This paper investigates a new challenging problem called defensive few-shot learning in order to learn a robust few-shot model against adversarial attacks. Simply applying the existing adversarial defense methods to few-shot learning cannot effectively solve this problem. This is because the commonly assumed sample-level distribution consistency between the training and test sets can no longer be met in the few-shot setting. To address this situation, we develop a general defensive few-shot learning (DFSL) framework to answer the following two key questions: (1) how to transfer adversarial defense knowledge from one sample distribution to another? (2) how to narrow the distribution gap between clean and adversarial examples under the few-shot setting? To answer the first question, we propose an episode-based adversarial training mechanism by assuming a task-level distribution consistency to better transfer the adversarial defense knowledge. As for the second question, within each few-shot task, we design two kinds of distribution consistency criteria to narrow the distribution gap between clean and adversarial examples from the feature-wise and prediction-wise perspectives, respectively. Extensive experiments demonstrate that the proposed framework can effectively make the existing few-shot models robust against adversarial attacks. Code is available at https://github.com/WenbinLee/DefensiveFSL.git.

翻译：本文探讨了一个名为“防御式少样本学习”的新挑战性问题，旨在学习一个能够抵御对抗攻击的鲁棒少样本模型。简单地将现有对抗防御方法应用于少样本学习，无法有效解决该问题。这是因为在少样本场景中，通常假设的训练集和测试集之间的样本级分布一致性不再成立。针对这一情况，我们开发了一个通用的防御式少样本学习（DFSL）框架，以回答以下两个关键问题：（1）如何将对抗防御知识从一个样本分布迁移到另一个分布？（2）如何在少样本场景下缩小干净样本与对抗样本之间的分布差距？针对第一个问题，我们提出了一种基于任务级分布一致性的逐任务对抗训练机制，以更好地迁移对抗防御知识。针对第二个问题，在每个少样本任务内，我们设计了两种分布一致性准则，分别从特征级和预测级两个角度缩小干净样本与对抗样本之间的分布差距。大量实验表明，所提框架能有效使现有少样本模型抵御对抗攻击。代码见 https://github.com/WenbinLee/DefensiveFSL.git。