specific hypotheses. We consider differential privacy, a technique of cryptographic inspiration originally conceived for database anonymization, and see how to apply it to get a certifiably robust deep neural network.

Topics covered:

  • Types of defense against adversarial examples
  • Certified robustness approach
  • Database anonymization: k-anonymity
  • Differential privacy in database anonymization
  • Differential privacy as a defense against adversarial examples

Reading Material

Survey on differential privacy:

Paper on certified robustness based on differential privacy:

Lecture Recording