Research Group
Machine Learning
and Security
View from our building over Berlin.

Welcome and Overview

Our research group conducts fundamental research at the intersection of computer security and machine learning. On the one end, we are interested in developing intelligent systems that can learn to protect computers from attacks and identify security problems automatically. On the other end, we explore the security and privacy of machine learning by developing novel attacks and defenses.

We are part of the Berlin Institute for the Foundations of Learning and Data (BIFOLD) at Technische Universität Berlin. Previously, we have been working at Technische Universität Braunschweig and the University of Göttingen.

News and Updates

August 1, 2025 — We welcome Anna Wimbauer as our new PhD student. 👋 Welcome aboard, Anna! We’re excited to explore new threats and twists in LLM security with you.

July 16, 2025 — We are attending ICML in Vancouver, 🇨🇦. Jonas is presenting our work on creating Chimera examples, adversarial inputs that yield different predictions for the same model depending on the underlying backend.

April 22, 2025 — We are starting the summer semester with new courses, including our lecure on machine learning for security and a project on reproducing AI attacks and defenses. Register in the ISIS platform 📚.

April 9, 2025 — We are attending SaTML in Copenhagen, 🇩🇰. Thorsten is presenting his paper on verifiable machine unlearning, while Konrad is chairing the conference.

See all news and updates of the research group.

Teaching in Winter

AML — Adversarial Machine Learning

This integrated lecture is concerned with adversarial machine learning. It explores various attacks on learning algorithms, including white-box and black-box adversarial examples, poisoning, backdoors, membership inference, and model extraction. It also examines the security and privacy implications of these attacks and discusses defensive strategies, ranging from threat modeling to integrated countermeasures.

   Course Website    Module 41117 Type: Lecture Audience: Master

SMARTLAB — Smart Security Lab

This lab is a hands-on course that explores machine learning in computer security. Students design and develop intelligent systems for security problems such as attack detection, malware clustering, and vulnerability discovery. The developed systems are trained and evaluated on real-world data, providing insight into their strengths and weaknesses in practice. The lab is a continuation of the lecture "Machine Learning for Computer Security" and thus knowledge from that course is expected.

   Course Website    Module 41116 Type: Lab course Audience: Master

See all teaching course.

Recent publications

LLM-based Vulnerability Discovery through the Lens of Code Metrics.
Felix Weissberg, Lukas Pirch, Erik Imgrund, Jonas Möller, Thorsten Eisenhofer and Konrad Rieck.
Proc. of the 48th IEEE/ACM International Conference on Software Engineering (ICSE), 2026. (to appear)

Adversarial Observations in Weather Forecasting.
Erik Imgrund, Thorsten Eisenhofer and Konrad Rieck.
Proc. of the 32nd ACM Conference on Computer and Communications Security (CCS), 2025. (to appear)

Tiny Sensors, Big Threats: Assessing Motion Sensor-based Fingerprinting in Mobile Systems.
Carlos Sulbaran Fandino, Anne Josiane Kouam and Konrad Rieck.
Proc. of the 27th International Conference on Modeling, Analysis and Simulation of Wireless and Mobile Systems (MSWiM), 2025. (to appear)

Towards Identifying Intent of Data Errors.
Mohamed Abdel Maksoud, Konrad Rieck and Ziawasch Abedjan.
VLDB Workshop Guide-AI, 2025.

PDF

See all publications of the research group.

Current projects

AIGENCY — Opportunities and Risks of Generative AI in Security

The project aims to systematically investigate the opportunities and risks of generative artificial intelligence in computer security. It explores generative models as a new tool as well as a new threat. The project is joint work with Fraunhofer AISEC, CISPA, FU Berlin, and Aleph Alpha.

BMBF 2023 – 2026

MALFOY — Machine Learning for Offensive Computer Security

The ERC Consolidator Grant MALFOY explores the application of machine learning in offensive computer security. It is an effort to understand how learning algorithms can be used by attackers and how this threat can be effectively mitigated.

ERC 2023 – 2028 Website

ALISON — Attacks against Machine Learning in Structured Domains

The goal of this project is to investigate the security of learning algorithms in structured domains. That is, the project develops a better understanding of attacks and defenses that operate in the problem space of learning algorithms rather than the feature space.

DFG 2023 – 2026

See all projects of the research group.

Contact

Technische Universität Berlin
Machine Learning and Security, TEL 8-2
Hardenbergstr. 40A
10623 Berlin, Germany

Office: office@mlsec.tu-berlin.de
Responsibility under the German Press Law §55 Sect. 2 RStV:
Prof. Dr. Konrad Rieck