SLIDE 1
Adversarial Domain Adaptation and Adversarial Robustness Judy - - PowerPoint PPT Presentation
Adversarial Domain Adaptation and Adversarial Robustness Judy - - PowerPoint PPT Presentation
Adversarial Domain Adaptation and Adversarial Robustness Judy Hoffman + = Big Deep success data learning Benchmark Performance 100 95 Accuracy 90 85 Millions of Images 80 Deep models 75 Challenge to recognize 1000
SLIDE 2
SLIDE 3
Accuracy
70 75 80 85 90 95 100 2010 2011 2012 2013 2014 2015 2016 2017
Benchmark Performance
Deep models
Millions of Images Challenge to recognize 1000 categories
SLIDE 4
Test Image
?
Deep Model
Dataset Bias
SLIDE 5
Test Image
?
Deep Model
Dataset Bias
SLIDE 6
Test Image
?
Deep Model
Dataset Bias
Dog is not recognized
SLIDE 7
Dataset Bias
SLIDE 8
Low resolution
Dataset Bias
SLIDE 9
Low resolution Motion Blur
Dataset Bias
SLIDE 10
Low resolution Motion Blur Pose Variety
Dataset Bias
SLIDE 11
Why not collect new annotations?
SLIDE 12
Why not collect new annotations?
Car Road Sidewalk Person Sky Vegetation Street Sign Building
SLIDE 13
Why not collect new annotations?
Car Road Sidewalk Person Sky Vegetation Street Sign Building
Expensive
($10-12 per image)
SLIDE 14
Why not collect new annotations?
Large Potential for Change
Different: Weather, City, Car
Car Road Sidewalk Person Sky Vegetation Street Sign Building
Expensive
($10-12 per image)
SLIDE 15
Why not collect new annotations?
Proprietary Private
SLIDE 16
Domain Adaptation: Train on Source Test on Target
Target Domain unlabeled or limited labels
∼ PT (XT , YT )
Source Domain lots of labeled data
∼ PS(XS, YS)
Adapt
SLIDE 17
Adversarial Domain Adaptation
Ganin & Lempinsky, ICML 2015. Tzeng*, Hoffman*, Saenko, Darrell, ICCV 2015. Tzeng, Hoffman, Saenko, Darrell. CVPR 2017.
bottle
Classifier Source Data
xs ys
Source CNN
Source feature vector
SLIDE 18
Adversarial Domain Adaptation
Target Data
Ganin & Lempinsky, ICML 2015. Tzeng*, Hoffman*, Saenko, Darrell, ICCV 2015. Tzeng, Hoffman, Saenko, Darrell. CVPR 2017.
bottle
Classifier Source Data
xs xt ys
Source CNN Target CNN
Source feature vector Target feature vector
SLIDE 19
Adversarial Domain Adaptation
Target Data
Ganin & Lempinsky, ICML 2015. Tzeng*, Hoffman*, Saenko, Darrell, ICCV 2015. Tzeng, Hoffman, Saenko, Darrell. CVPR 2017.
bottle
Classifier Source Data
xs xt ys
Minimize Discrepancy
Source CNN Target CNN
Source feature vector Target feature vector
SLIDE 20
Adversarial Domain Adaptation
Target Data
Ganin & Lempinsky, ICML 2015. Tzeng*, Hoffman*, Saenko, Darrell, ICCV 2015. Tzeng, Hoffman, Saenko, Darrell. CVPR 2017.
bottle
Classifier Source Data
xs xt ys
Minimize Discrepancy
Source CNN Target CNN
Domain Classifier Source feature vector Target feature vector
SLIDE 21
Adversarial Domain Adaptation
Target Data
Ganin & Lempinsky, ICML 2015. Tzeng*, Hoffman*, Saenko, Darrell, ICCV 2015. Tzeng, Hoffman, Saenko, Darrell. CVPR 2017.
bottle
Classifier Source Data
xs xt ys
Minimize Discrepancy
Source CNN Target CNN
Domain Classifier Adversarial Loss Source feature vector Target feature vector
SLIDE 22
Adversarial Domain Adaptation
bottle
Classifier Source Data Target Data
ys
Minimize Discrepancy
Source CNN
Domain Classifier Adversarial Loss Liu 2016. Taigman 2016. Bousmalis 2017. Liu 2017. Kim 2017. Sankaranarayanan 2018. Hoffman 2018.
SLIDE 23
CyCADA: Cycle Consistent Adversarial DA
Source Data Reconstructed Source Data Target Data Semantically Consistent Cycle Consistent
Domain Adversarial Source to Target Target to Source
Hoffman et.al. ICML 2018
SLIDE 24
Synthetic to Real Pixel Adaptation
CityScapes (Germany) Train Test GTA (synthetic)
Hoffman et.al. ICML 2018
SLIDE 25
Synthetic to Real Pixel Adaptation
Hoffman et.al. ICML 2018
SLIDE 26
Synthetic to Real Pixel Adaptation
Hoffman et.al. ICML 2018
SLIDE 27
Synthetic to Real Pixel Adaptation
Zhu*, Park*, Isola, Efros. ICCV 2017.
SLIDE 28
Synthetic to Real Pixel Adaptation
Zhu*, Park*, Isola, Efros. ICCV 2017.
SLIDE 29
CyCADA Results: CityScapes Evaluation
CityScapes Image Ground Truth Before Adaptation After Adaptation
Car Road Sidewalk Person Sky Vegetation Street Sign Building Hoffman et.al. ICML 2018
SLIDE 30
CityScapes Image Ground Truth Before Adaptation After Adaptation
Car Road Sidewalk Person Sky Vegetation Street Sign Building Hoffman et.al. ICML 2018
CyCADA Results: CityScapes Evaluation
SLIDE 31
CityScapes Image Ground Truth Before Adaptation After Adaptation
Car Road Sidewalk Person Sky Vegetation Street Sign Building Hoffman et.al. ICML 2018
CyCADA Results: CityScapes Evaluation
SLIDE 32
So Far: Adapting to Natural Shifts
Adapt
SLIDE 33
So Far: Adapting to Natural Shifts
Adapt
SLIDE 34
What about adversarial shifts?
SLIDE 35
Adversarial Examples
Goodfellow et al. ICLR 2015.
+ .007 ⇥ = x sign(rxJ(θ, x, y)) x + ✏sign(rxJ(θ, x, y)) “panda” “nematode” “gibbon” 57.7% confidence 8.2% confidence 99.3 % confidence
SLIDE 36
Visualize Perturbation Space
SLIDE 37
Visualize Perturbation Space
Training point 28 28
SLIDE 38
Visualize Perturbation Space
Training point 28 28 784 Vectorize
SLIDE 39
Visualize Perturbation Space
Training point 28 28 784 Vectorize Project onto random 2D
- rthonormal basis
SLIDE 40
Visualize Perturbation Space
Training point Sweep over a grid of perturbations 28 28 784 Vectorize Project onto random 2D
- rthonormal basis
SLIDE 41
Visualize Perturbation Space
Training point Sweep over a grid of perturbations 28 28 784 Vectorize Project onto random 2D
- rthonormal basis
Perturbed Image
SLIDE 42
Visualize Perturbation Space
Training point Sweep over a grid of perturbations 28 28 784 Vectorize Project onto random 2D
- rthonormal basis
Model Score Perturbed Image
SLIDE 43
MNIST LeNet Decisions Around Training Point
SLIDE 44
MNIST LeNet Decisions Around Training Point
Training Data Point
SLIDE 45
MNIST LeNet Decisions Around Training Point
Training Data Point
SLIDE 46
MNIST LeNet Decisions Around Training Point
Training Data Point
Non-smooth Decision Boundary
SLIDE 47
MNIST LeNet Decisions Around Training Point
Training Data Point
Non-smooth Decision Boundary Small perturbations lead to new outputs
SLIDE 48
MNIST LeNet with L2 Regularization
Smooth Decision Boundary Small perturbations lead to new outputs
SLIDE 49
MNIST LeNet with L2 Regularization
Smooth Decision Boundary Small perturbations lead to new outputs
SLIDE 50
Jacobian Regularization
bottle
Classifier
xs
ys
score vector
zs
Hoffman, Roberts, Yaida, In submission, 2019.
SLIDE 51
Jacobian Regularization
bottle
Classifier
xs
ys
score vector
zs Jc,i = ∂zc ∂xi
Input-output Jacobian matrix
Hoffman, Roberts, Yaida, In submission, 2019.
SLIDE 52
Jacobian Regularization
bottle
Classifier
xs
ys
score vector
zs Jc,i = ∂zc ∂xi
Input-output Jacobian matrix Minimize Frobenius Norm
||J||2
F
Hoffman, Roberts, Yaida, In submission, 2019.
SLIDE 53
MNIST LeNet with Jacobian Regularization
Mostly Smooth Decision Boundary Larger perturbations needed to lead to new outputs
SLIDE 54
MNIST LeNet with Jacobian Regularization
Mostly Smooth Decision Boundary Larger perturbations needed to lead to new outputs
SLIDE 55
Decision Boundary Comparison
No Regularization L2 Regularization Jacobian Regularization
Hoffman, Roberts, Yaida, In submission, 2019.
SLIDE 56
Robustness to Random Perturbations
MNIST LeNet Model
Hoffman, Roberts, Yaida, In submission, 2019.
SLIDE 57
Robustness to Adversarial Perturbations
Hoffman, Roberts, Yaida, In submission, 2019.
SLIDE 58
Next Steps
Jacobian regularizer as unsupervised adaptive loss? Adaptation to an adversarial domain?
Domain Adaptation Adversarial Robustness
SLIDE 59
Thank you
Taesung Park UC Berkeley Eric Tzeng UC Berkeley Jun-Yan Zhu MIT Dan Roberts Diffeo Phil Isola MIT Kate Saenko Boston University Trevor Darrell UC Berkeley Alyosha Efros UC Berkeley Sho Yaida FAIR
SLIDE 60
Judy Hoffman judyhoffman.io