I'm interested in trustworthy machine learning and adjacent areas such as confidential computing, differential privacy, and media authenticity. I've been working on projects related to model ownership & provenance, privacy (membership inference, differential privacy, unlearning), adversarial robustness, federated learning. ORCID: 0000-0002-1097-5579.

Publications

Selected

SoK: Unintended Interactions Among Machine Learning Defenses and Risks
V. Duddu, S. Szyller and N. Asokan
IEEE S&P 2024 (Distinguished Paper Award)
/ arXiv:2312.04542
/ +code
Conflicting Interactions Among Protection Mechanisms for Machine Learning Models
S. Szyller and N. Asokan
AAAI 2023 (Spotlight)
/ arXiv:2207.01991
/ +code
DAWN: Dynamic Adversarial Watermarking of Neural Networks
S. Szyller, B. Atli, S. Marchal and N. Asokan
ACM MM 2021
/ arXiv:1906.00830
/ +code

All

Amulet: a Python Library for Assessing Interactions Among ML Defenses and Risks
A. Waheed, V. Duddu, R. Zhang, S. Szyller and N. Asokan
Preprint
/ arXiv:2509.12386
/ +code
Atlas: a Framework for ML Lifecycle Provenance & Transparency
M. Spoczyński, M. Melara and S. Szyller
SysTEX 2025
/ arXiv:2502.19567
/ +code
Soft Token Attacks Cannot Reliably Audit Unlearning in Large Language Models
H. Chen, S. Szyller, W. Xu and N. Himayat
To appear in EMNLP 2025 Findings
/ arXiv:2502.15836
/ +code
Imperceptible Adversarial Examples in the Physical World
W. Xu, S. Szyller, C. Cornelius, L. Murillo Rojas, M. Arvinte, A. Velasquez, J. Martin and N. Himayat
Preprint
/ arXiv:2411.16622
SoK: Unintended Interactions Among Machine Learning Defenses and Risks
V. Duddu, S. Szyller and N. Asokan
IEEE S&P 2024 (Distinguished Paper Award)
/ arXiv:2312.04542
/ +code
LLM Self Defense: by Self Examination, LLMs Know They Are Being Tricked
M. Phute, A. Helbling, M. Hull, S. Peng, S. Szyller, C. Cornelius and D. Horng Chau
ICLR 2024, Tiny Papers
/ arXiv:2308.07308
False Claims Against Model Ownership Resolution
R. Zhang, J. Liu, S. Szyller, K. Ren and N. Asokan
USENIX 2024
/ arXiv:2304.06607
/ +code
On the Robustness of Dataset Inference
S. Szyller, R. Zhang, J. Liu and N. Asokan
TMLR 2023
/ arXiv:2210.13631
Conflicting Interactions Among Protection Mechanisms for Machine Learning Models
S. Szyller and N. Asokan
AAAI 2023 (Spotlight)
/ arXiv:2207.01991
/ +code
SHAPr: an Efficient and Versatile Membership Privacy Risk Metric for Machine Learning
V. Duddu, S. Szyller and N. Asokan
Technical Report
/ arXiv:2112.02230
Good Artists Copy, Great Artists Steal: Model Extraction Attacks Against Image Translation Models
S. Szyller, V. Duddu, T. Gröndahl and N. Asokan
Technical Report
/ arXiv:2104.12623
DAWN: Dynamic Adversarial Watermarking of Neural Networks
S. Szyller, B. Atli, S. Marchal and N. Asokan
ACM MM 2021
/ arXiv:1906.00830
/ +code
Extraction of Complex DNN Models: Real Threat or Boogeyman?
B. Atli, S. Szyller, M. Juuti, S. Marchal and N. Asokan
AAAI 2020, EDSMLS
/ arXiv:1910.05429
Detecting Organized eCommerce Fraud Using Scalable Categorical Clustering
S. Marchal and S. Szyller
ACSAC 2019
/ arXiv:1910.04514
/ +code
PRADA: Protecting Against DNN Model Stealing Attacks
M. Juuti, S. Szyller, S. Marchal and N. Asokan
IEEE EuroS&P 2019
/ arXiv:1805.02628v5
/ +code

Dissertations

Ownership and Confidentiality in Machine Learning
Doctor of Science (Finnish AI Society Best Dissertation Award & Aalto University Best Dissertation Award)
Aalto University, School of Science
Supervisor: N. Asokan
Adversary Detection in Online Machine Learning Systems
Master of Science
Aalto University, School of Science
Supervisor: N. Asokan
Decryption of Feistel Network Based Algorithms Using Machine Learning
Bachelor of Science, Eng.
Lodz University of Technology, International Faculty of Engineering
Supervisor: Laurent Babout