Skip to main content

An Adversarial Training Method for Improving Model Robustness in Unsupervised Domain Adaptation

  • Conference paper
  • First Online:
Knowledge Science, Engineering and Management (KSEM 2021)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 12817))

Abstract

The easily-perturbed nature of deep neural network makes it vulnerable to adversarial attacks, and such vulnerability has become a major threat to the security of machine learning. The transferability of adversarial samples further increases the threat. Adversarial training has made considerable progress in defending against adversarial samples. In transfer learning, unsupervised domain adaptation is an important research branch, however, due to the label of the target domain samples can’t be obtained, it is difficult to implement adversarial training. In this paper, we found that using source domain data for adversarial training and adding the generated adversarial perturbation to the target domain data could effectively enhance the robustness of the transferred model. Experimental results showed that our proposed method can not only ensure the model’s classification accuracy, but also greatly improve the model’s defense performance against adversarial attacks. In simple, our proposed method not only guarantees the transfer of knowledge, but also realizes the transfer of model robustness. It is the main contribution of this paper.

This work has been supported by the Open Foundation of Key Laboratory in Software Engineering of Yunnan Province under Grant No. 2020SE305.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

References

  1. Szegedy, C., et al.: Intriguing properties of neural networks. arXiv preprint arXiv:1312.6199 (2013)

  2. Szegedy, C., et al.: Going deeper with convolutions. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1–9 (2015)

    Google Scholar 

  3. Shafahi, A., et al.: Adversarially robust transfer learning. arXiv preprint arXiv:1905.08232 (2019)

  4. Goodfellow, I.J., Shlens, J., Szegedy, C.: Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014)

  5. Su, J., Vargas, D.V., Sakurai, K.: One pixel attack for fooling deep neural networks. IEEE Trans. Evol. Comput. 23(5), 828–841 (2019)

    Article  Google Scholar 

  6. Moosavi-Dezfooli, S.-M., Fawzi, A., Fawzi, O., Frossard, P.: Universal adversarial perturbations. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 1765–1773 (2017)

    Google Scholar 

  7. Qiu, H., Dong, T., Zhang, T., Lu, J., Memmi, G., Qiu, M.: Adversarial attacks against network intrusion detection in IoT systems. IEEE Internet Things J. (2020)

    Google Scholar 

  8. Madry, A., Makelov, A., Schmidt, L., Tsipras, D., Vladu, A.: Towards deep learning models resistant to adversarial attacks. arXiv preprint arXiv:1706.06083 (2017)

  9. Kurakin, A., Goodfellow, I., Bengio, S., et al.: Adversarial examples in the physical world (2016)

    Google Scholar 

  10. Carlini, N., Wagner, D.: Towards evaluating the robustness of neural networks. In: 2017 IEEE symposium on security and privacy (SP), pp. 39–57. IEEE (2017)

    Google Scholar 

  11. Shafahi, A., et al.: Adversarial training for free! arXiv preprint arXiv:1904.12843 (2019)

  12. Zhang, D., Zhang, T., Lu, Y., Zhu, Z., Dong, B.: You only propagate once: accelerating adversarial training via maximal principle. arXiv preprint arXiv:1905.00877 (2019)

  13. Wong, E., Rice, L., Kolter, J.Z.: Fast is better than free: revisiting adversarial training. arXiv preprint arXiv:2001.03994 (2020)

  14. Andriushchenko, M., Flammarion, N.: Understanding and improving fast adversarial training. arXiv preprint arXiv:2007.02617 (2020)

  15. Zeng, Y., Qiu, H., Memmi, G., Qiu, M.: A data augmentation-based defense method against adversarial attacks in neural networks. In: Qiu, M. (ed.) ICA3PP 2020. LNCS, vol. 12453, pp. 274–289. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-60239-0_19

    Chapter  Google Scholar 

  16. Saito, K., Watanabe, K., Ushiku, Y., Harada, T.: Maximum classifier discrepancy for unsupervised domain adaptation. In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, pp. 3723–3732 (2018)

    Google Scholar 

  17. Li, Y., Song, Y., Jia, L., Gao, S., Li, Q., Qiu, M.: Intelligent fault diagnosis by fusing domain adversarial training and maximum mean discrepancy via ensemble learning. IEEE Trans. Ind. Inf. 17, 2833–2841 (2020)

    Article  Google Scholar 

  18. Zhou, W., et al.: Transferable adversarial perturbations. In: Proceedings of the European Conference on Computer Vision (ECCV), pp. 452–467 (2018)

    Google Scholar 

  19. Netzer, Y., Wang, T., Coates, A., Bissacco, A., Wu, B., Ng, A.Y.: Reading digits in natural images with unsupervised feature learning (2011)

    Google Scholar 

  20. LeCun, Y.: The MNIST database of handwritten digits (1998). http://yann.lecun.com/exdb/mnist/

  21. Moiseev, B., Konev, A., Chigorin, A., Konushin, A.: Evaluation of traffic sign recognition methods trained on synthetically generated data. In: Blanc-Talon, J., Kasinski, A., Philips, W., Popescu, D., Scheunders, P. (eds.) ACIVS 2013. LNCS, vol. 8192, pp. 576–583. Springer, Cham (2013). https://doi.org/10.1007/978-3-319-02895-8_52

    Chapter  Google Scholar 

  22. Stallkamp, J., Schlipsing, M., Salmen, J., Igel, C.: The German traffic sign recognition benchmark: a multi-class classification competition. In: The 2011 International Joint Conference on Neural Networks, pp. 1453–1460. IEEE (2011)

    Google Scholar 

  23. Dong, Y. Deng, Z., Pang, T., Su, H., Zhu, J.: Adversarial distributional training for robust deep learning. arXiv preprint arXiv:2002.05999 (2020)

  24. Tramèr, F., Kurakin, A., Papernot, N., Goodfellow, I., Boneh, D., McDaniel, P.: Ensemble adversarial training: attacks and defenses. arXiv preprint arXiv:1705.07204 (2017)

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Ying Lin .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Nie, Z., Lin, Y., Yan, M., Cao, Y., Ning, S. (2021). An Adversarial Training Method for Improving Model Robustness in Unsupervised Domain Adaptation. In: Qiu, H., Zhang, C., Fei, Z., Qiu, M., Kung, SY. (eds) Knowledge Science, Engineering and Management. KSEM 2021. Lecture Notes in Computer Science(), vol 12817. Springer, Cham. https://doi.org/10.1007/978-3-030-82153-1_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-82153-1_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-82152-4

  • Online ISBN: 978-3-030-82153-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics