Transfer learning is helpful deep learning technique that enables AI researchers and developers to harness a neural network used for one task and apply it to another domain, especially when data for the new domain is insufficient. Previous work in this area has indicated that accuracy on the source dataset can be a strong indicator of transfer accuracy on downstream tasks.
Aside from source dataset accuracy, are there other approaches that could help boost transfer learning performance? A team of researchers from Microsoft Research and MIT identify one such aspect in the paper Do Adversarially Robust ImageNet Models Transfer Better?, proposing that despite being less accurate on ImageNet, adversarially robust neural networks can match or improve their standard counterparts’ transfer performance.
The team noted that one of the most basic variants of transfer learning is using the source model as a feature extractor for the target dataset so that a simple model can be trained on the resulting features. Take the setting in this study as an example: each image in the target dataset passes through a pretrained ImageNet classifier before the outputs from the penultimate layer are used as the image’s feature representation.
Inspired by the observation that models’ learned representations govern such fixed-feature transfer behaviour, the researchers suggest that these learned representations are not fully described by source-dataset accuracy. Instead, the representations are controlled by the priors that have been introduced during training. In the context of machine learning, priors are the probability distribution representing knowledge or uncertainty of a data object before observing it.
In this study, the researchers focused on adversarial robustness — a model’s invariance to small perturbations in inputs. Although some previous studies have suggested that using adversarially robust feature representations should hurt transfer performance, advantages of using feature representations of robust models over standard models have also been identified. For example, an image can be approximately reconstructed directly from its robust representations.
Facing the two conflicting hypotheses, the team chose a testbed of 12 standard transfer learning datasets to examine the linear relationship of ImageNet classification accuracies and transfer accuracies. Accordingly, they hypothesized that higher accuracy improves transfer learning for a fixed level of robustness, and higher robustness improves transfer learning for a fixed level of accuracy.
Through experiments, the team observed that robust networks consistently extract better transfer learning features than standard networks. More importantly, adversarial robust neural networks consistently match or improve upon their standard counterparts’ transfer performance, despite showing lower ImageNet accuracy.
Inspired by the results suggesting that adversarial robustness leads to better feature representations, the team proposed that future research explore what properties of pretrained models are essential for transfer learning to verify such hypotheses.
The paper Do Adversarially Robust ImageNet Models Transfer Better? is on arXiv.
Journalist: Fangyu Cai | Editor: Michael Sarazen
Synced Report | A Survey of China’s Artificial Intelligence Solutions in Response to the COVID-19 Pandemic — 87 Case Studies from 700+ AI Vendors
This report offers a look at how the Chinese government and business owners have leveraged artificial intelligence technologies in the battle against COVID-19. It is also available on Amazon Kindle.
Click here to find more reports from us.
We know you don’t want to miss any story. Subscribe to our popular Synced Global AI Weekly to get weekly AI updates.
Pingback: Microsoft & MIT Apply Adversarially Robust Models for Better Transfer Learning – Paper TL