Despite the remarkable advances that have been made in continual learning, the adversarial vulnerability of such methods has not been fully discussed. We delve into the adversarial robustness of memory-based continual learning algorithms and observe limited robustness improvement by directly applying adversarial training techniques. Preliminary studies reveal the twin challenges for building adversarial robust continual learners: accelerated forgetting in continual learning and gradient obfuscation in adversarial robustness. In this study, we put forward a novel adversarial robust memory-based continual learner that adjusts data logits to mitigate the forgetting of pasts caused by adversarial samples. Furthermore, we devise a gradient-based data selection mechanism to overcome the gradient obfuscation caused by limited stored data. The proposed approach can widely integrate with existing memory-based continual learning as well as adversarial training algorithms in a plug-and-play way. Extensive experiments on Split-CIFAR10/100 and Split-Tiny-ImageNet demonstrate the effectiveness of our approach, achieving up to 8.13% higher accuracy for adversarial data.

翻译：尽管持续学习领域取得了显著进展，但此类方法的对抗脆弱性尚未得到充分探讨。我们深入研究了基于记忆的持续学习算法的对抗鲁棒性，并观察到直接应用对抗训练技术只能带来有限的鲁棒性提升。初步研究揭示了构建对抗鲁棒持续学习器面临的双重挑战：持续学习中加剧的遗忘问题与对抗鲁棒性中的梯度混淆问题。本研究提出了一种新型对抗鲁棒基于记忆的持续学习器，通过调整数据逻辑值来缓解对抗样本导致的过去知识遗忘。此外，我们设计了一种基于梯度的数据选择机制，以克服存储数据有限引起的梯度混淆。所提出的方法能够以即插即用方式广泛集成现有基于记忆的持续学习及对抗训练算法。在Split-CIFAR10/100和Split-Tiny-ImageNet上的大量实验证明了我们方法的有效性，在对抗数据上实现了高达8.13%的准确率提升。