Adversarial training, originally designed to resist test-time adversarial examples, has shown to be promising in mitigating training-time availability attacks. This defense ability, however, is challenged in this paper. We identify a novel threat model named stability attack, which aims to hinder robust availability by slightly manipulating the training data. Under this threat, we show that adversarial training using a conventional defense budget $\epsilon$ provably fails to provide test robustness in a simple statistical setting, where the non-robust features of the training data can be reinforced by $\epsilon$-bounded perturbation. Further, we analyze the necessity of enlarging the defense budget to counter stability attacks. Finally, comprehensive experiments demonstrate that stability attacks are harmful on benchmark datasets, and thus the adaptive defense is necessary to maintain robustness.

Supplementary Material: Can Adversarial Training Be Manipulated By Non-Robust Features? In this part, we discuss several independent (or concurrent) works that are closely related to this work. They also conclude that conventional adversarial training will prevent a drop in accuracy measured both on clean images and adversarial images. In contrast, we focus on a more realistic setting that does not require a larger attack budget. From this perspective, our work is complementary to theirs. This makes the threat of stability attacks more insidious than that of Fu et al. [19].

This defense ability, however, is challenged in this paper.

Adversarial training, originally designed to resist test-time adversarial examples, has shown to be promising in mitigating training-time availability attacks. This defense ability, however, is challenged in this paper. We identify a novel threat model named stability attack, which aims to hinder robust availability by slightly manipulating the training data. Under this threat, we show that adversarial training using a conventional defense budget $\epsilon$ provably fails to provide test robustness in a simple statistical setting, where the non-robust features of the training data can be reinforced by $\epsilon$-bounded perturbation. Further, we analyze the necessity of enlarging the defense budget to counter stability attacks. Finally, comprehensive experiments demonstrate that stability attacks are harmful on benchmark datasets, and thus the adaptive defense is necessary to maintain robustness. Our code is available at https://github.com/TLMichael/Hypocritical-Perturbation.

The Cabinet approved a defense budget Friday of ¥5.40 trillion ($47 billion) for fiscal 2022, setting a record high for the eighth consecutive year, to advance the development of new technologies in the face of China's growing military might and the North Korean nuclear threat. The draft budget, including outlays for hosting U.S. military bases, rose 1.1% from the current fiscal year ending in March as Japan ramps up its defense capabilities. The increase for a 10th year in a row is largely attributable to a sharp rise in research and development spending, for which the Defense Ministry has earmarked ¥291.1 billion, up ¥79.6 billion, or 37.6%, from a year earlier. The ministry will invest in advanced technologies, such as crewless planes that use artificial intelligence to fly in teams with next-generation fighter jets. "As the security environment surrounding Japan has been changing at an unprecedented speed and becoming increasingly severe, it is an urgent task for Japan to strengthen its necessary defense capabilities," Defense Minister Nobuo Kishi said at a news conference.

The Defense Ministry will seek another record budget of over ¥5.4 trillion ($49 billion) for fiscal 2022, aiming to beef up its capabilities around remote southwestern islands to counter China's growing naval activities, government sources have said. The request would exceed the ministry's highest-ever ¥5.3 trillion initial budget for fiscal 2021, which started in April, and also reflects an increase in the cost to develop cutting-edge technologies, such as unmanned aircraft using artificial intelligence, the sources said Thursday. The defense budget could further expand, possibly topping 1% of Japan's gross domestic product, when it is finalized in December, as the request excludes outlays linked to hosting U.S. military bases. Japan's defense budget has long stayed at around 1% of its GDP, in light of the country's postwar pacifist Constitution and since the Cabinet decided in 1976 that the outlays should not exceed 1%. The last time the defense expenditure exceeded 1% was in fiscal 2010, when the GDP shrank sharply following the 2008-2009 global financial crisis.

U.S. technological advantages over great power competitor China could be lost in less than 10 years without a robust and comprehensive artificial intelligence (AI) security strategy, according to the findings of an independent government commission. "For the first time since World War II, the United States' technological predominance -- which undergirds both our economic and military competitiveness -- is under severe threat by the People's Republic of China," Robert Work, vice chairman of the National Security Commission on Artificial Intelligence, told a live-streamed Pentagon press briefing April 9 on the commission's final report. And the most important technology "that the United States must master is artificial intelligence and all of its associated technologies," Work added. Likening artificial intelligence to how harnessing electricity opened up a field of fields, Work said AI would affect quantum computing, healthcare, finance and military competition. Work, who served as deputy secretary of defense in the Obama and Trump administrations, stressed the immediate and long-term risks.

Meet Project Overlord: The Marines' Plan for Robot Ships to Move Their Soldiers and Supplies Earlier this year Navy leaders requested $400 million from Congress for two LUSVs in the 2020 proposed defense budget, with eight more to be purchased over the next five years. WASHINGTON – U.S. Marine Corps leaders plan to capitalize on a U.S. Navy plan to develop a Large Unmanned Surface Vessel (LUSV) for long-range resupply missions, and troop transport for Marine Corps warfighters. Smith made his comments today at the Association for Unmanned Vehicle Systems International (AUVSI) Defense, Protection, and Security conference in Washington. The future Navy LUSV could rendezvous with Navy amphibious assault ships offshore to move Marines and supplies quickly where needed, at perhaps lower costs and less risk to human ship crews than is possible today, Smith told AUVSI attendees in a keynote address. Unmanned systems "are less expensive than people," Smith pointed out in his address.