TrustGAN: Training safe and trustworthy deep learning models through generative adversarial networks

TL;DR

TrustGAN is a generative adversarial network pipeline designed to enhance the confidence estimation of deep learning models, enabling safer deployment by identifying unreliable predictions without altering the original model.

Contribution

It introduces a model-agnostic TrustGAN pipeline that improves confidence estimation in deep models without affecting their predictive accuracy, suitable for real-world, safety-critical applications.

Findings

TrustGAN reduces confidence on out-of-distribution samples.

The pipeline improves trustworthiness in image and signal classification tasks.

Code is publicly released for reproducibility.

Abstract

Deep learning models have been developed for a variety of tasks and are deployed every day to work in real conditions. Some of these tasks are critical and models need to be trusted and safe, e.g. military communications or cancer diagnosis. These models are given real data, simulated data or combination of both and are trained to be highly predictive on them. However, gathering enough real data or simulating them to be representative of all the real conditions is: costly, sometimes impossible due to confidentiality and most of the time impossible. Indeed, real conditions are constantly changing and sometimes are intractable. A solution is to deploy machine learning models that are able to give predictions when they are confident enough otherwise raise a flag or abstain. One issue is that standard models easily fail at detecting out-of-distribution samples where their predictions are unreliable. We present here TrustGAN, a generative adversarial network pipeline targeting trustness. It is a deep learning pipeline which improves a target model estimation of the confidence without impacting its predictive power. The pipeline can accept any given deep learning model which outputs a prediction and a confidence on this prediction. Moreover, the pipeline does not need to modify this target model. It can thus be easily deployed in a MLOps (Machine Learning Operations) setting. The pipeline is applied here to a target classification model trained on MNIST data to recognise numbers based on images. We compare such a model when trained in the standard way and with TrustGAN. We show that on out-of-distribution samples, here FashionMNIST and CIFAR10, the estimated confidence is largely reduced. We observe similar conclusions for a classification model trained on 1D radio signals from AugMod, tested on RML2016.04C. We also publicly release the code.