GAT: Guided Adversarial Training with Pareto-optimal Auxiliary Tasks

TL;DR

This paper introduces Guided Adversarial Training (GAT), a multi-task learning approach that uses auxiliary tasks to improve adversarial robustness efficiently, reducing data and computational costs while achieving significant performance gains.

Contribution

GAT extends adversarial training with auxiliary tasks and gradient regularization, providing a novel method to enhance robustness under limited data conditions.

Findings

GAT increased CheXpert robust AUC from 50% to 83%.

On CIFAR-10, GAT achieved 56.21% robust accuracy.

Outperformed eight state-of-the-art adversarial training methods.

Abstract

While leveraging additional training data is well established to improve adversarial robustness, it incurs the unavoidable cost of data collection and the heavy computation to train models. To mitigate the costs, we propose Guided Adversarial Training (GAT), a novel adversarial training technique that exploits auxiliary tasks under a limited set of training data. Our approach extends single-task models into multi-task models during the min-max optimization of adversarial training, and drives the loss optimization with a regularization of the gradient curvature across multiple tasks. GAT leverages two types of auxiliary tasks: self-supervised tasks, where the labels are generated automatically, and domain-knowledge tasks, where human experts provide additional labels. Experimentally, GAT increases the robust AUC of CheXpert medical imaging dataset from 50% to 83% and On CIFAR-10, GAT outperforms eight state-of-the-art adversarial training and achieves 56.21% robust accuracy with Resnet-50. Overall, we demonstrate that guided multi-task learning is an actionable and promising avenue to push further the boundaries of model robustness.