Revisiting the Adversarial Robustness-Accuracy Tradeoff in Robot Learning

TL;DR

This paper critically examines the robustness-accuracy trade-off in robot learning, showing that current adversarial training methods offer limited improvements and often harm overall performance, highlighting the need for better techniques.

Contribution

It systematically evaluates recent robust training methods in real-world robot tasks, revealing their limited effectiveness and the persistent negative impact on accuracy.

Findings

Adversarial training improves robustness modestly in robot tasks.

The negative impact on accuracy outweighs robustness gains.

Further advances are needed for practical robot applications.

Abstract

Adversarial training (i.e., training on adversarially perturbed input data) is a well-studied method for making neural networks robust to potential adversarial attacks during inference. However, the improved robustness does not come for free but rather is accompanied by a decrease in overall model accuracy and performance. Recent work has shown that, in practical robot learning applications, the effects of adversarial training do not pose a fair trade-off but inflict a net loss when measured in holistic robot performance. This work revisits the robustness-accuracy trade-off in robot learning by systematically analyzing if recent advances in robust training methods and theory in conjunction with adversarial robot learning, are capable of making adversarial training suitable for real-world robot applications. We evaluate three different robot learning tasks ranging from autonomous driving in a high-fidelity environment amenable to sim-to-real deployment to mobile robot navigation and gesture recognition. Our results demonstrate that, while these techniques make incremental improvements on the trade-off on a relative scale, the negative impact on the nominal accuracy caused by adversarial training still outweighs the improved robustness by an order of magnitude. We conclude that although progress is happening, further advances in robust learning methods are necessary before they can benefit robot learning tasks in practice.