Test-Time Adaptation and Adversarial Robustness

1 Jan 2021  ·  Xi Wu, Yang Guo, Tianqi Li, Jiefeng Chen, Qicheng Lao, YIngyu Liang, Somesh Jha ·

This paper studies test-time adaptation in the context of adversarial robustness. We first formulate an adversarial threat model for test-time adaptation, where the defender may have a unique advantage as the adversarial game becomes a maximin game, instead of a minimax game as in the classic adversarial robustness threat model. We then study whether the maximin threat model admits more ``good solutions'' than the minimax threat model, and is thus \emph{strictly weaker}. On the positive side, we show that, if one is allowed to access the training data, then Domain Adversarial Neural Networks (${\sf DANN}$), an algorithm designed for unsupervised domain adaptation, can provide nontrivial robustness in the test-time maximin threat model against strong transfer attacks and adaptive fixed point attacks. This is somewhat surprising since ${\sf DANN}$ is not designed specifically for adversarial robustness (e.g. against norm-based attacks), and provides no robustness in the minimax model. On the negative side, we show that recent data-oblivious test-time adaptations, in contrast to ${\sf DANN}$, can be easily attacked. We take a step to discuss moving towards adversarially robust test-time adaptation and examine its various implications.

PDF Abstract


Results from the Paper

  Submit results from this paper to get state-of-the-art GitHub badges and help the community compare results to other papers.


No methods listed for this paper. Add relevant methods here