Most machine learning models are validated and tested on fixed datasets. This can give an incomplete picture of the capabilities and weaknesses of the model. Such weaknesses can be revealed at test time in the real world. The risks involved in such failures can be loss of profits, loss of time or even loss of life in certain critical applications. In order to alleviate this issue, simulators can be controlled in a fine-grained manner using interpretable parameters to explore the semantic image manifold. In this work, we propose a framework for learning how to test machine learning algorithms using simulators in an adversarial manner in order to find weaknesses in the model before deploying it in critical scenarios. We apply this model in a face recognition scenario. We are the first to show that weaknesses of models trained on real data can be discovered using simulated samples. Using our proposed method, we can find adversarial synthetic faces that fool contemporary face recognition models. This demonstrates the fact that these models have weaknesses that are not measured by commonly used validation datasets. We hypothesize that this type of adversarial examples are not isolated, but usually lie in connected components in the latent space of the simulator. We present a method to find these adversarial regions as opposed to the typical adversarial points found in the adversarial example literature.
翻译:大多数机器学习模型都是在固定数据集上验证和测试的。 这可以提供模型能力和弱点的不完整图象。 这种弱点可以在现实世界的试验时间显示。 这种失败的风险可能是某些关键应用过程中的利润损失、时间损失甚至生命丧失。 为了缓解这一问题,模拟器可以使用可解释的参数来精确地控制模拟器,以探索语义图像的方位。 在这项工作中,我们提出了一个框架,用于学习如何用对抗性模拟器测试机器学习算法,以便在将模型部署到关键情景之前找到模型的弱点。我们在表面识别假设中应用这一模型。我们首先表明,通过模拟样本可以发现经过实际数据培训的模型的弱点。我们采用我们提出的方法,可以找到愚蠢的当代面部识别模型的对抗性合成面容。这表明这些模型存在弱点,而通常使用的验证数据集无法测量这些弱点。我们假设,这种对抗性模型不是孤立的,而是通常存在于与正反面空间的动态模型的连接部分中。我们发现,我们发现,在正对立性模型中,我们发现一种与正对立性模型的对比空间。