Book Image

Interpretable Machine Learning with Python

By : Serg Masís
Book Image

Interpretable Machine Learning with Python

By: Serg Masís

Overview of this book

Do you want to gain a deeper understanding of your models and better mitigate poor prediction risks associated with machine learning interpretation? If so, then Interpretable Machine Learning with Python deserves a place on your bookshelf. We’ll be starting off with the fundamentals of interpretability, its relevance in business, and exploring its key aspects and challenges. As you progress through the chapters, you'll then focus on how white-box models work, compare them to black-box and glass-box models, and examine their trade-off. You’ll also get you up to speed with a vast array of interpretation methods, also known as Explainable AI (XAI) methods, and how to apply them to different use cases, be it for classification or regression, for tabular, time-series, image or text. In addition to the step-by-step code, this book will also help you interpret model outcomes using examples. You’ll get hands-on with tuning models and training data for interpretability by reducing complexity, mitigating bias, placing guardrails, and enhancing reliability. The methods you’ll explore here range from state-of-the-art feature selection and dataset debiasing methods to monotonic constraints and adversarial retraining. By the end of this book, you'll be able to understand ML models better and enhance them through interpretability tuning.
Table of Contents (19 chapters)
1
Section 1: Introduction to Machine Learning Interpretation
5
Section 2: Mastering Interpretation Methods
12
Section 3:Tuning for Interpretability

Defending against targeted attacks with preprocessing

There are five broad categories for adversarial defenses, detailed as follows:

  • Preprocessing: Changing a model's inputs so that they are harder to attack.
  • Adversarial training: Training a new robust model that is designed to overcome attacks.
  • Detection: Detecting attacks—for instance, you can train a model to detect adversarial examples.
  • Transformer: Modifying the model architecture and training so that it's more robust—this may include techniques such as distillation, input filters, neuron pruning, and unlearning.
  • Postprocessing: Changing model outputs to overcome production-inference or model-extraction attacks.

Only the first four defenses work with evasion attacks, and in this chapter we will only cover the first two: preprocessing and adversarial training. FGSM and C&W can be defended easily with either of these, but AP is tougher to defend against, so it might require...