Multitask Learning Strengthens Adversarial Robustness
This addresses the adversarial robustness problem for computer vision systems, but it is incremental as it builds on existing multitask learning approaches.
The paper tackles the problem of adversarial vulnerability in deep networks by showing that training on multiple tasks increases robustness, with experiments on two datasets demonstrating that attack difficulty rises as the number of tasks increases.
Although deep networks achieve strong accuracy on a range of computer vision benchmarks, they remain vulnerable to adversarial attacks, where imperceptible input perturbations fool the network. We present both theoretical and empirical analyses that connect the adversarial robustness of a model to the number of tasks that it is trained on. Experiments on two datasets show that attack difficulty increases as the number of target tasks increase. Moreover, our results suggest that when models are trained on multiple tasks at once, they become more robust to adversarial attacks on individual tasks. While adversarial defense remains an open challenge, our results suggest that deep networks are vulnerable partly because they are trained on too few tasks.