Conformal prediction (CP) provides distribution-free, finite-sample coverage guarantees but critically relies on exchangeability, a condition often violated under distribution shift. We study the robustness of split conformal prediction under adversarial perturbations at test time, focusing on both coverage validity and the resulting prediction set size. Our theoretical analysis characterizes how the strength of adversarial perturbations during calibration affects coverage guarantees under adversarial test conditions. We further examine the impact of adversarial training at the model-training stage. Extensive experiments support our theory: (i) Prediction coverage varies monotonically with the calibration-time attack strength, enabling the use of nonzero calibration-time attack to predictably control coverage under adversarial tests; (ii) target coverage can hold over a range of test-time attacks: with a suitable calibration attack, coverage stays within any chosen tolerance band across a contiguous set of perturbation levels; and (iii) adversarial training at the training stage produces tighter prediction sets that retain high informativeness.

翻译：保形预测（Conformal Prediction，CP）提供与分布无关的有限样本覆盖保证，但其关键依赖于可交换性，这一条件在分布偏移下常被违反。本文研究了在测试时对抗性扰动下分割保形预测的鲁棒性，重点关注覆盖有效性及由此产生的预测集大小。我们的理论分析刻画了在校准阶段对抗性扰动的强度如何影响对抗性测试条件下的覆盖保证。我们进一步考察了模型训练阶段对抗性训练的影响。大量实验支持了我们的理论：（i）预测覆盖随校准阶段攻击强度单调变化，这使得使用非零校准阶段攻击可预测地控制在对抗性测试下的覆盖；（ii）目标覆盖可在一定范围的测试时攻击下保持：通过合适的校准攻击，覆盖能在连续的扰动水平集合上保持在任意选定的容忍带内；（iii）训练阶段的对抗性训练能产生更紧凑的预测集，同时保持高信息量。