AdaptGuard: Defending Against Universal Attacks for Model Adaptation

TL;DR

This paper introduces AdaptGuard, a plug-and-play framework that enhances the security of model adaptation against universal adversarial and backdoor attacks, ensuring robustness without needing robust source models.

Contribution

AdaptGuard is a novel, easy-to-integrate method that defends against universal attacks during model adaptation without requiring changes to existing algorithms or robust source models.

Findings

Effectively defends against universal attacks in model adaptation

Maintains high accuracy on clean target data

Validated on multiple datasets and adaptation methods

Abstract

Model adaptation aims at solving the domain transfer problem under the constraint of only accessing the pretrained source models. With the increasing considerations of data privacy and transmission efficiency, this paradigm has been gaining recent popularity. This paper studies the vulnerability to universal attacks transferred from the source domain during model adaptation algorithms due to the existence of malicious providers. We explore both universal adversarial perturbations and backdoor attacks as loopholes on the source side and discover that they still survive in the target models after adaptation. To address this issue, we propose a model preprocessing framework, named AdaptGuard, to improve the security of model adaptation algorithms. AdaptGuard avoids direct use of the risky source parameters through knowledge distillation and utilizes the pseudo adversarial samples under adjusted radius to enhance the robustness. AdaptGuard is a plug-and-play module that requires neither robust pretrained models nor any changes for the following model adaptation algorithms. Extensive results on three commonly used datasets and two popular adaptation methods validate that AdaptGuard can effectively defend against universal attacks and maintain clean accuracy in the target domain simultaneously. We hope this research will shed light on the safety and robustness of transfer learning. Code is available at https://github.com/TomSheng21/AdaptGuard.