What you’ll learn here
- 💡the fundamental idea of dynamic adversarial data collection and why it can be crucial.
- ⚒ find out how to collect adversarial data dynamically and train your model on them – using an MNIST handwritten digit recognition task for example.
Static benchmarks, while being a widely-used method to evaluate your model’s performance, are fraught with many issues: they saturate, have biases or loopholes, and infrequently lead researchers to chase increment in metrics as a substitute of constructing trustworthy models that could be utilized by humans 1.
Dynamic adversarial data collection (DADC) holds great promise as an approach to mitigate a number of the problems with static benchmarks. In DADC, humans create examples to idiot state-of-the-art (SOTA) models. This process offers two advantages:
- it allows users to gauge how robust their models really are;
- it yields data which may be used to further train even stronger models.
This technique of fooling and training the model on the adversarially collected data is repeated over multiple rounds resulting in a more robust model that’s aligned with humans1 .
Training your model dynamically using adversarial data
Here I’ll walk you thru dynamically collecting adversarial data from users and training your model on them – using the MNIST handwritten digit recognition task.
Within the MNIST handwritten digit recognition task, the model is trained to predict the number given a 28x28 grayscale image input of the handwritten digit (see examples within the figure below). The numbers range from 0 to 9.
Image source: mnist | Tensorflow Datasets
This task is widely considered the hello world of computer vision and it is vitally easy to coach models that achieve high accuracy on the usual (and static) benchmark test set. Nevertheless, it has been shown that these SOTA models still find it difficult to predict the right digits when humans write them (and provides them as input to the model): researchers opine that this is basically since the static test set doesn’t adequately represent the very diverse ways humans write. Subsequently humans are needed within the loop to supply the models with adversarial samples which is able to help them generalize higher.
This walkthrough will likely be divided into the next sections:
- Configuring your model
- Interacting together with your model
- Flagging your model
- Putting all of it together
Configuring your model
To start with, you could define your model architecture. My easy model architecture below is made up of two convolutional networks connected to a 50 dimensional fully connected layer and a final layer for the ten classes. Finally, we use the softmax activation function to show the model’s output right into a probability distribution over the classes.
class MNIST_Model(nn.Module):
def __init__(self):
super(MNIST_Model, self).__init__()
self.conv1 = nn.Conv2d(1, 10, kernel_size=5)
self.conv2 = nn.Conv2d(10, 20, kernel_size=5)
self.conv2_drop = nn.Dropout2d()
self.fc1 = nn.Linear(320, 50)
self.fc2 = nn.Linear(50, 10)
def forward(self, x):
x = F.relu(F.max_pool2d(self.conv1(x), 2))
x = F.relu(F.max_pool2d(self.conv2_drop(self.conv2(x)), 2))
x = x.view(-1, 320)
x = F.relu(self.fc1(x))
x = F.dropout(x, training=self.training)
x = self.fc2(x)
return F.log_softmax(x)
Now that you may have defined the structure of your model, you could train it on the usual MNIST train/dev dataset.
Interacting together with your model
At this point we assume you may have your trained model. Although this model is trained, we aim to make it robust using human-in-the-loop adversarial data. For that, you wish a way for users to interact with it: specifically you would like users to give you the chance to put in writing/draw numbers from 0-9 on a canvas and have the model try to categorise it. You’ll be able to do all that with 🤗 Spaces which means that you can quickly and simply construct a demo to your ML models. Learn more about Spaces and find out how to construct them here.
Below is an easy Space to interact with the MNIST_Model which I trained for 20 epochs (achieved 89% accuracy on the test set). You draw a number on the white canvas and the model predicts the number out of your image. The total Space could be accessed here. Attempt to idiot this model😁. Use your funniest handwriting; write on the perimeters of the canvas; go wild!
Flagging your model
Were you in a position to idiot the model above?😀 If yes, then it is time to flag your adversarial example. Flagging entails:
- saving the adversarial example to a dataset
- training the model on the adversarial examples after some threshold samples have been collected.
- repeating steps 1-2 various times.
I even have written a custom flag function to do all that. For more details be at liberty to peruse the total code here.
Note: Gradio has a built-in flaggiing callback that permits you easily flag adversarial samples of your model. Read more about it here.
Putting all of it together
The ultimate step is to place all of the three components (configuring the model, interacting with it and flagging it) together as one demo Space! To that end, I even have created the MNIST Adversarial Space for dynamic adversarial data collection for the MNIST handwritten recognition task. Be happy to try it out below.
Conclusion
Dynamic Adversarial Data Collection (DADC) has been gaining traction within the machine learning community as a method to gather diverse non-saturating human-aligned datasets, and improve model evaluation and task performance. By dynamically collecting human-generated adversarial data with models within the loop, we will improve the generalization potential of our models.
This technique of fooling and training the model on the adversarially collected data needs to be repeated over multiple rounds1. Eric Wallace et al, of their experiments on natural language inference tasks, show that while within the short term standard non-adversarial data collection performs higher, in the long run nevertheless dynamic adversarial data collection results in the very best accuracy by a noticeable margin.
Using the 🤗 Spaces, it becomes relatively easy to construct a platform to dynamically collect adversarial data to your model and train on them.
