Robustness of Unsupervised Representation Learning without Labels

TL;DR

This paper introduces a family of label-free, model- and task-agnostic measures for evaluating the robustness of unsupervised representation encoders, and demonstrates that adversarial training enhances their robustness significantly.

Contribution

It proposes novel unsupervised robustness metrics and extends adversarial attacks for unsupervised models, providing new tools for robustness evaluation and training.

Findings

None of the evaluated encoders dominates in robustness.

Adversarial training improves unsupervised robustness measures.

Certified robustness and accuracy are significantly increased with adversarial training.

Abstract

Unsupervised representation learning leverages large unlabeled datasets and is competitive with supervised learning. But non-robust encoders may affect downstream task robustness. Recently, robust representation encoders have become of interest. Still, all prior work evaluates robustness using a downstream classification task. Instead, we propose a family of unsupervised robustness measures, which are model- and task-agnostic and label-free. We benchmark state-of-the-art representation encoders and show that none dominates the rest. We offer unsupervised extensions to the FGSM and PGD attacks. When used in adversarial training, they improve most unsupervised robustness measures, including certified robustness. We validate our results against a linear probe and show that, for MOCOv2, adversarial training results in 3 times higher certified accuracy, a 2-fold decrease in impersonation attack success rate and considerable improvements in certified robustness.