NDAK26002U Robustness in Machine Learning (RoMaL)

Volume 2026/2027
Education

MSc Programme in Computer Science

MSc Programme in Statistics

Content

Machine learning algorithms are designed to be used in the real world, where data is often noisy and malicious users may attempt to exploit the machine learning models for their own gain. With that in mind, it is important to design machine learning algorithms that are robust to such noise and malicious agents without sacrificing their performance.

 

The study of Robustness in Machine Learning involves understanding the various threat models that noisy data or malicious users pose to learning algorithms and designing algorithms that are robust to such threats. The course will have two main sections, on train time robustness and test time robustness. The rest of the course will involve specialised modules on advanced topics in robustness in ML, depending on the choice of the instructors and guest lecturers.

 

The course will cover the following main topics

  • Train time robustness: Data collected from the real world is often noisy. In this section, we will study the analysis and design of learning algorithms as well as basic statistical estimation procedures when the data is noisy. In particular, we will explore a subset of the following topics

    • Types of noise models (in central as well as distributed learning)

    • Learning theoretic models with noisy data (e.g. PAC learning with (different types of) label noise, SQ learning)

    • Statistical estimation with noisy data (e.g. Robust mean estimation and Robust linear regression)

    • Distributed learning with noisy and faulty clients

  • Test time robustness: When deployed in the real world, machine learning models can be vulnerable to perturbations in the test data. In this section, we will study various such threat models, the dangers they pose, and how to protect against them. In particular, we will explore a subset of the following topics

    • Adversarial Robustness

    • Robustness to Distribution Shift

    • Designing Certifiably robust learning and prediction algorithms.

 

We will also study a few advanced topics in Robustness in ML which will depend on the choice of the instructor and possible guest lecturers. These topics will be mentioned on the absalon page of the course.

 

WARNING: If you have not taken DIKU's Machine Learning A course, please, carefully check the "Recommended Academic Qualifications" box below. Machine Learning courses given at other places do not necessarily prepare you well for this course, because DIKU's machine learning courses have a stronger theoretical component than average machine learning courses offered elsewhere. It is not advised to take the course if you do not meet the academic qualifications.

 

Learning Outcome

Knowledge of

  • Types of noise models in learning theory and distributed learning

  • Algorithms for robust estimation in high dimensions

  • Basic tools for analysing robust learning algorithms

  • Algorithms for test time attacks and defences in machine learning models

 

Skills in

  • Reading and understanding recent scientific literature in the field of robust machine learning

  • Anticipating threats presented by adversaries who can perturb the data presented to machine learning models

  • Designing and analysing algorithms that are robust to such threats

 

Competences to

  • Understand advanced methods in robust machine learning, and apply the knowledge to practical problems
     
  • Plan and carry out self-learning in robust machine learning 

See Absalon.

The course requires a strong mathematical background. It is suitable for computer science master students, as well as students from mathematics (statistics, actuarial math, math-economics, etc) and physics study programmes. Students from other study programmes can verify if they have sufficient math and programming skills by solving the self-preparation assignment (below) and if in doubt contact the course organiser.

It is assumed that the students have successfully passed Machine Learning A+B courses offered by the Department of Computer Science (DIKU). In case you have not taken them, please, go through the self-preparation material and solve the self-preparation assignment provided at https:/​/​sites.google.com/​diku.edu/​machine-learning-courses/​primal before the course starts. (For students with a strong mathematical background and some background in machine learning it should be possible to do the self-preparation within a couple of weeks.) It is strongly not advised taking the course if you do not meet the prerequisites.

Programming Language: The programming language of the course is Python. The self-preparation assignment includes a few programming tasks; if you can code them in Python, you should be fine.
Lectures, class instructions and weekly home assignments.
  • Category
  • Hours
  • Lectures
  • 28
  • Class Instruction
  • 14
  • Preparation
  • 70
  • Exercises
  • 94
  • Total
  • 206
Written
Continuous feedback during the course of the semester
Credit
7,5 ECTS
Type of assessment
Continuous assessment
Type of assessment details
4 take-home assignments. The assignments must be solved individually.

One group presentation in the class. Every student will make a presentation during the course as part of the group on a research paper. The class presentation will be graded on technical content and presentation coherence.

The course is based on weekly home assignments and a class presentation. The final grade will be given as an overall assessment of these two components.
Aid
All aids allowed
Marking scale
7-point grading scale
Censorship form
No external censorship
Several internal examiners
Re-exam

The re-exam consists of two parts:

1. The first part is handing in the 4 course assignments no later than 2 weeks before the oral part of the re-exam
2. The second part is a 30 minutes oral examination without preparation in the course curriculum

The final grade will be given as an overall assessment of the two re-exam parts.

Criteria for exam assesment

See Learning Outcome.