ModelPred: A Framework for Predicting Trained Model from Training Data

Zeng, Yingyan

06 June 2024

In this work, we propose ModelPred, a framework that helps to understand the impact of changes in training data on a trained model. This is critical for building trust in various stages of a machine learning pipeline: from cleaning poor-quality samples and tracking important ones to be collected during data preparation, to calibrating uncertainty of model prediction, to interpreting why certain behaviors of a model emerge during deployment. Specifically, ModelPred learns a parameterized function that takes a dataset S as the input and predicts the model obtained by training on S. Our work differs from the recent work of Datamodels as we aim for predicting the trained model parameters directly instead of the trained model behaviors. We demonstrate that a neural network-based set function class is capable of learning the complex relationships between the training data and model parameters. We introduce novel global and local regularization techniques to prevent overfitting and we rigorously characterize the expressive power of neural networks (NN) in approximating the end-to-end training process. Through extensive empirical investigations, we show that ModelPred enables a variety of applications that boost the interpretability and accountability of machine learning (ML), such as data valuation, data selection, memorization quantification, and model calibration. / Amazon-Virginia Tech Initiative in Efficient and Robust Machine Learning / Master of Science / Also published as Zeng, Y., Wang, J. T., Chen, S., Just, H. A., Jin, R., & Jia, R. (2023, February). ModelPred: A Framework for Predicting Trained Model from Training Data. In 2023 IEEE Conference on Secure and Trustworthy Machine Learning (SaTML) (pp. 432-449). IEEE. https://doi.org/10.1109/SaTML54575.2023.00037 / With the prevalence of large and complicated Artificial Intelligence (AI) models, it is important to build trust in the various stages of a machine learning model pipeline, from cleaning poor-quality samples and tracking important ones to be collected during the training data preparation, to calibrating uncertainty of model prediction during the inference stage, to interpreting why certain behaviors of a model emerge during deployment. In this work, we propose ModelPred, a framework that helps to understand the impact of changes in training data on a trained model. To achieve this, ModelPred learns a parameterized function that takes a dataset S as the input and predicts the model obtained by training on S, thus learning the impact from data on the model efficiently. Our work differs from the recent work of Datamodels [28] as we aim for predicting the trained model parameters directly instead of the trained model behaviors. We demonstrate that a neural network-based set function class is capable of learning the complex relationships between the training data and model parameters. We introduce novel global and local regularization techniques to enhance the generalizability and prevent overfitting. We also rigorously characterize the expressive power of neural networks (NN) in approximating the end-to-end training process. Through extensive empirical investigations, we show that ModelPred enables a variety of applications that boost the interpretability and accountability of machine learning (ML), such as data valuation, data selection, memorization quantification, and model calibration. This greatly enhances the trustworthy of machine learning models.

Neural Network Approximability

Data Valuation

Trustworthy Machine Learning

Interpretation, Verification and Privacy Techniques for Improving the Trustworthiness of Neural Networks

Dethise, Arnaud

22 March 2023

Neural Networks are powerful tools used in Machine Learning to solve complex problems across many domains, including biological classification, self-driving cars, and automated management of distributed systems. However, practitioners' trust in Neural Network models is limited by their inability to answer important questions about their behavior, such as whether they will perform correctly or if they can be entrusted with private data. One major issue with Neural Networks is their "black-box" nature, which makes it challenging to inspect the trained parameters or to understand the learned function. To address this issue, this thesis proposes several new ways to increase the trustworthiness of Neural Network models. The first approach focuses specifically on Piecewise Linear Neural Networks, a popular flavor of Neural Networks used to tackle many practical problems. The thesis explores several different techniques to extract the weights of trained networks efficiently and use them to verify and understand the behavior of the models. The second approach shows how strengthening the training algorithms can provide guarantees that are theoretically proven to hold even for the black-box model. The first part of the thesis identifies errors that can exist in trained Neural Networks, highlighting the importance of domain knowledge and the pitfalls to avoid with trained models. The second part aims to verify the outputs and decisions of the model by adapting the technique of Mixed Integer Linear Programming to efficiently explore the possible states of the Neural Network and verify properties of its outputs. The third part extends the Linear Programming technique to explain the behavior of a Piecewise Linear Neural Network by breaking it down into its linear components, generating model explanations that are both continuous on the input features and without approximations. Finally, the thesis addresses privacy concerns by using Trusted Execution and Differential Privacy during the training process. The techniques proposed in this thesis provide strong, theoretically provable guarantees about Neural Networks, despite their black-box nature, and enable practitioners to verify, extend, and protect the privacy of expert domain knowledge. By improving the trustworthiness of models, these techniques make Neural Networks more likely to be deployed in real-world applications.

machine learning

neural network

verification

explainable ai

machine learning privacy

trustworthy machine learning

formal methods