Review for NeurIPS paper: Adversarially Robust Few-Shot Learning: A Meta-Learning Approach

The submission proposes a method called adversarial querying (AQ) to tackle the problem of adversarial robustness in few-shot learning. Adversarial querying works by applying an adversarial perturbation to the query set when meta-training in an effort to find a few-shot learner parameterization which is robust to adversarial attacks when tuned on the support set of a given learning problem. Results in the paper show that naturally trained few-shot learners are very sensitive to adversarial attacks. Adversarial robustness results are presented for a variety of benchmarks (mini-ImageNet, CIFAR-FS, Omniglot) and learners (Prototypical Networks, R2-D2, MetaOptNet, MAML). The proposed approach is shown to yield better adversarial robustness than competing approaches (transfer learning from an adversarially-trained backbone, ADML) while maintaining a better clean accuracy.