Interpretation of Adversarial Attack on Unsupervised Domain Adaptation

Abstract

Recent advances in deep neural networks has accelerated the process of automation in several fields like image processing, object detection, segmentation tasks and many more. Though, it has been also proved that these deep neural networks or deep CNNs need large scale dataset to be trained on to produce desired output. Supplying huge dataset often becomes difficult for many fields. Domain adaptation is supposed to be a possible way to cope with this problem of large data requirement as it allows model to gain experience from one large source dataset during training and exploit that experience during working with any smaller, related but technically different dataset. But the threat remains when the concept of adversarial machine learning strikes. Like many other deep learning models, adaptive models seem to be vulnerable to adversarial attacks. We target to analysis how these attack techniques from adversarial machine learning affect unsupervised adaptive models’ performance for two related but structurally different dataset like MNIST and MNISTM. We used three different attack techniques called FGSM, MIFGSM and PGD for the experiment. Experiments show the deadly effect of these attack techniques on both of the baseline and adaptive models where adaptive model seem to be more vulnerable than the baseline non-adaptive model.