About me

I am an Assistant Professor at Linköping University (Sweden) and WASP AI/MLX Fellow. Prior to that, I worked as a security researcher at Nokia Bell Labs (Core Research) in Finland. My research is focused on trustworthy machine learning (ML). Trustworthy ML aims to ensure that ML-based services are robust, fair, transparent in their decisions, and accountable while ensuring the security of its building blocks and the privacy of the ML model, data, and users. I work on security, privacy, and governance aspects of trustworthy ML.

I obtained my PhD in Computer Science from Aalto University, where I worked on security and privacy of ML pipeline under the supervision of Prof. N. Asokan.

Open Positions: I am currently looking for highly motivated postdoctoral researchers. If you are interested in working on one of the topics below, or trustworthy ML in general, please email me a short paragraph outlining what you'd like to work on and why you are interested in this role, and attach your CV. Include the word "WASP Postdoc" to the subject.

What i'm doing

  • tml icon

    Threat modeling, adversarial robustness of AI/ML models, model theft and model extraction via distillation

  • tml icon

    Ownership verification protocols that safeguard against intellectual property violations pertaining to datasets and models

  • tml icon

    Data privacy, access control, complience with privacy regulations, and governance in ML pipelines

  • tml icon

    Trustworthy machine learning in real-time applications

You can contact me at: busega[at]acm[dot]org

You can download my CV here.

The template is vCard, and images are generated with DALL-E.

Daniel lewis
quote icon

Daniel lewis

Publications/Talks

Please check Google Scholar for a more updated list of publications.

Selected Publications

  1. More than Meets the Eye: Understanding the Effect of Individual Objects on Perceived Visual Privacy

    2025

    To appear in NDSS USEC' 26, Symposium on Usable Security and Privacy
    Mete Harun Akcay, Siddarth Rao, Alexandros Bakas, Buse Atli

    Paper ArXiv Code Slides

  2. FLARE: Fingerprinting Deep Reinforcement Learning Agents using Universal Adversarial Masks

    2023

    ACSAC'23, Annual Computer Security Applications Conference
    Buse Atli, N. Asokan

    Paper ArXiv Code Slides

  3. Securing Machine Learning: Streamlining Attacks and Defenses Under Realistic Adversary Models

    2022

    Doctoral Thesis, Aalto University, Buse Atli

    Electronic Thesis

  4. Vision, Challenges & Opportunities

    2022

    Private AI Collaborative Research Institute, Vision paper

    Paper

  5. Real-time Adversarial Perturbations against Deep Reinforcement Learning Policies: Attacks and Defenses

    2022

    ESORICS'22, European Symposium on Research in Computer Security
    Buse Atli, Shelly Wang, Samuel Marchal, N. Asokan

    Paper ArXiv Code Slides

  6. On the Effectiveness of Dataset Watermarking in Adversarial Settings

    2022

    CODASPY-IWSPA'22, ACM International Workshop on Security and Privacy Analytics
    Buse Atli, N. Asokan

    Paper ArXiv Please email for the code Slides

  7. WAFFLE: Watermarking in Federated Learning

    2021

    SRDS'21, International Symposium on Reliable Distributed Systems
    Buse Atli, Yuxi Xia, Samuel Marchal, N. Asokan

    Paper ArXiv Code Slides

  8. DAWN: Dynamic Adversarial Watermarking of Neural Networks

    2021

    ACMMM'21, 29th ACM Conference on Multimedia
    Sebastian Szyller, Buse Atli, Samuel Marchal, N Asokan

    Paper ArXiv Code Slides

  9. Extraction of Complex DNN Models: Real Threat or Boogeyman?

    2020

    AAAI-EDSMLS'20, International Workshop on Engineering Dependable and Secure Machine Learning Systems
    Buse Atli, Sebastian Szyller, Mika Juuti, Samuel Marchal, N. Asokan

    Paper ArXiv Please email for the code Slides

  10. Making Targeted Black-box Evasion Attacks Effective and Efficient

    2019

    AISec'19, ACM Workshop on Artificial Intelligence and Security
    Buse Atli, Sebastian Szyller, Mika Juuti, Samuel Marchal, N. Asokan

    Paper ArXiv Please email for the code Slides

  11. An Intelligent Defense and Filtration Platform for Network Traffic

    2018

    IFIP-WWIC'2018, International Conference on Wired/Wireless Internet Communications
    Mehrnoosh Monshizadeh, Vikramajeet Khatri, Buse Atli, Raimo Kantola

    Paper

Talks

  1. Securing Machine Learning: From Adversarial Threats to Trustworthy AI

    2025

    Software and Systems Research Seminar Series, Linköping University.

  2. Real-time Adversarial Perturbations against Deep Reinforcement Learning Policies:Attacks and Defenses

    2020

    TU Delft Cyber Security Seminar, Virtual.

  3. Extraction of Complex DNN Models: Real Threat or Boogeyman

    2020

    CASA Cluster of Excellence for Cyber Security, Virtual.

Teaching

  1. TDDD50 - Green IT

    Fall 2026

    Teaching Assistant, BSc. Level Course, Course Info, Linköping University

  2. TDDD89 - Scientific Method

    Spring 2025

    Teaching Assistant, MSc Level Course, Course Info, Linköping University

  3. CS-E4001 - Research Seminar on Security and Privacy of Machine Learning

    Spring 2021

    Co-organizer, MSc Level Course, Aalto University

  4. CS-E4000 - Seminar in Computer Science D

    Spring 2021

    Tutor, MSc Level Course, Aalto University

  5. CS-E4310 - Mobile Systems Security

    Spring 2020

    Course Assistant, MSc level course, Aalto University

  6. CS-E4001 - Research Seminar on Security and Privacy of Machine Learning

    Fall 2019

    Co-organizer, MSc/PhD Level Course, Aalto University

  7. CS-E4000 - Seminar in Computer Science: Internet, Data and Things

    Spring/Fall 2019

    Tutor, MSc Level Course, Aalto University

Blog