# CS329D: ML Under Distribution Shifts

A graduate course surveying topics in machine learning when the training and test data arise from different distributions.

# Description

The progress of machine learning systems has seemed remarkable and inexorable — a wide array of benchmark tasks including image classification, speech recognition, and question answering have seen consistent and substantial accuracy gains year on year. However, these same models are known to fail consistently on atypical examples and domains not contained within the training data. This course will cover methods for understanding and improving machine learning under *distributional shifts*, where the training and test distribution for a model are mismatched.

## Course goals

The course aims to cover recent research on the following topics:

- Definition of various distribution shifts in terms of distributional overlap or as the result of changes to the environment.
- Real-world distribution shifts: domain adaptation in NLP and vision as well as fairness in prediction tasks.
- Methods for improving robustness: neural approaches, invariance constraints, and minimax losses.
- Adversarial shifts: adversarial examples in image recognition, provable defenses, and data poisoning.

The goal of the course is to introduce the variety of areas in which distributional shifts are central and equip students with the fundamentals necessary to conduct research on developing more robust machine learning methods. Because of this goal, the course will aim to cover the classic papers and basic concepts in this area, rather than spend the quarter on any single task or problem.

## Course activities

The course will consist of three kinds of activities

**Lectures**: The course will consist of 10 lectures, covering domain adaptation theory and methods, representation-based approaches to robustness, minimax methods, adversarial examples, and data poisoning.**Paper discussions**: There will be 9 student driven discussion and critique sessions in which we go over and discuss selected papers in each area.**Project**: Each student will be responsible for implementing and testing one of the methods from the class on a distribution shift task of their choice.

The instructors will have open office hours on zoom. Please check canvas for the zoom link (this is to restrict the office hours to enrolled students).

For details on grading and other accommodations see the course policies

## Logistics

All lectures and discussions will be held in person in Hewlett 103. Discussions will be held on Mondays from 3:15-4:45pm and lectures will be held on Wednesdays from 3:15-4:45pm. We will make our best effort to record and post lectures and discussions on this Canvas page in a timely fashion. Office hours will be over Zoom and are listed on Canvas. You will be submitting all assignments via Gradescope, and you will be automatically added in the first week of instruction. We will have course announcements on Piazza, which you can join using the access code shared on Canvas. If you would like to contact the course staff, please make a Piazza post or email us.

# Weekly Schedule

Week-to-week schedule and papers covered are tentative, and may change within the first week of the quarter.

## Introduction and taxonomy of distribution shifts

- Sep 20
- Introduction
**Lecture**

- Overview of the course
- Distribution shifts in the real world
- A taxonomy of distribution shifts and how they arise

- Sep 22
- Covariate and label shifts
**Lecture**+**Discussion**

- What is a covariate shift?
- Handling covariate shift under distribuitonal overlap.
- Shortcut Learning in Deep Neural Networks

- Sep 27
- Covariate and label shifts 2
**Discussion**

## Domain adaptation theory

- Sep 29
- Domain adaptation
**Lecture**

- When can we provably learn under distribution shift?
- Can unlabeled data help?
- Defining generalization bounds under distribution shift.

- Oct 4
- Domain adaptation 2
**Discussion**

## Neural and representation-based methods

- Oct 6
- Neural domain adaptation
**Lecture**

- Indistinguishability over representations.
- Adversarial approaches to neural domain adaptation.
- Connections to classical theory.

- Oct 11
- Neural domain adaptation 2
**Discussion**

- Oct 13
- Neural domain adaptation 3
**Lecture**

- Provable guarantees from representational indistinguishability
- Self-training based domain adaptation
- Self-supervision based domain adaptation

- Oct 18
- Learning from invariant representations 2
**Discussion**

## Robustness and domain generalization

- Oct 20
- Empirical phenomena in robust machine learning
**Lecture**

- How do different robustness interventions fare in practice?
- Can (data augmentation / unlabeled data / bigger models) help?

- Oct 25
- Empirical phenomena in robust machine learning 2 +
**Project**(**Progress report due**) **Discussion**

- Empirical phenomena in robust machine learning 2 +
- Oct 27
- Connections to causality
**Lecture**

- Distribution shifts as arising from causal interventions.
- Existing connections between causality and robustness.
- Robustness and invariance as tools for causal inference.

- Nov 1
- Connections to causality 2
**Discussion**

- Nov 3
- Minimax methods
**Lecture**

- Robustness as a minimax game between nature and the model.
- Tractable families of worst-case distributions and duality.
- Pitfalls and pessimism from worst-case bounds.

- Nov 8
- Minimax methods 2
**Discussion**

## Adversarial robustness

- Nov 10
- Adversarial examples
**Lecture**

- Defining and motivating adversarial examples.
- Heuristic defenses and their pitfalls
- Provable defenses.

- Nov 15
- Adversarial examples 2
**Discussion**

- Nov 17
- Data poisoning
**Lecture**

- Classical robust statistics
- High-dimensional mean estimation
- Convex optimization under data poisoning

- Nov 29
- Data Poisoning 2
**Discussion**

- Dec 1
- Short project presentations
**Project**