Revealing Task-Relevant Model Memorization for Source-Protected Unsupervised Domain Adaptation

Baoyao Yang, Andy Jinhua Ma, Pong Chi Yuen*

*Corresponding author for this work

Research output: Contribution to journalArticlepeer-review

Abstract

Source-data-free unsupervised domain adaptation (SF-UDA) is an approach to improve model performance in the target domain without accessing the source data. Some SF-UDA methods have been proposed and achieved promising results using the information from source-model parameters. However, current research on information security confirms the ability of a well-trained model to memorize its training data. Therefore, SF-UDA methods that access model parameters remain at risk of privacy disclosure. This paper introduces a new topic of source-protected UDA (SP-UDA) that adapts the source model to the target domain while protecting the source-domain data and model privacy. In SP-UDA, only a black-box source model and a set of unlabeled target data are available for domain adaptation. We consider SP-UDA from a new perspective of model memorization revelation. A Source-Protected Generative Model (SPGM) is developed to reveal task-relevant memorization from the source model. SPGM directly distills the inverse process of the source model without access to source-model parameters to meet the privacy protection objective in SP-UDA. The SPGM is learned under the supervision of a newly designed metric named privacy-protected transfer (PPT). The PPT metric measures the transferability and desensitization of the generated data to encourage the SPGM to extract task-relevant information rather than the unintended memorization. A set of desensitized pseudo data is then generated as substitutes for the real source data in UDA. The performance of the proposed method has been validated in four cross-dataset recognition applications with encouraging results.
Original languageEnglish
Pages (from-to)716-731
Number of pages16
JournalIEEE Transactions on Information Forensics and Security
Volume17
DOIs
Publication statusPublished - 7 Feb 2022

Scopus Subject Areas

  • Safety, Risk, Reliability and Quality
  • Computer Networks and Communications

User-Defined Keywords

  • data desensitization
  • model memorization revelation
  • Unsupervised domain adaptation

Fingerprint

Dive into the research topics of 'Revealing Task-Relevant Model Memorization for Source-Protected Unsupervised Domain Adaptation'. Together they form a unique fingerprint.

Cite this