Summary of Dart: a Principled Approach to Adversarially Robust Unsupervised Domain Adaptation, by Yunjuan Wang et al.
DART: A Principled Approach to Adversarially Robust Unsupervised Domain Adaptation
by Yunjuan Wang, Hussein Hazimeh, Natalia Ponomareva, Alexey Kurakin, Ibrahim Hammoud, Raman Arora
First submitted to arxiv on: 16 Feb 2024
Categories
- Main: Machine Learning (cs.LG)
- Secondary: Computer Vision and Pattern Recognition (cs.CV); Machine Learning (stat.ML)
GrooveSquid.com Paper Summaries
GrooveSquid.com’s goal is to make artificial intelligence research accessible by summarizing AI papers in simpler terms. Each summary below covers the same AI paper, written at different levels of difficulty. The medium difficulty and low difficulty versions are original summaries written by GrooveSquid.com, while the high difficulty version is the paper’s original abstract. Feel free to learn from the version that suits you best!
| Summary difficulty | Written by | Summary |
|---|---|---|
| High | Paper authors | High Difficulty Summary Read the original abstract here |
| Medium | GrooveSquid.com (original content) | Medium Difficulty Summary A novel approach to ensure the reliability of machine learning models when deployed in real-world scenarios is proposed in this paper. The authors focus on addressing the challenges posed by distribution shifts and adversarial examples, which are two major obstacles for deploying ML models. Specifically, they study the problem of adversarial robustness under unsupervised domain adaptation (UDA), where a labeled source domain and an unlabeled target domain with different distributions are given. The goal is to obtain an adversarially robust model for the target domain, while conventional defenses cannot be directly applied due to the absence of target domain labels. To address this challenge, the authors establish a generalization bound for the adversarial target loss and develop a novel defense framework called Divergence Aware adveRsarial Training (DART). This framework can be used in conjunction with various standard UDA methods and is applicable to general threat models. The authors also release DomainRobust: a testbed for evaluating the robustness of UDA models to adversarial attacks, which consists of 4 benchmark datasets and 7 meta-algorithms. Experimental results show that DART significantly enhances model robustness on all benchmarks compared to the state-of-the-art, while maintaining competitive standard accuracy. |
| Low | GrooveSquid.com (original content) | Low Difficulty Summary Machine learning models are not always reliable in real-world scenarios because they can be tricked by distribution shifts or adversarial examples. This paper tries to solve this problem by making sure the model is good even when the data changes. They do this by using a special kind of training called domain adaptation, where we use some labeled data and some new, different data to make the model work well on both. But there’s a catch – usually, we can’t get any labels for the new data! So, they developed a new way to train the model that works even without those labels. They call it DART (Divergence Aware adveRsarial Training). This new method is really good at making sure the model doesn’t get tricked by the changes in the data. The authors also made some special test cases for people who want to try out this new way of training their models. |
Keywords
* Artificial intelligence * Domain adaptation * Generalization * Machine learning * Unsupervised
