Adversarial robustness is an increasingly critical property of classifiers in applications. The design of robust algorithms relies on surrogate losses since the optimization of the adversarial loss with most hypothesis sets is NP-hard. But which surrogate losses should be used and when do they benefit from theoretical guarantees? We present an extensive study of this question, including a detailed analysis of the H-calibration and H-consistency of adversarial surrogate losses. We show that, under some general assumptions, convex loss functions, or the supremum-based convex losses often used in applications, are not H-calibrated for important functions classes such as generalized linear models or one-layer neural networks. We then give a characterization of H-calibration and prove that some surrogate losses are indeed H-calibrated for the adversarial loss, with these function classes. Next, we show that H-calibration is not sufficient to guarantee consistency and prove that, in the absence of any distributional assumption, no continuous surrogate loss is consistent in the adversarial setting. This, in particular, falsifies a claim made in a COLT 2020 publication. Next, we identify natural conditions under which some surrogate losses that we describe in detail are H-consistent for function classes such as generalized linear models and one-layer neural networks. We also report a series of empirical results with simulated data, which show that many H-calibrated surrogate losses are indeed not H-consistent, and validate our theoretical assumptions.

翻译：Adversarial 稳健性是应用中分类者越来越重要的特性。 稳健的算法的设计依靠的是代理损失, 因为大多数假设组对对抗性损失进行优化以来的代理损失是NP- 硬的。 但是,应该使用哪种代理损失,什么时候它们受益于理论保证? 我们对这一问题进行了广泛研究, 包括对对抗性替代损失的H校正和一致性进行详细分析。 我们表明,根据一些一般假设, 螺旋损失函数, 或应用中经常使用的超正比值的 convex损失, 并不是对诸如通用线性模型或一层神经网络等重要功能类别进行H级调整。 我们然后对H校正进行定性, 并证明一些代谢性损失确实对对抗性损失的H校正, 以及这些函数类别。 其次, H校正不足以保证一致性, 并且证明, 在任何分配性假设中, 连续的假设损失在对抗性设定中, 并没有在 H- 直线性模型中, 特别是, 我们的理论级模型 显示, 我们的模型显示, 在2020年的排序中, 我们的排序中, 我们的模拟数据 显示, 显示, 我们的 的 的 直位级数据是 直判的 。