Generally, regularization-based continual learning models limit access to the previous task data to imitate the real-world constraints related to memory and privacy. However, this introduces a problem in these models by not being able to track the performance on each task. In essence, current continual learning methods are susceptible to attacks on previous tasks. We demonstrate the vulnerability of regularization-based continual learning methods by presenting a simple task-specific data poisoning attack that can be used in the learning process of a new task. Training data generated by the proposed attack causes performance degradation on a specific task targeted by the attacker. We experiment with the attack on the two representative regularization-based continual learning methods, Elastic Weight Consolidation (EWC) and Synaptic Intelligence (SI), trained with variants of MNIST dataset. The experiment results justify the vulnerability proposed in this paper and demonstrate the importance of developing continual learning models that are robust to adversarial attacks.

翻译：通常，基于正则化的持续学习模型限制对先前任务数据的访问，以模仿与记忆和隐私相关的现实约束。然而，这在这些模型中引入了一个问题，即无法跟踪每个任务的性能。实质上，当前的持续学习方法容易受到针对先前任务的攻击。我们通过提出一种简单的、可在新任务学习过程中使用的特定任务数据投毒攻击，展示了基于正则化的持续学习方法的脆弱性。所提出的攻击生成的训练数据会导致攻击者目标特定任务的性能下降。我们使用MNIST数据集的变体训练两种代表性的基于正则化的持续学习方法——弹性权重巩固（EWC）和突触智能（SI），并对这些方法进行了攻击实验。实验结果验证了本文提出的脆弱性，并证明了开发能够抵御对抗性攻击的持续学习模型的重要性。