Abstract
In recent years, researchers have been paying increasing attention to thethreats brought by deep learning models to data security and privacy,especially in the field of domain adaptation. Existing unsupervised domainadaptation (UDA) methods can achieve promising performance without transferringdata from source domain to target domain. However, UDA with representationalignment or self-supervised pseudo-labeling relies on the transferred sourcemodels. In many data-critical scenarios, methods based on model transferringmay suffer from membership inference attacks and expose private data. In thispaper, we aim to overcome a challenging new setting where the source models areonly queryable but cannot be transferred to the target domain. We proposeBlack-box Probe Domain Adaptation (BPDA), which adopts query mechanism to probeand refine information from source model using third-party dataset. In order togain more informative query results, we further propose DistributionallyAdversarial Training (DAT) to align the distribution of third-party data withthat of target data. BPDA uses public third-party dataset and adversarialexamples based on DAT as the information carrier between source and targetdomains, dispensing with transferring source data or model. Experimentalresults on benchmarks of Digit-Five, Office-Caltech, Office-31, Office-Home,and DomainNet demonstrate the feasibility of BPDA without model transferring.