Best Practices in Prototyping

Ensuring Algorithm Robustness

Another factor to consider during AI/ML model prototyping is whether the model will be robust when deployed in production. Robustness involves thinking through whether the model pipelines prototyped will be able to robustly handle real-world data, including poor data quality, gaps or missing data, or potential adversarial attacks.

Model robustness is not entirely an algorithmic task. Business rules – for both pre-processing of data sets and post-processing after an algorithm is run – can be appropriate to ensure model robustness. However, robustness must be considered along the entire end-to-end pipeline – from data ingestion to model outputs, including the way the output will be used in the business process.

One example of the effect of a non-robust model appears in the following figure. In this example, a deep learning model was trained to label images of pigs. The original model successfully labeled the image on the left as a “pig.”

However, in this case, a small 0.05% noise in the original image – that could occur from an adversarial impact – leads to a dramatically different outcome. When the modified image was passed through the same deep learning model, a new prediction labeled the image as an “airliner.”


Figure 36: Small changes that are imperceptible to the human eye – like applying 0.05% noise to an image – can drastically change the predicted output.

One way of ensuring the robustness of deep learning models such as this involves injecting additional noisy or potentially adversarial data as part of the model training process, allowing the model to “learn” how to make predictions in the presence of noise or an adversarial attack. Other techniques may involve the use of generative adversarial networks (GANs). But there usually is a tradeoff between the robustness of the model and its performance.