State-of-the-art deep neural networks (DNNs) have been proved to have excellent performance on unsupervised domain adaption (UDA). However, recent work shows that DNNs perform poorly when being attacked by adversarial samples, where these attacks are implemented by simply adding small disturbances to the original images. Although plenty of work has focused on this, as far as we know, there is no systematic research on the robustness of unsupervised domain adaption model. Hence, we discuss the robustness of unsupervised domain adaption against adversarial attacking for the first time. We benchmark various settings of adversarial attack and defense in domain adaption, and propose a cross domain attack method based on pseudo label. Most importantly, we analyze the impact of different datasets, models, attack methods and defense methods. Directly, our work proves the limited robustness of unsupervised domain adaptation model, and we hope our work may facilitate the community to pay more attention to improve the robustness of the model against attacking.
翻译:然而,最近的工作表明,DNN在受到对抗性样品攻击时表现不佳,这些攻击只是通过在原始图像中添加小扰动来实施。尽管在这方面已经做了大量工作,但据我们所知,对于未受监督的域适应模型的稳健性并没有进行系统的研究。因此,我们第一次讨论了未经监督的域对对抗性攻击的适配性。我们为域内对抗性攻击和防御的各种环境设定了基准,并提出了一种以假标签为基础的跨域攻击方法。最重要的是,我们分析了不同数据集、模型、攻击方法和防御方法的影响。直接地说,我们的工作证明,未经监督的域适应模型的稳健性有限,我们希望我们的工作能够促进社会更加注意改进反对攻击的模式的稳健性。