Revisiting the Adversarial Robustness-Accuracy Tradeoff in Robot Learning

04/15/2022
by   Mathias Lechner, et al.
3

Adversarial training (i.e., training on adversarially perturbed input data) is a well-studied method for making neural networks robust to potential adversarial attacks during inference. However, the improved robustness does not come for free but rather is accompanied by a decrease in overall model accuracy and performance. Recent work has shown that, in practical robot learning applications, the effects of adversarial training do not pose a fair trade-off but inflict a net loss when measured in holistic robot performance. This work revisits the robustness-accuracy trade-off in robot learning by systematically analyzing if recent advances in robust training methods and theory in conjunction with adversarial robot learning can make adversarial training suitable for real-world robot applications. We evaluate a wide variety of robot learning tasks ranging from autonomous driving in a high-fidelity environment amenable to sim-to-real deployment, to mobile robot gesture recognition. Our results demonstrate that, while these techniques make incremental improvements on the trade-off on a relative scale, the negative side-effects caused by adversarial training still outweigh the improvements by an order of magnitude. We conclude that more substantial advances in robust learning methods are necessary before they can benefit robot learning tasks in practice.

READ FULL TEXT

page 1

page 2

page 4

research
02/02/2021

Recent Advances in Adversarial Training for Adversarial Robustness

Adversarial training is one of the most effective approaches defending a...
research
12/01/2021

ℓ_∞-Robustness and Beyond: Unleashing Efficient Adversarial Training

Neural networks are vulnerable to adversarial attacks: adding well-craft...
research
06/04/2022

Soft Adversarial Training Can Retain Natural Accuracy

Adversarial training for neural networks has been in the limelight in re...
research
03/16/2023

Robust Evaluation of Diffusion-Based Adversarial Purification

We question the current evaluation practice on diffusion-based purificat...
research
03/15/2021

Adversarial Training is Not Ready for Robot Learning

Adversarial training is an effective method to train deep learning model...
research
02/15/2021

Data Profiling for Adversarial Training: On the Ruin of Problematic Data

Multiple intriguing problems hover in adversarial training, including ro...
research
03/23/2023

Adversarial Robustness and Feature Impact Analysis for Driver Drowsiness Detection

Drowsy driving is a major cause of road accidents, but drivers are dismi...

Please sign up or login with your details

Forgot password? Click here to reset