Adversarial training is one of the most popular methods for training methods robust to adversarial attacks, however, it is not well-understood from a theoretical perspective. We prove and existence, regularity, and minimax theorems for adversarial surrogate risks. Our results explain some empirical observations on adversarial robustness from prior work and suggest new directions in algorithm development. Furthermore, our results extend previously known existence and minimax theorems for the adversarial classification risk to surrogate risks.

翻译：对抗训练是最流行的对抗攻击鲁棒训练方法之一，然而其理论基础尚不充分。我们证明了对抗替代风险的存在性、正则性与极小化极大定理。研究结果解释了先前工作中关于对抗鲁棒性的部分实验观察结果，并为算法开发提出了新方向。此外，我们的结果将此前已知的对抗分类风险的存在性与极小化极大定理推广至替代风险。