Adversarial training (i.e., training on adversarially perturbed input data) is a well-studied method for making neural networks robust to potential adversarial attacks during inference. However, the improved robustness does not come for free but rather is accompanied by a decrease in overall model accuracy and performance. Recent work has shown that, in practical robot learning applications, the effects of adversarial training do not pose a fair trade-off but inflict a net loss when measured in holistic robot performance. This work revisits the robustness-accuracy trade-off in robot learning by systematically analyzing if recent advances in robust training methods and theory in conjunction with adversarial robot learning, are capable of making adversarial training suitable for real-world robot applications. We evaluate three different robot learning tasks ranging from autonomous driving in a high-fidelity environment amenable to sim-to-real deployment to mobile robot navigation and gesture recognition. Our results demonstrate that, while these techniques make incremental improvements on the trade-off on a relative scale, the negative impact on the nominal accuracy caused by adversarial training still outweighs the improved robustness by an order of magnitude. We conclude that although progress is happening, further advances in robust learning methods are necessary before they can benefit robot learning tasks in practice.

翻译：Aversarial培训(即关于对抗性扰动输入数据的培训)是使神经网络在推论期间对潜在的对抗性攻击具有强大力量的一种研究周密的方法,但是,增强的强力并非免费的,而是伴随着总体模型精确度和性能的下降。最近的工作表明,在实际的机器人学习应用中,对抗性培训的效果不是一种公平的权衡,但在以整体机器人性能衡量时造成净损失。这项工作通过系统分析强力培训方法和理论的最新进展和理论与对抗性机器人学习是否能够使对抗性培训适合真实世界机器人应用。我们评估了三种不同的机器人学习任务,从高性能环境中的自主驾驶到模拟实际部署到移动性机器人导航和姿态识别。我们的结果表明,虽然这些技术在相对规模上使交易逐步改善,但对抗性培训对名义准确性的负面影响仍然超过其改进的强健性,在机器人学习之前,我们得出的结论是,尽管在学习过程中取得了一定的优势。我们得出的结论是,在学习方法上取得了一定的优势。