Bojan Karlaš / PhD student at ETH

I am a PhD student in the Systems Group of ETH Zurich advised by Prof. Ce Zhang. My research revolves around data management systems for machine learning. I’ve done internships at Microsoft, Oracle and Logitech.


Incomplete Databases
This is a project that involves many interesting and important things.
Testing of Machine Learing Models
This is a project that involves many interesting and important things.



Data Science Through the Looking Glass: Analysis of Millions of GitHub Notebooks and ML .NET Pipelines
F Psallidas, Y Zhu, B Karlaš, J Henkel, M Interlandi, S Krishnan, B Kroth, V Emani, W Wu, C Zhang, M Weimer, A Floratou, C Curino, K Karanasos
Data Debugging with Shapley Importance over End-to-End Machine Learning Pipelines
B Karlaš, D Dao, M Interlandi, B Li, S Schelter, W Wu, C Zhang
[arXiv] arXiv preprint arXiv:2204.11131
Screening Native ML Pipelines with "ArgusEyes"
S Schelter, S Grafberger, S Guha, O Sprangers, B Karlaš, C Zhang
[CIDR Abstract] Conference on Innovative Data Systems Research

Software systems that learn from data are being deployed in increasing numbers in industrial and institutional scenarios. Developing these machine learning (ML) applications imposes additional challenges beyond those of traditional software systems. The behavior of such applications very much depends on their input data, and they are based on systems and libraries from a relatively young data science ecosystem, which is rapidly evolving all the time. Experience shows that it is difficult to ensure that such ML applications are implemented correctly, and as a consequence, data scientists building these applications require fundamental system support.

dcbench: a benchmark for data-centric AI systems
S Eyuboglu, B Karlaš, C Ré, C Zhang, J Zou
DataPerf: Benchmarks for Data-Centric AI Development
M Mazumder, C Banbury, X Yao, B Karlaš, WG Rojas, S Diamos, G Diamos, L He, D Kiela, D Jurado, D Kanter, R Mosquera, J Ciro, L Aroyo, B Acun, S Eyuboglu, A Ghorbani, E Goodman, T Kane, CR Kirkpatrick, T Kuo, J Mueller, T Thrush, J Vanschoren, M Warren, A Williams, S Yeung, N Ardalani, P Paritosh, C Zhang, J Zou, C Wu, C Coleman, A Ng, P Mattson, VJ Reddi
[arXiv] arXiv preprint arXiv:2207.10062
Data Systems for Managing and Debugging Machine Learning Workflows
B Karlaš


A data quality-driven view of mlops
C Renggli, L Rimanic, NM Gürel, B Karlaš, W Wu, C Zhang
[IEEE] IEEE Data Engineering Bulletin
Ease.ML: A Lifecycle Management System for MLDev and MLOps
LA Melgar, D Dao, S Gan, NM Gürel, N Hollenstein, J Jiang, B Karlaš, T Lemmin, T Li, Y Li, S Rao, J Rausch, C Renggli, L Rimanic, M Weber, S Zhang, Z Zhao, K Schawinski, W Wu, C Zhang
[CIDR] Conference on Innovative Data Systems Research

We present Ease.ML, a lifecycle management system for machine learning (ML). Unlike many existing works, which focus on improving individual steps during the lifecycle of ML application development, Ease.ML focuses on managing and automating the entire lifecycle itself. We present user scenarios that have motivated the development of Ease.ML, the eight-step Ease.ML process that covers the lifecycle of ML application development; the foundation of Ease.ML in terms of a probabilistic database model and its connection to information theory; and our lessons learned, which hopefully can inspire future research.

Online Active Model Selection for Pre-trained Classifiers
MR Karimi, NM Gürel, B Karlaš, J Rausch, C Zhang, A Krause
[AISTATS] International Conference on Artificial Intelligence and Statistics


RAB: Provable Robustness Against Backdoor Attacks
M Weber, X Xu, B Karlaš, C Zhang, B Li
[arXiv] arXiv preprint arXiv:2003.08904

Recent studies have shown that deep neural networks (DNNs) are highly vulnerable to adversarial attacks, including evasion and backdoor (poisoning) attacks. On the defense side, there have been intensive interests in both empirical and provable robustness against evasion attacks; however, provable robustness against backdoor attacks remains largely unexplored. In this paper, we focus on certifying robustness against backdoor attacks. To this end, we first provide a unified framework for robustness certification and show that it leads to a tight robustness condition for backdoor attacks. We then propose the first robust training process, RAB, to smooth the trained model and certify its robustness against backdoor attacks. Moreover, we evaluate the certified robustness of a family of “smoothed” models which are trained in a differentially private fashion, and show that they achieve better certified robustness bounds. In addition, we theoretically show that it is possible to train the robust smoothed models efficiently for simple models such as K-nearest neighbor classifiers, and we propose an exact smooth-training algorithm which eliminates the need to sample from a noise distribution. Empirically, we conduct comprehensive experiments for different machine learning (ML) models such as DNNs, differentially private DNNs, and K-NN models on MNIST, CIFAR-10 and ImageNet datasets (focusing on binary classifiers), and provide the first benchmark for certified robustness against backdoor attacks. In addition, we evaluate K-NN models on a spambase tabular dataset to demonstrate the advantages of the proposed exact algorithm. Both the theoretical analysis and the comprehensive benchmark on diverse ML models and datasets shed lights on further robust learning strategies against training time attacks or other general adversarial attacks.

Building continuous integration services for machine learning
B Karlaš, M Interlandi, C Renggli, W Wu, C Zhang, DMI Babu, J Edwards, C Lauren, A Xu, M Weimer
[SIGKDD] Proceedings of the 26th ACM SIGKDD International Conference on Knowledge Discovery & Data Mining
Nearest neighbor classifiers over incomplete information: From certain answers to certain predictions
B Karlaš, P Li, R Wu, NM Gürel, X Chu, W Wu, C Zhang
[VLDB] Proceedings of the VLDB Endowment

Machine learning (ML) applications have been thriving recently, largely attributed to the increasing availability of data. However, inconsistency and incomplete information are ubiquitous in real-world datasets, and their impact on ML applications remains elusive. In this paper, we present a formal study of this impact by extending the notion of Certain Answers for Codd tables, which has been explored by the database research community for decades, into the field of machine learning. Specifically, we focus on classification problems and propose the notion of “Certain Predictions” (CP) — a test data example can be certainly predicted (CP’ed) if all possible classifiers trained on top of all possible worlds induced by the incompleteness of data would yield the same prediction. We study two fundamental CP queries: (Q1) checking query that determines whether a data example can be CP’ed; and (Q2) counting query that computes the number of classifiers that support a particular prediction (i.e., label). Given that general solutions to CP queries are, not surprisingly, hard without assumption over the type of classifier, we further present a case study in the context of nearest neighbor (NN) classifiers, where efficient solutions to CP queries can be developed — we show that it is possible to answer both queries in linear or polynomial time over exponentially many possible worlds. We demonstrate one example use case of CP in the important application of “data cleaning for machine learning (DC for ML).” We show that our proposed CPClean approach built based on CP can often significantly outperform existing techniques, particularly on datasets with systematic missing values. For example, on 5 datasets with systematic missingness, CPClean (with early termination) closes 100% gap on average by cleaning 36% of dirty data on average, while the best automatic cleaning approach BoostClean can only close 14% gap on average.

End-to-end Robustness for Sensing-Reasoning Machine Learning Pipelines
Z Yang, Z Zhao, H Pei, B Wang, B Karlaš, J Liu, H Guo, B Li, C Zhang
[arXiv] arXiv preprint arXiv:2003.00120


Is advance knowledge of flow sizes a plausible assumption?
V Ðukić, SA Jyothi, B Karlaš, M Owaida, C Zhang, A Singla
[NSDI] 16th {USENIX} Symposium on Networked Systems Design and Implementation
Continuous Integration of Machine Learning Models: A Rigorous Yet Practical Treatment
C Renggli, B Karlaš, B Ding, F Liu, K Schawinski, W Wu, C Zhang
[MLSYS] Proceedings of Machine Learning and Systems

Continuous integration is an indispensable step of modern software engineering practices to systematically manage the life cycles of system development. Developing a machine learning model is no difference — it is an engineering process with a life cycle, including design, implementation, tuning, testing, and deployment. However, most, if not all, existing continuous integration engines do not support machine learning as first-class citizens. In this paper, we present, to our best knowledge, the first continuous integration system for machine learning. The challenge of building is to provide rigorous guarantees, e.g., single accuracy point error tolerance with 0.999 reliability, with a practical amount of labeling effort, e.g., 2K labels per test. We design a domain specific language that allows users to specify integration conditions with reliability constraints, and develop simple novel optimizations that can lower the number of labels required by up to two orders of magnitude for test conditions popularly used in real production systems. and in action: towards data management for statistical generalization
C Renggli, FA Hubis, B Karlaš, K Schawinski, W Wu, C Zhang
[VLDB Demo] Proceedings of the VLDB Endowment
Automl from service provider’s perspective: Multi-device, multi-tenant model selection with gp-ei
C Yu, B Karlaš, J Zhong, C Zhang, J Liu
[AISTATS] 22nd International Conference on Artificial Intelligence and Statistics

2018 in action: towards multi-tenant declarative learning services
B Karlaš, J Liu, W Wu, C Zhang
[VLDB Demo] Proceedings of the VLDB Endowment


The curious case of the PDF converter that likes Mozart: Dissecting and mitigating the privacy risk of personal cloud apps
H Harkous, R Rahman, B Karlaš, K Aberer
Proceedings on Privacy Enhancing Technologies



Research Intern / Gray Systems Lab / Redmond, USA
Building a testing tool for ML models. Researching usage data from ML.NET feature engineering pipelines.


Research Intern / Oracle Labs / San Francisco Bay Area, USA
Developing an automated ensemble construction method for the Oracle Auto-ML system.

2016 - 2017

Research and Development Intern / Lausanne, Switzerland
Applying machine learning and signal processing techniques to detect filler words in speech audio.

2015 - 2016

EPFL Research Scholar Program
Research Scholar / LCBB Lab / Lausanne, Switzerland
Applying graph theory and development of algorithms for assigning absolute orientations to genetic markers.

2014 - 2015

EPFL Research Scholar Program
Research Scholar / LSIR Lab / Lausanne, Switzerland
Design, develop, and validate an improved App Permissions Dialog for Google Drive.

2012 - 2014

Software Design Engineer / Microsoft Development Center Serbia / Belgrade, Serbia
Worked in the SQL Server Parallel Data Warehouse Team (PDW) on development of a Microsoft big data solution. Participated in all phases of the software development cycle, collaborated with various teams in the US, worked with a large code base and wrote maintainable production quality code.


2018 - Present

Eidgenössische Technische Hochschule (ETH)
PhD in Computer Science / DS3 Lab / Zürich, Switzerland
Worked on many interesting and important projects.

2014 - 2017

École polytechnique fédérale de Lausanne (EPFL)
Master in Computer Science / Lausanne, Switzerland
Worked on many interesting and important projects.

2008 - 2014

School of Electrical Engineering, Belgrade University (ETF)
Bachelor in Software Engineering / Belgrade, Serbia
Worked on many interesting and important projects.


I speak English fluently, as well as intermediate German and French.
My native language is Serbian.
I enjoy running, hiking, books and videogames.