For updates regarding COVID-19, please visit the University of Michigan's information page here

Adversarial Machine Learning

An online course at the intersection of machine learning and security

Adversarial Machine Learning has profound implications for safety-critical systems that rely on machine learning techniques, like autonomous driving. Machine learning models, such as neural networks, are often not robust to adversarial inputs. This course introduces concepts from machine learning and then discusses how to generate adversarial inputs for assessing robustness of machine learning models. Potential defenses — and their limits — are also discussed.

Key Information

Open Registration


GO BLUE Discounts
Limited-time refund policy through July 2020

Start Date



180 days

Time Commitment

4-6 hours



Continuing Education Units (CEU)


Program Overview

Course Outline
  • Introduction (5 min)
  • Adversarial Machine Learning Overview (21 min)
  • Adversarial Attacks on Machine Learning Models (8 min)
  • Physical Attacks on Machine Learning Models (32 min)
  • Short Intro to (Non-Adversarial) Machine Learning (18 min)
  • Types of Machine Learning Problems: Regression and Classification (8 min)
  • Linear Regression: Training and Loss (20 min)
  • Linear Regression: Model Fitting Using Gradient Descent (34 min)
  • Classification (18 min)
  • Neural Networks (29 min)
  • Adversarial Attacks on Neural Networks (41 min)
  • Advanced Attacks (32 min)
  • Physical-World Adversarial Attacks (22 min)
  • Defenses: Making Models Robust Against Adversarial Attacks on Neural Networks (32 min)
Time Commitment and Work Pace

Each course contains 4-6 hours of online instruction divided into shorter modules to make it easy to learn at your own pace.

You will have 180 days from your course start date to complete the course.

Completion Requirements

Successful completion requires you to view all course modules and receive an 80% passing grade on the course assessment. Upon completing these requirements, you will earn a digital badge for your resume or professional profile.

Certificate Option and Specializations

Upon successful completion of 4 CCET courses, you will receive a U-M Certificate of Achievement.

Select 4 courses from one concentration to deepen your knowledge in a subject or area. If you choose a specialization, your certificate will note the specialization you completed.

Prerequisites & Technical Requirements

There are no prerequisites for this course. A bachelor's degree in a science, engineering, or technical field is recommended but not required.

To view technical requirements, click here.


Administrative/Online Technical Support

Support staff are available via phone and email to help with administrative and technical issues during our normal business hours (Monday through Friday 8:00 a.m. to 5:00 p.m. Eastern Time).

Learning Objectives

  • Understand why robustness of machine learning models is important in different application contexts, including autonomous driving
    Understand different types of attacks on machine learning systems
  • Machine learning concepts review: regression, loss, model training goals, gradient descent, and classification
  • Understand attack strategies on machine learning systems by modifying inputs
  • Understand different types of defenses and their limits

Course Instructor

Atul Prakash
Atul Prakash
Professor, Electrical Engineering and Computer Science, College of Engineering

Post Program

Digital Badge

Earn a digital badge for your resume or professional profile:

A preview of what a digital badge for a course might look it. A blue, badge-shaped graphic with the Nexus logo and an icon corresponding to the field of study.


A certificate in your course of study will be awarded upon successful completion of this program.

A preview of what a course certificate of completion might look like.

“This program was very suitable for my team and beneficial for us to understand new technologies...[our] engineers can work at their own pace.”

- Supervisor, Ford Motor Company