Selected Publications

Martin Gubri's PhD thesis about the transferability of adversarial examples from the surrogate weight space of DNNs.
PhD Thesis

We propose transferability from Large Geometric Vicinity (LGV), a new technique to increase the transferability of adversarial examples that exploits the geometry of the weight space.
ECCV 2022

Recent Publications

Recent Posts

The content of the cyberwal 2022 workshop day on machine learning security in the real world is available below. Theoretical part: Machine Learning Security in the Real World The slides of Maxime Cordy’s lecture are available here. Lab work: Machine Learning Security in the Real World Tutorial given at 2022 Cyberwal school. During the lab, the students gain practical knowledge on adversarial attacks via an online game and a hands-on exercise.

CONTINUE READING

Development

FLOSS Contributions

Significant Contributions

Minor Contributions

Teaching

2023

Master: Erasmus Mundus Joint Master in Cybersecurity

The Erasmus Mundus Joint Master in cybersecurity (CYBERUS) at the University of Luxembourg. One session about very recent developement of adversarial examples against LLMs. Slides.

2022

Master: Advanced topics in Applied Machine Learning

2nd year of Master in Computer Science. Two lectures, design and correction of the project, planning.

  1. Recalls of machine learning, machine learning frameworks, first part project
  2. Overview of adversarial machine learning, model calibration

Project: Creation and evaluation of fill-in-the-blank notebooks (part 1 on preprocessing and part 3 on adversarial examples)

Master: Introduction to Machine Learning

2nd year of Master in Space Science. Six sessions, including four based on the Machine Learning Refined book and one based on the Applied Machine Learning course of Andreas C. Müller. Summary slides.

  1. Recalls of linear algebra: “Machine Learning Refined” book, “Essence of linear algebra” videos serie of 3blue1brown, some formal definitions from the “Mathematics for Machine Learning” book.
  2. Zero-order optimization: Chapter 2, Appendix B.
  3. First-order optimization: Chapter 3, “Gradient descent, how neural networks learn” video from 3Blue1Brown.
  4. Linear regression and linear classification: Chapters 5 and 6
  5. ML project lifecycle: Data preparation, feature engineering, overfitting & underfitting, model evaluation. Slides.
  6. Neural Networks (slides), Keras & Convolutional Neural Nets (slides) and Advanced Neural Networks (slides).
  7. Written examination

2021

Master: Introduction to Machine Learning

2nd year of Master in Space Science. Two introductory lectures on Machine Learning. Slides.

2020

Bachelor: Software engineering 2

3rd year of Bachelor in Computer Science. Four introductory lectures on Machine Learning Engineering. Course given online during lockdown. Quizzes on Moodle. Videos, Slides

  1. Introduction to Machine Learning: Useful Definitions, Types of Tasks in Machine Learning
  2. Introduction to Machine Learning: Recalls of Statistics, Model’s elements, Elements of Statistical Learning Theory
  3. Machine Learning Project Lifecycle: When to (not) use Machine Learning, Goal Definition, Data Collection & Preparation
  4. Machine Learning Project Lifecycle: Feature Engineering, Choosing and Training a model, Model Evaluation, Feedback loop

Reviewing

I served as a (co)-reviewer for the following conferences and journals.

Machine Learning Venues

  • IEEE Transactions on Neural Networks and Learning Systems (Journal)
  • IEEE Transactions on Pattern Analysis and Machine Intelligence (Journal)
  • UAI 2023
  • IJCAI 2023
  • CVPR 2023
  • NeurIPS 2023 (Main Track, Datasets and Benchmarks Track)
  • SiMLA workshop 2023
  • NeurIPS 2022 (Datasets and Benchmarks Track)
  • IEEE Transactions on Image Processing (Journal)
  • AAAI 2021
  • AAAI 2022

Software Engineering Venues

  • ICSE 2021
  • ICSE 2022
  • FSE 2020
  • FSE 2022
  • ICST 2020
  • ICST 2021
  • QRS 2020
  • QRS 2022
  • SANER 2023

Miscellaneous

Other academic services

ML Reading Group

I organized and animated the weekly Machine Learning Reading Group at the SerVal group (University of Luxembourg) from February 2021 to August 2023.

White-Hat

Contributions to FLOSS Security

Vulnerabilities discovered:

CVE Software Type Description/Impact Links
CVE-2017-6877 Lutim Stored XSS Exposed all images uploaded by the user and their encryption keys issue
CVE-2017-10975 Lutim Stored XSS Idem. Hard to exploit in pratice issue
CVE-2017-1000051 CryptPad Stored XSS Exposed encryption keys of user data blog post
TeleR RCE 3 Arbitrary Code Executions on their server blog post soon
Turtl Stored XSS 3 XSS exposing encrypted data (incl. passwords)
NCrypt Stored XSS issue
not disclosed Stored XSS
not disclosed Stored XSS
Shaarli Stored XSS Markdown plugin MR
not disclosed Stored XSS
Framaforms Improper Access Control Exposed URL of all users forms No public record
Framaforms Stored XSS Exposed responses of user forms. Too permissive formats allowed to untrusted users issue
Framaforms Stored XSS issue
Framaslides Stored XSS Markdown not sanitized commit
Framaslides Stored XSS Escape markdown link sanitization (marked lib not updated) issue
Framaslides Stored XSS issue
CVE-2017-11594 Loomio Stored XSS Markdown not sanitized. Allows to cast users’ votes using their identity commit, demo
Loomio Stored XSS No restrictions to attached files (when served locally). Allows to cast users’ votes using their identity demo
Framemo & Sandstorm’s Scrumblr Stored XSS Markdown not sanitized issue, PR
Framemo & Sandstorm’s Scrumblr Formula Injection issue, MR
CVE-2017-1000039 Framadate Formula Injection issue, MR
not disclosed Stored XSS
CVE-2017-11593 Markdown Preview Plus Chrome’s Extension Stored XSS Led its users vulnerable to XSS in a ton of websites, by converting text, markdown and rst files to HTML without sanitization issue
not disclosed Stored XSS
Wallabag 2 & Graby Stored XSS PR
Kresus Stored Self-XSS Possible to leverage it by importing a malicious JSON issue
Dolomon Stored (Self)-XSS Multiple XSS. Some can be leveraged using a CSRF issue issue
Dolomon Improper Access Control Gave access to the URLs saved by all users issue
Dolomon Formula Injection issue
not disclosed Stored XSS
share-on-diaspora Wordpress Plugin Reflected Client XSS Fixed, but not discovered. PR

Contact

Fell free to contact me

Contact me preferably by email and follow me on Twitter or Mastodon.