---
_id: '12704'
abstract:
- lang: eng
  text: Adversarial training (i.e., training on adversarially perturbed input data)
    is a well-studied method for making neural networks robust to potential adversarial
    attacks during inference. However, the improved robustness does not come for free
    but rather is accompanied by a decrease in overall model accuracy and performance.
    Recent work has shown that, in practical robot learning applications, the effects
    of adversarial training do not pose a fair trade-off but inflict a net loss when
    measured in holistic robot performance. This work revisits the robustness-accuracy
    trade-off in robot learning by systematically analyzing if recent advances in
    robust training methods and theory in conjunction with adversarial robot learning,
    are capable of making adversarial training suitable for real-world robot applications.
    We evaluate three different robot learning tasks ranging from autonomous driving
    in a high-fidelity environment amenable to sim-to-real deployment to mobile robot
    navigation and gesture recognition. Our results demonstrate that, while these
    techniques make incremental improvements on the trade-off on a relative scale,
    the negative impact on the nominal accuracy caused by adversarial training still
    outweighs the improved robustness by an order of magnitude. We conclude that although
    progress is happening, further advances in robust learning methods are necessary
    before they can benefit robot learning tasks in practice.
acknowledgement: "We thank Christoph Lampert for inspiring this work. The\r\nviews
  and conclusions contained in this document are those of\r\nthe authors and should
  not be interpreted as representing the\r\nofficial policies, either expressed or
  implied, of the United States\r\nAir Force or the U.S. Government. The U.S. Government
  is\r\nauthorized to reproduce and distribute reprints for Government\r\npurposes
  notwithstanding any copyright notation herein."
article_processing_charge: No
article_type: original
arxiv: 1
author:
- first_name: Mathias
  full_name: Lechner, Mathias
  id: 3DC22916-F248-11E8-B48F-1D18A9856A87
  last_name: Lechner
- first_name: Alexander
  full_name: Amini, Alexander
  last_name: Amini
- first_name: Daniela
  full_name: Rus, Daniela
  last_name: Rus
- first_name: Thomas A
  full_name: Henzinger, Thomas A
  id: 40876CD8-F248-11E8-B48F-1D18A9856A87
  last_name: Henzinger
  orcid: 0000-0002-2985-7724
citation:
  ama: Lechner M, Amini A, Rus D, Henzinger TA. Revisiting the adversarial robustness-accuracy
    tradeoff in robot learning. <i>IEEE Robotics and Automation Letters</i>. 2023;8(3):1595-1602.
    doi:<a href="https://doi.org/10.1109/LRA.2023.3240930">10.1109/LRA.2023.3240930</a>
  apa: Lechner, M., Amini, A., Rus, D., &#38; Henzinger, T. A. (2023). Revisiting
    the adversarial robustness-accuracy tradeoff in robot learning. <i>IEEE Robotics
    and Automation Letters</i>. Institute of Electrical and Electronics Engineers.
    <a href="https://doi.org/10.1109/LRA.2023.3240930">https://doi.org/10.1109/LRA.2023.3240930</a>
  chicago: Lechner, Mathias, Alexander Amini, Daniela Rus, and Thomas A Henzinger.
    “Revisiting the Adversarial Robustness-Accuracy Tradeoff in Robot Learning.” <i>IEEE
    Robotics and Automation Letters</i>. Institute of Electrical and Electronics Engineers,
    2023. <a href="https://doi.org/10.1109/LRA.2023.3240930">https://doi.org/10.1109/LRA.2023.3240930</a>.
  ieee: M. Lechner, A. Amini, D. Rus, and T. A. Henzinger, “Revisiting the adversarial
    robustness-accuracy tradeoff in robot learning,” <i>IEEE Robotics and Automation
    Letters</i>, vol. 8, no. 3. Institute of Electrical and Electronics Engineers,
    pp. 1595–1602, 2023.
  ista: Lechner M, Amini A, Rus D, Henzinger TA. 2023. Revisiting the adversarial
    robustness-accuracy tradeoff in robot learning. IEEE Robotics and Automation Letters.
    8(3), 1595–1602.
  mla: Lechner, Mathias, et al. “Revisiting the Adversarial Robustness-Accuracy Tradeoff
    in Robot Learning.” <i>IEEE Robotics and Automation Letters</i>, vol. 8, no. 3,
    Institute of Electrical and Electronics Engineers, 2023, pp. 1595–602, doi:<a
    href="https://doi.org/10.1109/LRA.2023.3240930">10.1109/LRA.2023.3240930</a>.
  short: M. Lechner, A. Amini, D. Rus, T.A. Henzinger, IEEE Robotics and Automation
    Letters 8 (2023) 1595–1602.
date_created: 2023-03-05T23:01:04Z
date_published: 2023-03-01T00:00:00Z
date_updated: 2023-08-01T13:36:50Z
day: '01'
ddc:
- '000'
department:
- _id: ToHe
doi: 10.1109/LRA.2023.3240930
external_id:
  arxiv:
  - '2204.07373'
  isi:
  - '000936534100012'
file:
- access_level: open_access
  checksum: 5a75dcd326ea66685de2b1aaec259e85
  content_type: application/pdf
  creator: cchlebak
  date_created: 2023-03-07T12:22:23Z
  date_updated: 2023-03-07T12:22:23Z
  file_id: '12714'
  file_name: 2023_IEEERobAutLetters_Lechner.pdf
  file_size: 944052
  relation: main_file
  success: 1
file_date_updated: 2023-03-07T12:22:23Z
has_accepted_license: '1'
intvolume: '         8'
isi: 1
issue: '3'
language:
- iso: eng
license: https://creativecommons.org/licenses/by/4.0/
month: '03'
oa: 1
oa_version: Published Version
page: 1595-1602
publication: IEEE Robotics and Automation Letters
publication_identifier:
  eissn:
  - 2377-3766
publication_status: published
publisher: Institute of Electrical and Electronics Engineers
quality_controlled: '1'
related_material:
  record:
  - id: '11366'
    relation: earlier_version
    status: public
scopus_import: '1'
status: public
title: Revisiting the adversarial robustness-accuracy tradeoff in robot learning
tmp:
  image: /images/cc_by.png
  legal_code_url: https://creativecommons.org/licenses/by/4.0/legalcode
  name: Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)
  short: CC BY (4.0)
type: journal_article
user_id: 4359f0d1-fa6c-11eb-b949-802e58b17ae8
volume: 8
year: '2023'
...