Most machine learning models are validated and tested on fixed datasets. This can give an incomplete picture of the capabilities and weaknesses of the model. Such weaknesses can be revealed at test time in the real world. The risks involved in such failures can be loss of profits, loss of time or even loss of life in certain critical applications. In order to alleviate this issue, simulators can be controlled in a fine-grained manner using interpretable parameters to explore the semantic image manifold. In this work, we propose a framework for learning how to test machine learning algorithms using simulators in an adversarial manner in order to find weaknesses in the model before deploying it in critical scenarios. We apply this method in a face recognition setup. We show that certain weaknesses of models trained on real data can be discovered using simulated samples. Using our proposed method, we can find adversarial synthetic faces that fool contemporary face recognition models. This demonstrates the fact that these models have weaknesses that are not measured by commonly used validation datasets. We hypothesize that this type of adversarial examples are not isolated, but usually lie in connected spaces in the latent space of the simulator. We present a method to find these adversarial regions as opposed to the typical adversarial points found in the adversarial example literature.
翻译:大多数机器学习模型都是在固定的数据集上验证和测试的。 这可以提供模型能力和弱点的不完整图象。 这种弱点可以在现实世界的试验时间中暴露出来。 这种失败的风险可能是某些关键应用过程中的利润损失、时间损失甚至生命丧失。 为了缓解这一问题,模拟器可以使用可解释的参数来精确地控制模拟器,以探索语义图像的方位。 在这项工作中,我们提出了一个框架,用于学习如何用对抗性模拟器测试机器学习算法,以便在将模型部署于关键情景之前找到模型中的弱点。我们在面部识别设置中应用了这种方法。我们表明,通过模拟样本可以发现经过实际数据培训的模型的某些弱点。我们用我们提议的方法,可以找到愚蠢的当代面部识别模型的对抗性合成面部面部面部。这说明这些模型的弱点不是通常使用验证数据集来衡量的。我们假设,这种对抗性模型不是孤立的,而是通常处于与对抗性模型的相联空间中。我们发现的一种方法是作为对抗性辩论性模型的模型。