While leveraging additional training data is well established to improve adversarial robustness, it incurs the unavoidable cost of data collection and the heavy computation to train models. To mitigate the costs, we propose \textit{Guided Adversarial Training } (GAT), a novel adversarial training technique that exploits auxiliary tasks under a limited set of training data. Our approach extends single-task models into multi-task models during the min-max optimization of adversarial training, and drives the loss optimization with a regularization of the gradient curvature across multiple tasks. GAT leverages two types of auxiliary tasks: self-supervised tasks, where the labels are generated automatically, and domain-knowledge tasks, where human experts provide additional labels. Experimentally, under limited data, GAT increases the robust accuracy on CIFAR-10 up to four times (from 11% to 42% robust accuracy) and the robust AUC of CheXpert medical imaging dataset from 50\% to 83\%. On the full CIFAR-10 dataset, GAT outperforms eight state-of-the-art adversarial training strategies. Our large study across five datasets and six tasks demonstrates that task augmentation is an efficient alternative to data augmentation, and can be key to achieving both clean and robust performances.

翻译：在利用额外培训数据提高对抗性强健性方面,已经很好地建立了利用额外培训数据的杠杆作用,但也带来了数据收集和大量计算培训模型的不可避免的成本。为了降低成本,我们提议了\ textit{Guided Aversarial traination } (GAT),这是一种新型的对抗性培训技术,在有限的培训数据组下利用辅助任务。我们的方法在对敌对性培训进行最小最大优化期间将单一任务模型推广到多任务模型中,并促使损失优化,在多种任务中将梯度曲线曲线固定化。GAT利用了两类辅助任务:自动生成标签的自我监督任务,以及提供额外标签的域知识任务。在有限的数据组下,GAT实验性地将CIFAR-10的稳健精度提高到4倍(从11%提高到42% 稳健的精确度),而CheXpert医疗成像数据集的强健的ACUC从50 ⁇ 到83 ⁇ 。在全CIFAR-10数据集中,GAT超越了8项状态的顶级敌对性防御性培训战略,以及域知识性任务,在5级培训战略中,我们的大规模研究将展示出一个强大的增强任务。