Data Science

What Are Data Quality Frameworks Like Great Expectations and Deequ?

If you work with data, you've probably heard the names Great Expectations and Deequ mentioned. In short, they are both powerful, open-source frameworks used for data quality testing and validation.

Think of them as "unit testing" for your data. Their main purpose is to help data engineers, analysts, and scientists ensure their data is accurate, complete, and reliable before it's ever used for analytics, machine learning models, or important business reports.

These frameworks allow you to define rules about what your data should look like. For example:

  • "This column should never be empty (null)."
  • "All values in this column must be unique."
  • "This number must be within a certain range (e.g., 1 to 100)."
  • "This text must match a specific pattern (like an email address)."

They then automatically test your data against these rules and alert you when reality doesn't match your expectations.

Great Expectations (GX)

Great Expectations is a Python-based framework that has become extremely popular in the data community.

  • Primary Language: Python.
  • Key Feature: It's known for its expressive, human-readable rules called "Expectations." This makes it easy for both technical and non-technical stakeholders to understand what's being tested.
  • Documentation: It automatically generates detailed, easy-to-read data quality reports called "Data Docs." These HTML reports are a key feature, making it simple to visualize your data, see validation results, and identify exactly where data failed a test.
  • Best For: Teams that want a flexible, Python-native tool that integrates with a wide variety of data sources (like SQL databases, Pandas, and Spark). It's ideal for those who place a strong emphasis on documentation and data governance.

Deequ

Deequ is a framework developed and used by Amazon (AWS) to handle data quality at a massive scale.

  • Primary Language: Scala (built on Apache Spark).
  • Key Feature: It is specifically designed to run efficiently on very large datasets (big data) that are processed using Apache Spark.
  • Functionality: It provides robust data profiling (to help you understand your data's characteristics), constraint verification (checking your rules), and continuous monitoring to track data quality over time.
  • Best For: Teams whose data pipelines are already built on Apache Spark and who need to perform data quality checks on billions or trillions of rows of data. (Note: A Python wrapper called PyDeequ is also available to make it more accessible to Python users).

Key Tools for Robust MLOps: SHAP, Fairlearn, Great Expectations, & EvidentlyAI

When building a modern MLOps pipeline, it's crucial to use tools that make your models more robust, reliable, and responsible. Four of the most powerful open-source tools in this space are SHAP, Fairlearn, Great Expectations, and EvidentlyAI.

They aren't alternatives to each other; instead, they solve very different problems at different stages of the machine learning lifecycle.

1. Great Expectations

What it is: A data quality and validation tool.

Purpose: Think of it as "unit testing for your data." You define "Expectations" about what your data should look like (e.g., column 'user_id' must be unique, column 'age' must be between 18 and 100, column 'email' must not be null). It then validates batches of your data against these rules.

Role in MLOps:

  • Data Ingestion: Use it to validate your training data to ensure its quality before you train a model.
  • Production Pipeline: Use it to validate new, incoming data before feeding it to your model for a prediction. This is its most critical role, as it prevents "garbage in, garbage out" and stops bad data from causing silent model failures.

2. Fairlearn

What it is: An AI fairness and bias-auditing toolkit.

Purpose: It helps you assess and mitigate fairness issues in your models. It answers questions like, "Does my model perform worse for a specific demographic group?" or "Is my loan-approval model biased against a certain gender or race?"

Role in MLOps:

  • Model Evaluation: During the training and evaluation phase, you use Fairlearn's dashboards to audit your model candidate for bias before it's approved for deployment.
  • Model Training: If you find bias, Fairlearn also provides algorithms to help you retrain or adjust your model to make it more fair, balancing performance with equity.

3. SHAP (SHapley Additive exPlanations)

What it is: A model explainability (XAI) framework.

Purpose: It "opens the black box" and explains why your model made a specific prediction. For any single prediction (e.g., "Loan Denied"), SHAP assigns a value to each feature (e.g., credit_score, income, age) showing how much it pushed the decision toward "Denied" or "Approved."

Role in MLOps:

  • Model Evaluation & Debugging: Use it to understand your model's global behavior. Is it using the features you expect, or did it find a strange correlation?
  • Production & Monitoring: Use it to explain individual predictions to end-users or stakeholders (e.g., "Your loan was denied primarily because of a high debt-to-income ratio"). This is often a business or legal requirement.

4. EvidentlyAI

What it is: A model monitoring and drift detection tool.

Purpose: This tool is specifically for models in production. It generates interactive dashboards to answer, "Is my model still healthy?" It specializes in detecting:

  • Data Drift: "Is the new, live data my model is seeing different from the training data?"
  • Model Drift: "Is my model's performance (e.g., accuracy) getting worse over time?"

Role in MLOps:

  • Production Monitoring: This is the core of the MLOps feedback loop. EvidentlyAI watches your live model and alerts you when its performance degrades or when the data changes, which is the signal that you need to retrain your model.

How They Fit Together in a Pipeline

Here is a simplified flow showing how you would use them:

  1. (Data Ingestion) → Raw data (for training or prediction) comes in.
    • Great Expectations validates this data. If it fails, the pipeline stops and alerts you.
  2. (Model Training) → You train a model on the validated data.
  3. (Model Evaluation) → You test the trained model.
    • Fairlearn audits the model for bias against different groups.
    • SHAP explains the model's behavior to ensure it's making decisions for the right reasons.
  4. (Model Deployment) → If the model passes its fairness and explainability tests, it's deployed to production.
  5. (Production Monitoring) → The model is live and making predictions on new data.
    • EvidentlyAI constantly monitors the model's performance and the new data's properties for any sign of drift, letting you know when it's time to go back to Step 1 and retrain.

A Guide to Your MLOps Toolkit: From Pipelines to Monitoring

Building a complete MLOps (Machine Learning Operations) system involves several specialized tools. They are often used together to create an automated, reliable, and ethical ML pipeline. Here’s a breakdown of what these common tools do and their specific roles.

Core MLOps Tools

These tools help build, manage, and automate the machine learning lifecycle.

MLflow
This is an open-source platform for managing the entire ML lifecycle. Think of it as a central "lab notebook" for your team. Its main components let you:
  • Track: Log experiments, parameters, code versions, and metrics to compare results.
  • Package: Standardize the format for packaging models to be used in different environments.
  • Register: Manage a central "Model Registry" to version, stage (e.g., development, production), and store your trained models.
Apache Airflow
This is a general-purpose workflow orchestrator. In MLOps, it's the "conductor" that tells all the other tools when to run. It doesn't do the ML work, but it defines, schedules, and monitors the sequence of tasks.
Example Pipeline: An Airflow "DAG" (pipeline) could be: 1. Fetch new data → 2. Run a DVC command → 3. Train the model → 4. Log results with MLflow → 5. Run a Fairlearn check.
DVC (Data Version Control)
This is essentially "Git for data." Git is great for code but bad for large data files. DVC solves this. It works with Git to version your large datasets and models by storing small "pointer" files in Git, while the actual data is saved in cloud storage (like S3 or Google Cloud Storage). This makes your entire project reproducible.
Kubeflow
This is a comprehensive, end-to-end MLOps platform built to run on Kubernetes. It's a "heavy-duty" solution for a container-based infrastructure. Its components help with:
  • Pipelines: Building and running scalable ML workflows.
  • Training: Managing distributed model training jobs.
  • Serving: Deploying and serving models at scale.
TensorFlow Extended (TFX)
This is Google's own end-to-end platform for production-ready ML pipelines, designed to work seamlessly with TensorFlow. It provides a complete, pre-built set of components for every step, from data validation (TFDV) and transformation (TFT) to training, model analysis (TFMA), and serving.

Fairness Tools

These tools are specialized for ensuring your models are responsible and ethical.

Fairlearn
This open-source Python toolkit (originally from Microsoft) helps you assess and mitigate bias in your models. You can use it to:
  • Assess: Generate reports that show how your model's performance and errors differ across demographic groups (e.g., by age or gender).
  • Mitigate: Apply "debiasing" algorithms to reduce the fairness-related harms you found.
AI Fairness 360 (AIF360)
This is a similar open-source toolkit (originally from IBM) with the same goal. It offers a very comprehensive library of over 70 fairness metrics and 13 bias mitigation algorithms, making it a powerful resource for a deep fairness audit.

Monitoring Tools

This tool category focuses on what happens after your model is deployed.

EvidentlyAI
This open-source Python library is for monitoring ML models in production. Its key job is to detect drift, which is the main reason models fail silently over time. It generates interactive dashboards to help you answer:
  • Data Drift: "Has the new, live data coming in started to look different from the data I trained my model on?"
  • Model Drift (Performance Decay): "Is my model's accuracy getting worse?"

When EvidentlyAI detects drift, it's the signal that you need to retrain your model.

Here is an explanation of those adversarial machine learning tools and concepts, formatted in HTML for your blog. ```html

Understanding Adversarial Machine Learning: Tools & Attacks

As machine learning models become more powerful, it's crucial to secure them against specialized attacks. This field, known as Adversarial Machine Learning, focuses on understanding and defending against threats that target the ML pipeline.

Your approach to defense must be tailored to your specific setup, including the model type (e.g., computer vision, LLM), deployment mode (e.g., online API, on-device), and model exposure strategy (e.g., black-box with only API access vs. white-box where the attacker has the model file).

Here is a breakdown of the key toolkits and attack types you mentioned.

Adversarial ML Toolkits

These are open-source libraries used by both researchers and security teams to test a model's defenses by simulating attacks.

Adversarial Robustness Toolbox (ART)
An open-source Python library (originally from IBM) for ML security. It is a comprehensive toolkit that provides implementations for a wide variety of attacks (evasion, poisoning, extraction) and defenses, allowing developers to evaluate, defend, and certify their models.
PyRIT (Python Risk Identification Tool)
An open-source tool from Microsoft designed for AI "red teaming," particularly for Generative AI and Large Language Models (LLMs). It's used to find risks and vulnerabilities in AI systems by simulating adversarial probing and attacks.
CleverHans
An open-source Python library developed by researchers at Google and OpenAI. It's primarily an educational and benchmarking tool, providing reference implementations of common adversarial attacks (like FGSM) to help researchers build more robust models.

Relevant Types of Adversarial Attacks

Attacks are generally categorized by their goal and the stage of the ML pipeline they target.

1. Evasion Attacks
This is the most common type of attack, which happens at inference time (when the model is in production). The goal is to feed the model a specially crafted, malicious input that looks normal to a human but causes the model to make a wrong prediction (e.g., tricking a spam filter or fooling a self-driving car's stop sign recognition).
  • Fast Gradient Sign Method (FGSM): A classic "white-box" attack where the attacker uses the model's own gradient (how it learns) to find the quickest way to "push" the input just enough to cause a misclassification.
  • Carlini & Wagner (C&W): A more powerful and complex set of optimization-based attacks. They are highly effective at creating adversarial examples that are very hard for humans to notice while still fooling the model.
2. Poisoning Attacks
This attack happens during the training phase. The attacker "poisons" the training data by inserting a few malicious or mislabeled examples. The goal is to corrupt the final trained model, making it unreliable or creating a hidden "backdoor."
  • Label Flipping: The simplest poisoning attack. The attacker simply takes a few training examples and changes their labels (e.g., labeling pictures of "cats" as "dogs"). This can degrade the model's overall accuracy.
  • Backdoor Insertion: A more sinister attack. The attacker inserts data with a specific, secret "trigger" (like a small, unique pattern in an image or a specific phrase in text). The model Click "Continue" to proceed. trains normally, but it learns a secret rule: when it sees that trigger, it must output the attacker's desired (and incorrect) prediction.
3. Model Extraction Attacks
This attack targets the model's intellectual property. The goal is to "steal" a proprietary model, often by just repeatedly sending queries to its public API (black-box) and observing the outputs. By analyzing the inputs and outputs, the attacker can train a new "copycat" model that is functionally identical to the original, valuable model.
```

Tracking AI Failures: Key Databases and Repositories

Here is a breakdown of three major resources used for tracking AI-related problems. They all serve the crucial purpose of documenting AI failures, but they have slightly different focuses and target audiences.

1. AI Incident Database (AIID)

What it is:
The AI Incident Database is a public, open-source, and crowdsourced repository of "AI incidents" or harms. It is the primary, most well-known database for tracking real-world AI failures.
Purpose:
Its goal is to create a public record of AI-related failures, much like similar databases in aviation and computer security. By collecting and categorizing incidents where AI has caused real-world problems (like bias, safety failures, or privacy violations), researchers, developers, and policymakers can learn from past mistakes to prevent future ones.
Who it's for:
It is a critical resource for AI researchers, journalists, ethicists, and anyone looking to understand the real-world, documented harms caused by AI systems.

2. OECD AI Incidents and Hazards Monitor (AIM)

What it is:
This is an official evidence-based tool from the Organisation for Economic Co-operation and Development (OECD). It is part of the OECD.AI Policy Observatory.
Purpose:
The monitor documents both incidents (harms that have already happened) and hazards (potential future harms or risks). Its primary goal is to inform policymakers and regulators by helping them gain insights into AI risks, track patterns, and establish a common understanding of AI failures. It directly supports the OECD's AI Principles.
Who it's for:
It is primarily aimed at policymakers, government bodies, and international stakeholders who are developing AI governance and regulations.

3. AI Risk Repository

What it is:
This term is more generic and can refer to a couple of different projects:
  • The MITRE AI Risk Database: A tool focused on the AI supply chain. It tracks risks and vulnerabilities in publicly available, pre-built machine learning models.
  • The MIT AI Risk Repository: A database of types of AI risks (over 700) extracted from existing frameworks, categorized by their cause (e.g., human error) and domain (e.g., misinformation).
  • General Concept: In a corporate or governance context (like the NIST AI Risk Management Framework), an "AI risk repository" is often an internal database an organization builds to catalog and manage its own AI risks.

Securing Your Code: Understanding Software Supply Chain Risks

That's a critical point for any modern software project. This concept is known as "software supply chain security," and it's about securing the code you didn't write.

What Are Software Supply Chain Risks?

Almost every application today is built using open-source libraries and packages (e.g., from pip, npm, maven). A supply chain risk is the danger that one of these "dependencies" has a security flaw. When you use that library, you inherit its vulnerabilities, making your entire application vulnerable.

The Core Database

National Vulnerability Database (NVD)
This is the "master list." It's a U.S. government-run repository of all publicly known cybersecurity vulnerabilities. Each flaw is given a unique ID called a CVE (Common Vulnerabilities and Exposures). This database is what security tools check against to see if a piece of software is known to be vulnerable.

The Scanners (The Tools)

These tools automate the process of checking your project's dependencies against the NVD.

OWASP Dependency-Check
A free, open-source tool from the Open Web Application Security Project (OWASP). You run this "scanner" against your project. It identifies all your dependencies, checks them against the NVD, and generates a report listing any known vulnerabilities (CVEs).
GitHub Dependabot
This is an "automated assistant" built directly into GitHub. It goes one step further:
  1. It automatically scans your project's dependencies.
  2. When it finds a vulnerability, it automatically creates a "Pull Request" that updates the vulnerable library to a new, safe version.
  3. All you have to do is review the pull request, confirm it doesn't break your code, and merge it. It makes fixing security vulnerabilities nearly effortless.

You've hit on the crucial "action" part of any monitoring system. You don't just look at dashboards; you set up automated alerts for when those metrics cross a dangerous threshold.

The tools you mentioned are perfect examples of this:

  • Prometheus with Alertmanager: This is the de facto open-source standard for monitoring and alerting.

    • Prometheus: An open-source tool that collects and stores metrics (like CPU usage, latency, error rates) in a time-series database.
    • Alertmanager: A separate component that works with Prometheus. It's responsible for deduplicating, grouping, and routing alerts to the right place (like Slack, PagerDuty, or email).
    • "Predefined Conditions": In this stack, you write "alerting rules" in Prometheus (e.g., avg_model_latency_over_5m > 500ms). When this rule is true, Prometheus fires an alert, and Alertmanager delivers it.

  • CloudWatch Alarms: This is the AWS-native, fully managed equivalent.

    • CloudWatch: The service that automatically collects metrics from all your AWS resources.
    • CloudWatch Alarms: You create an "alarm" that watches a specific metric. You set the "predefined condition" (e.g., "average CPU utilization is > 80% for 10 minutes"). When that condition is met, the alarm triggers an action (like sending an email via SNS or auto-scaling your servers).

In both cases, you're moving from passive monitoring (looking at a graph) to active alerting (getting a notification), which is essential for a robust MLOps pipeline.

The Three Pillars of MLOps Monitoring

You've listed the three essential pillars of a successful MLOps monitoring strategy. Tracking all three is vital because they work together to give you a complete picture of your model's health and its business value.

1. Model Performance Metrics

  • What they are: These metrics measure the quality and efficiency of your model's predictions.
  • Examples: Accuracy, precision, recall, F1-score, (for classification); Mean Absolute Error (MAE), Root Mean Square Error (RMSE) (for regression); and latency (how long it takes to get a prediction).
  • Purpose: They answer the question, "Is the model good at its job?"

2. System Health Metrics

  • What they are: These are the traditional infrastructure metrics for the servers or containers running your model.
  • Examples: CPU usage, memory usage, disk I/O, network bandwidth, and GPU temperature/utilization (if applicable).
  • Purpose: They answer the question, "Is the infrastructure stable?" A model with 99% accuracy is useless if the server it runs on keeps crashing.

3. Business Metrics

  • What they are: These high-level metrics tie the model's performance directly to a business goal.
  • Examples: Number of predictions served, user click-through rate, error rates (as seen by the end-user), fraud detection rate, or the dollar value of transactions processed.
  • Purpose: They answer the most important question: "Is the model adding value?"

A complete monitoring dashboard integrates all three. For example, you might see that a drop in your business metric (e.g., fewer user clicks) is correlated with a drop in a model metric (e.g., accuracy) which was caused by a system metric (e.g., a memory leak causing slow response times).

What is Deepchecks? An MLOps Tool for ML Validation

Deepchecks is an open-source Python framework for testing and validating your machine learning models and data.

Think of it as a comprehensive "QA" or "testing" library specifically designed for the ML lifecycle. It helps you find potential problems before they get to production.

Key Capabilities

  • Data Integrity: Checking for issues like duplicate data, conflicting labels, or improper string formats.
  • Train-Test Validation: Checking for problems between your training and testing datasets, such as data drift (distribution mismatches) or data leakage (when information from the test set accidentally bleeds into the training set).
  • Model Evaluation: Going beyond simple accuracy to find "weak segments" where your model underperforms (e.g., it's good at predicting for adults but fails for children).

How it Fits in MLOps

Deepchecks is designed to be used at all stages of the MLOps pipeline:

  1. During Research: A data scientist can use it in a notebook to validate new data and check a model's performance on weak spots.
  2. In CI/CD (Testing): It can be built into your automated testing pipeline (like GitHub Actions) to act as a "gate." For example, it can automatically run a "train-test validation" suite, and if it detects significant drift, it will fail the test and prevent the bad model from being deployed.
  3. In Production (Monitoring): Like EvidentlyAI, it also has a monitoring component to track and validate the behavior of your live model over time.

In short, while tools like Great Expectations are primarily focused on data quality, Deepchecks provides a more holistic set of tests for both the data and the model's performance throughout the entire development and production lifecycle.

Comments

Post a Comment

Popular posts from this blog

Legal issues in the IT field

Key IT Laws in Sri Lanka 1. Electronic Transactions Act, No. 19 of 2006 (Amended 2017) Legalizes electronic contracts, digital signatures, and electronic documents, giving them the same legal status as paper-based documents. The 2017 amendment expands the scope to include biometric authentication and strengthens provisions for cross-border e‑commerce facilitation. 2. Computer Crimes Act, No. 24 of 2007 Criminalizes offenses such as unauthorized access to systems, data interception, and the disclosure of passwords. This law forms the backbone of cybercrime enforcement in Sri Lanka. 3. Intellectual Property Act, No. 36 of 2003 Protects creative and technological works, including software, trade secrets, and integrated circuits. It ensures protection through copyright, trademarks, and patents—essential for safeguarding digital innovation. 4. Payment and Settlement Systems Act, No. 28 of 2005 Empowers the Central Bank to regulate electronic payment systems and ensure the sa...
Read more
Common Mistakes in Research Papers – Insights from a Journal Editor Common Mistakes in Research Papers – Insights from a Journal Editor As someone who regularly reads research manuscripts and reviewer reports, I have noticed certain mistakes that frequently appear in submissions—regardless of the author’s discipline or experience level. These issues not only reduce the quality of a paper but also lower its chances of being accepted. In this post, I want to share some of the most common mistakes authors make in their research writing, how to avoid them, and best practices for writing clear, strong, and publishable academic work. 1. Use Clear, Concise Language Avoid unnecessary adjectives and adverbs. Phrases like “this study rigorously investigates” are redundant. The expectation is that your research is rigorous. Stick to factual, straightforward language. Avoid vague expressions. Terms like “our understanding” are too...
Read more

Recent legal issues

Image
Parents of teenager who took his own life sue OpenAI Source: BBC The family included chat logs between Adam, who died in April, and ChatGPT that show him explaining he has suicidal thoughts. They argue the programme validated his "most harmful and self-destructive thoughts". In a statement, OpenAI told the BBC it was reviewing the filing. "We extend our deepest sympathies to the Raine family during this difficult time," the company said. Japanese police apologise at grave of wrongfully accused man Source: BBC Japanese authorities bowed and offered flowers at the grave of a businessman to apologise for wrongfully charging him with exporting potentially sensitive industrial machines. Shizuo Aishima and three other executives were arrested for illegal exports in March 2020. He died of stomach cancer in February 2021, five months before the indictments were dropped. Indian media pile into lawsuit against OpenAI chatbot C...
Read more