Private Training Set Inspection in MLaaS
It addresses a critical gap for MLaaS customers who lack access to training data but need to ensure compliance with fairness regulations, though it is an incremental approach building on existing techniques.
The paper tackles the problem of verifying that private training datasets in MLaaS meet customer expectations for diversity and fairness, proposing a method that achieves up to 0.87 accuracy for membership inspection and 99.3% confidence in distribution checks.
Machine Learning as a Service (MLaaS) is a popular cloud-based solution for customers who aim to use an ML model but lack training data, computation resources, or expertise in ML. In this case, the training datasets are typically a private possession of the ML or data companies and are inaccessible to the customers, but the customers still need an approach to confirm that the training datasets meet their expectations and fulfil regulatory measures like fairness. However, no existing work addresses the above customers' concerns. This work is the first attempt to solve this problem, taking data origin as an entry point. We first define origin membership measurement and based on this, we then define diversity and fairness metrics to address customers' concerns. We then propose a strategy to estimate the values of these two metrics in the inaccessible training dataset, combining shadow training techniques from membership inference and an efficient featurization scheme in multiple instance learning. The evaluation contains an application of text review polarity classification applications based on the language BERT model. Experimental results show that our solution can achieve up to 0.87 accuracy for membership inspection and up to 99.3% confidence in inspecting diversity and fairness distribution.