Info alert:Important Notice

Please note that more information about the previous v2 releases can be found here. You can use "Find a release" search bar to search for a particular release.

Monitoring data science models

Table of Contents

Overview of model monitoring
Configuring TrustyAI
Setting up TrustyAI for your project
Monitoring model bias
Monitoring data drift
Using explainability
Bias monitoring tutorial - Gender bias example

Overview of model monitoring

To ensure that machine-learning models are transparent, fair, and reliable, data scientists can use TrustyAI in Open Data Hub to monitor their data science models.

Data scientists can monitor their data science models in Open Data Hub for the following metrics:

Bias: Check for unfair patterns or biases in data and model predictions to ensure your model’s decisions are unbiased.
Data drift: Detect changes in input data distributions over time by comparing the latest real-world data to the original training data. Comparing the data identifies shifts or deviations that could impact model performance, ensuring that the model remains accurate and reliable.
Explainability: Understand how your model makes its predictions and decisions.

Configuring TrustyAI

To configure model monitoring with TrustyAI for data scientists to use in Open Data Hub, a cluster administrator does the following tasks:

Configure monitoring for the model serving platform
Enable the TrustyAI component in the Open Data Hub Operator
Configure TrustyAI to use a database, if you want to use your database instead of a PVC for storage with TrustyAI
Install the TrustyAI service on each data science project that contains models that the data scientists want to monitor

Note	Model monitoring with TrustyAI is only available on the ModelMesh-based multi-model serving platform. Model monitoring with TrustyAI is unavailable on the KServe-based single-model serving platform.

Configuring monitoring for the multi-model serving platform

The multi-model serving platform includes model and model server metrics for the ModelMesh component. ModelMesh generates its own set of metrics and does not rely on the underlying model-serving runtimes to provide them. The set of metrics that ModelMesh generates includes metrics for model request rates and timings, model loading and unloading rates, times and sizes, internal queuing delays, capacity and usage, cache state, and least recently-used models. For more information, see ModelMesh metrics.

After you have configured monitoring, you can view metrics for the ModelMesh component.

Prerequisites

You have cluster administrator privileges for your OpenShift Container Platform cluster.
You have downloaded and installed the OpenShift command-line interface (CLI). See Installing the OpenShift CLI.
You are familiar with creating a config map for monitoring a user-defined workflow. You will perform similar steps in this procedure.
You are familiar with enabling monitoring for user-defined projects in OpenShift. You will perform similar steps in this procedure.
You have assigned the monitoring-rules-view role to users that will monitor metrics.

Procedure

In a terminal window, if you are not already logged in to your OpenShift cluster as a cluster administrator, log in to the OpenShift CLI as shown in the following example:
```
$ oc login <openshift_cluster_url> -u <admin_username> -p <password>
```
Define a ConfigMap object in a YAML file called uwm-cm-conf.yaml with the following contents:
```
apiVersion: v1
kind: ConfigMap
metadata:
  name: user-workload-monitoring-config
  namespace: openshift-user-workload-monitoring
data:
  config.yaml: |
    prometheus:
      logLevel: debug
      retention: 15d
```
The user-workload-monitoring-config object configures the components that monitor user-defined projects. Observe that the retention time is set to the recommended value of 15 days.
Apply the configuration to create the user-workload-monitoring-config object.
```
$ oc apply -f uwm-cm-conf.yaml
```
Define another ConfigMap object in a YAML file called uwm-cm-enable.yaml with the following contents:
```
apiVersion: v1
kind: ConfigMap
metadata:
  name: cluster-monitoring-config
  namespace: openshift-monitoring
data:
  config.yaml: |
    enableUserWorkload: true
```
The cluster-monitoring-config object enables monitoring for user-defined projects.
Apply the configuration to create the cluster-monitoring-config object.
```
$ oc apply -f uwm-cm-enable.yaml
```

Enabling the TrustyAI component

To allow your data scientists to use model monitoring with TrustyAI, you must enable the TrustyAI component in Open Data Hub.

Prerequisites

You have cluster administrator privileges for your OpenShift Container Platform cluster.
You have access to the data science cluster.
You have installed Open Data Hub.

Procedure

In the OpenShift Container Platform console, click Operators → Installed Operators.
Search for the Open Data Hub Operator, and then click the Operator name to open the Operator details page.
Click the Data Science Cluster tab.
Click the default instance name (for example, default-dsc) to open the instance details page.
Click the YAML tab to show the instance specifications.
In the spec:components section, set the managementState field for the trustyai component to Managed:
```
 trustyai:
    managementState: Managed
```
Click Save.

Verification

Check the status of the trustyai-service-operator pod:

In the OpenShift Container Platform console, from the Project list, select opendatahub.
Click Workloads → Deployments.
Search for the trustyai-service-operator-contoller-manager deployment. Check the status:
1. Click the deployment name to open the deployment details page.
2. Click the Pods tab.
3. View the pod status.
  
  When the status of the trustyai-service-operator-controller-manager-<pod-id> pod is Running, the pod is ready to use.

Configuring TrustyAI with a database

If you have a relational database in your OpenShift Container Platform cluster such as MySQL or MariaDB, you can configure TrustyAI to use your database instead of a persistent volume claim (PVC). Using a database instead of a PVC for storage can improve scalability, performance, and data management in TrustyAI.

Prerequisites

You have cluster administrator privileges for your OpenShift Container Platform cluster.
You have downloaded and installed the OpenShift command-line interface (CLI). See Installing the OpenShift CLI.
You have enabled the TrustyAI component, as described in Enabling the TrustyAI component.
The data scientist has created a data science project, as described in Creating a data science project, that contains the models that the data scientist wants to monitor.
If you are configuring the TrustyAI service with an external MySQL database, your database must already be in your cluster and use at least MySQL version 5.x. However, Red Hat recommends that you use MySQL version 8.x.
If you are configuring the TrustyAI service with a MariaDB database, your database must already be in your cluster and use MariaDB version 10.3 or later. However, Red Hat recommends that you use at least MariaDB version 10.5.

Procedure

In a terminal window, if you are not already logged in to your OpenShift cluster as a cluster administrator, log in to the OpenShift CLI as shown in the following example:
```
$ oc login <openshift_cluster_url> -u <admin_username> -p <password>
```
Optional: If you want to use a TLS connection between TrustyAI and the database, create a TrustyAI service database TLS secret that uses the same certificates that you want to use for the database.
1. Create a YAML file to contain your TLS secret and add the following code:
  apiVersion: v1 kind: Secret metadata: name: <service_name>-db-tls type: kubernetes.io/tls data: tls.crt: | <TLS CERTIFICATE> tls.key: | <TLS KEY>
2. Save the file with the file name <service_name>-db-tls.yaml. For example, if your service name is trustyai-service, save the file as trustyai-service-db-tls.yaml.
3. Apply the YAML file in the data science project that contains the models that the data scientist wants to monitor:
  $ oc apply -f <service_name>-db-tls.yaml -n <project_name>
Create a secret that has your database credentials.
1. Create a YAML file to contain your secret and add the following code:
  apiVersion: v1 kind: Secret metadata: name: db-credentials type: Opaque stringData: databaseKind: <mariadb or mysql> (1) databaseUsername: <TrustyAI_username> (2) databasePassword: <TrustyAI_password> (3) databaseService: mariadb-service (4) databasePort: 3306 (5) databaseGeneration: update (6) databaseName: trustyai_service (7)
  1. The database kind, either mariadb or mysql.
  2. The username you want TrustyAI to use when interfacing with the database.
  3. The password for the database username.
  4. The Kubernetes (K8s) service through which your database is accessed.
  5. The port the database is listening on.
  6. The setting for the quarkus.hibernate-orm.database.generation argument, which determines how TrustyAI interacts with the database on its initial connection. Set to none, create, drop-and-create, drop, update, or validate.
  7. The name of the individual database within the database service that the username and password authenticate to.
2. Save the file with the file name db-credentials.yaml. You will need this name later when you install or change the TrustyAI service.
3. Apply the YAML file in the data science project that contains the models that the data scientist wants to monitor:
  $ oc apply -f db-credentials.yaml -n <project_name>
If you are installing TrustyAI for the first time on a project, continue to Installing the TrustyAI service by using the CLI.

If you already installed TrustyAI on a project, you can migrate the existing TrustyAI service from using a PVC to using a database.
1. Create a YAML file to update the TrustyAI service custom resource (CR) and add the following code:
  apiVersion: trustyai.opendatahub.io/v1alpha1 kind: TrustyAIService metadata: annotations: trustyai.opendatahub.io/db-migration: "true" (1) name: trustyai-service (2) spec: storage: format: "DATABASE" (3) folder: "/inputs" (4) size: "1Gi" (5) databaseConfigurations: <database_secret_credentials> (6) data: filename: "data.csv" (7) metrics: schedule: "5s" (8)
  1. Set to true to prompt the migration from PVC to database storage.
  2. The name of the TrustyAI service instance.
  3. The storage format for the data. Set this field to DATABASE.
  4. The location within the PVC where you were storing the data. This must match the value specified in the existing CR.
  5. The size of the data to request.
  6. The name of the secret with your database credentials that you created in an earlier step. For example, db-credentials.
  7. The suffix for the existing stored data files. This must match the value specified in the existing CR.
  8. The interval at which to calculate the metrics. The default is 5s. The duration is specified with the ISO-8601 format. For example, 5s for 5 seconds, 5m for 5 minutes, and 5h for 5 hours.
2. Save the file. For example, trustyai_crd.yaml.
3. Apply the new TrustyAI service CR to the data science project that contains the models that the data scientist wants to monitor:
  $ oc apply -f trustyai_crd.yaml -n <project_name>

Installing the TrustyAI service for a project

Install the TrustyAI service on a data science project to provide access to its features for all models deployed within that project. An instance of the TrustyAI service is required for each data science project, or namespace, that contains models that the data scientists want to monitor.

Use the Open Data Hub dashboard or the OpenShift command-line interface (CLI) to install an instance of the TrustyAI service.

Note	Install only one instance of the TrustyAI service in a project. Multiple instances in the same project can result in unexpected behavior.

Installing the TrustyAI service by using the dashboard

You can use the Open Data Hub dashboard to install an instance of the TrustyAI service.

Prerequisites

A cluster administrator has configured monitoring for the model serving platform, as described in Configuring monitoring for the multi-model serving platform.

Note	Model monitoring with TrustyAI is only available on the ModelMesh-based multi-model serving platform. Model monitoring with TrustyAI is unavailable on the KServe-based single-model serving platform.

A cluster administrator has enabled the TrustyAI component, as described in Enabling the TrustyAI component.
If you are using TrustyAI with a database instead of PVC, a cluster administrator has configured TrustyAI to use the database, as described in Configuring TrustyAI with a database.
If you are using Open Data Hub groups, you are part of the administrator group (for example, odh-admins). If you are not using specialized groups, you are part of the OpenShift Container Platform administrator group.
The data scientist has created a data science project, as described in Creating a data science project, that contains the models that the data scientist wants to monitor.

Procedure

Log in to Open Data Hub.
From the Open Data Hub dashboard, click Data Science Projects.

The Data Science Projects page opens.
Click the name of the project that contains the models that the data scientist wants to monitor.

The project details page opens.
Click the Settings tab.
Select the Enable model bias monitoring checkbox.

Verification

In the OpenShift Container Platform web console, click Workloads → Pods.
From the project list, select the project in which you installed TrustyAI.
Confirm that the Pods list includes a running pod for the TrustyAI service. The pod has a naming pattern similar to the following example:
```
trustyai-service-5d45b5884f-96h5z
```

Installing the TrustyAI service by using the CLI

You can use the OpenShift command-line interface (CLI) to install an instance of the TrustyAI service.

Prerequisites

You have cluster administrator privileges for your OpenShift Container Platform cluster.
You have downloaded and installed the OpenShift command-line interface (CLI). See Installing the OpenShift CLI.
You have configured monitoring for the model serving platform, as described in Configuring monitoring for the multi-model serving platform.

Note	Model monitoring with TrustyAI is only available on the ModelMesh-based multi-model serving platform. Model monitoring with TrustyAI is unavailable on the KServe-based single-model serving platform.

You have enabled the TrustyAI component, as described in Enabling the TrustyAI component.
If you are using TrustyAI with a database instead of PVC, you have configured TrustyAI to use the database, as described in Configuring TrustyAI with a database.
The data scientist has created a data science project, as described in Creating a data science project, that contains the models that the data scientist wants to monitor.

Procedure

Open a new terminal window.
Follow these steps to log in to your OpenShift Container Platform cluster as a cluster administrator:
1. In the upper-right corner of the OpenShift web console, click your user name and select Copy login command.
2. After you have logged in, click Display token.
3. Copy the Log in with this token command and paste it in the OpenShift command-line interface (CLI).
  $ oc login --token=<token> --server=<openshift_cluster_url>
Navigate to the data science project that contains the models that the data scientist wants to monitor.
```
oc project <project_name>
```
For example:
```
oc project my-project
```
Create a TrustyAIService custom resource (CR) file, for example trustyai_crd.yaml:
Example CR file for TrustyAI using a database
```
apiVersion: trustyai.opendatahub.io/v1alpha1
kind: TrustyAIService
metadata:
  name: trustyai-service (1)
spec:
  storage:
	  format: "DATABASE" (2)
	  size: "1Gi" (3)
	  databaseConfigurations: <database_secret_credentials> (4)
  metrics:
  	schedule: "5s" (5)
```
1. The name of the TrustyAI service instance.
2. The storage format for the data, either DATABASE or PVC (persistent volume claim).
3. The size of the data to request.
4. The name of the secret with your database credentials that you created in Configuring TrustyAI with a database. For example, db-credentials.
5. The interval at which to calculate the metrics. The default is 5s. The duration is specified with the ISO-8601 format. For example, 5s for 5 seconds, 5m for 5 minutes, and 5h for 5 hours.
Example CR file for TrustyAI using a PVC
```
apiVersion: trustyai.opendatahub.io/v1alpha1
kind: TrustyAIService
metadata:
  name: trustyai-service (1)
spec:
  storage:
	  format: "PVC" (2)
	  folder: "/inputs" (3)
	  size: "1Gi" (4)
  data:
	  filename: "data.csv" (5)
	  format: "CSV" (6)
  metrics:
  	schedule: "5s" (7)
  	batchSize: 5000 (8)
```
1. The name of the TrustyAI service instance.
2. The storage format for the data, either DATABASE or PVC (persistent volume claim).
3. The location within the PVC where you want to store the data.
4. The size of the PVC to request.
5. The suffix for the stored data files.
6. The format of the data. Currently, only comma-separated value (CSV) format is supported.
7. The interval at which to calculate the metrics. The default is 5s. The duration is specified with the ISO-8601 format. For example, 5s for 5 seconds, 5m for 5 minutes, and 5h for 5 hours.
8. (Optional) The observation’s historical window size to use for metrics calculation. The default is 5000, which means that the metrics are calculated using the 5,000 latest inferences.
Add the TrustyAI service’s CR to your project:
```
oc apply -f trustyai_crd.yaml
```
This command returns output similar to the following:
```
trusty-service created
```

Verification

Verify that you installed the TrustyAI service:

oc get pods | grep trustyai

You should see a response similar to the following:

trustyai-service-5d45b5884f-96h5z             1/1     Running

Setting up TrustyAI for your project

To set up model monitoring with TrustyAI for a data science project, a data scientist does the following tasks:

Authenticate the TrustyAI service
Send training data to TrustyAI for bias or data drift monitoring
Label your data fields (optional)

After setting up, a data scientist can create and view bias and data drift metrics for deployed models.

Note	Model monitoring with TrustyAI is only available on the ModelMesh-based multi-model serving platform. Model monitoring with TrustyAI is unavailable on the KServe-based single-model serving platform.

Authenticating the TrustyAI service

To access TrustyAI service external endpoints, you must provide OAuth proxy (oauth-proxy) authentication. You must obtain a user token, or a token from a service account with sufficient privileges, and then pass the token to the TrustyAI service when using curl commands.

Prerequisites

You installed the OpenShift command line interface (oc) as described in Installing the OpenShift CLI.
Your OpenShift cluster administrator added you as a user to the OpenShift Container Platform cluster and has installed the TrustyAI service for the data science project that contains the deployed models.

Procedure

Open a new terminal window.
Follow these steps to log in to your OpenShift Container Platform cluster:
1. In the upper-right corner of the OpenShift web console, click your user name and select Copy login command.
2. After you have logged in, click Display token.
3. Copy the Log in with this token command and paste it in the OpenShift command-line interface (CLI).
  $ oc login --token=<token> --server=<openshift_cluster_url>
Enter the following command to set a user token variable on OpenShift Container Platform:
```
export TOKEN=$(oc whoami -t)
```

Verification

Enter the following command to check the user token variable:
```
echo $TOKEN
```

Next step

When running curl commands, pass the token to the TrustyAI service using the Authorization header. For example:

curl -H "Authorization: Bearer $TOKEN" $TRUSTY_ROUTE

Sending training data to TrustyAI

To use TrustyAI for bias monitoring or data drift detection, you must send training data for your model to TrustyAI.

Prerequisites

Your OpenShift cluster administrator added you as a user to the OpenShift Container Platform cluster and has installed the TrustyAI service for the data science project that contains the deployed models.
You authenticated the TrustyAI service as described in Authenticating the TrustyAI service.
Your deployed model is registered with TrustyAI.

Verify that the TrustyAI service has registered your deployed model, as follows:
1. In the OpenShift Container Platform web console, navigate to Workloads → Pods.
2. From the project list, select the project that contains your deployed model.
3. Select the pod for your serving platform (for example, modelmesh-serving-ovms-1.x-xxxxx).
4. On the Environment tab, verify that the MM_PAYLOAD_PROCESSORS environment variable is set.

Procedure

Set the TRUSTY_ROUTE variable to the external route for the TrustyAI service pod.

TRUSTY_ROUTE=https://$(oc get route/trustyai-service --template={{.spec.host}})

Get the inference endpoints for the deployed model, as described in Accessing the inference endpoint for a deployed model.
Send data to this endpoint. For more information, see the KServe v2 Inference Protocol documentation.

Verification

Follow these steps to view cluster metrics and verify that TrustyAI is receiving data.

Log in to the OpenShift Container Platform web console.
Switch to the Developer perspective.
In the left menu, click Observe.
On the Metrics page, click the Select query list and then select Custom query.
In the Expression field, enter trustyai_model_observations_total and press Enter. Your model should be listed and reporting observed inferences.
Optional: Select a time range from the list above the graph. For example, select 5m.

Labeling data fields

After you send model training data to TrustyAI, you might want to apply a set of name mappings to your inputs and outputs so that the field names are meaningful and easier to work with.

Prerequisites

Your OpenShift cluster administrator added you as a user to the OpenShift Container Platform cluster and has installed the TrustyAI service for the data science project that contains the deployed models.
You sent training data to TrustyAI as described in Sending training data to TrustyAI.

Procedure

Open a new terminal window.
Follow these steps to log in to your OpenShift Container Platform cluster:
1. In the upper-right corner of the OpenShift web console, click your user name and select Copy login command.
2. After you have logged in, click Display token.
3. Copy the Log in with this token command and paste it in the OpenShift command-line interface (CLI).
  $ oc login --token=<token> --server=<openshift_cluster_url>

In the OpenShift CLI, get the route to the TrustyAI service:

TRUSTY_ROUTE=https://$(oc get route/trustyai-service --template={{.spec.host}})

To examine TrustyAI’s model metadata, query the /info endpoint:
```
curl -H "Authorization: Bearer $TOKEN" $TRUSTY_ROUTE/info | jq ".[0].data"
```
This outputs a JSON file containing the following information for each model:
- The names, data types, and positions of input fields and output fields.
- The observed field values.
- The total number of input-output pairs observed.

Use POST /info/names to apply name mappings to the fields, similar to the following example.

Change the model-name, original-name, and Prediction values to those used in your model. Change the New name values to the labels that you want to use.

curl -sk -H "Authorization: Bearer $TOKEN" -X POST --location $TRUSTY_ROUTE/info/names \
  -H "Content-Type: application/json"   \
  -d "{
    \"modelId\": \"model-name\",
    \"inputMapping\":
      {
        \"original-name-0\": \"New name 0\",
        \"original-name-1\": \"New name 1\",
        \"original-name-2\": \"New name 2\",
        \"original-name-3\": \"New name 3\",
      },
    \"outputMapping\": {
      \"predict-0\": \"Prediction 0\"
    }
  }"

For another example, see https://github.com/trustyai-explainability/odh-trustyai-demos/blob/main/2-BiasMonitoring/scripts/apply_name_mapping.sh.

Verification

A "Feature and output name mapping successfully applied" message is displayed.

Monitoring model bias

As a data scientist, you might want to monitor your machine learning models for bias. This means monitoring for algorithmic deficiencies that might skew the outcomes or decisions that the model produces. Importantly, this type of monitoring helps you to ensure that the model is not biased against particular protected groups or features.

Open Data Hub provides a set of metrics that help you to monitor your models for bias. You can use the Open Data Hub interface to choose an available metric and then configure model-specific details such as a protected attribute, the privileged and unprivileged groups, the outcome you want to monitor, and a threshold for bias. You then see a chart of the calculated values for a specified number of model inferences.

For more information about the specific bias metrics, see Supported bias metrics.

Creating a bias metric

To monitor a deployed model for bias, you must first create bias metrics. When you create a bias metric, you specify details relevant to your model such as a protected attribute, privileged and unprivileged groups, a model outcome and a value that you want to monitor, and the acceptable threshold for bias.

For information about the specific bias metrics, see Supported bias metrics. For the complete list of TrustyAI metrics, see TrustyAI service API.

You can create a bias metric for a model by using the Open Data Hub dashboard or by using the OpenShift command-line interface (CLI).

Creating a bias metric by using the dashboard

You can use the Open Data Hub dashboard to create a bias metric for a model.

Prerequisites

You are familiar with the bias metrics that Open Data Hub supports and how to interpret them.
You are familiar with the specific data set schema and understand the names and meanings of the inputs and outputs.
Your OpenShift cluster administrator added you as a user to the OpenShift Container Platform cluster and has installed the TrustyAI service for the data science project that contains the deployed models.
You set up TrustyAI for your data science project, as described in Setting up TrustyAI for your project.

Procedure

Optional: To set the TRUSTY_ROUTE variable, follow these steps.
1. In a terminal window, log in to the OpenShift cluster where Open Data Hub is deployed.
  oc login
2. Set the TRUSTY_ROUTE variable to the external route for the TrustyAI service pod.
  TRUSTY_ROUTE=https://$(oc get route/trustyai-service --template={{.spec.host}})
In the left menu of the Open Data Hub dashboard, click Model Serving.
On the Deployed models page, select your project from the drop-down list.
Click the name of the model that you want to configure bias metrics for.
On the metrics page for the model, click the Model bias tab.
Click Configure.

In the Configure bias metrics dialog, complete the following steps to configure bias metrics:

In the Metric name field, type a unique name for your bias metric. Note that you cannot change the name of this metric later.
From the Metric type list, select one of the metrics types that are available in Open Data Hub.

In the Protected attribute field, type the name of an attribute in your model that you want to monitor for bias.

Tip	You can use a `curl` command to query the metadata endpoint and view input attribute names and values. For example: `curl -H "Authorization: Bearer $TOKEN" $TRUSTY_ROUTE/info \| jq ".[0].data.inputSchema"`

In the Privileged value field, type the name of a privileged group for the protected attribute that you specified.
In the Unprivileged value field, type the name of an unprivileged group for the protected attribute that you specified.

In the Output field, type the name of the model outcome that you want to monitor for bias.

Tip	You can use a `curl` command to query the metadata endpoint and view output attribute names and values. For example: `curl -H "Authorization: Bearer $TOKEN" $TRUSTY_ROUTE/info \| jq ".[0].data.outputSchema"`

In the Output value field, type the value of the outcome that you want to monitor for bias.
In the Violation threshold field, type the bias threshold for your selected metric type. This threshold value defines how far the specified metric can be from the fairness value for your metric, before the model is considered biased.
In the Metric batch size field, type the number of model inferences that Open Data Hub includes each time it calculates the metric.

Ensure that the values you entered are correct.

Note	You cannot edit a model bias metric configuration after you create it. Instead, you can duplicate a metric and then edit (configure) it; however, the history of the original metric is not applied to the copy.

Click Configure.

Verification

The Bias metric configuration page shows the bias metrics that you configured for your model.

Next step

To view metrics, on the Bias metric configuration page, click View metrics in the upper-right corner.

Creating a bias metric by using the CLI

You can use the OpenShift command-line interface (CLI) to create a bias metric for a model.

Prerequisites

You are familiar with the bias metrics that Open Data Hub supports and how to interpret them.
You are familiar with the specific data set schema and understand the names and meanings of the inputs and outputs.
Your OpenShift cluster administrator added you as a user to the OpenShift Container Platform cluster and has installed the TrustyAI service for the data science project that contains the deployed models.
You set up TrustyAI for your data science project, as described in Setting up TrustyAI for your project.

Procedure

In a terminal window, log in to the OpenShift cluster where Open Data Hub is deployed.
```
oc login
```

Set the TRUSTY_ROUTE variable to the external route for the TrustyAI service pod.

TRUSTY_ROUTE=https://$(oc get route/trustyai-service --template={{.spec.host}})

Optionally, get the full list of TrustyAI service endpoints and payloads.

curl -H "Authorization: Bearer $TOKEN" --location $TRUSTY_ROUTE/q/openapi

Use POST /metrics/group/fairness/spd/request to schedule a recurring bias monitoring metric with the following syntax and payload structure:

Syntax:
```
curl -sk -H "Authorization: Bearer $TOKEN" -X POST --location $TRUSTY_ROUTE/metrics/spd/request \
 --header 'Content-Type: application/json' \
 --data <payload>
```
Payload structure:

modelId

The name of the model to query.

protectedAttribute

The name of the feature that distinguishes the groups that you are checking for fairness.

privilegedAttribute

The suspected favored (positively biased) class.

unprivilegedAttribute

The suspected unfavored (negatively biased) class.

outcomeName

The name of the output that provides the output you are examining for fairness.

favorableOutcome

The value of the outcomeName output that describes the favorable or desired model prediction.

batchSize

The number of previous inferences to include in the calculation.

For example:

curl -sk -H "Authorization: Bearer $TOKEN" -X POST --location $TRUSTY_ROUTE/metrics/group/fairness/spd/ \
     --header 'Content-Type: application/json' \
     --data "{
                 \"modelId\": \"demo-loan-nn-onnx-alpha\",
                 \"protectedAttribute\": \"Is Male-Identifying?\",
                 \"privilegedAttribute\": 1.0,
                 \"unprivilegedAttribute\": 0.0,
                 \"outcomeName\": \"Will Default?\",
                 \"favorableOutcome\": 0,
                 \"batchSize\": 5000
             }"

Verification

The bias metrics request should return output similar to the following:

{
   "timestamp":"2023-10-24T12:06:04.586+00:00",
   "type":"metric",
   "value":-0.0029676404469311524,
   "namedValues":null,
   "specificDefinition":"The SPD of -0.002968 indicates that the likelihood of Group:Is Male-Identifying?=1.0 receiving Outcome:Will Default?=0 was -0.296764 percentage points lower than that of Group:Is Male-Identifying?=0.0.",
   "name":"SPD",
   "id":"d2707d5b-cae9-41aa-bcd3-d950176cbbaf",
   "thresholds":{"lowerBound":-0.1,"upperBound":0.1,"outsideBounds":false}
}

The specificDefinition field helps you understand the real-world interpretation of these metric values. For this example, the model is fair over the Is Male-Identifying? field, with the rate of positive outcome only differing by about -0.3%.

Duplicating a bias metric

If you want to edit an existing metric, you can duplicate (copy) it in the Open Data Hub interface and then edit the values in the copy. However, note that the history of the original metric is not applied to the copy.

Prerequisites

You are familiar with the bias metrics that Open Data Hub supports and how to interpret them.
You are familiar with the specific data set schema and understand the names and meanings of the inputs and outputs.
There is an existing bias metric that you want to duplicate.

Procedure

In the left menu of the Open Data Hub dashboard, click Model Serving.
On the Deployed models page, click the name of the model with the bias metric that you want to duplicate.
On the metrics page for the model, click the Model bias tab.
Click Configure.
On the Bias metric configuration page, click the action menu (⋮) next to the metric that you want to copy and then click Duplicate.
In the Configure bias metric dialog, follow these steps:
1. In the Metric name field, type a unique name for your bias metric. Note that you cannot change the name of this metric later.
2. Change the values of the fields as needed. For a description of these fields, see Creating a bias metric by using the dashboard.
Ensure that the values you entered are correct, and then click Configure.

Verification

The Bias metric configuration page shows the bias metrics that you configured for your model.

Next step

To view metrics, on the Bias metric configuration page, click View metrics in the upper-right corner.

Deleting a bias metric

You can delete a bias metric for a model by using the Open Data Hub dashboard or by using the OpenShift command-line interface (CLI).

Deleting a bias metric by using the dashboard

You can use the Open Data Hub dashboard to delete a bias metric for a model.

Prerequisites

You have logged in to Open Data Hub.
There is an existing bias metric that you want to delete.

Procedure

In the left menu of the Open Data Hub dashboard, click Model Serving.
On the Deployed models page, click the name of the model with the bias metric that you want to delete.
On the metrics page for the model, click the Model bias tab.
Click Configure.
Click the action menu (⋮) next to the metric that you want to delete and then click Delete.
In the Delete bias metric dialog, type the metric name to confirm the deletion.

Note

You cannot undo deleting a bias metric.
Click Delete bias metric.

Verification

The Bias metric configuration page does not show the bias metric that you deleted.

Deleting a bias metric by using the CLI

You can use the OpenShift command-line interface (CLI) to delete a bias metric for a model.

Prerequisites

You have installed the OpenShift CLI (oc).
You have a user token for authentication as described in Authenticating the TrustyAI service.
There is an existing bias metric that you want to delete.

Procedure

Open a new terminal window.
Follow these steps to log in to your OpenShift Container Platform cluster:
1. In the upper-right corner of the OpenShift web console, click your user name and select Copy login command.
2. After you have logged in, click Display token.
3. Copy the Log in with this token command and paste it in the OpenShift command-line interface (CLI).
  $ oc login --token=<token> --server=<openshift_cluster_url>

In the OpenShift CLI, get the route to the TrustyAI service:

TRUSTY_ROUTE=https://$(oc get route/trustyai-service --template={{.spec.host}})

Optional: To list all currently active requests for a metric, use GET /metrics/{{metric}}/requests. For example, to list all currently scheduled SPD metrics, type:
```
curl -H "Authorization: Bearer $TOKEN" -X GET --location "$TRUSTY_ROUTE/metrics/spd/requests"
```
Alternatively, to list all currently scheduled metric requests, use GET /metrics/all/requests.
```
curl -H "Authorization: Bearer $TOKEN" -X GET --location "$TRUSTY_ROUTE/metrics/all/requests"
```

To delete a metric, send an HTTP DELETE request to the /metrics/$METRIC/request endpoint to stop the periodic calculation, including the id of periodic task that you want to cancel in the payload. For example:

curl -H "Authorization: Bearer $TOKEN" -X DELETE --location "$TRUSTY_ROUTE/metrics/spd/request" \
    -H "Content-Type: application/json" \
    -d "{
          \"requestId\": \"3281c891-e2a5-4eb3-b05d-7f3831acbb56\"
        }"

Verification

Use GET /metrics/{{metric}}/requests to list all currently active requests for the metric and verify the metric that you deleted is not shown. For example:

curl -H "Authorization: Bearer $TOKEN" -X GET --location "$TRUSTY_ROUTE/metrics/spd/requests"

Viewing bias metrics for a model

After you create bias monitoring metrics, you can use the Open Data Hub dashboard to view and update the metrics that you configured.

Prerequisite

You configured bias metrics for your model as described in Creating a bias metric.

Procedure

In the Open Data Hub dashboard, click Model Serving.
On the Deployed models page, click the name of a model that you want to view bias metrics for.
On the metrics page for the model, click the Model bias tab.
To update the metrics shown on the page, follow these steps:
1. In the Metrics to display section, use the Select a metric list to select a metric to show on the page.
  
  Note
  Each time you select a metric to show on the page, an additional Select a metric list appears. This enables you to show multiple metrics on the page.
2. From the Time range list in the upper-right corner, select a value.
3. From the Refresh interval list in the upper-right corner, select a value.
  
  The metrics page shows the metrics that you selected.
Optional: To remove one or more metrics from the page, in the Metrics to display section, perform one of the following actions:
- To remove an individual metric, click the cancel icon (✖) next to the metric name.
- To remove all metrics, click the cancel icon (✖) in the Select a metric list.
Optional: To return to configuring bias metrics for the model, on the metrics page, click Configure in the upper-right corner.

Verification

The metrics page shows the metrics selections that you made.

Supported bias metrics

Open Data Hub supports the following bias metrics:

Statistical Parity Difference

Statistical Parity Difference (SPD) is the difference in the probability of a favorable outcome prediction between unprivileged and privileged groups. The formal definition of SPD is the following:

ŷ = 1 is the favorable outcome.
Dᵤ and Dₚ are the unprivileged and privileged group data.

You can interpret SPD values as follows:

A value of 0 means that the model is behaving fairly for a selected attribute (for example, race, gender).
A value in the range -0.1 to 0.1 means that the model is reasonably fair for a selected attribute. Instead, you can attribute the difference in probability to other factors, such as the sample size.
A value outside the range -0.1 to 0.1 indicates that the model is unfair for a selected attribute.
A negative value indicates that the model has bias against the unprivileged group.
A positive value indicates that the model has bias against the privileged group.

Disparate Impact Ratio

Disparate Impact Ratio (DIR) is the ratio of the probability of a favorable outcome prediction for unprivileged groups to that of privileged groups. The formal definition of DIR is the following:

ŷ = 1 is the favorable outcome.
Dᵤ and Dₚ are the unprivileged and privileged group data.

The threshold to identify bias depends on your own criteria and specific use case.

For example, if your threshold for identifying bias is represented by a DIR value below 0.8 or above 1.2, you can interpret the DIR values as follows:

A value of 1 means that the model is fair for a selected attribute.
A value of between 0.8 and 1.2 means that the model is reasonably fair for a selected attribute.
A value below 0.8 or above 1.2 indicates bias.

Monitoring data drift

As a data scientist, you might want to monitor your deployed models for data drift. Data drift refers to changes in the distribution or properties of incoming data that differ significantly from the data on which the model was originally trained. Detecting data drift helps ensure that your models continue to perform as expected and that they remain accurate and reliable.

You can use data drift monitoring metrics from TrustyAI in Open Data Hub to provide a quantitative measure of the alignment between the training data and the inference data.

For information about the specific data drift metrics, see Supported drift metrics.

Creating a drift metric

To monitor a deployed model for data drift, you must first create drift metrics.

For information about the specific data drift metrics, see Supported drift metrics. For the complete list of TrustyAI metrics, see TrustyAI service API.

Creating a drift metric by using the CLI

You can use the OpenShift command-line interface (CLI) to create a data drift metric for a model.

Prerequisites

You are familiar with the specific data set schema and understand the relevant inputs and outputs.
Your OpenShift cluster administrator added you as a user to the OpenShift Container Platform cluster and has installed the TrustyAI service for the data science project that contains the deployed models.
You set up TrustyAI for your data science project, as described in Setting up TrustyAI for your project.

Procedure

Open a new terminal window.
Follow these steps to log in to your OpenShift Container Platform cluster:
1. In the upper-right corner of the OpenShift web console, click your user name and select Copy login command.
2. After you have logged in, click Display token.
3. Copy the Log in with this token command and paste it in the OpenShift command-line interface (CLI).
  $ oc login --token=<token> --server=<openshift_cluster_url>

Set the TRUSTY_ROUTE variable to the external route for the TrustyAI service pod.

TRUSTY_ROUTE=https://$(oc get route/trustyai-service --template={{.spec.host}})

Optionally, get the full list of TrustyAI service endpoints and payloads.

curl -H "Authorization: Bearer $TOKEN" --location $TRUSTY_ROUTE/q/openapi

Use POST /metrics/drift/meanshift/request to schedule a recurring drift monitoring metric with the following syntax and payload structure:

Syntax:
```
curl -k -H "Authorization: Bearer $TOKEN" -X POST --location $TRUSTY_ROUTE/metrics/drift/meanshift/request \
 --header 'Content-Type: application/json' \
 --data <payload>
```
Payload structure:

modelId

The name of the model to monitor.

referenceTag

The data to use as the reference distribution.

For example:

curl -k -H "Authorization: Bearer $TOKEN" -X POST --location $TRUSTY_ROUTE/metrics/drift/meanshift/request \
     --header 'Content-Type: application/json' \
     --data "{
                 \"modelId\": \"gaussian-credit-model\",
                 \"referenceTag\": \"TRAINING\"
             }"

Deleting a drift metric by using the CLI

You can use the OpenShift command-line interface (CLI) to delete a drift metric for a model.

Prerequisites

You have installed the OpenShift CLI (oc).
You have a user token for authentication as described in Authenticating the TrustyAI service.
There is an existing drift metric that you want to delete.

Procedure

Open a new terminal window.
Follow these steps to log in to your OpenShift Container Platform cluster:
1. In the upper-right corner of the OpenShift web console, click your user name and select Copy login command.
2. After you have logged in, click Display token.
3. Copy the Log in with this token command and paste it in the OpenShift command-line interface (CLI).
  $ oc login --token=<token> --server=<openshift_cluster_url>

In the OpenShift CLI, get the route to the TrustyAI service:

TRUSTY_ROUTE=https://$(oc get route/trustyai-service --template={{.spec.host}})

Optional: To list all currently active requests for a metric, use GET /metrics/{{metric}}/requests. For example, to list all currently scheduled MeanShift metrics, type:
```
curl -k -H "Authorization: Bearer $TOKEN" -X GET --location "$TRUSTY_ROUTE/metrics/drift/meanshift/requests"
```
Alternatively, to list all currently scheduled metric requests, use GET /metrics/all/requests.
```
curl -H "Authorization: Bearer $TOKEN" -X GET --location "$TRUSTY_ROUTE/metrics/all/requests"
```

curl -k -H "Authorization: Bearer $TOKEN" -X DELETE --location "$TRUSTY_ROUTE/metrics/drift/meanshift/request" \
    -H "Content-Type: application/json" \
    -d "{
          \"requestId\": \"$id\"
        }"

Verification

Use GET /metrics/{{metric}}/requests to list all currently active requests for the metric and verify the metric that you deleted is not shown. For example:

curl -H "Authorization: Bearer $TOKEN" -X GET --location "$TRUSTY_ROUTE/metrics/drift/meanshift/requests"

Viewing data drift metrics for a model

After you create data drift monitoring metrics, you can use the OpenShift Container Platform web console to view and update the metrics that you configured.

Prerequisites

You have been assigned the monitoring-rules-view role. For more information, see Granting users permission to configure monitoring for user-defined projects.
You are familiar with how to monitor project metrics in the OpenShift Container Platform web console. For more information, see Monitoring your project metrics.

Procedure

Log in to the OpenShift Container Platform web console.
Switch to the Developer perspective.
In the left menu, click Observe.
As described in Monitoring your project metrics, use the web console to run queries for trustyai_* metrics.

Supported drift metrics

Open Data Hub supports the following data drift metrics:

MeanShift: The MeanShift metric calculates the per-column probability that the data values in a test data set are from the same distribution as those in a training data set, assuming that the values are normally distributed. This metric measures the difference in the means of specific features between the two datasets.

MeanShift is useful for identifying straightforward changes in data distributions, such as when the entire distribution has shifted to the left or right along the feature axis.

This metric returns the probability that the distribution seen in the "real world" data is derived from the same distribution as the reference data. The closer the value is to 0, the more likely there is to be significant drift.
FourierMMD: The FourierMMD metric provides the probability that the data values in a test data set have drifted from the training data set distribution, assuming that the computed Maximum Mean Discrepancy (MMD) values are normally distributed. This metric compares the empirical distributions of the data sets by using an MMD measure in the Fourier domain.

FourierMMD is useful for detecting subtle shifts in data distributions that might be overlooked by simpler statistical measures.

This metric returns the probability that the distribution seen in the "real world" data has drifted from the reference data. The closer the value is to 1, the more likely there is to be significant drift.
KSTest: The KSTest metric calculates two Kolmogorov-Smirnov tests for each column to determine whether the data sets are derived from the same distributions. This metric measures the maximum distance between the empirical cumulative distribution functions (CDFs) of the data sets, without assuming any specific underlying distribution.

KSTest is useful for detecting changes in distribution shape, location, and scale.

This metric returns the probability that the distribution seen in the "real world" data is derived from the same distribution as the reference data. The closer the value is to 0, the more likely there is to be significant drift.
ApproxKSTest: The ApproxKSTest metric performs an approximate Kolmogorov-Smirnov test, ensuring that the maximum error is 6*epsilon compared to an exact KSTest.

ApproxKSTest is useful for detecting changes in distributions for large data sets where performing an exact KSTest might be computationally expensive.

This metric returns the probability that the distribution seen in the "real world" data is derived from the same distribution as the reference data. The closer the value is to 0, the more likely there is to be significant drift.

Using explainability

As a data scientist, you can learn how your machine learning model makes its predictions and decisions. You can use explainers from TrustyAI to provide saliency explanations for model inferences in Open Data Hub.

For information about the specific explainers, see Supported explainers.

Requesting a LIME explanation

To understand how a model makes its predictions and decisions, you can use a Local Interpretable Model-agnostic Explanations (LIME) explainer. LIME explains a model’s predictions by showing how much each feature affected the outcome. For example, for a model predicting not to target a user for a marketing campaign, LIME provides a list of weights, both positive and negative, indicating how each feature influenced the model’s outcome.

For more information, see Supported explainers.

Requesting a LIME explanation by using the CLI

You can use the OpenShift command-line interface (CLI) to request a LIME explanation.

Prerequisites

Your OpenShift cluster administrator added you as a user to the OpenShift Container Platform cluster and has installed the TrustyAI service for the data science project that contains the deployed models.
You authenticated the TrustyAI service, as described in Authenticating the TrustyAI service.
You have real-world data from the deployed models.
You installed the OpenShift command line interface (oc) as described in Installing the OpenShift CLI.

Procedure

Open a new terminal window.
Follow these steps to log in to your OpenShift Container Platform cluster:
1. In the upper-right corner of the OpenShift web console, click your user name and select Copy login command.
2. After you have logged in, click Display token.
3. Copy the Log in with this token command and paste it in the OpenShift command-line interface (CLI).
  $ oc login --token=<token> --server=<openshift_cluster_url>

Set an environment variable to define the external route for the TrustyAI service pod.

export TRUSTY_ROUTE=$(oc get route trustyai-service -n $NAMESPACE -o jsonpath='{.spec.host}')

Set an environment variable to define the name of your model.
```
export MODEL="model-name"
```

Use GET /info/inference/ids/${MODEL} to get a list of all inference IDs within your model inference data set.

curl -skv -H "Authorization: Bearer ${TOKEN}" \
   https://${TRUSTY_ROUTE}/info/inference/ids/${MODEL}?type=organic

You see output similar to the following:

[
  {
    "id":"a3d3d4a2-93f6-4a23-aedb-051416ecf84f",
    "timestamp":"2024-06-25T09:06:28.75701201"
  }
]

Set environment variables to define the two latest inference IDs (highest and lowest predictions).

export ID_LOWEST=$(curl -s ${TRUSTY_ROUTE}/info/inference/ids/${MODEL}?type=organic | jq -r '.[-1].id')

export ID_HIGHEST=$(curl -s ${TRUSTY_ROUTE}/info/inference/ids/${MODEL}?type=organic | jq -r '.[-2].id')

Use POST /explainers/local/lime to request the LIME explanation with the following syntax and payload structure:

Sytnax:
```
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST \
 -H "Content-Type: application/json" \
 -d <payload>
```
Payload structure:

PredictionId

The inference ID.

config

The configuration for the LIME explanation, including model and explainer parameters. For more information, see Model configuration parameters and LIME explainer configuration parameters.

For example:

echo "Requesting LIME for lowest"
curl -s -H "Authorization: Bearer ${TOKEN}" -X POST \
    -H "Content-Type: application/json" \
    -d "{
        \"predictionId\": \"$ID_LOWEST\",
        \"config\": {
            \"model\": { (1)
                \"target\": \"modelmesh-serving:8033\", (2)
                \"name\": \"${MODEL}\",
                \"version\": \"v1\"
            },
            \"explainer\": { (3)
              \"n_samples\": 50,
              \"normalize_weights\": \"false\",
              \"feature_selection\": \"false\"
            }
        }
    }" \
    ${TRUSTYAI_ROUTE}/explainers/local/lime

echo "Requesting LIME for highest"
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST \
    -H "Content-Type: application/json" \
    -d "{
        \"predictionId\": \"$ID_HIGHEST\",
        \"config\": {
            \"model\": { (1)
                \"target\": \"modelmesh-serving:8033\", (2)
                \"name\": \"${MODEL}\",
                \"version\": \"v1\"
            },
            \"explainer\": { (3)
              \"n_samples\": 50,
              \"normalize_weights\": \"false\",
              \"feature_selection\": \"false\"
            }
        }
    }" \
    ${TRUSTYAI_ROUTE}/explainers/local/lime

Specifies configuration for the model. For more information about the model configuration options, see Model configuration parameters.
Specifies the model server service URL. This field only accepts model servers in the same namespace as the TrustyAI service, with or without protocol or port number.
- http[s]://service[:port]
- service[:port]
Specifies the configuration for the explainer. For more information about the explainer configuration parameters, see LIME explainer configuration parameters.

Requesting a SHAP explanation

To understand how a model makes its predictions and decisions, you can use a SHapley Additive exPlanations (SHAP) explainer. SHAP explains a model’s prediction by showing a detailed breakdown of each feature’s contribution to the final outcome. For example, for a model predicting the price of a house, SHAP provides a list of how much each feature contributed (in monetary value) to the final price.

For more information, see Supported explainers.

Requesting a SHAP explanation by using the CLI

You can use the OpenShift command-line interface (CLI) to request a SHAP explanation.

Prerequisites

Your OpenShift cluster administrator added you as a user to the OpenShift Container Platform cluster and has installed the TrustyAI service for the data science project that contains the deployed models.
You authenticated the TrustyAI service, as described in Authenticating the TrustyAI service.
You have real-world data from the deployed models.
You installed the OpenShift command line interface (oc) as described in Installing the OpenShift CLI.

Procedure

Open a new terminal window.
Follow these steps to log in to your OpenShift Container Platform cluster:
1. In the upper-right corner of the OpenShift web console, click your user name and select Copy login command.
2. After you have logged in, click Display token.
3. Copy the Log in with this token command and paste it in the OpenShift command-line interface (CLI).
  $ oc login --token=<token> --server=<openshift_cluster_url>

Set an environment variable to define the external route for the TrustyAI service pod.

export TRUSTY_ROUTE=$(oc get route trustyai-service -n $NAMESPACE -o jsonpath='{.spec.host}')

Set an environment variable to define the name of your model.
```
export MODEL="model-name"
```

Use GET /info/inference/ids/${MODEL} to get a list of all inference IDs within your model inference data set.

curl -skv -H "Authorization: Bearer ${TOKEN}" \
   https://${TRUSTY_ROUTE}/info/inference/ids/${MODEL}?type=organic

You see output similar to the following:

[
  {
    "id":"a3d3d4a2-93f6-4a23-aedb-051416ecf84f",
    "timestamp":"2024-06-25T09:06:28.75701201"
  }
]

Set environment variables to define the two latest inference IDs (highest and lowest predictions).

export ID_LOWEST=$(curl -s ${TRUSTY_ROUTE}/info/inference/ids/${MODEL}?type=organic | jq -r '.[-1].id')

export ID_HIGHEST=$(curl -s ${TRUSTY_ROUTE}/info/inference/ids/${MODEL}?type=organic | jq -r '.[-2].id')

Use POST /explainers/local/shap to request the SHAP explanation with the following syntax and payload structure:

Sytnax:
```
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST \
 -H "Content-Type: application/json" \
 -d <payload>
```
Payload structure:

PredictionId

The inference ID.

config

The configuration for the SHAP explanation, including model and explainer parameters. For more information, see Model configuration parameters and SHAP explainer configuration parameters.

For example:

echo "Requesting SHAP for lowest"
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST \
  -H "Content-Type: application/json" \
  -d "{
    \"predictionId\": \"$ID_LOWEST\",
    \"config\": {
        \"model\": { (1)
            \"target\": \"modelmesh-serving:8033\", (2)
            \"name\": \"${MODEL}\",
            \"version\": \"v1\"
        },
        \"explainer\": { (3)
          \"n_samples\": 75
        }
    }
  }" \
  ${TRUSTYAI_ROUTE}/explainers/local/shap

echo "Requesting SHAP for highest"
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST \
    -H "Content-Type: application/json" \
    -d "{
        \"predictionId\": \"$ID_HIGHEST\",
        \"config\": {
            \"model\": { (1)
                \"target\": \"modelmesh-serving:8033\", (2)
                \"name\": \"${MODEL}\",
                \"version\": \"v1\"
            },
            \"explainer\": { (3)
              \"n_samples\": 75
            }
        }
    }" \
    ${TRUSTYAI_ROUTE}/explainers/local/shap

Specifies configuration for the model. For more information about the model configuration options, see Model configuration parameters.
Specifies the model server service URL. This field only accepts model servers in the same namespace as the TrustyAI service, with or without protocol or port number.
- http[s]://service[:port]
- service[:port]
Specifies the configuration for the explainer. For more information about the explainer configuration parameters, see SHAP explainer configuration parameters.

Supported explainers

Open Data Hub supports the following explainers:

LIME

Local Interpretable Model-agnostic Explanations (LIME) ^[1] is a saliency explanation method. LIME aims to explain a prediction 𝑝 = (𝑥, 𝑦) (an input-output pair) generated by a black-box model 𝑓 : ℝ^𝑑 → ℝ. The explanations come in the form of a "saliency" 𝑤_𝑖 attached to each feature 𝑥_𝑖 in the prediction 𝑥. LIME generates a local explanation ξ(𝑥) according to the following model:

𝜋_𝑥 is a proximity function
𝐺 is the family of interpretable models
Ω(𝑔) is a measure of complexity of an explanation 𝑔 ∈ 𝐺
𝐿(𝑓, 𝑔, 𝜋_𝑥) is a measure of how unfaithful 𝑔 is in approximating 𝑓 in the locality defined by 𝜋_𝑥

In the original paper, 𝐺 is the class of linear models and 𝜋_𝑥 is an exponential kernel on a distance function 𝐷 (for example, cosine distance). LIME converts samples 𝑥_𝑖 from the original domain into interpretable samples as binary vectors 𝑥′_𝑖 ∈ 0,1. An encoded data set 𝐸 is built by taking nonzero elements of 𝑥′_𝑖 , recovering the original representation 𝑧 ∈ ℝ^𝑑 and then computing 𝑓(𝑧). A weighted linear model 𝑔 (with weights provided via 𝜋_𝑥) is then trained on the generated sparse data set 𝐸 and the model weights 𝑤 are used as feature weights for the final explanation ξ(𝑥).

SHAP

SHapley Additive exPlanations (SHAP), ^[2] seeks to unify several common explanation methods, notably LIME ^[1] and DeepLIFT, ^[3] under a common umbrella of additive feature attributions. These methods explain how an input 𝑥 = [𝑥₁, 𝑥₂, …, 𝑥_𝑀] affects the output of some model 𝑓 by transforming 𝑥 ∈ ℝ^𝑀 into simplified inputs 𝑧′ ∈ 0, 1^𝑀 , such that 𝑧′_𝑖 indicates the inclusion or exclusion of feature 𝑖. The simplified inputs are then passed to an explanatory model 𝑔 that takes the following form:

In that form, each value 𝛷_𝑖 marks the contribution that feature 𝑖 had on the output model (called the attribution), 𝛷₀ marks the null output of the model; the model output when every feature is excluded. Therefore, this presents an easily interpretable explanation of the importance of each feature and a framework to permute the various input features to establish their collection contributions.

The final result of the algorithm are the Shapley values of each feature, which give an itemized "receipt" of all the contributing factors to the decision. For example, a SHAP explanation of a loan application might be as follows:

Feature	Shapley Value φ
Null Output	50%
Income	+10%
# Children	-15%
Age	+22%
Own Home?	-30%
Acceptance%	37%
Deny	63%

Feature

Shapley Value φ

Null Output

50%

Income

+10%

# Children

-15%

Age

+22%

Own Home?

-30%

Acceptance%

37%

Deny

63%

From this, the applicant can see that the biggest contributor to their denial was their home ownership status, which reduced their acceptance probability by 30 percentage points. Meanwhile, their number of children was of particular benefit, increasing their probability by 22 percentage points.

Bias monitoring tutorial - Gender bias example

Step-by-step guidance for using TrustyAI in Open Data Hub to monitor machine learning models for bias.

Introduction

Ensuring that your machine learning models are fair and unbiased is essential for building trust with your users. Although you can assess fairness during model training, it is only in deployment that your models use real-world data. Even if your models are unbiased on training data, they can exhibit serious biases in real-world scenarios. Therefore, it is crucial to monitor your models for fairness during their real-world deployment.

In this tutorial, you learn how to monitor models for bias. You will use two example models to complete the following tasks:

Deploy the models by using multi-model serving.
Send training data to the models.
Examine the metadata for the models.
Check model fairness.
Schedule and check fairness and identity metric requests.
Simulate real-world data.

About the example models

For this tutorial, your role is a DevOps engineer for a credit lending company. The company’s data scientists have created two candidate neural network models to predict whether a borrower will default on a loan. Both models make predictions based on the following information from the borrower’s application:

Number of Children
Total Income
Number of Total Family Members
Is Male-Identifying?
Owns Car?
Owns Realty?
Is Partnered?
Is Employed?
Lives with Parents?
Age (in days)
Length of Employment (in days)

As the DevOps engineer, your task is to verify that the models are not biased against the Is Male-Identifying? gender field. To complete this task, you can monitor the models by using the Statistical Parity Difference (SPD) metric, which reports whether there is a difference between how often male-identifying and non-male-identifying applicants are given favorable predictions (that is, they are predicted to pay off their loans). An ideal SPD metric is 0, meaning both groups are equally likely to receive a positive outcome. An SPD between -0.1 and 0.1 also indicates fairness, as it reflects only a +/-10% variation between the groups.

Setting up your environment

To set up your environment for this tutorial, complete the following tasks:

Download tutorial files from the trustyai-explainability repository.
Log in to the OpenShift cluster from the command line.
Configure monitoring for the model serving platform.
Enable the TrustyAI component in the Open Data Hub Operator.
Set up a project.
Authenticate the TrustyAI service.

Prerequisites

The Open Data Hub Operator is installed on your OpenShift Container Platform cluster.
You have cluster administrator privileges for your OpenShift Container Platform cluster.
You have downloaded and installed the OpenShift command-line interface (CLI). See Installing the OpenShift CLI.

Downloading the tutorial files

Go to https://github.com/trustyai-explainability/odh-trustyai-demos/tree/main.
Click the Code button and then click Download ZIP to download the repository.
Extract the downloaded repository files.

Logging in to the OpenShift cluster from the command line

Obtain the command for logging in to the OpenShift cluster from the command line:
1. In the upper-right corner of the OpenShift Container Platform web console, click your user name and select Copy login command.
2. Log in with your credentials and then click Display token.
3. Copy the Log in with this token command, which has the following syntax:
  $ oc login --token=<token> --server=<openshift_cluster_url>
In a terminal window, paste and run the login command.

Configuring monitoring for the model serving platform

To enable monitoring on user-defined projects, you must configure monitoring for the model serving platform.

Run the following command from the directory containing the downloaded tutorial files (odh-trustyai-demos-main):
```
oc apply -f 1-Installation/resources/enable_uwm.yaml
```
To configure monitoring to store metric data for 15 days, run the following command from the directory containing the downloaded tutorial files (odh-trustyai-demos-main):
```
oc apply -f 1-Installation/resources/uwm_configmap.yaml
```

For more information, see Configuring monitoring for the multi-model serving platform.

Enabling the TrustyAI component

To allow your data scientists to use model monitoring with TrustyAI, you must enable the TrustyAI component in Open Data Hub.

Prerequisites

You have cluster administrator privileges for your OpenShift Container Platform cluster.
You have access to the data science cluster.
You have installed Open Data Hub.

Procedure

In the OpenShift Container Platform console, click Operators → Installed Operators.
Search for the Open Data Hub Operator, and then click the Operator name to open the Operator details page.
Click the Data Science Cluster tab.
Click the default instance name (for example, default-dsc) to open the instance details page.
Click the YAML tab to show the instance specifications.
In the spec:components section, set the managementState field for the trustyai component to Managed:
```
 trustyai:
    managementState: Managed
```
Click Save.

Verification

Check the status of the trustyai-service-operator pod:

In the OpenShift Container Platform console, from the Project list, select opendatahub.
Click Workloads → Deployments.
Search for the trustyai-service-operator-contoller-manager deployment. Check the status:
1. Click the deployment name to open the deployment details page.
2. Click the Pods tab.
3. View the pod status.
  
  When the status of the trustyai-service-operator-controller-manager-<pod-id> pod is Running, the pod is ready to use.

Setting up a project

For this tutorial, you must create a project named model-namespace.

To create a new project named model-namespace, run the following command from the directory containing the downloaded tutorial files (odh-trustyai-demos-main):
```
oc new-project model-namespace
```

Prepare the model-namespace project for multi-model serving:

oc label namespace model-namespace "modelmesh-enabled=true" --overwrite=true

Note	Model monitoring with TrustyAI is only available on the ModelMesh-based multi-model serving platform. Model monitoring with TrustyAI is unavailable on the KServe-based single-model serving platform.

Authenticating the TrustyAI service

TrustyAI endpoints are authenticated with a Bearer token. To obtain this token and set a variable (TOKEN) to use later, run the following command:

export TOKEN=$(oc whoami -t)

Deploying models

Procedure

To deploy the models for this tutorial, run the following commands from the directory containing the downloaded tutorial files (odh-trustyai-demos-main).

Navigate to the model-namespace project you created:
```
oc project model-namespace
```

Deploy the model’s storage container:

oc apply -f 2-BiasMonitoring/resources/model_storage_container.yaml

Deploy the OVMS 1.x serving runtime:

oc apply -f 2-BiasMonitoring/resources/ovms-1.x.yaml

Deploy the first model:

oc apply -f 2-BiasMonitoring/resources/model_alpha.yaml

Deploy the second model:

oc apply -f 2-BiasMonitoring/resources/model_beta.yaml

Verification

In the OpenShift Container Platform console, click Workloads → Pods.
Confirm that there are four pods:
- minio
- modelmesh-serving-ovms-1.x-xxxxxxxxxx-xxxxx
- modelmesh-serving-ovms-1.x-xxxxxxxxxx-xxxxx
- trustyai-service-xxxxxxxxxx-xxxxx
  
  When the TrustyAI service has registered the deployed models, the modelmesh-serving-ovms-1.x-xxxxx pods are redeployed.
To verify that TrustyAI has registered the models:
1. Select one of the modelmesh-serving-ovms-1.x-xxxxx pods.
2. Click the Environment tab and confirm that the MM_PAYLOAD_PROCESSORS field is set.

Sending training data to the models

Pass the training data through the models.

Procedure

In a terminal window, run the following command from the directory that contains the downloaded tutorial files (odh-trustyai-demos-main):
```
for batch in 0 250 500 750 1000 1250 1500 1750 2000 2250; do
  2-BiasMonitoring/scripts/send_data_batch
2-BiasMonitoring/data/training/$batch.json
done
```
This process can take several minutes.

Verification

View the script verification messages that indicate whether TrustyAI is receiving the data.
Verify that the process is running by viewing the cluster metrics:
1. In the OpenShift Container Platform web console, click Observe → Metrics.
2. In the Expression field, enter trustyai_model_observations_total and click Run Queries.
3. Confirm that both models are listed with around 2250 inferences each, which indicates that TrustyAI has cataloged enough inputs and outputs to begin analysis.
4. Optional: You can select a time range and refresh interval:
  - From the Time range list, select 5 minutes.
  - From the Refresh interval list, select 15 seconds.
Verify that TrustyAI can access the models by examining the model metadata:
1. Find the route to the TrustyAI service:
  TRUSTY_ROUTE=https://$(oc get route/trustyai-service --template={{.spec.host}}); echo $TRUSTY_ROUTE
2. Query the /info endpoint:
  curl -H "Authorization: Bearer ${TOKEN}" $TRUSTY_ROUTE/info | jq
  A JSON file is generated with the following information for each model:
  - The names, data types, and positions of fields in the input and output.
  - The observed values that these fields take.
  - The total number of input-output pairs observed.
For an example output file, see the odh-trustyai-demos-main/2-BiasMonitoring/scripts/info_response.json file in your downloaded tutorial files.

Labeling data fields

You can apply name mappings to your inputs and outputs for more meaningful field names by sending a POST request to the /info/names endpoint.

For this tutorial, run the following command from the directory containing the downloaded tutorial files (odh-trustyai-demos-main):

2-BiasMonitoring/scripts/apply_name_mapping.sh

For general steps, see Labeling data fields.

To understand the payload structure, see the odh-trustyai-demos-main/2-BiasMonitoring/scripts/apply_name_mapping.sh file in your downloaded tutorial files.

Checking model fairness

Compute the model’s cumulative fairness up to this point.

Procedure

In a terminal window, run the following script from the directory containing the downloaded tutorial files (odh-trustyai-demos-main) to check the /metrics/group/fairness/spd endpoint:

echo -e "=== MODEL ALPHA ==="
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST --location $TRUSTY_ROUTE/metrics/group/fairness/spd/ \
     --header 'Content-Type: application/json' \
     --data "{
                 \"modelId\": \"demo-loan-nn-onnx-alpha\",
                 \"protectedAttribute\": \"Is Male-Identifying?\",
                 \"privilegedAttribute\": 1.0,
                 \"unprivilegedAttribute\": 0.0,
                 \"outcomeName\": \"Will Default?\",
                 \"favorableOutcome\": 0,
                 \"batchSize\": 5000
             }" | jq
echo -e "\n\n=== MODEL BETA ==="
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST --location $TRUSTY_ROUTE/metrics/group/fairness/spd \
     --header 'Content-Type: application/json' \
     --data "{
                 \"modelId\": \"demo-loan-nn-onnx-beta\",
                 \"protectedAttribute\": \"Is Male-Identifying?\",
                 \"privilegedAttribute\": 1.0,
                 \"unprivilegedAttribute\": 0.0,
                 \"outcomeName\": \"Will Default?\",
                 \"favorableOutcome\": 0,
                 \"batchSize\": 5000
             }" | jq
echo

The payload structure is as follows:

modelId: The name of the model to query.
protectedAttribute: The name of the feature that distinguishes the groups that you are checking for fairness over.
privilegedAttribute: The value of the protectedAttribute that describes the suspected favored (positively biased) class.
unprivilegedAttribute: The value of the protectedAttribute that describes the suspected unfavored (negatively biased) class.
outcomeName: The name of the output that provides the output you are examining for fairness.
favorableOutcome: The value of the outcomeName output that describes the favorable model prediction.
batchSize: The number of previous inferences to include in the calculation.

Verification

Confirm that you see outputs similar to the following examples:

Model Alpha

=== MODEL ALPHA ===
{
  "timestamp": "2024-07-25T16:26:50.412+00:00",
  "type": "metric",
  "value": 0.003056835834369387,
  "namedValues": null,
  "specificDefinition": "The SPD of 0.003057 indicates that the likelihood of Group:Is Male-Identifying?=[1.0] receiving Outcome:Will Default?=[0] was 0.305684 percentage points higher than that of Group:Is Male-Identifying?=[0.0].",
  "name": "SPD",
  "id": "542bd51e-dd2f-40f6-947f-c1c22bd71765",
  "thresholds": {
    "lowerBound": -0.1,
    "upperBound": 0.1,
    "outsideBounds": false
  }
}

Model Beta

=== MODEL BETA ===
{
  "timestamp": "2024-07-25T16:26:50.648+00:00",
  "type": "metric",
  "value": 0.029078518433627354,
  "namedValues": null,
  "specificDefinition": "The SPD of 0.029079 indicates that the likelihood of Group:Is Male-Identifying?=[1.0] receiving Outcome:Will Default?=[0] was 2.907852 percentage points higher than that of Group:Is Male-Identifying?=[0.0].",
  "name": "SPD",
  "id": "df292f06-9255-4158-8b02-4813a8777b7b",
  "thresholds": {
    "lowerBound": -0.1,
    "upperBound": 0.1,
    "outsideBounds": false
  }
}

The specificDefinition field is important in understanding the real-world interpretation of these metric values; you can see that both model Alpha and Beta are fair over the Is Male-Identifying field, with the two groups' rates of positive outcomes only differing by -0.3% for model Alpha and 2.8% for model Beta.

Scheduling a fairness metric request

After you confirm that the models are fair over the training data, you want to ensure that they remain fair over real-world inference data. To monitor their fairness, you can schedule a metric request to compute at recurring intervals throughout deployment by passing the same payloads to the /metrics/group/fairness/spd/request endpoint.

Procedure

In a terminal window, run the following script from the directory containing the downloaded tutorial files (odh-trustyai-demos-main):

echo -e "\n\n=== MODEL ALPHA ===\n"
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST --location $TRUSTY_ROUTE/metrics/group/fairness/spd/request \
     --header 'Content-Type: application/json' \
     --data "{
                 \"modelId\": \"demo-loan-nn-onnx-alpha\",
                 \"protectedAttribute\": \"Is Male-Identifying?\",
                 \"privilegedAttribute\": 1.0,
                 \"unprivilegedAttribute\": 0.0,
                 \"outcomeName\": \"Will Default?\",
                 \"favorableOutcome\": 0,
                 \"batchSize\": 5000
             }"
echo -e "\n\n=== MODEL BETA ===\n"
curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST --location $TRUSTY_ROUTE/metrics/group/fairness/spd/request \
     --header 'Content-Type: application/json' \
     --data "{
                 \"modelId\": \"demo-loan-nn-onnx-beta\",
                 \"protectedAttribute\": \"Is Male-Identifying?\",
                 \"privilegedAttribute\": 1.0,
                 \"unprivilegedAttribute\": 0.0,
                 \"outcomeName\": \"Will Default?\",
                 \"favorableOutcome\": 0,
                 \"batchSize\": 5000
             }"
echo

These commands return the IDs of the created requests. Later, you can use these IDs to delete the scheduled requests.

Verification

In the OpenShift Container Platform web console, click Observe → Metrics.
In the Expression field, enter trustyai_spd and click Run Queries.
Optional: After running a query, you can select a time range and refresh interval:
- From the Time range list, select 5 minutes.
- From the Refresh interval list, select 15 seconds.

Scheduling an identity metric request

You can monitor the average values of various data fields over time to see the average ratio of loan-payback to loan-default predictions and the average ratio of male-identifying to non-male-identifying applicants. To monitor the average values, you create an identity metric request by sending a POST request to the /metrics/identity/request endpoint.

Procedure

In a terminal window, run the following command from the directory containing the downloaded tutorial files (odh-trustyai-demos-main):

for model in "demo-loan-nn-onnx-alpha" "demo-loan-nn-onnx-beta"; do
  for field in "Is Male-Identifying?" "Will Default?"; do
      curl -sk -H "Authorization: Bearer ${TOKEN}" -X POST --location $TRUSTY_ROUTE/metrics/identity/request \
       --header 'Content-Type: application/json' \
       --data "{
                 \"columnName\": \"$field\",
                 \"batchSize\": 250,
                 \"modelId\": \"$model\"
               }"
	echo -e
  done
done

The payload structure is as follows:

columnName: The name of the field to compute the averaging over.
batchSize: The number of previous inferences to include in the average-value calculation.
modelId: The name of the model to query.

Verification

In the OpenShift Container Platform web console, click Observe → Metrics.
In the Expression field, enter trustyai_identity and click Run Queries.
Optional: After running a query, you can select a time range and refresh interval:
- From the Time range list, select 5 minutes.
- From the Refresh interval list, select 15 seconds.

Simulating real world data

Now that you have scheduled your fairness and identify metric requests, you can simulate sending some "real world" data through your models to see if they remain fair.

Procedure

In a terminal window, run the following command from the directory containing the downloaded tutorial files (odh-trustyai-demos-main):

for batch in "01" "02" "03" "04" "05" "06" "07" "08"; do
  ./2-BiasMonitoring/scripts/send_data_batch 2-BiasMonitoring/data/batch_$batch.json
  sleep 5
done

Verification

In the OpenShift Container Platform web console, click Observe → Metrics and watch the SPD and identity metric request values change.

Reviewing the results

Are the models biased?

The two models have drastically different fairness levels when applied to the simulated real-world data. Model Alpha (blue) stayed within the "acceptably fair" range between -0.1 and 0.1, ending around 0.09. However, Model Beta (yellow) plummeted out of the fair range, ending at -0.274. This indicates that non-male-identifying applicants were 27% less likely to receive a favorable outcome from Model Beta compared to male-identifying applicants.

To explore this further, you can analyze your identity metrics, starting by looking at the inbound ratio of male-identifying to non-male-identifying applicants:

In the training data, the ratio between male and non-male was around 0.8, but in the real-world data, it dropped to 0, meaning all applicants were non-male. This is a strong indicator that the training data did not match the real-world data, which is likely to indicate poor or biased model performance.

How does the production data compare to the training data?

Even though Model Alpha (green) was only exposed to non-male applicants, it still provided varying outcomes to the various applicants, predicting "will-default" in about 25% of cases. In contrast, Model Beta (purple) predicted "will-default" 100% of the time, meaning it predicted that every non-male applicant would default on their loan. This suggests that Model Beta is performing poorly on the real-world data or has encoded a systematic bias from its training, leading to the assumption that all non-male applicants will default.

These examples highlight the critical importance of monitoring bias in production. Models that are equally fair during training can perform very differently when applied to real-world data, with hidden biases emerging only in actual use. By using TrustyAI to detect these biases early, you can safeguard against the potential harm caused by biased models in production.

1. Marco Tulio Ribeiro, Sameer Singh, Carlos Guestrin. "Why Should I Trust You?": Explaining the Predictions of Any Classifier." Proceedings of the 22nd ACM SIGKDD International Conference on Knowledge Discovery and Data mining, 2016. Pages 1135-1144.

2. Scott Lundberg, Su-In Lee. "A Unified Approach to Interpreting Model Predictions." Advances in Neural Information Processing Systems, 2017.

3. Avanti Shrikumar, Peyton Greenside, Anshul Kundaje. "Learning Important Features Through Propagating Activation Differences." CoRR abs/1704.02685, 2017.

QUICK LINKS

STAY IN TOUCH