Multi-task learning (MTL) creates a single machine learning model called multi-task model to simultaneously perform multiple tasks. Although the security of single task classifiers has been extensively studied, there are several critical security research questions for multi-task models including 1) How secure are multi-task models to single task adversarial machine learning attacks, 2) Can adversarial attacks be designed to attack multiple tasks simultaneously, and 3) Does task sharing and adversarial training increase multi-task model robustness to adversarial attacks? In this paper, we answer these questions through careful analysis and rigorous experimentation. First, we develop na\"ive adaptation of single-task white-box attacks and analyze their inherent drawbacks. We then propose a novel attack framework, Dynamic Gradient Balancing Attack (DGBA). Our framework poses the problem of attacking a multi-task model as an optimization problem based on averaged relative loss change, which can be solved by approximating the problem as an integer linear programming problem. Extensive evaluation on two popular MTL benchmarks, NYUv2 and Tiny-Taxonomy, demonstrates the effectiveness of DGBA compared to na\"ive multi-task attack baselines on both clean and adversarially trained multi-task models. The results also reveal a fundamental trade-off between improving task accuracy by sharing parameters across tasks and undermining model robustness due to increased attack transferability from parameter sharing. DGBA is open-sourced and available at https://github.com/zhanglijun95/MTLAttack-DGBA.

翻译：多任务学习（MTL）通过构建单一的多任务模型，同时执行多个任务。尽管单任务分类器的安全性已得到广泛研究，但针对多任务模型仍存在若干关键安全问题，包括：1）多任务模型面对单任务对抗机器学习攻击时的安全性如何；2）能否设计出同时攻击多个任务的对抗攻击方法；3）任务共享与对抗训练能否提升多任务模型对对抗攻击的鲁棒性。本文通过严谨分析与系统性实验回答了上述问题。首先，我们提出了单任务白盒攻击的朴素适配方法，并分析了其固有缺陷。继而提出了一种新型攻击框架——动态梯度平衡攻击（DGBA）。该框架将攻击多任务模型的问题建模为基于平均相对损失变化的优化问题，并通过近似为整数线性规划问题求解。在NYUv2与Tiny-Taxonomy两个主流MTL基准上的大量实验表明，DGBA在干净模型与对抗训练的多任务模型上均显著优于朴素多任务攻击基线。实验结果还揭示了一个根本性权衡：通过参数共享提升任务精度的同时，因参数共享导致的攻击可迁移性增强而削弱了模型鲁棒性。DGBA已开源，代码见https://github.com/zhanglijun95/MTLAttack-DGBA。