{"date_created":"2023-03-05T23:01:04Z","oa_version":"Published Version","date_published":"2023-03-01T00:00:00Z","file_date_updated":"2023-03-07T12:22:23Z","user_id":"4359f0d1-fa6c-11eb-b949-802e58b17ae8","has_accepted_license":"1","article_processing_charge":"No","article_type":"original","type":"journal_article","publication_identifier":{"eissn":["2377-3766"]},"month":"03","ddc":["000"],"status":"public","title":"Revisiting the adversarial robustness-accuracy tradeoff in robot learning","department":[{"_id":"ToHe"}],"isi":1,"tmp":{"legal_code_url":"https://creativecommons.org/licenses/by/4.0/legalcode","short":"CC BY (4.0)","image":"/images/cc_by.png","name":"Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)"},"author":[{"id":"3DC22916-F248-11E8-B48F-1D18A9856A87","first_name":"Mathias","last_name":"Lechner","full_name":"Lechner, Mathias"},{"first_name":"Alexander","full_name":"Amini, Alexander","last_name":"Amini"},{"first_name":"Daniela","last_name":"Rus","full_name":"Rus, Daniela"},{"full_name":"Henzinger, Thomas A","last_name":"Henzinger","first_name":"Thomas A","orcid":"0000-0002-2985-7724","id":"40876CD8-F248-11E8-B48F-1D18A9856A87"}],"intvolume":"         8","citation":{"ista":"Lechner M, Amini A, Rus D, Henzinger TA. 2023. Revisiting the adversarial robustness-accuracy tradeoff in robot learning. IEEE Robotics and Automation Letters. 8(3), 1595–1602.","short":"M. Lechner, A. Amini, D. Rus, T.A. Henzinger, IEEE Robotics and Automation Letters 8 (2023) 1595–1602.","ama":"Lechner M, Amini A, Rus D, Henzinger TA. Revisiting the adversarial robustness-accuracy tradeoff in robot learning. <i>IEEE Robotics and Automation Letters</i>. 2023;8(3):1595-1602. doi:<a href=\"https://doi.org/10.1109/LRA.2023.3240930\">10.1109/LRA.2023.3240930</a>","chicago":"Lechner, Mathias, Alexander Amini, Daniela Rus, and Thomas A Henzinger. “Revisiting the Adversarial Robustness-Accuracy Tradeoff in Robot Learning.” <i>IEEE Robotics and Automation Letters</i>. Institute of Electrical and Electronics Engineers, 2023. <a href=\"https://doi.org/10.1109/LRA.2023.3240930\">https://doi.org/10.1109/LRA.2023.3240930</a>.","ieee":"M. Lechner, A. Amini, D. Rus, and T. A. Henzinger, “Revisiting the adversarial robustness-accuracy tradeoff in robot learning,” <i>IEEE Robotics and Automation Letters</i>, vol. 8, no. 3. Institute of Electrical and Electronics Engineers, pp. 1595–1602, 2023.","mla":"Lechner, Mathias, et al. “Revisiting the Adversarial Robustness-Accuracy Tradeoff in Robot Learning.” <i>IEEE Robotics and Automation Letters</i>, vol. 8, no. 3, Institute of Electrical and Electronics Engineers, 2023, pp. 1595–602, doi:<a href=\"https://doi.org/10.1109/LRA.2023.3240930\">10.1109/LRA.2023.3240930</a>.","apa":"Lechner, M., Amini, A., Rus, D., &#38; Henzinger, T. A. (2023). Revisiting the adversarial robustness-accuracy tradeoff in robot learning. <i>IEEE Robotics and Automation Letters</i>. Institute of Electrical and Electronics Engineers. <a href=\"https://doi.org/10.1109/LRA.2023.3240930\">https://doi.org/10.1109/LRA.2023.3240930</a>"},"abstract":[{"lang":"eng","text":"Adversarial training (i.e., training on adversarially perturbed input data) is a well-studied method for making neural networks robust to potential adversarial attacks during inference. However, the improved robustness does not come for free but rather is accompanied by a decrease in overall model accuracy and performance. Recent work has shown that, in practical robot learning applications, the effects of adversarial training do not pose a fair trade-off but inflict a net loss when measured in holistic robot performance. This work revisits the robustness-accuracy trade-off in robot learning by systematically analyzing if recent advances in robust training methods and theory in conjunction with adversarial robot learning, are capable of making adversarial training suitable for real-world robot applications. We evaluate three different robot learning tasks ranging from autonomous driving in a high-fidelity environment amenable to sim-to-real deployment to mobile robot navigation and gesture recognition. Our results demonstrate that, while these techniques make incremental improvements on the trade-off on a relative scale, the negative impact on the nominal accuracy caused by adversarial training still outweighs the improved robustness by an order of magnitude. We conclude that although progress is happening, further advances in robust learning methods are necessary before they can benefit robot learning tasks in practice."}],"quality_controlled":"1","scopus_import":"1","related_material":{"record":[{"status":"public","id":"11366","relation":"earlier_version"}]},"language":[{"iso":"eng"}],"oa":1,"year":"2023","publisher":"Institute of Electrical and Electronics Engineers","volume":8,"day":"01","external_id":{"arxiv":["2204.07373"],"isi":["000936534100012"]},"publication_status":"published","acknowledgement":"We thank Christoph Lampert for inspiring this work. The\r\nviews and conclusions contained in this document are those of\r\nthe authors and should not be interpreted as representing the\r\nofficial policies, either expressed or implied, of the United States\r\nAir Force or the U.S. Government. The U.S. Government is\r\nauthorized to reproduce and distribute reprints for Government\r\npurposes notwithstanding any copyright notation herein.","page":"1595-1602","file":[{"success":1,"file_size":944052,"content_type":"application/pdf","date_created":"2023-03-07T12:22:23Z","checksum":"5a75dcd326ea66685de2b1aaec259e85","date_updated":"2023-03-07T12:22:23Z","creator":"cchlebak","access_level":"open_access","file_name":"2023_IEEERobAutLetters_Lechner.pdf","file_id":"12714","relation":"main_file"}],"issue":"3","doi":"10.1109/LRA.2023.3240930","_id":"12704","publication":"IEEE Robotics and Automation Letters","date_updated":"2023-08-01T13:36:50Z"}