Adversarial Learning using Neural Structured Learning (code included)

Leveraging not only the data, but also the metadata

Many machine learning tasks benefit from using structured data which contains rich relational information among the samples, as opposed to just individual samples.

Leveraging structured signals during training enables higher model accuracy and robustness, particularly when the amount of labeled data is relatively small. 

For example: if a cat image and a dog image are strongly connected in a graph, and if the cat node is labeled as animal, the predicted probability of the dog node being animal is also high. [1]

In contrast, the neural network training objective only takes into account the labeled instances, and ensure correct predictions on the training set. As a consequence, a neural network trained on the cat image alone will not make an accurate prediction on the dog image.

1- Neural Structured Learning (NSL)

NSL is an open source framework for training deep neural networks with structured signals. It implements Neural Graph Learning [1], which enables developers to train neural networks using graphs.

Neural Structured Learning (NSL) can be applied to construct accurate and robust models for vision, language understanding, and prediction in general.

NSL allows TensorFlow users to easily incorporate various structured signals for training neural networks, and works for different learning scenarios: supervised, semi-supervised and unsupervised settings.

1.1 How Neural Structured Learning (NSL) Works

In (NSL), the structured signals are used to regularize the training of a neural network, forcing the model to:

1. Learn accurate predictions (by minimizing supervised loss),
2. Maintain the similarity among inputs from the same structure (by minimizing the neighbor loss).

This technique is generic and can be applied on arbitrary neural architectures, such as Feed-forward, Convolutional and Recurrent NNs.

1.2 Practical Example:

NSL also generalizes to Adversarial Learning where the structure between input examples is dynamically constructed using adversarial perturbation.

The core idea of adversarial learning is to train a model with adversarially-perturbed data (adversarial examples) in addition to the organic training data. The adversarial examples are constructed to intentionally mislead the model into making wrong predictions.

This is essentially telling the neural network that the sample and its adversarial neighbor are actually similar. So, please keep their similarity and do not be confused!

By training with adversarial examples, the model learns to be robust against adversarial perturbation when making predictions." code is available

As shown in the sample code above, ...

From the APIs from NSL framework, we are able to enable adversarial learning with two line of code

In the example above, we see an adversarial examples, where a regular (base) network is fooled and recognized it as 4. However, the Adversarial-regularized model using the NSL correctly recognizes it as 9.

2- Background Review (optional):

Mainly from the paper "Neural graph learning: Training neural networks using graphs." Proceedings of the Eleventh ACM International Conference on Web Search and Data Mining. 2018.

2.1- Semi-supervised learning:

"Semi-supervised learning is a powerful machine learning paradigm that can improve the prediction performance compared to techniques that use only labeled data, by leveraging a large amount of unlabeled data." [1]

2.2- Graph:

"Graphs are a natural way to describe the relationships between nodes, such as similarities between embeddings, images, connections between entities on the web or relations in a social network."

"Edges in the graph connect semantically similar nodes or data-points, and if present, edge weights reflect how strong such similarities are."

2.3 Label propagation:

"By providing a set of labeled nodes, such techniques iteratively refine the node labels by aggregating information from neighbours and propagate these labels to the nodes’ neighbors."

2.4- Graph-based semi-supervised learning:

"The new objective has a regularization term for generic neural network architectures that enforces similarity between nodes in the graphs, which is inspired by the objective function of label propagation."

The terms in the objective function above encourage that:

1. The label distribution of seed nodes should be close to the ground truth,
2. The label distribution of neighbouring nodes should be similar,
3. If relevant, the label distribution should stay close to our prior belief.

3- Neural Graph Machines (NGM) [1]:

NGM works by encouraging neighboring data points to have a similar hidden representation learnt by a neural network, resulting in a modified objective function for training neural network architectures using both labeled and unlabeled data points.

The proposed objective function above [1] is a weighted sum of the:

1. Neural network cost
2. Label propagation cost.

where ELL, ELU , and EUU are sets of labeled-labeled, labeled-unlabeled and unlabeled-unlabeled edges correspondingly, h(·) represents the hidden representations of the inputs produced by the neural network, and d(·) is a distance metric, and {α1, α2, α3} are hyper-parameters.

The training flow ensures the neural net to make 1) accurate node-level predictions and biases the 2) hidden representations of neighbouring nodes to be similar.

• "The framework can handle multiple forms of graphs, either naturally given or constructed based on embeddings and knowledge bases."
• "As a by-product, our proposed framework provides a simple technique to finding smaller and faster neural networks that offer competitive performance with larger and slower non graph-augmented alternatives."

Best Regards

References:

[1] Bui, Thang D., Sujith Ravi, and Vivek Ramavajjala. "Neural graph learning: Training neural networks using graphs." Proceedings of the Eleventh ACM International Conference on Web Search and Data Mining. 2018.

[2] Blog Introducing Neural Structured Learning in TensorFlow

[3] Video Adversarial learning for image classification