Artificial Intelligence and Data Analytics (AIDA) Guidebook

Figure 5: Intent and Content of AIDA Guidebook

Page 14
Artificial Intelligence and Data Analytics (AIDA) Guidebook

5 Machine Learning Methodology

This section provides an overview of how developers effectively build, evaluate, and manage
analytic and learning systems through a machine-learning pipeline. A machine-learning pipeline
is a way to codify and automate the workflow necessary to produce a machine-learning model.
Machine learning pipelines consist of multiple sequential steps that do everything from data
extraction and preprocessing to model training and deployment. Figure 6 provides a high-level
example of a machine-learning pipeline, with each step described in more detail to follow.

Figure 6: Machine Learning Pipeline

Pipeline steps:

1. Establish AI system goal – traditional goals of AI research include reasoning, knowledge

representation, planning, learning, natural language processing, perception, and the
ability to move and manipulate objects.
2. Establish requirements – consider desired performance, usability, integration, and
statistical behavior.
3. Identify AI solution design – identify the algorithms and programming language to be
used.
4. Identify use constraints – constraints enumerate the possible values a set of variables
may take in a given world.
5. Identify required data sets – the more complex your model becomes, the more data you
will need to determine its parameters.

Page 15
Artificial Intelligence and Data Analytics (AIDA) Guidebook

6. Instantiate AI solution design in code – there are many programming languages to

choose from such as C++, Java, Python, or R.
7. Prepare training data – includes cleaning the data of missing values, formatting data for
consistency, making the units consistent, decomposing complex values, and aggregating
simple values in the data.
8. Perform iterative training, testing, and evaluation cycle – input the data into the model
in order to train it and improve model accuracy, setting a minimum acceptable accuracy
threshold. If the testing and evaluation reveal that the model is not ready for
deployment, return to step 3 and continue to refine.
9. Integrate – determine how machine learning will work within existing business
processes.
10. Deploy – turn the model on in a real-world environment.
While the steps are sequential, the Machine Learning pipeline is often more of an iterative
process, especially between the “identify AI solution design” and “perform iterative training,
testing and evaluation cycle” steps. Often developers will need to revise either the training
data, data preparation/augmentation, or machine learning model structure as a result of the
training, testing, and evaluation step. The developer may uncover invalid assumptions which
require revisiting the initial design setup and conducting continuous iteration until the overall
AI system requirements are met.
A machine learning pipeline integrates both statistical behavior (i.e., statistical analysis and
response requirements for the system) and use constraints (i.e., constraints on the how the
system is to be deployed to support decision making – how autonomous, what timing
requirements, what level of potential harm to users and/or subjects) into the AI system
development process. Although powerful when implemented correctly, the machine-learning
pipeline does offer challenges to a developer. One such challenge is imposing DevOps practices
on a machine-learning pipeline. As previously defined, DevOps is the combination of software
and hardware systems aimed at continuously
developing and deploying software to AI Example: Language Models
increase operational efficiencies. In this
process, DevOps could also be considered the An AI model that has been trained to predict

code used to create the model. The machine- the next word or words in a text based on
learning model is the combination of the data the preceding words, it’s part of the
and the code, which is refined through technology that predicts the next word you
continuous integration, continuous want to type on your mobile phone allowing
deployment, and continuous training of the you to complete the message faster.
model.
While a DevOps code may be relatively set once developed, machine learning’s challenge is
how to keep code up to date with data while they change in parallel. Model accuracy and

Page 16
Artificial Intelligence and Data Analytics (AIDA) Guidebook

resulting decisions can degrade with time due to data drifts and organizational overconfidence
in the model. Machine learning is not a one-and-done process, creating an algorithm that is
infallible for all time, but an ongoing and indeed constant evolution, where the AI algorithms
repeatedly encounter new data and modify themselves to account for it. To counter this,
organizations use continuous integration (i.e., merging code changes into a central repository),
continuous deployment (i.e., using automated testing to validate if changes to a codebase are
correct and stable), continuous training (i.e., testing of the model’s validity), and a human
element in the development loop.

Conducting these additional steps is what differentiates DevOps from MLOps, democratizing
and streamlining the analytics process. On the technical side, MLOps bypasses the bottlenecks
in the deployment process, i.e., between machine learning design and implementation or
deployment framework. Strategically, MLOps makes machine learning accessible to those with
less data and coding expertise. Additionally, an organization may benefit by exposing the
quantitative rigor to qualitative subject matter, and by combining strategy and tactics to work
together. This is important since only 13% of machine learning projects10 make it into
production due to a lack of organizational engagement.
There are risks to MLOps in addition to the benefits stated above. MLOps may oversimplify the
development process, cloaking intermediate steps, which may pose a challenge to those with
less data and coding expertise. This may lead to downstream impacts if the code & data fall out
of alignment. Developers often weigh the risks and rewards of MLOps, asking questions such as:

• How much additional infrastructure is required to make MLOps sustainable?

• Does the organization already have a substantial infrastructure?
• How to measure the increase in productivity vs. the increase in risk?

Each organization will then identify acceptable risk level when determining how to proceed.
Additionally, organizations must often consider how tightly they link operational SMEs and data
or modeling SMEs; if model accuracy monitoring includes ethical metrics (race, gender, etc.);
and maintaining an organizational culture of respect for all contributors’ expertise.
Infrastructure SMEs manage the CI/CD technical side, working closely with other partners on
CT. Data SMEs understand operational SMEs as well as manage the CI/CD data side and work
closely with other partners on CT. Operational SME coordinates with data SMEs and are
responsible for proactively engaging data and infrastructure SMEs on CT.

10
https://venturebeat.com/2019/07/19/why-do-87-of-data-science-projects-never-make-it-into-production/

Page 17
Artificial Intelligence and Data Analytics (AIDA) Guidebook

6 Privacy and Security

Privacy and Security are key components of AI and data analytics implementation. Even though
privacy and security are complementary, there are key distinctions in how they both contribute
to AI systems.
Privacy is relevant to AI systems in two ways – maintaining the confidentiality of individuals
whose data is used for model training, the stage in which developers use dataset(s) to train a
machine learning algorithm, as well as the confidentiality of subjects to which the system is
applied. The term “subject” is useful to distinguish between individuals to whom the system is
applied, as in a person diagnosed using AI to read their computed tomography (CT) scan, or a
person whose medical risk is evaluated by a categorization system and a user applying the
system.
Security refers to keeping both the AI system’s development code (i.e., the model itself, testing
tools, and test results) and the data used to train it free from interference. A secure AI system
means both its development code and its training data will not be destroyed, altered, or made
inaccessible to authorized users. Securing artificial systems is inherently more complicated than
securing non-AI systems because of the need to secure training data.
Adhering to data protection policies for information in transit, at rest, and in use is very
important when planning AI and data analytic systems. Data in transit, also known as data in
motion, is commonly defined as data that is actively moving from one location to another such
as across the internet or through a private network. Data protection in transit is the protection
of this data while it is traveling from one network to another or being transferred from a local
storage device to a cloud storage device. Along with data in transit, there is data at rest, which
is data that is not actively moving from device to device or network to network such as data
stored on a hard drive, laptop, flash drive, or stored in some other way. Additionally, data in use
or in the memory space of a program running, such as a public cloud environment, must also be
protected. This data is widely protected via commercial and open source tools running on a
root of trust enabled by encrypted on-chip memory access. All major public clouds offer some
form of these as trusted execution environments or enclaves.

Data encryption is one of the simplest technologies to implement to secure data in transit and
at rest. Encryption, which entails the process of converting information or data into a code, is a
key element in data security. Prior to transporting sensitive information, businesses generally
choose to encrypt the data so that it may be protected during transmission. There are several
methods for doing this.
There are connection-level encryption schemes that can be enforced, and the most widely used
types of encryption are connections using Hypertext Transfer Protocol Secure (HTTPS),
Transport Layer Security (TLS), and File Transfer Protocol Secure (FTPS). HTTPS is encrypted in

Page 18
Artificial Intelligence and Data Analytics (AIDA) Guidebook

order to increase security of data transfer. This is particularly important when users transmit
sensitive data, such as by logging into a bank account, email service, or health insurance
provider. Any website, especially those that require login credentials, often uses HTTPS. A
primary use case of TLS is encrypting the communication between web applications and
servers, such as web browsers loading a website. TLS can also be used to encrypt other
communications such as email, messaging, and voice over IP (VoIP). FTPS is a secure file
transfer protocol that allows businesses to connect securely with their trading partners, users,
and customers. Sent files are exchanged through FTPS and authenticated by FTPS supported
applications such as client certificates and server identities.
When compared to the data in transit, data at rest is generally harder to access, which means
that oftentimes private information, such as health records, are stored this way. Making the
interception of this data more valuable to hackers and more consequential for victims of cyber-
attacks. Despite the greater security, there is still a risk of this data being intercepted by
hackers through cyber-attacks, potentially causing private information such as addresses and
financial records to be released, putting an individual’s safety at risk. Protecting all sensitive
data, whether in motion or at rest, is imperative for modern enterprises as attackers find
increasingly innovative ways to compromise systems and steal data.

If the data must be protected for many years, one should make sure that the encryption
scheme used is quantum-safe. Current publically available quantum computers are not
powerful enough to threaten current encryption methods. However, as quantum processors
advance, this could change. Most current public-key encryption methods (where different keys
are used for encryption and decryption) could be broken with a powerful enough quantum
computer. On the other hand, most current symmetric cryptographic algorithms (where the
encryption and decryption keys are the same) are not susceptible to quantum attacks,
assuming the keys are sufficiently long.11
For applications where confidentiality of the data in use is of utmost importance, additional
technologies could be used. When one wants to keep the data private even while it is being
processed, there are a number of technologies that can be employed independently or, in some
cases, even together. These include homomorphic encryption, differential privacy, federated
computing, and synthetic data. Homomorphic encryption is a technique that allows operations
to be performed on encrypted data without decrypting it.12 This permits the confidential
processing of data on a system that is untrusted. The results of the computation can only be
only decrypted with the original key. The biggest barrier to widespread use of homomorphic
encryption has been its poor performance. It is significantly slower than performing the

11
http://www.pqcrypto.org/www.springer.com/cda/content/document/cda_downloaddocument/9783540887010
-c1.pdf
12
See https://eprint.iacr.org/2015/1192 for an overview of homomorphic encryption and related technologies

Page 19