Despite the rapid progress of neural networks, they remain highly vulnerable to adversarial examples, for which adversarial training (AT) is currently the most effective defense. While AT has been extensively studied, its practical applications expose two major limitations: natural accuracy tends to degrade significantly compared with standard training, and robustness does not transfer well across attacks crafted under different norm constraints. Unlike prior works that attempt to address only one issue within a single network, we propose to partition the overall generalization goal into multiple sub-tasks, each assigned to a dedicated base learner. By specializing in its designated objective, each base learner quickly becomes an expert in its field. In the later stages of training, we interpolate their parameters to form a knowledgeable global learner, while periodically redistributing the global parameters back to the base learners to prevent their optimization trajectories from drifting too far from the shared target. We term this framework Generalist and introduce three variants tailored to different application scenarios. Both theoretical analysis and extensive experiments demonstrate that Generalist achieves lower generalization error and significantly alleviates the trade-off problems compared with baseline methods. Our results suggest that Generalist provides a promising step toward developing fully robust classifiers in the future.

翻译：尽管神经网络取得了快速进展，但其对对抗样本的脆弱性依然很高，而对抗训练是目前最有效的防御手段。尽管对抗训练已被广泛研究，其实践应用仍暴露出两大局限：与标准训练相比，自然准确率往往显著下降；且在不同范数约束下生成的攻击之间，鲁棒性的迁移效果不佳。与以往仅尝试在单一网络中解决其中一个问题的工作不同，我们提出将整体泛化目标划分为多个子任务，每个子任务分配给一个专用的基础学习器。通过专注于其指定的目标，每个基础学习器能快速成为其领域的专家。在训练的后期阶段，我们通过插值其参数来形成一个知识渊博的全局学习器，同时周期性地将全局参数重新分配给基础学习器，以防止其优化轨迹偏离共享目标过远。我们将此框架命名为通用专家，并针对不同应用场景引入了三种变体。理论分析和大量实验均表明，与基线方法相比，通用专家实现了更低的泛化误差，并显著缓解了权衡问题。我们的结果表明，通用专家为未来开发完全鲁棒的分类器迈出了有希望的一步。