Workshop on Dependable and Secure Machine Learning
15:00-15:05 (CEST). Welcome to DSN-DSML 2020
Homa Alemzadeh, University of Virginia
15:05-15:45 (CEST). Session 1: Keynote Talk
by Michael Lyu, Chinese University of Hong Kong
Although artificial intelligence has advanced the state-of-the-art in many domains, its interpretability, dependability, and security remain unsatisfactory, hindering the rapid deployment in many safety-critical scenarios. Among these characteristics, interpretability is at the core since the human trust builds upon the interpretability of model predictions and understanding of unexpected behaviors (e.g., error predictions, adversarial attacks). In this talk, I will introduce some of our recent investigations on model interpretability in both natural language processing and computer vision domains. Besides, I will illustrate our recent attempts on dependable and secure machine learning from the interpretability perspective. Finally, I will share some thoughts on the related research directions.

Michael R. Lyu is a Professor and the Chairman in the Computer Science & Engineering Department at the Chinese University of Hong Kong. He received a B.S. in Electrical Engineering from the National Taiwan University, an M.S. in Electrical and Computer Engineering from University of California, Santa Barbara, and a Ph.D. in Computer Science from University of California, Los Angeles. His research interests include software reliability engineering, dependable computing, machine learning, artificial intelligence, and distributed systems. He published a widely cited McGraw-Hill Handbook of Software Reliability Engineering, and a Wiley book on Software Fault Tolerance. He is a Fellow of the IEEE, a Fellow of ACM, a Fellow of AAAS, and an IEEE Reliability Society Engineer of the Year. He also appears in The AI 2000 Most Influential Scholars Annual List in 2020.

15:55-16:40 (CEST). Session 2: Attacks
  • "TAaMR: Targeted Adversarial Attack against Multimedia Recommender Systems", Tommaso Di Noia, Daniele Malitesta, Felice Antonio Merra.
  • "On The Generation Of Unrestricted Adversarial Examples", Mehrgan Khoshpasand, Ali Ghorbani.
  • "Blackbox Attacks on Reinforcement Learning Agents Using Approximated Temporal Information", Yiren Zhao, Ilia Shumailov, Han Cui, Xitong Gao, Robert Mullins, Ross Anderson.
16:50-17:35 (CEST). Session 3: Validation, Verification, and Defense
  • "PyTorchFI: A Runtime Perturbation Tool for DNNs". Abdulrahman Mahmoud, Neeraj Aggarwal, Alex Nobbe, Jose Rodrigo Sanchez Vicarte, Sarita Adve, Christopher W. Fletcher, Iuri Frosio, Siva Kumar Sastry Hari.
  • "Online Verification through Model Checking of Medical Critical Intelligent Systems", João Martins, Raul Barbosa, Nuno Lourenço, Jacques Robin, Henrique Madeira.
  • "BlurNet: Defense by Filtering the Feature Maps", Ravi Raju, Mikko Lipasti.
17:45-18:15 (CEST). Session 4: Keynote Talk
by Rajarshi Gupta, Avast Security
Recent years have seen heavy utilization of AI in security, but the complexities of a massively scalable production-quality security pipeline is often hard to grasp. In this seminar, we will discuss state-of-the-art AI techniques used to deter daily attacks, by drawing from experience of protecting 435M users (across PCs, mobiles, IoTs) at Avast. We will also identify gaps that exist between academic research in AI-Security, and the daily challenges of real-world attacker-defender contests. Finally, we suggest ways to bridge those gaps, to make the academic research more viable and valuable in real deployments.

Rajarshi Gupta is the Head of AI at Avast Software, the largest consumer security companies in the world. He has a PhD in EECS from UC Berkeley and has built a unique expertise at the intersection of Artificial Intelligence, Cybersecurity and Networking. Prior to joining Avast, Rajarshi worked for many years at Qualcomm Research, where he created ‘Snapdragon Smart Protect’, the first ever product to achieve On-Device Machine Learning for Security. Rajarshi has authored over 200 issued U.S. Patents, and is featured on the wikipedia page for most prolific inventors in history.

18:15-18:30 (CEST). Discussion and Closing
Workshop on Data-Centric Dependability and Security
15:00-15:05 (CEST). Welcome DCDS 2020
Ibéria Medeiros, University of Lisboa
15:05-15:45 (CEST). Session 1: Keynote
by Jilles Vreeken, CISPA, Saarland University, Germany
Session chair: Michael Kamp, Monash University
Sample Description

Jilles Vreeken is the leader of the Independent Research Group on Exploratory Data Analysis at the Helmholtz Center for Information Security. In addition, he is a Senior Researcher in D5, the Databases and Information Systems group at the Max Planck Institute for Informatics, and a Professor in the Department of Computer Science of Saarland University. His research interests include data mining and machine learning, exploratory data analysis, causal inference, and pattern mining. He is particularly interested in developing well-founded theory and efficient methods for extracting informative models and characteristic patterns from large data, and putting these to good use. He has authored over 60 conference and journal papers, 3 book chapters, won the 2010 ACM SIGKDD Doctoral Dissertation Runner-Up Award, and two best (student) paper awards. He is tutorial chair for SIAM SDM 2017, was program co-chair for ECML PKDD 2016, publicity co-chair for IUI 2015, sponsorship co-chair for ECML PKDD 2014, workshop co-chair of IEEE ICDM 2012. He co-organised eight workshops and four tutorials. He is a member of the editorial board of Data Mining and Knowledge Discovery (DAMI) and of the ECML PKDD Journal Track Guest Editorial Board, in addition he regularly reviews for TKDD, KAIS, TKDE, as well as for KDD, ICDM, SDM, ECML PKDD. He obtained his M.Sc. in Computer Science from Universiteit Utrecht, the Netherlands. He pursued his Ph.D. at the same university under supervision of Arno Siebes, and defended his thesis ‘Making Pattern Mining Useful’ in 2009. Between 2009 and 2013 he was a post-doctoral researcher at the University of Antwerp, supported by a Post-doctoral Fellowship of the Research Foundation – Flanders (FWO).

16:00-16:30 (CEST). Session 2: Network Security & Privacy
Session chair: Ibéria Medeiros, University of Lisboa
  • "Association Rule Mining with Differential Privacy", Hao Zhen (National Taiwan University), Bo-Cheng Chiou (Feng Chia University), Yao-Tung Tsou (Feng Chia University), and Sy-Yen Kuo (National Taiwan University).
  • "Pelican: A Deep Residual Network for Network Intrusion Detection", Peilun Wu (University of New South Wales), Hui Guo (University of New South Wales), and Nour Moustafa (University of New South Wales).
Workshop on High-performance computing platforms for dependable autonomous systems
15:00-16:00 (CEST). HPCDS #1 : Hardware Platforms
  • Open Source Hardware: an opportunity for critical systems
    Jimmy Le Rhun (Thales Research and Technology, France)

  • Development of a NOEL-V RISC-V SoC targeting Space Applications
    Jan Andersson (Cobham Gaisler AB, Sweden )
16:00-16:30 (CEST). HPCDS #2 : Software Platforms
  • Safe and secure software updates on high-performance embedded computing systems
    Irune Aguirre (Ikerlan, Spain)

16:30-17:30 (CEST). HPCDS #3: Certification Challenges
  • Approaching certification of complex systems
    Nicholas McGuire (OSADL Safety Critical Linux Working Group), and Imanol Allende (Ikerlan, Spain)

  • AI Safety Landscape: from short-term specific system engineering to long-term artificial general intelligence
    Jose Hernandez-Orallo (Universitat Politècnica de València)

Workshop on Safety and Security of Intelligent Vehicles
15:05-15:50 (CEST). SSIV #1: AI and adaptive systems
chaired by Michaël Lauer
  • AI and Reliability Trends in Safety Critical Autonomous Systems on Ground and Air
    Jyotika Athavale (Intel), Michael Paulitsch (Intel), Andrea Baldovin (Intel), Ralf Graefe (Intel), and Rafael Rosales (Intel)

  • Reward Tuning for self-adaptive Policy in MDP based Distributed Decision-Making to ensure a Secure Mission Planning
    Mohand Hamadouche (Lab-STICC, CNRS), Catherine Dezan (Lab-STICC, CNRS), and Kalinka Regina Lucas Jauqie Castelo Branco (Universidade de Sao Paulo)
15:55-16:40 (CEST). SSIV #2: Dependability and security analysis
chaired by Joao Cunha
  • The Quantitative Risk Norm - A Proposed Tailoring of HARA for ADS
    Fredrik Warg (RISE Research Institutes of Sweden), Rolf Johansson (Autonomous Intelligent Driving), Martin Sanfridson (Volvo Technology AB), Mattias Brännström (Zenuity AB), Magnus Gyllenhammar (Zenuity AB), Martin Skoglund (RISE Research Institutes of Sweden) and Anders Thorsén (RISE Research Institutes of Sweden)

  • Analysis of Cybersecurity Mechanisms with respect to Dependability and Security Attributes
    Behrooz Sangchoolie (Dependable Transport Systems, RISE Research Institutes of Sweden), Peter Folkesson (Dependable Transport Systems, RISE Research Institutes of Sweden), Pierre Kleberger (Dependable Transport Systems, RISE Research Institutes of Sweden) and Jonny Vinter (Dependable Transport Systems, RISE Research Institutes of Sweden)

  • Exploring Fault Parameter Space using Reinforcement Learning-based Fault Injection
    Mehrdad Moradi (University of Antwerp and Flanders Make vzw), Bentley James Oakes (University of Antwerp and Flanders Make vzw), Mustafa Saraoglu (Technische Universitat Dresden), Andrey Morozov (Technische Universitat Dresden), Klaus Janschek (Technische Universitat Dresden) and Joachim Denil (University of Antwerp and Flanders Make vzw)

16:45-17:30 (CEST). SSIV #3: Architecture and deployment
chaired by Kalinka Branco
  • Flexible Deployment and Enforcement of Flight and Privacy Restrictions for Drone Applications
    Nasos Grigoropoulos (University of Thessaly) and Spyros Lalis (University of Thessaly)

  • Conceptual Design of Human-Drone Communication in Collaborative Environments
    Hans Dermot Doran (Institute of Embedded Systems, ZHAW), Monika Reif (Institute of Applied Mathematics and Physics, ZHAW), Marco Oehler (Zurich University of Applied Sciences), Curdin Stöhr (Zurich University of Applied Sciences), and Pierluigi Capone (Centre for Aviation, ZHAW).
  • A hierarchical fault tolerant architecture for an autonomous robot
    Favier Anthony (LAAS-CNRS, INPT ENSEEIHT - University of Toulouse), Messioux Antonin (LAAS-CNRS, INPT ENSEEIHT, University of Toulouse), Jérémie Guiochet (LAAS-CNRS,UPS, INPT, University of Toulouse), Jean-Charles Fabre (LAAS-CNRS, UPS, INPT, University of Toulouse) and Charles Lesire (ONERA/DTIS, University of Toulouse).

17:40-18:30 (CEST). SSIV #4: Panel and closing remarks

"Future Challenges in Safety and Security of Intelligent Vehicle"

Chair/Moderator :

  • Mario Trapp (Fraunhofer IKS, Germany)


  • Sibin Mohan (University of Illinois, USA)
  • Miriam Gruber (BMW, Germany)
  • Behrooz Sangchoolie (RISE, Sweden)

Tutorial #1:
Cross-Layer Soft-Error Resilience Analysis of Computing Systems

In a world with computation at the epicenter of every activity, computing systems must be highly resilient to errors even if miniaturization makes the underlying hardware unreliable. Techniques able to guarantee high reliability are associated to high costs. Early resilience analysis has the potential to support informed design decisions to maximize system-level reliability while minimizing the associated costs. This tutorial focuses on early cross-layer (hardware and software) resilience analysis considering the full computing continuum (from IoT/CPS to HPC applications) with emphasis on soft errors. The tutorial will guide attendees from the definition of the problem down to the proper modeling and design exploration strategies considering the full system stack (i.e., from circuit to software).

  1. Provide a deep understanding of the cross-layer impact of hardware faults on the full system
    stack, taking into account all derating factors from technology (silicon) to software.
  2. Describe and analyze methodologies and tools for the evaluation of the resilience of each
    system layer (i.e., circuit, microarchitecture, and software).
  3. Illustrate how specific approaches for resilience analysis working at different layers of the
    system stack can be integrated to provide full system level analysis.
  4. Showcase the accuracy, strengths and weaknesses of the presented techniques.

Students, researchers and practitioners working on computing systems hardware and software design, with concerns about the impact of hardware faults on the full system level operation.

It is expected a basic understanding of computing systems hardware and software such as: logic design, computer architecture and microarchitecture, operating systems and programming. Some basic background on hardware defect mechanisms, fault and error modeling.


The tutorial is organized in an incremental manner. It starts with an introduction to reliability and cross-layer techniques followed by the main techniques applied at each abstraction level (e.g., circuits, architecture and software). The last part is focused on the most advanced concepts of stochastic cross-layer modelling, analysis and optimization. The agenda will be:

  • Introduction – Basic Concepts, Terminology (30 minutes)
  • Technology level resilience assessments (30 minutes)
  • Microarchitecture level resilience assessments (30 minutes)
  • Software level resilience assessments (30 minutes)
  • Stochastic based approach for System level resilience assessments (30 minutes)

The handouts for this tutorial can be downloaded from here.
  • Alberto Bosio, École Centrale de Lyon, France
  • Stefano Di Carlo, Politecnico di Torino, Italy
  • Alessandro Savino, Politecnico di Torino, Italy
  • Dimitris Gizopoulos, University of Athens, Greece
  • Ramón Canal, Universitat Politècnica de Catalunya and Barcelona Supercomputing Center, Spain
Tutorial video with Q&A
Tutorial #2:
Into the Unknown: Unsupervised ML Algorithms for Anomaly-Based Intrusion Detection

One of the open challenges of past and recent systems is to identify errors before they escalate into failures. To such extent, most of the Error Detectors or enterprise Intrusion Detection Systems adopt signature-based detection algorithms, which consist of looking for predefined patterns (or "signatures") in the monitored data in order to detect an error or an ongoing attack. Data is usually seen as a flow of data points, which represent observations of the values of the indicators at a given time. Signature-based approaches usually score high detection capabilities and low false positive rates when experimenting known errors or attacks, but they cannot effectively adapt their behaviour when systems evolve or when their configuration is modified. As an additional consequence, signature-based approaches are not meant to detect zero day attacks, which are novel attacks that cannot be matched to any known signature. Moreover, when a zero-day attack that exploit newly added or undiscovered system vulnerabilities is identified, its signature needs to be derived and added as a new rule to the IDS.

To deal with unknowns, research moved to techniques suited to detect unseen, novel attacks. Anomaly detectors are based on the assumption that an attack generates observable deviations from an expected – normal – behaviour. Briefly, they aim at finding patterns in data that do not conform to the expected behaviour of a system: such patterns are known as anomalies. Once an expected behaviour is defined, anomaly detectors target deviations from such expectations, protecting against known attacks, zero-day attacks and emerging threats. To such extent, most of the anomaly detection algorithms are unsupervised, suiting the detection, among others, of unknown errors or zero-day attacks, without requiring labels in training data 

The primary learning objectives of the tutorial are to demonstrate the capability of unsupervised learning algorithm to detect cyber-attacks and in particular zero-day attacks, and to instruct the attendees on the process to perform a well-crafted evaluation campaign.

In fact, after showing the current threat landscape as expanded by technical reports of agencies as ENISA, we will introduce anomaly detection, which is acknowledged as the most reliable answer to the detection of unknown errors or attacks. The participants will understand and use unsupervised algorithms that are particularly suited for anomaly detection, the main families and the differences in the way they decide if a data point is anomalous or normal. Participants will be involved in an hands-on session by using the RELOAD tool, which allows executing unsupervised anomaly detection algorithms and observing metric scores they provide on different datasets. This hands-on session, which can be conducted individually or in groups, will originate the final session which will constitute the final takeover of the tutorial, based both on participants activities and organizers’ experience in the domain.

The RELOAD tutorial targets anyone who is interested in the application of unsupervised ML algorithms for intrusion detection, with PhD students or young researchers as primary target audience. Consequently, we expect a remarkable amount of conference attendees to be interested in the topics of this tutorial, which targets beginners, with some content for intermediate. In fact, the tool to be used in the hand-on session will allow PhD students, researchers and practitioners who are starting to explore the discipline to get their first quantitative estimation of attack detection capabilities of algorithms, hiding implementation details which may be difficult to control at a first stage.

The tutorial will be composed by the following blocks.

  • B1. Digression on the Current Threat Landscape (10% of tutorial time). Starting from public reports e.g., ENISA, we will describe the current state of cyber-attacks.
  • B2. Anomaly-Based Intrusion Detection (15% of tutorial time). This part highlights some key terms and components that will be used in the rest of the tutorial, alongside with its role in detecting intrusions.
  • B3. Unsupervised Algorithms and their Characteristics (10% of tutorial time). We will introduce some of the most common algorithms to be used for unsupervised anomaly detection.
  • B4. Presentation of the RELOAD Tool (15% of tutorial time): This part will let the audience understand what the RELOAD tool offers, and how to use the RELOAD tool for executing unsupervised algorithms.
  • B5. Hands-On Session (40% of tutorial time): the attendees can use the tool to perform intrusion detection on public attack datasets that are previously downloaded by the organizers and shared with the slides.
  • B6. Wrap-up and Final Discussion (10% of tutorial time): Results obtained during hand-on session will be discussed together with the audience, originating final discussions. We will prepare spare material for enriching the discussion, expanding on already existing studies.
  • Tommaso Zoppi, University of Florence, Italy
  • Andrea Ceccarelli, University of Florence, Italy
  • Andrea Bondavalli, University of Florence, Italy
Tutorial videos with Q&A
Into the Unknown: Unsupervised ML Algorithms for Anomaly-Based Intrusion Detection - Part 1
Into the Unknown: Unsupervised ML Algorithms for Anomaly-Based Intrusion Detection - Part 2
Tutorial #3:
The InterPlanetary File System and the filecoin network

The InterPlanetary File System (IPFS) is a peer-to-peer content-addressable distributed file
system that seeks to connect all computing devices with the same system of files. It is an
open-source community-driven project, with reference implementations in Go and Javascript,
and a global community of millions of users.

IPFS resembles past and present efforts to build and deploy Information-Centric Networking
approaches to content storage, resolution, distribution and delivery. IPFS and libp2p , which is
the modular network stack of IPFS, are based on name-resolution based routing. The resolution
system is based on Kademlia DHT and content is addressed by flat hash-based names. IPFS
sees significant real-world usage, with over 250,000 daily active network nodes, millions of end
users and wide adoption by several other projects in the Decentralised Web space, but not only.
An adjacent project to IPFS, which was also masterminded and is also being developed within
Protocol Labs (the umbrella company of IPFS and libp2p) is filecoin . Filecoin is a cryptocurrency
that supports a decentralised storage and delivery network. Storage and retrieval miners are
rewarded according to their contribution to the network and the mechanics of filecoin secure the
network against malicious activity

The main objective of this tutorial is to let researchers, developers, and users understand IPFS
and the capabilities it provides.

More specifically, participants will:

  • Understand how IPFS brings content addressing as a core primitive for data distribution
  • Learn how to use CIDs (content identifiers) to find content and interpret what the content
    is programatically
  • Learn how to create custom data structures using IPFS and its underlying data format,
    IPLD (InterPlanetary Linked Data)
  • Understand how libp2p bring process addressing as a core primitive for P2P and
    runtime-independent applications

The attendees do not need to have prior knowledge of IPFS, libp2p or filecoin and basic
knowledge and understanding of core networking and network security principles will be
adequate in order to follow along.

  • Understanding how IPFS deals with files (60 mins)
  • Solving distributed networking problems with libp2p (60 mins)
  • The lifecycle of data in IPFS and filecoin (40 mins)
  • Developing Apps with the IPFS API (20 mins)

  • David Dias, Peer-2-Peer Software Engineer at Protocol Labs, (Palo Alto, CA and Lisbon,
  • Dr. Ioannis Psaras, EPSRC Fellow and University Lecturer (Assistant Professor) at
    University College London and a Research Scientist at Protocol Labs.
Tutorial videos with Q&A
The InterPlanetary File System and the filecoin network - Part 1
The InterPlanetary File System and the filecoin network - Part 2
The InterPlanetary File System and the filecoin network - Part 3

15:00-15:15 (CEST). Welcome
by Sara Bouchenak
15:15-16:00 (CEST). Keynote: The Hard Path to Excellence or…why excellence is about details
Paulo Verissimo, University of Luxembourg
chaired by Saman Zonouz

Top-level research is a highly competitive environment: funding; recruiting; publishing; impact … If you move in the first division, academia is like a premier league, and top researchers are high-level competition athletes. Is that too stressing? Where is the fun? Depends on the perspective. There is no unique recipe, but I’ll share my own experience and hope to show that it can be a unique life, if you do the right things.

If you manage the balance between freedom, self-responsibility, and perseverance, chances are you will go far, and have moments you'll never forget. How far? Well, if you are aiming for the gold, the nice secret of this talk is that excellence … is about details.

Paulo Esteves-Veríssimo is a professor and FNR PEARL Chair at the University of Luxembourg FSTM and SnT, and Head of the CritiX lab ( He is adjunct Professor of the ECE Dept., Carnegie Mellon University. Previously, he has been a professor of the Univ. of Lisbon (PT). He is the representative of UNILU-SnT in ECSO, the European Cyber Security Organisation, and member of its Scientific & Technical Committee (STC). He was Chair of the IFIP WG 10.4 on Dependable Computing and Fault-Tolerance and vice-Chair of the Steering Committee of the IEEE/IFIP DSN conference.

He is Fellow of the IEEE and Fellow of the ACM, and associate editor of IEEE Trans. on Emerging Topics in Computing (TETC). He is currently interested in architectures, middleware and algorithms for resilient modular and distributed computing, in areas like: SDN-based infrastructures; autonomous vehicles from earth to space; digital health and genomics; or blockchain and cryptocurrencies. He is author or co-author of over 200 peer-refereed int’l publications and
co-author of 5 books. Check his pubs on GSC.

16:15-17:00 (CEST). Session 1
chaired by Isabelly Rocha
  • Safeguarding Data Consistency at the Edge
    Claudio Correia (Universidade de Lisboa, Portugal)

  • Depending on HTTP/2 for Privacy? Good Luck!
    Gargi Mitra (IIT Madras, India)

  • Towards Practical Privacy-Preserving Collaborative Machine Learning at a Scale
    Rania Talbi (INSA-Lyon, France)

17:15-18:15 (CEST). Session 2
chaired by Amy Babay
  • What Exactly Determines the Type?Inferring Types with Context
    Ligeng Che (Nanjing University, China)

  • Impact of geo-distribution and mining pools on blockchains: a study of Ethereum
    Paulo Mendes da Silva, INESC-ID & IST. U. Lisboa, Portugal

  • CanvasMirror: Secure Integration of Third-Party Library in WebVR Environment
    Jiyeon Lee, KAIST, Korea

  • A Framework for Risk Assessment in Augmented Reality-equipped Socio-technical Systems
    Soheila Sheikh Bahaei, Malardalen University, Sweden