While leveraging additional training data is well established to improve adversarial robustness, it incurs the unavoidable cost of data collection and the heavy computation to train models. To mitigate the costs, we propose \textit{Guided Adversarial Training } (GAT), a novel adversarial training technique that exploits auxiliary tasks under a limited set of training data. Our approach extends single-task models into multi-task models during the min-max optimization of adversarial training, and drives the loss optimization with a regularization of the gradient curvature across multiple tasks. GAT leverages two types of auxiliary tasks: self-supervised tasks, where the labels are generated automatically, and domain-knowledge tasks, where human experts provide additional labels. Experimentally, under limited data, GAT increases the robust accuracy on CIFAR-10 up to four times (from 11% to 42% robust accuracy) and the robust AUC of CheXpert medical imaging dataset from 50\% to 83\%. On the full CIFAR-10 dataset, GAT outperforms eight state-of-the-art adversarial training strategies. Our large study across five datasets and six tasks demonstrates that task augmentation is an efficient alternative to data augmentation, and can be key to achieving both clean and robust performances.

翻译：摘要：虽然利用额外训练数据已被证实能有效提升对抗鲁棒性，但这会带来不可避免的数据采集成本和模型训练的巨大计算开销。为降低这些成本，我们提出引导式对抗训练（GAT），这是一种在有限训练数据下利用辅助任务的新型对抗训练技术。该方法在对抗训练的极小-极大优化过程中将单任务模型扩展为多任务模型，并通过跨多个任务的梯度曲率正则化来驱动损失优化。GAT利用两类辅助任务：标签自动生成的自监督任务，以及由人类专家提供额外标签的领域知识任务。实验表明，在数据有限条件下，GAT能将CIFAR-10数据集上的鲁棒准确率提升至四倍（从11%到42%），并将CheXpert医学影像数据集的鲁棒AUC从50%提升至83%。在完整CIFAR-10数据集上，GAT优于八种最先进的对抗训练策略。我们基于五个数据集和六项任务的大规模研究表明，任务增强是数据增强的有效替代方案，并可能成为实现清洁性能与鲁棒性能双优的关键。