Revisiting the Adversarial Robustness-Accuracy Tradeoff in Robot Learning
This work addresses the practical problem of adversarial robustness for robot learning applications, showing it remains an incremental challenge with limited real-world benefit.
The paper revisits the adversarial robustness-accuracy trade-off in robot learning, evaluating three tasks like autonomous driving and mobile robot navigation, and finds that adversarial training still causes a net loss in performance, with negative impacts on accuracy outweighing robustness gains by an order of magnitude.
Adversarial training (i.e., training on adversarially perturbed input data) is a well-studied method for making neural networks robust to potential adversarial attacks during inference. However, the improved robustness does not come for free but rather is accompanied by a decrease in overall model accuracy and performance. Recent work has shown that, in practical robot learning applications, the effects of adversarial training do not pose a fair trade-off but inflict a net loss when measured in holistic robot performance. This work revisits the robustness-accuracy trade-off in robot learning by systematically analyzing if recent advances in robust training methods and theory in conjunction with adversarial robot learning, are capable of making adversarial training suitable for real-world robot applications. We evaluate three different robot learning tasks ranging from autonomous driving in a high-fidelity environment amenable to sim-to-real deployment to mobile robot navigation and gesture recognition. Our results demonstrate that, while these techniques make incremental improvements on the trade-off on a relative scale, the negative impact on the nominal accuracy caused by adversarial training still outweighs the improved robustness by an order of magnitude. We conclude that although progress is happening, further advances in robust learning methods are necessary before they can benefit robot learning tasks in practice.