DART: A Principled Approach to Adversarially Robust Unsupervised Domain Adaptation

• URL: http://arxiv.org/abs/2402.11120v1
• Date: Fri, 16 Feb 2024 22:48:38 GMT
• Title: DART: A Principled Approach to Adversarially Robust Unsupervised Domain Adaptation
• Authors: Yunjuan Wang, Hussein Hazimeh, Natalia Ponomareva, Alexey Kurakin, Ibrahim Hammoud, Raman Arora
• Abstract summary: We develop a novel unified defense framework called Divergence Aware adveRsarial Training (DART) DART is applicable to general threat models, including the popular $ell_p$-norm model. We also release DomainRobust: a testbed for evaluating robustness of UDA models to adversarial attacks.
• Score: 27.574908007114015
• License: http://creativecommons.org/licenses/by/4.0/
• Abstract: Distribution shifts and adversarial examples are two major challenges for deploying machine learning models. While these challenges have been studied individually, their combination is an important topic that remains relatively under-explored. In this work, we study the problem of adversarial robustness under a common setting of distribution shift - unsupervised domain adaptation (UDA). Specifically, given a labeled source domain $D_S$ and an unlabeled target domain $D_T$ with related but different distributions, the goal is to obtain an adversarially robust model for $D_T$. The absence of target domain labels poses a unique challenge, as conventional adversarial robustness defenses cannot be directly applied to $D_T$. To address this challenge, we first establish a generalization bound for the adversarial target loss, which consists of (i) terms related to the loss on the data, and (ii) a measure of worst-case domain divergence. Motivated by this bound, we develop a novel unified defense framework called Divergence Aware adveRsarial Training (DART), which can be used in conjunction with a variety of standard UDA methods; e.g., DANN [Ganin and Lempitsky, 2015]. DART is applicable to general threat models, including the popular $\ell_p$-norm model, and does not require heuristic regularizers or architectural changes. We also release DomainRobust: a testbed for evaluating robustness of UDA models to adversarial attacks. DomainRobust consists of 4 multi-domain benchmark datasets (with 46 source-target pairs) and 7 meta-algorithms with a total of 11 variants. Our large-scale experiments demonstrate that on average, DART significantly enhances model robustness on all benchmarks compared to the state of the art, while maintaining competitive standard accuracy. The relative improvement in robustness from DART reaches up to 29.2% on the source-target domain pairs considered.

Related papers

• DRIVE: Dual-Robustness via Information Variability and Entropic Consistency in Source-Free Unsupervised Domain Adaptation [10.127634263641877]
  Adapting machine learning models to new domains without labeled data is a critical challenge in applications like medical imaging, autonomous driving, and remote sensing. This task, known as Source-Free Unsupervised Domain Adaptation (SFUDA), involves adapting a pre-trained model to a target domain using only unlabeled target data. Existing SFUDA methods often rely on single-model architectures, struggling with uncertainty and variability in the target domain. We propose DRIVE, a novel SFUDA framework leveraging a dual-model architecture. The two models, with identical weights, work in parallel to capture diverse target domain characteristics.
  arXiv  Detail & Related papers  (2024-11-24T20:35:04Z)
• DACAD: Domain Adaptation Contrastive Learning for Anomaly Detection in Multivariate Time Series [61.91288852233078]
  In time series anomaly detection, the scarcity of labeled data poses a challenge to the development of accurate models.<n>We propose a novel Domain Contrastive learning model for Anomaly Detection in time series (DACAD)<n>Our model employs supervised contrastive loss for the source domain and self-supervised contrastive triplet loss for the target domain.
  arXiv  Detail & Related papers  (2024-04-17T11:20:14Z)
• Make the U in UDA Matter: Invariant Consistency Learning for Unsupervised Domain Adaptation [86.61336696914447]
  We dub our approach "Invariant CONsistency learning" (ICON) We propose to make the U in Unsupervised DA matter by giving equal status to the two domains. ICON achieves the state-of-the-art performance on the classic UDA benchmarks: Office-Home and VisDA-2017, and outperforms all the conventional methods on the challenging WILDS 2.0 benchmark.
  arXiv  Detail & Related papers  (2023-09-22T09:43:32Z)
• Alternating Objectives Generates Stronger PGD-Based Adversarial Attacks [78.2700757742992]
  Projected Gradient Descent (PGD) is one of the most effective and conceptually simple algorithms to generate such adversaries. We experimentally verify this assertion on a synthetic-data example and by evaluating our proposed method across 25 different $ell_infty$-robust models and 3 datasets. Our strongest adversarial attack outperforms all of the white-box components of AutoAttack ensemble.
  arXiv  Detail & Related papers  (2022-12-15T17:44:31Z)
• IT-RUDA: Information Theory Assisted Robust Unsupervised Domain Adaptation [7.225445443960775]
  Distribution shift between train (source) and test (target) datasets is a common problem encountered in machine learning applications. UDA technique carries out knowledge transfer from a label-rich source domain to an unlabeled target domain. Outliers that exist in either source or target datasets can introduce additional challenges when using UDA in practice.
  arXiv  Detail & Related papers  (2022-10-24T04:33:52Z)
• Domain Adaptive Person Search [20.442648584402917]
  We present Domain Adaptive Person Search (DAPS), which aims to generalize the model from a labeled source domain to the unlabeled target domain. We show that our framework achieves 34.7% in mAP and 80.6% in top-1 on PRW dataset.
  arXiv  Detail & Related papers  (2022-07-25T04:02:39Z)
• Exploring Adversarially Robust Training for Unsupervised Domain Adaptation [71.94264837503135]
  Unsupervised Domain Adaptation (UDA) methods aim to transfer knowledge from a labeled source domain to an unlabeled target domain. This paper explores how to enhance the unlabeled data robustness via AT while learning domain-invariant features for UDA. We propose a novel Adversarially Robust Training method for UDA accordingly, referred to as ARTUDA.
  arXiv  Detail & Related papers  (2022-02-18T17:05:19Z)
• Unsupervised and self-adaptative techniques for cross-domain person re-identification [82.54691433502335]
  Person Re-Identification (ReID) across non-overlapping cameras is a challenging task. Unsupervised Domain Adaptation (UDA) is a promising alternative, as it performs feature-learning adaptation from a model trained on a source to a target domain without identity-label annotation. In this paper, we propose a novel UDA-based ReID method that takes advantage of triplets of samples created by a new offline strategy.
  arXiv  Detail & Related papers  (2021-03-21T23:58:39Z)
• Robustified Domain Adaptation [13.14535125302501]
  Unsupervised domain adaptation (UDA) is widely used to transfer knowledge from a labeled source domain to an unlabeled target domain. The inevitable domain distribution deviation in UDA is a critical barrier to model robustness on the target domain. We propose a novel Class-consistent Unsupervised Domain Adaptation (CURDA) framework for training robust UDA models.
  arXiv  Detail & Related papers  (2020-11-18T22:21:54Z)
• Deep Co-Training with Task Decomposition for Semi-Supervised Domain Adaptation [80.55236691733506]
  Semi-supervised domain adaptation (SSDA) aims to adapt models trained from a labeled source domain to a different but related target domain. We propose to explicitly decompose the SSDA task into two sub-tasks: a semi-supervised learning (SSL) task in the target domain and an unsupervised domain adaptation (UDA) task across domains.
  arXiv  Detail & Related papers  (2020-07-24T17:57:54Z)
• Uncertainty-Aware Consistency Regularization for Cross-Domain Semantic Segmentation [63.75774438196315]
  Unsupervised domain adaptation (UDA) aims to adapt existing models of the source domain to a new target domain with only unlabeled data. Most existing methods suffer from noticeable negative transfer resulting from either the error-prone discriminator network or the unreasonable teacher model. We propose an uncertainty-aware consistency regularization method for cross-domain semantic segmentation.
  arXiv  Detail & Related papers  (2020-04-19T15:30:26Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.